[resolu]Ordinateur infecté

[WawaSeb]

Bonjour toutclic !

 

*** Tes rapports montrent des choses étranges !! ***

 

Voici mes hypothèses actuelles :

• Soit, le PC a été réinfecté via une autre session après le passage de SDFix.
  
• Soit, un malware a fait revenir l'infection.
  
• Il se peut aussi que SDFix ait été détourné par l'infection en elle-même...
  
• Peut-être que tu n'as pas laissé l'outil aller jusqu'au bout après le redémarrage...
  

 

--> Quoiqu'il en soit, je vais te demander quelque chose d'un peu long et contacter le développeur de l'outil...

--> Pourrais-tu stp repasser SDFix sur chaque session admin en mode sans échec ?

1-Farrid (admin)
2-Housnat (admin)
3-Enfants (admin)
Administrateur (admin)

--> Il est très important de redémarrer une fois sur la session nettoyée après le passage du programme pour qu'il vérifie que tout est OK...

--> Tu m'enverras les 4 rapports à l'adresse que je te laisse en privé...

 

Bon travail à toi !

[toutclic]

Pourtant j'ai fait tout ce que vous m'aviez dit a la lettre

j'ai bien executer SDfix en mode sans echec dans la session Farrid et redemarrer l'ordinateur comme cela était demander

mais je vais refaire SDfix comme vous me l'avez dit a l'instant et vous envoyer les rapports

[WawaSeb]

Bonjour toutclic !

 

*** J'ai reçu la réponse du développeur ce matin... et des informations complémentaires sur un nouveau rootkit, particulièrement méchant !! ***

 

j'ai bien executer SDfix en mode sans echec dans la session Farrid et redemarrer l'ordinateur comme cela était demander

--> Oui, tu as tout bien fait !

--> Nous allons donc (à la place de SDFix sur chaque session) utiliser un outil qui travaille différemment et qui devrait nous aider...

 

 

# Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Installe le programme avec les options par défaut et assure-toi que les deux cases sont bien cochées comme indiqué sur le dessin : si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
  

  
  

• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Sélectionne tous tes disques et clique sur Lancer l'examen.
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

 

Thanks to AndyManchesta !

[toutclic]

bon la sa va faire un bon paquet de rapport

voici les rapport SDfix de toutes les session :

 

1er :

 

SDFix: Version 1.211

Run by 2-Housnat on 04/08/2008 at 18:12

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\1-Farrid\Bureau\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\nvrsul32.dll - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-04 18:57:49

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"

"C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"

"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du TiberiumT"

"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"

"C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"

"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\1-Farrid\Bureau\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 8 Jul 2008 5,189,064 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe"

Fri 20 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\2-Housnat\Mes documents\Housnat\~WRL0002.tmp"

Sun 20 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT4.tmp"

Sun 6 Apr 2008 444 ...HR --- "C:\Documents and Settings\1-Farrid\Application Data\SecuROM\UserData\securom_v7_01.bak"

Sat 5 Apr 2008 9,506 A.SH. --- "C:\Documents and Settings\1-Farrid\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

 

Finished!

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-04 18:57:49

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

2eme :

 

 

SDFix: Version 1.211

Run by 3-Enfants on 04/08/2008 at 19:04

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\1-Farrid\Bureau\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\nvrsul32.dll - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-04 19:08:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"

"C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"

"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du TiberiumT"

"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"

"C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"

"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\1-Farrid\Bureau\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 8 Jul 2008 5,189,064 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe"

Fri 20 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\2-Housnat\Mes documents\Housnat\~WRL0002.tmp"

Sun 20 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT4.tmp"

Sun 6 Apr 2008 444 ...HR --- "C:\Documents and Settings\1-Farrid\Application Data\SecuROM\UserData\securom_v7_01.bak"

Sat 5 Apr 2008 9,506 A.SH. --- "C:\Documents and Settings\1-Farrid\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

 

Finished!

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-04 19:08:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

3eme :

 

 

SDFix: Version 1.211

Run by 1-Farrid on 04/08/2008 at 17:34

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\1-Farrid\Bureau\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\nvrsul32.dll - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-04 18:03:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"

"C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"

"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du TiberiumT"

"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"

"C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"

"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\1-Farrid\Bureau\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 8 Jul 2008 5,189,064 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe"

Fri 20 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\2-Housnat\Mes documents\Housnat\~WRL0002.tmp"

Sun 20 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT4.tmp"

Sun 6 Apr 2008 444 ...HR --- "C:\Documents and Settings\1-Farrid\Application Data\SecuROM\UserData\securom_v7_01.bak"

Sat 5 Apr 2008 9,506 A.SH. --- "C:\Documents and Settings\1-Farrid\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

 

Finished!

