Aller au contenu

toutclic

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    259

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par toutclic

  1. toutclic
    Bonjour Wawaseb Pas grave pour l'attend et merci pour ton aide voici le nouveau rapport : ComboFix 08-08-04.06 - 1-Farrid 2008-08-12 9:47:34.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.557 [GMT 2:00] Endroit: C:\ComboFix.exe Command switches used :: C:\CFScript.txt * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))))))) . 2008-08-12 09:47 . 2008-08-05 16:34 2,694,765 --a------ C:\ComboFix.exe 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\Malwarebytes 2008-08-04 19:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-04 19:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-02 16:21 . 2008-08-02 16:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-02 16:15 . 2008-08-02 16:15 <REP> d-------- C:\Deckard 2008-08-01 20:59 . 2008-08-01 20:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-08-01 20:53 . 2008-08-01 20:54 <REP> d-------- C:\WINDOWS\ERUNT 2008-08-01 14:00 . 2008-08-01 14:00 <REP> d-------- C:\Program Files\Avira 2008-08-01 12:41 . 2008-08-01 12:41 <REP> d-------- C:\Program Files\Trend Micro 2008-08-01 00:19 . 2008-08-01 00:19 19,627 --a------ C:\Program Files\Fichiers communs\uboleqo.pif 2008-08-01 00:19 . 2008-08-01 00:19 19,006 --a------ C:\WINDOWS\enulu.db 2008-08-01 00:19 . 2008-08-01 00:19 17,305 --a------ C:\WINDOWS\ikypyfodax.reg 2008-08-01 00:19 . 2008-08-01 00:19 17,192 --a------ C:\WINDOWS\unysopy.vbs 2008-08-01 00:19 . 2008-08-01 00:19 14,945 --a------ C:\Documents and Settings\1-Farrid\Application Data\efuqaf.vbs 2008-08-01 00:19 . 2008-08-01 00:19 14,783 --a------ C:\WINDOWS\symuh.exe 2008-08-01 00:19 . 2008-08-01 00:19 12,784 --a------ C:\WINDOWS\zupajibefi.sys 2008-08-01 00:19 . 2008-08-01 00:19 12,667 --a------ C:\WINDOWS\system32\xaqyfoba._sy 2008-08-01 00:19 . 2008-08-01 00:19 12,229 --a------ C:\Documents and Settings\1-Farrid\Application Data\imomosypyx.scr 2008-08-01 00:19 . 2008-08-01 00:19 11,892 --a------ C:\Program Files\Fichiers communs\perurowyq.reg 2008-08-01 00:19 . 2008-08-01 00:19 11,291 --a------ C:\Program Files\Fichiers communs\upyrygetiz.pif 2008-08-01 00:19 . 2008-08-01 00:19 11,255 --a------ C:\WINDOWS\system32\towu.lib 2008-08-01 00:19 . 2008-08-01 00:19 10,968 --a------ C:\Program Files\Fichiers communs\inybusiry.dll 2008-08-01 00:11 . 2008-08-01 00:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-31 23:48 . 2008-07-31 23:48 <REP> d-------- C:\WINDOWS\system32\AVGUARD_4c3ecb17 2008-07-31 23:47 . 2008-08-01 11:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-31 23:47 . 2008-08-01 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-31 06:27 . 2008-07-31 06:27 18,213 --a------ C:\Documents and Settings\All Users\Application Data\uroky.bin 2008-07-31 06:27 . 2008-07-31 06:27 16,977 --a------ C:\WINDOWS\ixine.lib 2008-07-31 06:27 . 2008-07-31 06:27 16,160 --a------ C:\Program Files\Fichiers communs\ajococasu.bin 2008-07-31 06:27 . 2008-07-31 06:27 13,025 --a------ C:\WINDOWS\aqacuvi.dat 2008-07-31 06:27 . 2008-07-31 06:27 12,785 --a------ C:\WINDOWS\system32\bikuf.pif 2008-07-31 06:27 . 2008-07-31 06:27 12,039 --a------ C:\Documents and Settings\All Users\Application Data\zogad.reg 2008-07-31 06:27 . 2008-07-31 06:27 11,614 --a------ C:\WINDOWS\ypigafubih.exe 2008-07-31 06:27 . 2008-07-31 06:27 11,051 --a------ C:\Documents and Settings\1-Farrid\Application Data\ohukegufyk.bat 2008-07-22 18:31 . 2008-07-22 18:31 <REP> d-------- C:\Program Files\Sun 2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-03 11:25 --------- d-----w C:\Program Files\Google 2008-07-31 22:19 17,064 ----a-w C:\Program Files\Fichiers communs\kaho.inf 2008-07-31 04:27 17,256 ----a-w C:\Program Files\Fichiers communs\bosoduqe.inf 2008-07-22 16:30 --------- d-----w C:\Program Files\Java 2008-07-09 07:07 19,104 ----a-w C:\Documents and Settings\1-Farrid\Application Data\GDIPFONTCACHEV1.DAT 2008-07-09 06:52 --------- d-----w C:\Documents and Settings\1-Farrid\Application Data\DivX 2008-07-08 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-08 04:19 --------- d-----w C:\Program Files\Lecteur CANALPLAY 2008-06-24 18:08 --------- d-----w C:\Documents and Settings\2-Housnat\Application Data\Yahoo! 2008-06-21 15:59 --------- d-----w C:\Documents and Settings\3-Enfants\Application Data\Yahoo! 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 07:19 68856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2008-06-20 18:28 2144128] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 22:43 86016] "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 16:36 684032] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-06 14:44 98304] "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-08 13:16 69632] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 13:16 185896] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe] "CHotkey"="mHotkey.exe" [2004-02-24 15:05 508416 C:\WINDOWS\mHotkey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\NetMeeting\\Conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"= . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 09:49:38 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... C:\Documents and Settings\1-Farrid\Local Settings\Application Data\Microsoft\Messenger\charlietoutcourt@hotmail.com\SharingMetadata\Working\database_9AE4_7B54_E47B_319D\$db_clean$ 0 bytes Scan terminé avec succès Les fichiers cachés: 1 ************************************************************************** . Temps d'accomplissement: 2008-08-12 9:50:44 ComboFix-quarantined-files.txt 2008-08-12 07:50:40 ComboFix2.txt 2008-08-09 14:30:20 ComboFix3.txt 2008-08-09 14:18:01 ComboFix4.txt 2008-08-05 14:48:14 Pre-Run: 195,502,780,416 octets libres Post-Run: 195,718,369,280 octets libres 153 --- E O F --- 2008-08-07 19:24:18
  2. toutclic
    Voici le deuxieme rapport : ComboFix 08-08-04.06 - 1-Farrid 2008-08-09 16:28:31.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.609 [GMT 2:00] Endroit: C:\Documents and Settings\1-Farrid\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\1-Farrid\Bureau\CFScript.txt * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))))))) . 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\Malwarebytes 2008-08-04 19:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-04 19:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-02 16:21 . 2008-08-02 16:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-02 16:15 . 2008-08-02 16:15 <REP> d-------- C:\Deckard 2008-08-01 20:59 . 2008-08-01 20:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-08-01 20:53 . 2008-08-01 20:54 <REP> d-------- C:\WINDOWS\ERUNT 2008-08-01 14:00 . 2008-08-01 14:00 <REP> d-------- C:\Program Files\Avira 2008-08-01 12:41 . 2008-08-01 12:41 <REP> d-------- C:\Program Files\Trend Micro 2008-08-01 00:19 . 2008-08-01 00:19 19,627 --a------ C:\Program Files\Fichiers communs\uboleqo.pif 2008-08-01 00:19 . 2008-08-01 00:19 19,006 --a------ C:\WINDOWS\enulu.db 2008-08-01 00:19 . 2008-08-01 00:19 17,305 --a------ C:\WINDOWS\ikypyfodax.reg 2008-08-01 00:19 . 2008-08-01 00:19 17,192 --a------ C:\WINDOWS\unysopy.vbs 2008-08-01 00:19 . 2008-08-01 00:19 14,945 --a------ C:\Documents and Settings\1-Farrid\Application Data\efuqaf.vbs 2008-08-01 00:19 . 2008-08-01 00:19 14,783 --a------ C:\WINDOWS\symuh.exe 2008-08-01 00:19 . 2008-08-01 00:19 12,784 --a------ C:\WINDOWS\zupajibefi.sys 2008-08-01 00:19 . 2008-08-01 00:19 12,667 --a------ C:\WINDOWS\system32\xaqyfoba._sy 2008-08-01 00:19 . 2008-08-01 00:19 12,229 --a------ C:\Documents and Settings\1-Farrid\Application Data\imomosypyx.scr 2008-08-01 00:19 . 2008-08-01 00:19 11,892 --a------ C:\Program Files\Fichiers communs\perurowyq.reg 2008-08-01 00:19 . 2008-08-01 00:19 11,291 --a------ C:\Program Files\Fichiers communs\upyrygetiz.pif 2008-08-01 00:19 . 2008-08-01 00:19 11,255 --a------ C:\WINDOWS\system32\towu.lib 2008-08-01 00:19 . 2008-08-01 00:19 10,968 --a------ C:\Program Files\Fichiers communs\inybusiry.dll 2008-08-01 00:11 . 2008-08-01 00:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-31 23:48 . 2008-07-31 23:48 <REP> d-------- C:\WINDOWS\system32\AVGUARD_4c3ecb17 2008-07-31 23:47 . 2008-08-01 11:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-31 23:47 . 2008-08-01 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-31 06:27 . 2008-07-31 06:27 18,213 --a------ C:\Documents and Settings\All Users\Application Data\uroky.bin 2008-07-31 06:27 . 2008-07-31 06:27 16,977 --a------ C:\WINDOWS\ixine.lib 2008-07-31 06:27 . 2008-07-31 06:27 16,160 --a------ C:\Program Files\Fichiers communs\ajococasu.bin 2008-07-31 06:27 . 2008-07-31 06:27 13,025 --a------ C:\WINDOWS\aqacuvi.dat 2008-07-31 06:27 . 2008-07-31 06:27 12,785 --a------ C:\WINDOWS\system32\bikuf.pif 2008-07-31 06:27 . 2008-07-31 06:27 12,039 --a------ C:\Documents and Settings\All Users\Application Data\zogad.reg 2008-07-31 06:27 . 2008-07-31 06:27 11,614 --a------ C:\WINDOWS\ypigafubih.exe 2008-07-31 06:27 . 2008-07-31 06:27 11,051 --a------ C:\Documents and Settings\1-Farrid\Application Data\ohukegufyk.bat 2008-07-22 18:31 . 2008-07-22 18:31 <REP> d-------- C:\Program Files\Sun 2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR 2008-07-09 08:52 . 2008-07-09 08:52 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\DivX . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-05 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-03 11:25 --------- d-----w C:\Program Files\Google 2008-07-31 22:19 17,064 ----a-w C:\Program Files\Fichiers communs\kaho.inf 2008-07-31 04:27 17,256 ----a-w C:\Program Files\Fichiers communs\bosoduqe.inf 2008-07-22 16:30 --------- d-----w C:\Program Files\Java 2008-07-09 07:07 19,104 ----a-w C:\Documents and Settings\1-Farrid\Application Data\GDIPFONTCACHEV1.DAT 2008-07-08 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-08 04:19 --------- d-----w C:\Program Files\Lecteur CANALPLAY 2008-06-24 18:08 --------- d-----w C:\Documents and Settings\2-Housnat\Application Data\Yahoo! 2008-06-21 15:59 --------- d-----w C:\Documents and Settings\3-Enfants\Application Data\Yahoo! 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-06-10 02:59 --------- d-----w C:\Documents and Settings\1-Farrid\Application Data\Yahoo! 2008-06-10 02:58 --------- d-----w C:\Program Files\DivX 2008-06-10 02:57 --------- d-----w C:\Program Files\Yahoo! 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 07:19 68856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2008-06-20 18:28 2144128] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 22:43 86016] "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 16:36 684032] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-06 14:44 98304] "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-08 13:16 69632] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 13:16 185896] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe] "CHotkey"="mHotkey.exe" [2004-02-24 15:05 508416 C:\WINDOWS\mHotkey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\NetMeeting\\Conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"= R3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48] R3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 18:28] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 16:29:23 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-08-09 16:30:19 ComboFix-quarantined-files.txt 2008-08-09 14:30:03 ComboFix2.txt 2008-08-09 14:18:01 ComboFix3.txt 2008-08-05 14:48:14 Pre-Run: 195,803,987,968 octets libres Post-Run: 195,792,969,728 octets libres 157 --- E O F --- 2008-08-07 19:24:18 et voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:32:08, on 09/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\mHotkey.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.fr/ O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: CANALPLAY Installer - http://www.canalplay.com/cabs/CanalInstaller.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162823266296 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162823248765 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B36719-0CD1-4CF4-B744-BB3D4C80C25B}: NameServer = 192.168.1.1 O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 8936 bytes Et oui j'ai encore un probleme. Tout les jours antivir me detecte un virus voici son rapport : Virus or unwanted program 'TR/Trash.Gen [trojan]' detected in file 'C:\System Volume Information\_restore{1D571015-0B84-4D59-834E-BE56DAC462EC}\RP147\A0011156.dll. Action performed: Delete file Comment je fais pour l'enlever definitivement.
  3. toutclic