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-04 19:18:05

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

4eme :

 

 

SDFix: Version 1.211

Run by 1-Farrid on 04/08/2008 at 17:34

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\1-Farrid\Bureau\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\nvrsul32.dll - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-04 18:03:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"

"C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"

"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du TiberiumT"

"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"

"C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"

"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\1-Farrid\Bureau\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 8 Jul 2008 5,189,064 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe"

Fri 20 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\2-Housnat\Mes documents\Housnat\~WRL0002.tmp"

Sun 20 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT4.tmp"

Sun 6 Apr 2008 444 ...HR --- "C:\Documents and Settings\1-Farrid\Application Data\SecuROM\UserData\securom_v7_01.bak"

Sat 5 Apr 2008 9,506 A.SH. --- "C:\Documents and Settings\1-Farrid\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

 

Finished!

le catch de cette parti est manquant.

 

Le rapport MBAM :

 

Malwarebytes' Anti-Malware 1.24

Version de la base de données: 1024

Windows 5.1.2600 Service Pack 2

 

19:58:12 04/08/2008

mbam-log-8-4-2008 (19-58-12).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)

Eléments examinés: 98750

Temps écoulé: 29 minute(s), 40 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 27

Fichier(s) infecté(s): 528

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2m solitaires collection (Adware.WebHancer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp securitycenter (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\2M Games (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\textures (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\hotspot (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\applet (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\ext (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\fonts (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\security (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\data (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\Config2.cfg (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\ErrorLog.txt (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\Hiscores.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\LicenseFR.txt (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\ReadmeFR.txt (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\solitaires.jar (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\Stats.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\uninstall.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\uninstall.ini (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\About.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\AboutDistribution.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\AboutRegistration.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\Config.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\GameConcepts.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\GameDefinitions.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\GameRules.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\IndexAP.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\MoreFaqs.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\MoreTips.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\Mouse.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\QuickStart.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAcme.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAcquaintance.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAddUpTens.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAdelie.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAdelieII.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAffinity.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAgnesBernauer.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAgnesSorel.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAlaska.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAlgerianPatience.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAlhambra.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAllFourSuits.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAllInARow.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAlternations.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAmazons.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAmericanToad.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAntartica.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleApplegate.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleArchway.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleArctica.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleArizona.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAuldLangSyne.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAusterlitz.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAustralianPatience.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleAuteuil.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBackAndForth.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBackbone.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBakersDozen.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBakersFan.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBakersGame.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBastion.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBatsford.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBeetle.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBeleagueredCastle.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBetsyRoss.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBisley.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlackHole.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlackHoles.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlackSpider.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlackWidow.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlindAlleys.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlockade.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlockTen.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBlondesAndBrunettes.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBoardPatience.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBoxKite.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBrazilianPatience.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBrigade.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBrisbane.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBristol.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBritishConstitution.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBuffaloBill.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBusyAces.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBusyFives.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBusyFours.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleBusyThrees.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCadran.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCalculation.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCalifornia.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCanfield.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCanister.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCapricieuse.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCaptiveQueens.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCarcassonne.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCarlton.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCarpet.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCastlesEnd.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCastlesInSpain.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCatsCradle.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleChameleon.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleChessboard.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCicely.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCitadel.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleClub.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleColorado.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCone.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCongress.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleContradance.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCorners.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCorona.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCourtyard.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCrescent.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCrissCross.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCruel.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCurdsAndWhey.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleCzarina.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDeauville.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDesertFox.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDeuces.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDial.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDiamondSquare.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDiplomat.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDogsCradle.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleAdelie.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleAntartica.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleArctica.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleBisley.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleCanfield.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleDoubleFourteens.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\RuleGolf.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\Score.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\SelectGame.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\Stat.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\Statusbar.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\Toolbar.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\fr\WiseMan.htm (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\cd.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\cdSolitaires.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\DotIcon.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\DraggingCards.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAcme.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAcquaintance.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAddUpTens.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAdelie.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAdelieII.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAffinity.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAgnesBernauer.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAgnesSorel.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAlaska.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAlgerianPatience.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAlhambra.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAllFourSuits.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAllInARow.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAlternations.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAmazons.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAmericanToad.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAntartica.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutApplegate.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutArchway.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutArctica.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutArizona.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAuldLangSyne.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAusterlitz.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAustralianPatience.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutAuteuil.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBackAndForth.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBackbone.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBakersDozen.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBakersFan.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBakersGame.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBastion.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBatsford.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBeetle.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBeleagueredCastle.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBetsyRoss.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBisley.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlackHole.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlackHoles.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlackSpider.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlackWidow.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlindAlleys.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlockade.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlockTen.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBlondesAndBrunettes.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBoardPatience.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBoxKite.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBrazilianPatience.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBrigade.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBrisbane.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBristol.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBritishConstitution.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBuffaloBill.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBusyAces.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBusyFives.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBusyFours.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutBusyThrees.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCadran.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCalculation.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCalifornia.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCanfield.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCanister.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCapricieuse.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCaptiveQueens.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCarcassonne.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCarlton.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCarpet.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCastlesEnd.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCastlesInSpain.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCatsCradle.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutChameleon.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutChessboard.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCicely.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCitadel.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutClub.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutColorado.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCone.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCongress.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutContradance.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCorners.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCorona.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCourtyard.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCrescent.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCrissCross.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCruel.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCurdsAndWhey.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutCzarina.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDeauville.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDesertFox.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDeuces.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDial.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDiamondSquare.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDiplomat.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDogsCradle.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleAdelie.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleAntartica.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleArctica.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleBisley.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleCanfield.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutDoubleFourteens.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\LayoutGolf.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\StatReset.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\StatScore.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolAbout.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolAuto.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolAutoplay.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolConfig.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolEnd.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolHelp.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolPause.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolRecord.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolRegister.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolRestart.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolRestartSame.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolStart.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolStat.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolUndo.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\doc\images\ToolUndoRecord.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Acme.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Acquaintance.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Add Up Tens.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Adelie II.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Adelie.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Affinity.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Agnes Bernauer.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Agnes Sorel.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Alaska.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Algerian Patience.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Alhambra.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\All Four Suits.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\All In A Row.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Alternations.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Amazons.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\American Toad.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Antartica.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Applegate.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Archway.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Arctica.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Arizona.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Auld Lang Syne.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Austerlitz.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Australian Patience.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Auteuil.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Back And Forth.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Backbone.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Bakers Dozen.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Bakers Fan.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Bakers Game.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Bastion.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Batsford.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Beetle.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Beleaguered Castle.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Betsy Ross.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Bisley.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Black Hole.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Black Holes.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Black Spider.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Black Widow.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Blind Alleys.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Block Ten.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Blockade.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Blondes And Brunettes.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Board Patience.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Box Kite.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Brazilian Patience.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Brigade.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Brisbane.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Bristol.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\British Constitution.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Buffalo Bill.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Busy Aces.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Busy Fives.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Busy Fours.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Busy Threes.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Cadran.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Calculation.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\California.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Canfield.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Canister.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Capricieuse.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Captive Queens.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Carcassonne.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Carlton.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Carpet.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Castles End.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Castles In Spain.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Cats Cradle.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Chameleon.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Chessboard.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Cicely.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Citadel.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Club.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Colorado.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Cone.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Congress.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Contradance.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Corners.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Corona.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Courtyard.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Crescent.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Criss Cross.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Cruel.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Curds And Whey.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Czarina.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Deauville.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Desert Fox.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Deuces.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Dial.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Diamond Square.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Diplomat.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Dogs Cradle.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Double Adelie.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Double Antartica.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Double Arctica.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Double Bisley.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Double Canfield.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Double Fourteens.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\games\Golf.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\Cancel.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\CancelSelected.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\DlgNameIcon.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\DlgScoreIcon.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\Help.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\HelpBack.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\HelpHome.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\HelpNext.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\HelpSelected.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\Joker.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\Level1.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\Level2.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\Level3.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\OK.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\OKSelected.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\Pause.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ProgramIcon.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\Register.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\RegisterSelected.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\SplashAP.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\StatReset.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\StatResetOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\StatScore.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\StatScoreOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolAbout.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolAboutOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolAboutPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolAuto.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoplay.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoplayOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoplayPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolAutoPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolConfig.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolConfigOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolConfigPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolEnd.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolEndOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolEndPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolHelp.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolHelpOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolHelpPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolPause.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolPauseOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolPausePressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRecord.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRecordOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRecordPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRegister.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRegisterOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRegisterPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestart.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartSame.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartSameOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolRestartSamePressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolStart.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolStartOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolStartPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolStat.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolStatOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolStatPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndo.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoRecord.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoRecordDisabled.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoRecordOver.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\icons\ToolUndoRecordPressed.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\Backs.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\Cards-Bleus.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\Cards-Classic.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\DragOver-1.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\DragOver-2.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\DragOver-3.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\Piles-Black.dat (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\textures\Background01.jpg (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\textures\Background02.jpg (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\textures\Background03.jpg (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\textures\Texture01.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\textures\Texture02.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\images\textures\Texture03.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\ActPanel.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\awt.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\cmm.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\dcpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\dt_socket.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\fontmanager.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\game.ico (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\hpi.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\hprof.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\ioser12.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\java.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\javaw.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\jawt.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\jcov.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\JdbcOdbc.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\jdwp.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\jpeg.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\jpins32.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\jpishare.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\jsound.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\msvcrt.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\net.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPJava11.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPJava12.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPJava131_01.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPJava32.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\NPOJI600.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\packager.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\verify.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\zip.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\hotspot\jvm.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\bin\hotspot\Xusage.txt (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\content-types.properties (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\flavormap.properties (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.ar (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.iw (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.ja (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.ko (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.ru (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.th (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.zh (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.zh.NT4.0 (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\font.properties.zh_TW (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\jawt.lib (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\jvm.cfg (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\jvm.hprof.txt (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\jvm.jcov.txt (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\rt.jar (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\sunrsasign.jar (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\tzmappings (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm\CIEXYZ.pf (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm\GRAY.pf (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm\LINEAR_RGB.pf (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\cmm\sRGB.pf (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\cursors.properties (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\invalid32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_CopyDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_LinkDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_MoveDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\security\cacerts (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\security\java.policy (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\jre\lib\security\java.security (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Abort1.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Abort2.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Deal1.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Deal2.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Deal27.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Deal3.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Deal9.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Drag.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Fast.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Fill.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\FillDeal.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Setup104.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Setup52.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Shuffle.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Undo1.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Undo2.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Victory.mid (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Wrong1.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\2M Games\Solitaires Collection\sounds\Wrong2.wav (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\htmlayout.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\pthreadVC2.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\un.ico (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\unzip32.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\wscui.cpl (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\XP_SecurityCenter.cfg (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\data\daily.cvd (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