    Bonjour Voici le premier rapport : ComboFix 08-08-04.06 - 1-Farrid 2008-08-09 16:14:42.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.607 [GMT 2:00] Endroit: C:\Documents and Settings\1-Farrid\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\1-Farrid\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))))))) . 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\Malwarebytes 2008-08-04 19:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-04 19:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-02 16:21 . 2008-08-02 16:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-02 16:15 . 2008-08-02 16:15 <REP> d-------- C:\Deckard 2008-08-01 20:59 . 2008-08-01 20:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-08-01 20:53 . 2008-08-01 20:54 <REP> d-------- C:\WINDOWS\ERUNT 2008-08-01 14:00 . 2008-08-01 14:00 <REP> d-------- C:\Program Files\Avira 2008-08-01 12:41 . 2008-08-01 12:41 <REP> d-------- C:\Program Files\Trend Micro 2008-08-01 00:19 . 2008-08-01 00:19 19,627 --a------ C:\Program Files\Fichiers communs\uboleqo.pif 2008-08-01 00:19 . 2008-08-01 00:19 19,006 --a------ C:\WINDOWS\enulu.db 2008-08-01 00:19 . 2008-08-01 00:19 17,305 --a------ C:\WINDOWS\ikypyfodax.reg 2008-08-01 00:19 . 2008-08-01 00:19 17,192 --a------ C:\WINDOWS\unysopy.vbs 2008-08-01 00:19 . 2008-08-01 00:19 14,945 --a------ C:\Documents and Settings\1-Farrid\Application Data\efuqaf.vbs 2008-08-01 00:19 . 2008-08-01 00:19 14,783 --a------ C:\WINDOWS\symuh.exe 2008-08-01 00:19 . 2008-08-01 00:19 12,784 --a------ C:\WINDOWS\zupajibefi.sys 2008-08-01 00:19 . 2008-08-01 00:19 12,667 --a------ C:\WINDOWS\system32\xaqyfoba._sy 2008-08-01 00:19 . 2008-08-01 00:19 12,229 --a------ C:\Documents and Settings\1-Farrid\Application Data\imomosypyx.scr 2008-08-01 00:19 . 2008-08-01 00:19 11,892 --a------ C:\Program Files\Fichiers communs\perurowyq.reg 2008-08-01 00:19 . 2008-08-01 00:19 11,291 --a------ C:\Program Files\Fichiers communs\upyrygetiz.pif 2008-08-01 00:19 . 2008-08-01 00:19 11,255 --a------ C:\WINDOWS\system32\towu.lib 2008-08-01 00:19 . 2008-08-01 00:19 10,968 --a------ C:\Program Files\Fichiers communs\inybusiry.dll 2008-08-01 00:11 . 2008-08-01 00:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-31 23:48 . 2008-07-31 23:48 <REP> d-------- C:\WINDOWS\system32\AVGUARD_4c3ecb17 2008-07-31 23:47 . 2008-08-01 11:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-31 23:47 . 2008-08-01 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-31 06:27 . 2008-07-31 06:27 18,213 --a------ C:\Documents and Settings\All Users\Application Data\uroky.bin 2008-07-31 06:27 . 2008-07-31 06:27 16,977 --a------ C:\WINDOWS\ixine.lib 2008-07-31 06:27 . 2008-07-31 06:27 16,160 --a------ C:\Program Files\Fichiers communs\ajococasu.bin 2008-07-31 06:27 . 2008-07-31 06:27 13,025 --a------ C:\WINDOWS\aqacuvi.dat 2008-07-31 06:27 . 2008-07-31 06:27 12,785 --a------ C:\WINDOWS\system32\bikuf.pif 2008-07-31 06:27 . 2008-07-31 06:27 12,039 --a------ C:\Documents and Settings\All Users\Application Data\zogad.reg 2008-07-31 06:27 . 2008-07-31 06:27 11,614 --a------ C:\WINDOWS\ypigafubih.exe 2008-07-31 06:27 . 2008-07-31 06:27 11,051 --a------ C:\Documents and Settings\1-Farrid\Application Data\ohukegufyk.bat 2008-07-22 18:31 . 2008-07-22 18:31 <REP> d-------- C:\Program Files\Sun 2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR 2008-07-09 08:52 . 2008-07-09 08:52 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\DivX . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-05 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-03 11:25 --------- d-----w C:\Program Files\Google 2008-07-31 22:19 17,064 ----a-w C:\Program Files\Fichiers communs\kaho.inf 2008-07-31 04:27 17,256 ----a-w C:\Program Files\Fichiers communs\bosoduqe.inf 2008-07-22 16:30 --------- d-----w C:\Program Files\Java 2008-07-09 07:07 19,104 ----a-w C:\Documents and Settings\1-Farrid\Application Data\GDIPFONTCACHEV1.DAT 2008-07-08 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-08 04:19 --------- d-----w C:\Program Files\Lecteur CANALPLAY 2008-06-24 18:08 --------- d-----w C:\Documents and Settings\2-Housnat\Application Data\Yahoo! 2008-06-21 15:59 --------- d-----w C:\Documents and Settings\3-Enfants\Application Data\Yahoo! 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-06-10 02:59 --------- d-----w C:\Documents and Settings\1-Farrid\Application Data\Yahoo! 2008-06-10 02:58 --------- d-----w C:\Program Files\DivX 2008-06-10 02:57 --------- d-----w C:\Program Files\Yahoo! 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-05_16.47.55.62 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-04 08:10:10 208,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingDevice.dll + 2008-02-04 08:06:54 417,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingServices.dll + 2008-02-04 08:08:42 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\LiveAlbumXCtrl.dll + 2008-02-04 08:07:46 1,779,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\MicrosoftEffects.dll + 2008-02-04 08:05:04 46,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\PhotoViewerShim.dll + 2008-02-04 08:06:46 372,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXAlbumDownloadWizard.exe + 2008-02-01 09:23:12 279,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\wlxclip.dll + 2008-02-01 09:13:40 191,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXDSPA.dll + 2008-02-04 08:10:02 130,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXGrinderScheduler.dll + 2008-02-04 08:06:00 59,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXImageTranscode.dll + 2008-02-04 08:08:26 712,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXMediaPublishSubscribe.dll + 2008-02-01 09:17:40 587,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPGSS.SCR + 2008-02-04 08:07:22 1,565,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcq.dll + 2008-02-01 09:13:40 227,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcquireWizard.exe + 2008-02-04 08:08:38 86,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoCinematic.dll + 2008-02-04 08:08:32 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoClassic.dll + 2008-02-04 08:09:08 125,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGallery.exe + 2008-02-01 09:13:42 16,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGalleryRepair.exe + 2008-02-04 08:06:54 394,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoLibraryDatabase.dll + 2008-02-04 08:06:20 1,515,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoViewer.dll + 2008-02-04 08:06:20 1,250,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoVoyager.dll + 2008-02-04 08:06:18 752,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipeline.dll + 2008-02-04 08:06:14 734,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipetran.dll + 2008-02-01 09:13:42 101,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHost.exe + 2008-02-04 08:05:00 20,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHostPS.dll + 2008-02-04 08:05:04 53,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeShellExt.dll + 2008-02-04 08:08:42 85,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXThumbCache.dll + 2008-02-04 08:10:04 144,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVAFilt.dll + 2008-02-04 08:07:40 675,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoAcquireWizard.exe + 2008-02-04 08:07:10 69,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoCameraAutoPlayManager.exe + 2008-02-04 08:10:10 165,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoTrim.dll - 2008-04-13 21:12:35 123,008 ----a-r C:\WINDOWS\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe + 2008-08-07 19:24:16 123,008 ----a-r C:\WINDOWS\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe - 2008-03-04 11:28:49 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2008-08-06 12:01:59 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 07:19 68856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2008-06-20 18:28 2144128] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 22:43 86016] "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 16:36 684032] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-06 14:44 98304] "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-08 13:16 69632] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 13:16 185896] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe] "CHotkey"="mHotkey.exe" [2004-02-24 15:05 508416 C:\WINDOWS\mHotkey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\NetMeeting\\Conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"= R3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48] R3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 18:28] *Newly Created Service* - CATCHME . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 16:16:43 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-08-09 16:18:00 ComboFix-quarantined-files.txt 2008-08-09 14:17:57 ComboFix2.txt 2008-08-05 14:48:14 Pre-Run: 195,693,629,440 octets libres Post-Run: 195,819,352,064 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 209 --- E O F --- 2008-08-07 19:24:18
  4. toutclic
    Bonjour Wawaseb voici le rapport combofix : ComboFix 08-08-04.06 - 1-Farrid 2008-08-05 16:40:31.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.667 [GMT 2:00] Endroit: J:\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))))))) . 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\Malwarebytes 2008-08-04 19:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-04 19:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-02 16:21 . 2008-08-02 16:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-02 16:15 . 2008-08-02 16:15 <REP> d-------- C:\Deckard 2008-08-01 20:59 . 2008-08-01 20:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-08-01 20:53 . 2008-08-01 20:54 <REP> d-------- C:\WINDOWS\ERUNT 2008-08-01 14:00 . 2008-08-01 14:00 <REP> d-------- C:\Program Files\Avira 2008-08-01 12:41 . 2008-08-01 12:41 <REP> d-------- C:\Program Files\Trend Micro 2008-08-01 00:19 . 2008-08-01 00:19 19,627 --a------ C:\Program Files\Fichiers communs\uboleqo.pif 2008-08-01 00:19 . 2008-08-01 00:19 19,006 --a------ C:\WINDOWS\enulu.db 2008-08-01 00:19 . 2008-08-01 00:19 17,305 --a------ C:\WINDOWS\ikypyfodax.reg 2008-08-01 00:19 . 2008-08-01 00:19 17,192 --a------ C:\WINDOWS\unysopy.vbs 2008-08-01 00:19 . 2008-08-01 00:19 14,945 --a------ C:\Documents and Settings\1-Farrid\Application Data\efuqaf.vbs 2008-08-01 00:19 . 2008-08-01 00:19 14,783 --a------ C:\WINDOWS\symuh.exe 2008-08-01 00:19 . 2008-08-01 00:19 12,784 --a------ C:\WINDOWS\zupajibefi.sys 2008-08-01 00:19 . 2008-08-01 00:19 12,667 --a------ C:\WINDOWS\system32\xaqyfoba._sy 2008-08-01 00:19 . 2008-08-01 00:19 12,229 --a------ C:\Documents and Settings\1-Farrid\Application Data\imomosypyx.scr 2008-08-01 00:19 . 2008-08-01 00:19 11,892 --a------ C:\Program Files\Fichiers communs\perurowyq.reg 2008-08-01 00:19 . 2008-08-01 00:19 11,291 --a------ C:\Program Files\Fichiers communs\upyrygetiz.pif 2008-08-01 00:19 . 2008-08-01 00:19 11,255 --a------ C:\WINDOWS\system32\towu.lib 2008-08-01 00:19 . 2008-08-01 00:19 10,968 --a------ C:\Program Files\Fichiers communs\inybusiry.dll 2008-08-01 00:11 . 2008-08-01 00:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-31 23:48 . 2008-07-31 23:48 <REP> d-------- C:\WINDOWS\system32\AVGUARD_4c3ecb17 2008-07-31 23:47 . 2008-08-01 11:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-31 23:47 . 2008-08-01 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-31 06:27 . 2008-07-31 06:27 18,213 --a------ C:\Documents and Settings\All Users\Application Data\uroky.bin 2008-07-31 06:27 . 2008-07-31 06:27 16,977 --a------ C:\WINDOWS\ixine.lib 2008-07-31 06:27 . 2008-07-31 06:27 16,160 --a------ C:\Program Files\Fichiers communs\ajococasu.bin 2008-07-31 06:27 . 2008-07-31 06:27 13,025 --a------ C:\WINDOWS\aqacuvi.dat 2008-07-31 06:27 . 2008-07-31 06:27 12,785 --a------ C:\WINDOWS\system32\bikuf.pif 2008-07-31 06:27 . 2008-07-31 06:27 12,039 --a------ C:\Documents and Settings\All Users\Application Data\zogad.reg 2008-07-31 06:27 . 2008-07-31 06:27 11,614 --a------ C:\WINDOWS\ypigafubih.exe 2008-07-31 06:27 . 2008-07-31 06:27 11,051 --a------ C:\Documents and Settings\1-Farrid\Application Data\ohukegufyk.bat 2008-07-22 18:31 . 2008-07-22 18:31 <REP> d-------- C:\Program Files\Sun 2008-07-09 08:52 . 2008-07-09 08:52 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\DivX 2008-07-08 06:19 . 2008-07-08 06:19 <REP> d-------- C:\Program Files\Lecteur CANALPLAY . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-05 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-03 11:25 --------- d-----w C:\Program Files\Google 2008-07-31 22:19 17,064 ----a-w C:\Program Files\Fichiers communs\kaho.inf 2008-07-31 04:27 17,256 ----a-w C:\Program Files\Fichiers communs\bosoduqe.inf 2008-07-22 16:30 --------- d-----w C:\Program Files\Java 2008-07-09 07:07 19,104 ----a-w C:\Documents and Settings\1-Farrid\Application Data\GDIPFONTCACHEV1.DAT 2008-07-08 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-24 18:08 --------- d-----w C:\Documents and Settings\2-Housnat\Application Data\Yahoo! 2008-06-21 15:59 --------- d-----w C:\Documents and Settings\3-Enfants\Application Data\Yahoo! 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-06-10 02:59 --------- d-----w C:\Documents and Settings\1-Farrid\Application Data\Yahoo! 2008-06-10 02:58 --------- d-----w C:\Program Files\DivX 2008-06-10 02:57 --------- d-----w C:\Program Files\Yahoo! 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 07:19 68856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2008-06-20 18:28 2144128] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 22:43 86016] "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 16:36 684032] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-06 14:44 98304] "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-08 13:16 69632] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 13:16 185896] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe] "CHotkey"="mHotkey.exe" [2004-02-24 15:05 508416 C:\WINDOWS\mHotkey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\NetMeeting\\Conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"= R3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48] R3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 18:28] . - - - - ORPHANS REMOVED - - - - HKLM-Run-BullGuard - C:\Program Files\BullGuard Software\BullGuard\bullguard.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-05 16:44:43 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PAStiSvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-05 16:48:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-05 14:48:10 Pre-Run: 195,891,765,248 octets libres Post-Run: 195,895,799,808 octets libres 178 --- E O F --- 2008-07-09 01:33:23 bonne lecture
  5. toutclic
    bon la sa va faire un bon paquet de rapport voici les rapport SDfix de toutes les session : 1er : SDFix: Version 1.211 Run by 2-Housnat on 04/08/2008 at 18:12 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\1-Farrid\Bureau\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\nvrsul32.dll - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 18:57:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du TiberiumT" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\1-Farrid\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 8 Jul 2008 5,189,064 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe" Fri 20 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\2-Housnat\Mes documents\Housnat\~WRL0002.tmp" Sun 20 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT4.tmp" Sun 6 Apr 2008 444 ...HR --- "C:\Documents and Settings\1-Farrid\Application Data\SecuROM\UserData\securom_v7_01.bak" Sat 5 Apr 2008 9,506 A.SH. --- "C:\Documents and Settings\1-Farrid\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished! catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 18:57:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 2eme : SDFix: Version 1.211 Run by 3-Enfants on 04/08/2008 at 19:04 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\1-Farrid\Bureau\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\nvrsul32.dll - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 19:08:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du TiberiumT" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\1-Farrid\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 8 Jul 2008 5,189,064 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe" Fri 20 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\2-Housnat\Mes documents\Housnat\~WRL0002.tmp" Sun 20 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT4.tmp" Sun 6 Apr 2008 444 ...HR --- "C:\Documents and Settings\1-Farrid\Application Data\SecuROM\UserData\securom_v7_01.bak" Sat 5 Apr 2008 9,506 A.SH. --- "C:\Documents and Settings\1-Farrid\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished! catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 19:08:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 3eme : SDFix: Version 1.211 Run by 1-Farrid on 04/08/2008 at 17:34 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\1-Farrid\Bureau\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\nvrsul32.dll - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 18:03:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du TiberiumT" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\1-Farrid\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 8 Jul 2008 5,189,064 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe" Fri 20 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\2-Housnat\Mes documents\Housnat\~WRL0002.tmp" Sun 20 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT4.tmp" Sun 6 Apr 2008 444 ...HR --- "C:\Documents and Settings\1-Farrid\Application Data\SecuROM\UserData\securom_v7_01.bak" Sat 5 Apr 2008 9,506 A.SH. --- "C:\Documents and Settings\1-Farrid\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished! catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 19:18:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 4eme : SDFix: Version 1.211 Run by 1-Farrid on 04/08/2008 at 17:34 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\1-Farrid\Bureau\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\nvrsul32.dll - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 18:03:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du TiberiumT" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\1-Farrid\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 8 Jul 2008 5,189,064 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe" Fri 20 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\2-Housnat\Mes documents\Housnat\~WRL0002.tmp" Sun 20 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT4.tmp" Sun 6 Apr 2008 444 ...HR --- "C:\Documents and Settings\1-Farrid\Application Data\SecuROM\UserData\securom_v7_01.bak" Sat 5 Apr 2008 9,506 A.SH. --- "C:\Documents and Settings\1-Farrid\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished! le catch de cette parti est manquant. Le rapport MBAM : Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1024 Windows 5.1.2600 Service Pack 2 19:58:12 04/08/2008 mbam-log-8-4-2008 (19-58-12).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Eléments examinés: 98750 Temps écoulé: 29 minute(s), 40 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 27 Fichier(s) infecté(s): 528 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2m solitaires collection (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp securitycenter (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\2M Games (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\textures (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\hotspot (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\applet (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\ext (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\fonts (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\security (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\data (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\Config2.cfg (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\ErrorLog.txt (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\Hiscores.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\LicenseFR.txt (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\ReadmeFR.txt (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\solitaires.jar (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\Stats.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\uninstall.exe (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\uninstall.ini (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\About.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\AboutDistribution.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\AboutRegistration.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\Config.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\GameConcepts.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\GameDefinitions.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\GameRules.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\IndexAP.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\MoreFaqs.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\MoreTips.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\Mouse.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\QuickStart.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAcme.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAcquaintance.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAddUpTens.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAdelie.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAdelieII.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAffinity.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAgnesBernauer.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAgnesSorel.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAlaska.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAlgerianPatience.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAlhambra.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAllFourSuits.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAllInARow.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAlternations.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAmazons.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAmericanToad.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAntartica.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleApplegate.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleArchway.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleArctica.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleArizona.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAuldLangSyne.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAusterlitz.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAustralianPatience.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAuteuil.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBackAndForth.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBackbone.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBakersDozen.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBakersFan.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBakersGame.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBastion.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBatsford.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBeetle.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBeleagueredCastle.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBetsyRoss.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBisley.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlackHole.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlackHoles.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlackSpider.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlackWidow.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlindAlleys.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlockade.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlockTen.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlondesAndBrunettes.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBoardPatience.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBoxKite.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBrazilianPatience.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBrigade.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBrisbane.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBristol.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBritishConstitution.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBuffaloBill.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBusyAces.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBusyFives.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBusyFours.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBusyThrees.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCadran.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCalculation.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCalifornia.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCanfield.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCanister.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCapricieuse.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCaptiveQueens.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCarcassonne.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCarlton.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCarpet.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCastlesEnd.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCastlesInSpain.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCatsCradle.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleChameleon.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleChessboard.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCicely.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCitadel.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleClub.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleColorado.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCone.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCongress.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleContradance.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCorners.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCorona.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCourtyard.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCrescent.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCrissCross.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCruel.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCurdsAndWhey.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCzarina.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDeauville.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDesertFox.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDeuces.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDial.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDiamondSquare.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDiplomat.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDogsCradle.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleAdelie.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleAntartica.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleArctica.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleBisley.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleCanfield.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleFourteens.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleGolf.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\Score.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\SelectGame.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\Stat.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\Statusbar.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\Toolbar.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\fr\WiseMan.htm (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\cd.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\cdSolitaires.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\DotIcon.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\DraggingCards.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAcme.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAcquaintance.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAddUpTens.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAdelie.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAdelieII.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAffinity.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAgnesBernauer.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAgnesSorel.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAlaska.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAlgerianPatience.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAlhambra.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAllFourSuits.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAllInARow.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAlternations.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAmazons.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAmericanToad.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAntartica.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutApplegate.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutArchway.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutArctica.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutArizona.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAuldLangSyne.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAusterlitz.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAustralianPatience.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAuteuil.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBackAndForth.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBackbone.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBakersDozen.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBakersFan.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBakersGame.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBastion.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBatsford.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBeetle.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBeleagueredCastle.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBetsyRoss.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBisley.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlackHole.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlackHoles.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlackSpider.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlackWidow.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlindAlleys.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlockade.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlockTen.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlondesAndBrunettes.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBoardPatience.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBoxKite.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBrazilianPatience.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBrigade.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBrisbane.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBristol.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBritishConstitution.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBuffaloBill.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBusyAces.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBusyFives.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBusyFours.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBusyThrees.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCadran.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCalculation.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCalifornia.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCanfield.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCanister.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCapricieuse.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCaptiveQueens.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCarcassonne.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCarlton.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCarpet.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCastlesEnd.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCastlesInSpain.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCatsCradle.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutChameleon.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutChessboard.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCicely.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCitadel.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutClub.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutColorado.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCone.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCongress.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutContradance.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCorners.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCorona.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCourtyard.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCrescent.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCrissCross.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCruel.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCurdsAndWhey.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCzarina.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDeauville.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDesertFox.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDeuces.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDial.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDiamondSquare.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDiplomat.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDogsCradle.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleAdelie.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleAntartica.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleArctica.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleBisley.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleCanfield.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleFourteens.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutGolf.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\StatReset.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\StatScore.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolAbout.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolAuto.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolAutoplay.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolConfig.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolEnd.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolHelp.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolPause.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolRecord.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolRegister.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolRestart.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolRestartSame.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolStart.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolStat.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolUndo.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolUndoRecord.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Acme.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Acquaintance.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Add Up Tens.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Adelie II.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Adelie.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Affinity.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Agnes Bernauer.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Agnes Sorel.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Alaska.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Algerian Patience.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Alhambra.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\All Four Suits.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\All In A Row.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Alternations.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Amazons.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\American Toad.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Antartica.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Applegate.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Archway.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Arctica.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Arizona.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Auld Lang Syne.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Austerlitz.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Australian Patience.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Auteuil.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Back And Forth.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Backbone.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Bakers Dozen.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Bakers Fan.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Bakers Game.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Bastion.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Batsford.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Beetle.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Beleaguered Castle.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Betsy Ross.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Bisley.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Black Hole.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Black Holes.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Black Spider.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Black Widow.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Blind Alleys.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Block Ten.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Blockade.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Blondes And Brunettes.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Board Patience.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Box Kite.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Brazilian Patience.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Brigade.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Brisbane.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Bristol.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\British Constitution.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Buffalo Bill.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Busy Aces.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Busy Fives.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Busy Fours.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Busy Threes.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Cadran.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Calculation.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\California.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Canfield.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Canister.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Capricieuse.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Captive Queens.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Carcassonne.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Carlton.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Carpet.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Castles End.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Castles In Spain.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Cats Cradle.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Chameleon.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Chessboard.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Cicely.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Citadel.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Club.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Colorado.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Cone.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Congress.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Contradance.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Corners.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Corona.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Courtyard.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Crescent.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Criss Cross.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Cruel.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Curds And Whey.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Czarina.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Deauville.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Desert Fox.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Deuces.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Dial.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Diamond Square.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Diplomat.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Dogs Cradle.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Double Adelie.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Double Antartica.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Double Arctica.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Double Bisley.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Double Canfield.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Double Fourteens.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\games\Golf.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\Cancel.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\CancelSelected.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\DlgNameIcon.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\DlgScoreIcon.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\Help.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\HelpBack.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\HelpHome.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\HelpNext.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\HelpSelected.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\Joker.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\Level1.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\Level2.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\Level3.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\OK.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\OKSelected.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\Pause.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ProgramIcon.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\Register.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\RegisterSelected.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\SplashAP.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\StatReset.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\StatResetOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\StatScore.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\StatScoreOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolAbout.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolAboutOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolAboutPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolAuto.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoplay.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoplayOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoplayPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolConfig.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolConfigOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolConfigPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolEnd.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolEndOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolEndPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolHelp.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolHelpOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolHelpPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolPause.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolPauseOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolPausePressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRecord.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRecordOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRecordPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRegister.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRegisterOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRegisterPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestart.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartSame.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartSameOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartSamePressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolStart.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolStartOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolStartPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolStat.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolStatOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolStatPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndo.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoRecord.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoRecordDisabled.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoRecordOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoRecordPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\Backs.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\Cards-Bleus.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\Cards-Classic.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\DragOver-1.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\DragOver-2.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\DragOver-3.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\Piles-Black.dat (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\textures\Background01.jpg (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\textures\Background02.jpg (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\textures\Background03.jpg (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\textures\Texture01.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\textures\Texture02.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\images\textures\Texture03.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\ActPanel.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\awt.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\cmm.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\dcpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\dt_socket.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\fontmanager.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\game.ico (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\hpi.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\hprof.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\ioser12.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\java.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\javaw.exe (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\jawt.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\jcov.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\JdbcOdbc.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\jdwp.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\jpeg.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\jpins32.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\jpishare.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\jsound.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\msvcrt.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\net.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPJava11.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPJava12.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPJava131_01.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPJava32.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPOJI600.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\packager.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\verify.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\zip.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\hotspot\jvm.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\bin\hotspot\Xusage.txt (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\content-types.properties (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\flavormap.properties (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.ar (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.iw (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.ja (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.ko (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.ru (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.th (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.zh (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.zh.NT4.0 (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.zh_TW (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\jawt.lib (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\jvm.cfg (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\jvm.hprof.txt (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\jvm.jcov.txt (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\rt.jar (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\sunrsasign.jar (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\tzmappings (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm\CIEXYZ.pf (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm\GRAY.pf (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm\LINEAR_RGB.pf (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm\sRGB.pf (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\cursors.properties (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\invalid32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_CopyDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_LinkDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_MoveDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\security\cacerts (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\security\java.policy (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\jre\lib\security\java.security (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Abort1.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Abort2.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Deal1.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Deal2.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Deal27.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Deal3.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Deal9.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Drag.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Fast.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Fill.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\FillDeal.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Setup104.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Setup52.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Shuffle.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Undo1.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Undo2.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Victory.mid (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Wrong1.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\2M Games\Solitaires Collection\sounds\Wrong2.wav (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\htmlayout.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\pthreadVC2.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\un.ico (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\unzip32.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\wscui.cpl (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\XP_SecurityCenter.cfg (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\data\daily.cvd (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. voila bonne lecture. et encore merci pour l'aide
  6. toutclic
    Pourtant j'ai fait tout ce que vous m'aviez dit a la lettre j'ai bien executer SDfix en mode sans echec dans la session Farrid et redemarrer l'ordinateur comme cela était demander mais je vais refaire SDfix comme vous me l'avez dit a l'instant et vous envoyer les rapports
  7. toutclic
    voici le rapport kaspersky : KASPERSKY ON-LINE SCANNER REPORT Saturday, August 02, 2008 5:35:45 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 2/08/2008 Enregistrements dans la base antivirus Kaspersky : 1044906 Paramètres d'analyse Analyser avec la base antivirus suivante étendue Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Statistiques de l'analyse Total d'objets analysés 76137 Nombre de virus trouvés 3 Nombre d'objets infectés 9 / 0 Nombre d'objets suspects 0 Durée de l'analyse 00:42:49 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\formhistory.dat L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Bureau\SDFix\backups\backups.zip/backups/buritos.exe Infecté : Trojan-Downloader.Win32.FraudLoad.vaui ignoré C:\Documents and Settings\1-Farrid\Bureau\SDFix\backups\backups.zip ZIP: infecté - 1 ignoré C:\Documents and Settings\1-Farrid\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Temporary Internet Files\Content.IE5\BP7K40BQ\Binaries1[1].zip/XPSecurityCenter.exe Infecté : not-a-virus:FraudTool.Win32.XPSecurityCenter.k ignoré C:\Documents and Settings\1-Farrid\Local Settings\Temporary Internet Files\Content.IE5\BP7K40BQ\Binaries1[1].zip ZIP: infecté - 1 ignoré C:\Documents and Settings\1-Farrid\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\Local Settings\Temporary Internet Files\Content.IE5\NPVNF4AL\install[1].exe Infecté : Trojan.Win32.Pakes.jyl ignoré C:\Documents and Settings\1-Farrid\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\1-Farrid\UserData\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\3-Enfants\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré C:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Lecteur CANALPLAY\CanalPlayer.log L'objet est verrouillé ignoré C:\Program Files\Lecteur CANALPLAY\CanalPlayService.log L'objet est verrouillé ignoré C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe Infecté : not-a-virus:FraudTool.Win32.XPSecurityCenter.k ignoré C:\RECYCLER\S-1-5-21-2135669534-4071964987-1112455532-500\Dc113.exe Infecté : Trojan.Win32.Pakes.jyl ignoré C:\RECYCLER\S-1-5-21-2135669534-4071964987-1112455532-500\Dc76.zip/XPSecurityCenter.exe Infecté : not-a-virus:FraudTool.Win32.XPSecurityCenter.k ignoré C:\RECYCLER\S-1-5-21-2135669534-4071964987-1112455532-500\Dc76.zip ZIP: infecté - 1 ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E3109221-850A-40B3-9D9D-02E115C2A03F}.crmlog L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.
  8. toutclic
    je suis entrain de faire scan il sera fini d'ici 1 ou 2 heures
  9. toutclic
    Bonjour Voici les Deux rapport de dss : Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professionnel (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: Intel® Core2 CPU 6300 @ 1.86GHz CPU 1: Intel® Core2 CPU 6300 @ 1.86GHz Percentage of Memory in Use: 32% Physical Memory (total/avail): 1022.42 MiB / 691.49 MiB Pagefile Memory (total/avail): 2459.52 MiB / 2130.57 MiB Virtual Memory (total/avail): 2047.88 MiB / 1928.57 MiB C: is Fixed (NTFS) - 207.34 GiB total, 181.4 GiB free. D: is Fixed (FAT32) - 25.53 GiB total, 20.78 GiB free. E: is CDROM (No Media) F: is Fixed (NTFS) - 74.52 GiB total, 65.86 GiB free. G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (FAT32) K: is Removable (FAT32) \\.\PHYSICALDRIVE0 - WDC WD2500JS-22NCB1 - 232.88 GiB - 2 partitions \PARTITION0 (bootable) - Système de fichiers installable - 207.34 GiB \PARTITION1 - Étendu avec Inter. 13 étendue - 25.55 GiB \\.\PHYSICALDRIVE1 - WDC WD800EB-11DJF0 - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Système de fichiers installable - 74.52 GiB \\.\PHYSICALDRIVE6 - USB DISK 2.0 USB Device - 980.53 MiB - 1 partition \PARTITION0 - Unknown - 980.98 MiB - K: \\.\PHYSICALDRIVE5 - USB Flash Memory USB Device - 1929.68 MiB - 1 partition \PARTITION0 - Unknown - 1930.23 MiB - J: \\.\PHYSICALDRIVE2 - Generic Flash HS-CF USB Device \\.\PHYSICALDRIVE3 - Generic Flash HS-MS/SD USB Device \\.\PHYSICALDRIVE4 - Generic Flash HS-SM USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH) Disabled Outdated AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance à distance" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance à distance" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du Tiberium™" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\1-Farrid\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=FARRID ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\1-Farrid LOGONSERVER=\\FARRID NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\1-Farrid\LOCALS~1\Temp TMP=C:\DOCUME~1\1-Farrid\LOCALS~1\Temp USERDOMAIN=FARRID USERNAME=1-Farrid USERPROFILE=C:\Documents and Settings\1-Farrid windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- 1-Farrid (admin) 2-Housnat (admin) 3-Enfants (admin) Administrateur (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2M Solitaires Collection --> C:\Program Files\2M Games\Solitaires Collection\uninstall.exe Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Reader 8.1.2 Security Update 1 (KB403742) --> Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x40c Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Canon Camera Support Core Library --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1036 Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651} Canon CanoScan Toolbox 4.9 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x40c anything Canon Internet Library for ZoomBrowser EX --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A} Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817} Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE} Canon PIXMA iP4000 --> C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi040c.dll" Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196} Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D} Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x40c anything Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401} Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32} Correctif n° 2 pour Windows XP Édition Media Center 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB888795) --> "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe" Correctif pour Windows XP (KB891593) --> "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe" Correctif pour Windows XP (KB893357) --> Correctif pour Windows XP (KB895953) --> Correctif pour Windows XP (KB899337) --> "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe" Correctif pour Windows XP (KB899510) --> "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe" Correctif pour Windows XP (KB902841) --> "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe" Correctif pour Windows XP (KB912024) --> Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Correctif Windows XP - KB834707 --> Correctif Windows XP - KB867282 --> Correctif Windows XP - KB873333 --> Correctif Windows XP - KB873339 --> Correctif Windows XP - KB885250 --> Correctif Windows XP - KB885626 --> Correctif Windows XP - KB885835 --> Correctif Windows XP - KB885836 --> Correctif Windows XP - KB885884 --> Correctif Windows XP - KB886185 --> Correctif Windows XP - KB887472 --> Correctif Windows XP - KB887742 --> Correctif Windows XP - KB887797 --> Correctif Windows XP - KB888113 --> Correctif Windows XP - KB888302 --> Correctif Windows XP - KB890047 --> Correctif Windows XP - KB890175 --> Correctif Windows XP - KB890859 --> Correctif Windows XP - KB890923 --> Correctif Windows XP - KB891781 --> Correctif Windows XP - KB892627 --> Correctif Windows XP - KB893056 --> Correctif Windows XP - KB893086 --> Correctif Windows XP - KB895961 --> "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe" Correctif Windows XP - KB896178 --> DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Easy-WebPrint --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Ecran de veille AOL Photos --> C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068} GemMaster Mystic --> "C:\Program Files\GemMasterFrench\uninstallgemmaster.exe" Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90} Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Hamachi 1.0.1.5 --> C:\Program Files\Hamachi\uninstall.exe High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe Lecteur CANALPLAY 2.4 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\setup.exe" -l0x40c -removeonly Manual CanoScan LiDE 25 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{838BC0FB-4F8F-47B9-847F-06AE4CCE4181}\setup.exe" -l0x40c Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office XP Professional --> MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB883939) --> Mise à jour de sécurité pour Windows XP (KB890046) --> Mise à jour de sécurité pour Windows XP (KB893066) --> Mise à jour de sécurité pour Windows XP (KB893756) --> Mise à jour de sécurité pour Windows XP (KB896358) --> Mise à jour de sécurité pour Windows XP (KB896422) --> Mise à jour de sécurité pour Windows XP (KB896423) --> Mise à jour de sécurité pour Windows XP (KB896424) --> Mise à jour de sécurité pour Windows XP (KB896428) --> Mise à jour de sécurité pour Windows XP (KB896688) --> Mise à jour de sécurité pour Windows XP (KB899587) --> Mise à jour de sécurité pour Windows XP (KB899588) --> Mise à jour de sécurité pour Windows XP (KB899589) --> Mise à jour de sécurité pour Windows XP (KB899591) --> Mise à jour de sécurité pour Windows XP (KB900725) --> Mise à jour de sécurité pour Windows XP (KB901017) --> Mise à jour de sécurité pour Windows XP (KB901214) --> Mise à jour de sécurité pour Windows XP (KB902400) --> Mise à jour de sécurité pour Windows XP (KB903235) --> Mise à jour de sécurité pour Windows XP (KB904706) --> Mise à jour de sécurité pour Windows XP (KB905414) --> Mise à jour de sécurité pour Windows XP (KB905749) --> Mise à jour de sécurité pour Windows XP (KB905915) --> Mise à jour de sécurité pour Windows XP (KB908519) --> Mise à jour de sécurité pour Windows XP (KB911562) --> Mise à jour de sécurité pour Windows XP (KB911567) --> Mise à jour de sécurité pour Windows XP (KB911927) --> Mise à jour de sécurité pour Windows XP (KB912812) --> Mise à jour de sécurité pour Windows XP (KB912919) --> Mise à jour de sécurité pour Windows XP (KB913446) --> Mise à jour de sécurité pour Windows XP (KB913580) --> Mise à jour de sécurité pour Windows XP (KB914388) --> Mise à jour de sécurité pour Windows XP (KB914389) --> Mise à jour de sécurité pour Windows XP (KB916281) --> Mise à jour de sécurité pour Windows XP (KB917159) --> Mise à jour de sécurité pour Windows XP (KB917344) --> Mise à jour de sécurité pour Windows XP (KB917422) --> Mise à jour de sécurité pour Windows XP (KB917953) --> Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918439) --> Mise à jour de sécurité pour Windows XP (KB918899) --> Mise à jour de sécurité pour Windows XP (KB919007) --> Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920214) --> Mise à jour de sécurité pour Windows XP (KB920670) --> Mise à jour de sécurité pour Windows XP (KB920683) --> Mise à jour de sécurité pour Windows XP (KB920685) --> Mise à jour de sécurité pour Windows XP (KB921398) --> Mise à jour de sécurité pour Windows XP (KB921883) --> Mise à jour de sécurité pour Windows XP (KB922616) --> Mise à jour de sécurité pour Windows XP (KB922819) --> Mise à jour de sécurité pour Windows XP (KB923191) --> Mise à jour de sécurité pour Windows XP (KB923414) --> Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924191) --> Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924496) --> Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925486) --> Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour pour Lecteur Windows Media 10 (KB910393) --> Mise à jour pour Lecteur Windows Media 10 (KB913800) --> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Mise à jour pour Lecteur Windows Media 10 (KB926251) --> "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB894391) --> Mise à jour pour Windows XP (KB896727) --> Mise à jour pour Windows XP (KB898461) --> Mise à jour pour Windows XP (KB900485) --> Mise à jour pour Windows XP (KB900930) --> Mise à jour pour Windows XP (KB904942) --> Mise à jour pour Windows XP (KB908531) --> Mise à jour pour Windows XP (KB910437) --> Mise à jour pour Windows XP (KB911164) --> "C:\WINDOWS\$NtUninstallKB911164$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB911280) --> Mise à jour pour Windows XP (KB912945) --> Mise à jour pour Windows XP (KB916595) --> Mise à jour pour Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB920872) --> Mise à jour pour Windows XP (KB922582) --> Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Mozilla Firefox (1.5.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.7 (fr)" MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP Nero 7 Essentials --> MsiExec.exe /I{5B8072B3-A576-4C0B-99BC-FAA7145A1036} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} OpenOffice.org Installer 1.0 --> MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Otto --> "C:\Program Files\FrenchOtto\uninstallotto.exe" Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Package de base Microsoft de service de chiffrement pour cartes à puce --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" USB Wireless Keyboard Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1955A3A-EA24-4682-8641-43B5B688B09A}\Setup.exe" -l0x40c Utilitaire de sauvegarde Windows --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} VIA Platform Device Manager --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F} Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windows XP Media Center Edition Screen Saver Screen Saver --> C:\WINDOWS\system32\WINDOW~1.SCR /U Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -- Application Event Log ------------------------------------------------------- Event Record #/Type2298 / Success Event Submitted/Written: 08/01/2008 09:07:02 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2297 / Error Event Submitted/Written: 08/01/2008 09:06:46 PM Event ID/Source: 1000 / Application Error Event Description: Application défaillante xpsecuritycenter.exe, version 1.0.0.1, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000. Traitement de l'événement propre au support pour [xpsecuritycenter.exe!ws!] Event Record #/Type2290 / Success Event Submitted/Written: 08/01/2008 08:50:29 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2288 / Error Event Submitted/Written: 08/01/2008 08:50:12 PM Event ID/Source: 1000 / Application Error Event Description: Application défaillante xpsecuritycenter.exe, version 1.0.0.1, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000. Traitement de l'événement propre au support pour [xpsecuritycenter.exe!ws!] Event Record #/Type2281 / Error Event Submitted/Written: 08/01/2008 08:04:43 PM Event ID/Source: 1000 / Application Error Event Description: Application défaillante xpsecuritycenter.exe, version 1.0.0.1, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000. Traitement de l'événement propre au support pour [xpsecuritycenter.exe!ws!] -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type6295 / Warning Event Submitted/Written: 08/02/2008 01:25:54 PM Event ID/Source: 36 / W32Time Event Description: Le service de temps n'a pas pu synchroniser l'heure système de 49152 secondes car aucun fournisseur de temps n'a pu fournir de datage utilisable. L'horloge système n'est pas synchronisée. Event Record #/Type6281 / Error Event Submitted/Written: 08/01/2008 09:03:05 PM / 08/01/2008 09:03:35 PM Event ID/Source: 49 / Ftdisk Event Description: Échec de la configuration du fichier d'échange pour le vidage sur incident. Assurez-vous qu'un fichier d'échange est présent sur la partition d'amorçage et qu'il est suffisamment grand pour contenir toute la mémoire physique. Event Record #/Type6268 / Error Event Submitted/Written: 08/01/2008 09:03:23 PM Event ID/Source: 12500 / Distributed Link Tracking Client Event Description: Une erreur interne s'est produite dans le service Suivi de liaisons distribuées. Le code d'erreur était c0000156. Event Record #/Type6267 / Error Event Submitted/Written: 08/01/2008 09:03:23 PM Event ID/Source: 12500 / Distributed Link Tracking Client Event Description: Une erreur interne s'est produite dans le service Suivi de liaisons distribuées. Le code d'erreur était c0000156. Event Record #/Type6266 / Warning Event Submitted/Written: 08/01/2008 09:03:10 PM Event ID/Source: 1003 / Dhcp Event Description: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 7A7905C4616E. Il s'est produit l'erreur suivante : %%1223. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). -- End of Deckard's System Scanner: finished at 2008-08-02 16:18:29 ------------ et le deuxieme : Deckard's System Scanner v20071014.68 Run by 1-Farrid on 2008-08-02 16:16:13 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; unknown error code 0x0000001F -- Last 1 Restore Point(s) -- 1: 2008-08-01 16:32:54 UTC - RP145 - Avira AntiVir Personal - 01/08/2008 13:59 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as 1-Farrid.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:17:23, on 02/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe J:\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\1-Farrid.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide O4 - HKLM\..\Run: [buritos] buritos.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.fr/ O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: CANALPLAY Installer - http://www.canalplay.com/cabs/CanalInstaller.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162823266296 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162823248765 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B36719-0CD1-4CF4-B744-BB3D4C80C25B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.1 O20 - AppInit_DLLs: karina.dat O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 9024 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080801-165923-117 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.1 backup-20080801-165923-753 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.1 backup-20080801-165923-784 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B36719-0CD1-4CF4-B744-BB3D4C80C25B}: NameServer = 192.168.1.1 backup-20080801-165923-931 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.1.1 backup-20080801-165952-238 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.1 backup-20080801-165952-495 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B36719-0CD1-4CF4-B744-BB3D4C80C25B}: NameServer = 192.168.1.1 backup-20080801-165952-631 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.1 -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; > S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Planer) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {36FC9E60-C465-11CF-8056-444553540000} Description: Sitecom USB bluetooth2.0 class 2 dongle CN-512 Device ID: USB\VID_0DF6&PID_2200\5&1787F6B3&0&2 Manufacturer: Toshiba Name: Sitecom USB bluetooth2.0 class 2 dongle CN-512 PNP Device ID: USB\VID_0DF6&PID_2200\5&1787F6B3&0&2 Service: -- Files created between 2008-07-02 and 2008-08-02 ----------------------------- 2008-08-01 20:59:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-08-01 20:53:53 0 d-------- C:\WINDOWS\ERUNT 2008-08-01 14:00:11 0 d-------- C:\Program Files\Avira 2008-08-01 12:41:51 0 d-------- C:\Program Files\Trend Micro 2008-08-01 00:19:08 12784 --a------ C:\WINDOWS\zupajibefi.sys 2008-08-01 00:19:08 17192 --a------ C:\WINDOWS\unysopy.vbs 2008-08-01 00:19:08 14783 --a------ C:\WINDOWS\symuh.exe 2008-08-01 00:19:08 17305 --a------ C:\WINDOWS\ikypyfodax.reg 2008-08-01 00:19:08 11291 --a------ C:\Program Files\Fichiers communs\upyrygetiz.pif 2008-08-01 00:19:08 19627 --a------ C:\Program Files\Fichiers communs\uboleqo.pif 2008-08-01 00:19:08 11892 --a------ C:\Program Files\Fichiers communs\perurowyq.reg 2008-08-01 00:19:08 10968 --a------ C:\Program Files\Fichiers communs\inybusiry.dll 2008-08-01 00:19:08 12229 --a------ C:\Documents and Settings\1-Farrid\Application Data\imomosypyx.scr 2008-08-01 00:19:08 14945 --a------ C:\Documents and Settings\1-Farrid\Application Data\efuqaf.vbs 2008-08-01 00:11:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-31 23:48:46 0 d-------- C:\WINDOWS\system32\AVGUARD_4c3ecb17 2008-07-31 23:47:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-31 06:27:07 16160 --a------ C:\Program Files\Fichiers communs\ajococasu.bin 2008-07-31 06:27:07 18213 --a------ C:\Documents and Settings\All Users\Application Data\uroky.bin 2008-07-31 06:27:06 11614 --a------ C:\WINDOWS\ypigafubih.exe 2008-07-31 06:27:06 12785 --a------ C:\WINDOWS\system32\bikuf.pif 2008-07-31 06:27:06 13025 --a------ C:\WINDOWS\aqacuvi.dat 2008-07-31 06:27:06 12039 --a------ C:\Documents and Settings\All Users\Application Data\zogad.reg 2008-07-31 06:27:06 11051 --a------ C:\Documents and Settings\1-Farrid\Application Data\ohukegufyk.bat 2008-07-31 06:26:48 0 d-------- C:\Program Files\XPSecurityCenter 2008-07-27 16:33:38 0 d-------- C:\Documents and Settings\3-Enfants\Application Data\Sun 2008-07-22 18:31:14 0 d-------- C:\Program Files\Sun 2008-07-09 08:52:49 0 d-------- C:\Documents and Settings\1-Farrid\Application Data\DivX 2008-07-08 06:19:25 0 d-------- C:\Program Files\Lecteur CANALPLAY -- Find3M Report --------------------------------------------------------------- 2008-08-01 00:19:08 17064 --a------ C:\Program Files\Fichiers communs\kaho.inf 2008-08-01 00:19:08 17828 --a------ C:\Documents and Settings\1-Farrid\Application Data\ylic.inf 2008-08-01 00:19:08 13032 --a------ C:\Documents and Settings\1-Farrid\Application Data\nopidu._sy 2008-07-31 06:27:07 0 d-------- C:\Program Files\Fichiers communs 2008-07-31 06:27:06 17256 --a------ C:\Program Files\Fichiers communs\bosoduqe.inf 2008-07-22 18:30:50 0 d-------- C:\Program Files\Java 2008-07-09 09:07:19 19104 --a------ C:\Documents and Settings\1-Farrid\Application Data\GDIPFONTCACHEV1.DAT 2008-07-08 06:19:25 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-06 14:50:12 4067 --a------ C:\WINDOWS\mozver.dat 2008-06-10 04:59:13 0 d-------- C:\Documents and Settings\1-Farrid\Application Data\Yahoo! 2008-06-10 04:58:14 0 d-------- C:\Program Files\DivX 2008-06-10 04:57:59 0 d-------- C:\Program Files\Yahoo! 2008-05-31 01:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-31 01:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-31 01:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-23 00:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-05-23 00:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-05-23 00:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 15:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/08/2006 22:43] "nwiz"="nwiz.exe" [11/08/2006 22:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/08/2006 22:43] "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [17/07/2006 16:36] "CHotkey"="mHotkey.exe" [24/02/2004 15:05 C:\WINDOWS\mHotkey.exe] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [12/01/2006 17:40] "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [] "Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 03:10] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [08/05/2003 11:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/11/2006 14:44] "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [08/05/2008 13:16] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [08/05/2008 13:16] "XP SecurityCenter"="C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" [24/07/2008 20:46] "buritos"="buritos.exe" [] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06] "braviax"="C:\WINDOWS\system32\braviax.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [24/03/2006 14:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/04/2008 07:19] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34] "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [20/06/2008 18:28] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [03/11/2006 09:59] "braviax"="C:\WINDOWS\system32\braviax.exe" [] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 09:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=karina.dat *Newly Created Service* - CATCHME -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8940 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-08-02 16:18:29 ------------
  10. toutclic
    bonsoir et voici le rapport SDfix : SDFix: Version 1.211 Run by 1-Farrid on 01/08/2008 at 20:57 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\1-Farrid\Bureau\SDFix Checking Services : Name : msliksurserv Path : \??\globalroot\systemroot\system32\drivers\msliksurserv.sys msliksurserv - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Program Files\SunPorn\unins000.dat - Deleted C:\Program Files\SunPorn\unins000.exe - Deleted C:\WINDOWS\buritos.exe - Deleted C:\WINDOWS\system32\buritos.exe - Deleted C:\WINDOWS\system32\drivers\msliksurserv.sys - Deleted C:\WINDOWS\system32\msliksurcredo.dll - Deleted C:\WINDOWS\system32\msliksurdns.dll - Deleted C:\WINDOWS\system32\nvrsul32.dll - Deleted Folder C:\Program Files\SunPorn - Removed Removing Temp Files ADS Check : Final Check : disk not found C:\ please note that you need administrator rights to perform deep scan Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du TiberiumT" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger" "C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\1-Farrid\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 8 Jul 2008 5,189,064 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe" Fri 20 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\2-Housnat\Mes documents\Housnat\~WRL0002.tmp" Sun 20 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT4.tmp" Sun 6 Apr 2008 444 ...HR --- "C:\Documents and Settings\1-Farrid\Application Data\SecuROM\UserData\securom_v7_01.bak" Sat 5 Apr 2008 9,506 A.SH. --- "C:\Documents and Settings\1-Farrid\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished!
  11. toutclic
    et voici le rapport de silentrunner : "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."] "MsnMsgr" = ""C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS] "CanalPlayer" = "C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" ["Canal+ Distribution"] "WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS] "braviax" = "C:\WINDOWS\system32\braviax.exe" [file not found] "SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "HDAudDeck" = "C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1" ["VIA Technologies, Inc."] "CHotkey" = "mHotkey.exe" ["Chicony"] "NeroFilterCheck" = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "BullGuard" = ""C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot" [file not found] "Adobe" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"" [file not found] "Easy-PrintToolBox" = "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."] "OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "MsgCenterExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot" ["RealNetworks, Inc."] "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "braviax" = "C:\WINDOWS\system32\braviax.exe" [file not found] "XP SecurityCenter" = ""C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide" [empty string] "buritos" = "buritos.exe" [null data] "avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS] "{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler" -> {HKLM...CLSID} = "CLSID_WLMCMimeFilter" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS] "{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles {unrecognized setting} "InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\1-Farrid\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\wpgldfsh.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ CanonZB4PicturesOnArrival\ "Provider" = "ZoomBrowser EX" "InvokeProgID" = "Zb.AutoplayHandler" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY "%1"" [empty string] EHomeMusicDropTarget\ "Provider" = "Media Center" "InvokeProgID" = "EHomeDropTarget.EHomeMusicDropTarget" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = "{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}" -> {HKLM...CLSID} = "EHomeMusicDropTarget Class" \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS] EHomePhotosHandler\ "Provider" = "Media Center" "InvokeProgID" = "EHomeDropTarget.EHomePhotosHandler" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = "{4b7601c1-d292-4902-89f4-583a5ce0c535}" -> {HKLM...CLSID} = "EHomePhotosHandler Class" \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS] EHomeVideoDropTarget\ "Provider" = "Media Center" "InvokeProgID" = "EHomeDropTarget.EHomeVideoDropTarget" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = "{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}" -> {HKLM...CLSID} = "EHomeVideoDropTarget Class" \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS] EHomeVideosHandler\ "Provider" = "Media Center" "InvokeProgID" = "EHomeDropTarget.EHomeVideosHandler" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = "{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}" -> {HKLM...CLSID} = "EHomeVideosHandler Class" \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS] MSLivePhotoAcqHWEventHandler\ "Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "Microsoft.LivePhotoAcqHWEventHandler" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS] MSLivePhotoAcquireDropHandler\ "Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10" "InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveShowPicturesOnArrival\ "Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10" "InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveVideoCameraArrivalCaptureWizard\ "Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler" "InitCmdLine" = "WLXVideoAcquireWizard" HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}" -> {HKLM...CLSID} = "WLXWEventHandler Class" \LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlay7AudioToNeroDigital\ "Provider" = "Nero Burning ROM Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Burning ROM Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7RipCD\ "Provider" = "Nero Burning ROM Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "RipCD_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision Essentials" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "/New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] PDVDPlayCDAudioOnArrival\ "Provider" = "PowerDVD" "InvokeProgID" = "AudioCD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."] PDVDPlayDVDMovieOnArrival\ "Provider" = "PowerDVD" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."] PDVDPlayVCDMovieOnArrival\ "Provider" = "PowerDVD" "InvokeProgID" = "VCD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."] RPCDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.CDBurn.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."] RPDeviceOnArrival\ "Provider" = "RealPlayer" "ProgID" = "RealPlayer.HWEventHandler" HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."] RPPlayCDAudioOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AudioCD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."] RPPlayDVDMovieOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."] RPPlayMediaOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AutoPlay.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."] Startup items in "1-Farrid" & "All Users" startup folders: ---------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search && Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Avira AntiVir Personal – Free Antivirus Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] Avira AntiVir Personal – Free Antivirus Planer, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS] Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Service de planification Media Center, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS] Service Messenger Sharing Folders USN Journal Reader, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS] Service Partage réseau du Lecteur Windows Media, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS] STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor PIXMA iP4000\Driver = "CNMLM64.DLL" ["CANON INC."] ---------- (launch time: 2008-08-01 17:04:15) <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 30 seconds, including 10 seconds for message boxes)
  12. toutclic
    J'ai enfin réussi à le débloquer en mettant antivir a jour et en faisant une analyse Malheureusement je n'ai pas garder le rapport du scan mais j'ai le rapport hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:54:59, on 01/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\mHotkey.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide O4 - HKLM\..\Run: [buritos] buritos.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.fr/ O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: CANALPLAY Installer - http://www.canalplay.com/cabs/CanalInstaller.CAB O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162823266296 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162823248765 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B36719-0CD1-4CF4-B744-BB3D4C80C25B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.1 O20 - AppInit_DLLs: karina.dat O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 9561 bytes
  13. toutclic
    Bonjour Je viens vous voir parce que plus aucun de mes logiciel ne demarre que ce soit spybot, antivir ou hijckthis je ne sais vraiment pas quoi faire. quelqu'un pourrait m'aider merci.
  14. toutclic

    Winamp

    toutclic a posté un sujet dans Software

    Bonjour J'ai un probleme avec ce logiciel car lorsque j'utilise la touche entrée du pavé numérique il m'affiche une fenetre d'ouverture pour un fichier musique je voudrais connaitre le moyen de desactiver cette fonction merci pour votre aide
  15. toutclic

    Hacker

    toutclic a répondu à un(e) sujet de toutclic dans Sécurisation, prévention

    bonjour elle a redemarrer mon routeur et je n'ai pas d'autre information enfin je ne vois pas koi vous donner d'autre j'ai du retaper tout mes mot de passe et les clé et meme remettre a jour mon routeur
  16. toutclic
    Bonjour Recemment un de mes freres a provoquer un hacker (<-- n'utilise que le php) et ce meme hacker c'est mi a attaquer notre routeur (netgear) je voudrais savoir comment empecher cela et si possible empecher le hacker de nous detruire nos ordinateur aider moi s'il vous plait. merci d'avance pour votre aide.
  17. toutclic
    Bonjour Merci pour le conseil. Salut
  18. toutclic
    bonsoir un autre probleme est survenu lorsque j'ai enlevé cette ligne : O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - (no file) spybot bloque cette application sans arret il est ecrit : resident a refusé la modification de {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} catégorie BHO selon votre liste noirz. je l'ai bloquer parce que je ne sais pas ce que c'est. je fais koi ?
  19. toutclic
    Non je n'ai pas eu de probleme enfin je ne l'ai jamais utiliser il y était a l'origine donc la je suis un peu perdu mais j'ai quand meme fais la reinstallation que vous m'avez recommandé merci
  20. toutclic
    Bonjour j'ai mis java a jour avec ce que vous m'avez donner plus haut et se toujours pas a jour j'ai pourtant suivi tout se que vous m'avez dis je ne comprend plus rien la
  21. toutclic
    Bonjour Désolé j'était parti en vacances voici le nouveau rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:37:33, on 22/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\WDBtnMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\H*********\Documents\Telechargement\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 91.121.188.81 forum.zebulon.fr O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks O4 - HKCU\..\RunOnce: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{49EA1485-6C12-4AE7-8ED0-E437D49DBAB6}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0DED953-00FA-4DEE-97D4-42E7AEFF025B}: NameServer = 192.168.1.1 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - C:\Sun\SDK\lib\appservService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 10734 bytes
  22. toutclic
    bonjour Logfile of HijackThis v1.99.1 Scan saved at 04:28:19, on 15/07/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\WDBtnMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Herwan\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 91.121.188.81 forum.zebulon.fr O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{49EA1485-6C12-4AE7-8ED0-E437D49DBAB6}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0DED953-00FA-4DEE-97D4-42E7AEFF025B}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - C:\Sun\SDK\lib\appservService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service (file missing) O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
  23. toutclic
    voici le tout : Avira AntiVir Personal Report file date: lundi 14 juillet 2008 18:59 Scanning for 1422522 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-HERWAN Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 00:13:21 ANTIVIR2.VDF : 7.0.5.105 821248 Bytes 13/07/2008 00:13:26 ANTIVIR3.VDF : 7.0.5.106 2048 Bytes 13/07/2008 00:13:27 Engineversion : 8.1.0.64 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.46 283002 Bytes 14/07/2008 00:13:44 AESCN.DLL : 8.1.0.22 119157 Bytes 14/07/2008 00:13:42 AERDL.DLL : 8.1.0.20 418165 Bytes 14/07/2008 00:13:41 AEPACK.DLL : 8.1.1.6 364918 Bytes 14/07/2008 00:13:39 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 14/07/2008 00:13:37 AEHEUR.DLL : 8.1.0.35 1298806 Bytes 14/07/2008 00:13:36 AEHELP.DLL : 8.1.0.15 115063 Bytes 14/07/2008 00:13:33 AEGEN.DLL : 8.1.0.29 307573 Bytes 14/07/2008 00:13:32 AEEMU.DLL : 8.1.0.6 430451 Bytes 14/07/2008 00:13:30 AECORE.DLL : 8.1.0.32 168311 Bytes 14/07/2008 00:13:28 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 14 juillet 2008 18:59 Starting search for hidden objects. '95555' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'CabalMain.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'mobsync.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'java.exe' - '1' Module(s) have been scanned Scan process 'CLSched.exe' - '1' Module(s) have been scanned Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TeamViewer_Host.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'hamachi.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'SynTPStart.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'WDBtnMgr.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned Scan process 'appservService.exe' - '1' Module(s) have been scanned Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 69 processes with 69 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '18' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Downloads\download(1).php [DETECTION] Is the Trojan horse TR/Dldr.Zlob.lps.65 [NOTE] A backup was created as '48f288ab.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Program Files\eChanblard\Incoming\[PC - Game FR] Need For Speed - Underground 2 fr.rar [WARNING] An exception has been identified! [WARNING] In the module 'aecore.dll' an exception occured. Calling the function AVEPROC_TestFile in file: \\?\C:\Program Files\eChanblard\Incoming\[PC - Game FR] Need For Speed - Underground 2 fr.rar Error description:ACCESS_VIOLATION EAX = 0A4D0568 EBX = 04829520 ECX = 0A4D04B4 EDX = 000001D2 ESI = 0908E6DF EDI = 0482951c EIP = 02F2C763 EBP = 098B0030 ESP = 0375EC74 Flg = 00010283 CS = 00000023 SS = 0000001B C:\Users\Herwan Boudra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQMI5I1J\betreiber[1].htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Spoofing.Gen [NOTE] A backup was created as '48ef9960.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Users\Herwan Boudra\Documents\GTH\GamesPirateGTH_v1_43.rar [0] Archive type: RAR --> client.exe [DETECTION] Contains detection pattern of the worm WORM/SdBot.1966080 --> load.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.esk [NOTE] A backup was created as '48e89a00.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Users\Herwan Boudra\Documents\GTH\GTH.rar [0] Archive type: RAR --> load.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.esk [NOTE] A backup was created as '48c399f4.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Users\Herwan Boudra\Documents\GTH\load.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.esk [NOTE] A backup was created as '48dc9a10.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Windows\System32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <HP_RECOVERY> End of the scan: lundi 14 juillet 2008 21:17 Used time: 2:18:17 min The scan has been done completely. 22109 Scanning directories 655837 Files were scanned 6 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 5 files were deleted 0 files were repaired 5 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 655831 Files not concerned 4713 Archives were scanned 3 Warnings 5 Notes 95555 Objects were scanned with rootkit scan 0 Hidden objects were found et java : JavaRa 1.09 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Jul 14 11:59:07 2008 There was an error removing C:\Users\Herwan Boudra\Start Menu\Programs\Java Plug-in Control Panel.lnk. The error returned was 124. There was an error removing C:\ProgramData\Start Menu\Programs\Java 2 Runtime Environment. The error returned was 124. Could not delete: C:\Users\Herwan Boudra\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150010} There was an error removing C:\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150010}. The error returned was 124. There was an error removing C:\System32\jpicpl32.cpl. The error returned was 124. There was an error removing C:\System32\jupdate-1.5.0_01-b08.log. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: Software\JavaSoft\Java2D\1.6.0_05 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 ------------------------------------ Finished reporting. Salut toutclic
  24. toutclic
    Bonjour Pear Merci pour ta reponse je fais sa tout de suite Petit precision quand même je suis sous vista. Dois je quand même faire les manip que vous me recommandez ?
  25. toutclic
    Bonjour Depuis quelque jours mon pc a ralenti et je ne sais pas pourquoi. Voici donc mon rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:55:09, on 14/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\WDBtnMgr.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hamachi\hamachi.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\H******~1\AppData\Local\Temp\Rar$EX00.070\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{49EA1485-6C12-4AE7-8ED0-E437D49DBAB6}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0DED953-00FA-4DEE-97D4-42E7AEFF025B}: NameServer = 192.168.1.1 O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - C:\Sun\SDK\lib\appservService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 10369 bytes
×
×
  • Créer...