 

voila bonne lecture.

et encore merci pour l'aide

Modifié le 4 août 2008 par toutclic

[WawaSeb]

Bonjour toutclic !

 

*** Comme tu peux le voir, MBAM a nettoyé plein de fichiers, mais probablement pas encore la source de cette infection violente !! ***

 

--> Nous allons donc (à la place de SDFix sur chaque session) utiliser un outil qui travaille différemment et qui devrait nous aider...

La désinfection d'une machine doit se faire avec une certaine rigueur...

Je te demande de suivre parfaitement la procédure qui va suivre, nous allons devoir utiliser un outil très puissant !

 

 

# Télécharge Combofix de sUBs

 

• Enregistre-le impérativement sur ton bureau.
  
• Prends connaissance du tutoriel suivant : http://www.bleepingcomputer.com/combofix/f...iliser-combofix
  
• Déconnecte-toi du net et désactive ton antivirus pendant la procédure.
  
• Ferme toutes les fenêtres.
  
• Double-clique sur combofix.exe
  
• Clique sur "Oui" pour accepter la limitation de garantie !
  --> Si ton pare-feu te demande d'autoriser nircmd.cfexe, accepte.
  
• Lance le scan (ne clique pas sur la fenêtre qui s'ouvre).
  
• A la fin du scan (cela peut prendre du temps), un rapport sera créé.
  
• Poste ce rapport dans ton / tes prochain(s) message(s) (C:\Combofix.txt)
  

Avertissement important : Cet outil n'est pas un antimalware's généraliste ! Il ne peut être utilisé que par des personnes qualifiées...

 

Bon travail à toi !

[toutclic]

Bonjour Wawaseb

 

voici le rapport combofix :

 

ComboFix 08-08-04.06 - 1-Farrid 2008-08-05 16:40:31.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.667 [GMT 2:00]

Endroit: J:\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\Malwarebytes

2008-08-04 19:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-04 19:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-02 16:21 . 2008-08-02 16:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-08-02 16:15 . 2008-08-02 16:15 <REP> d-------- C:\Deckard

2008-08-01 20:59 . 2008-08-01 20:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-08-01 20:53 . 2008-08-01 20:54 <REP> d-------- C:\WINDOWS\ERUNT

2008-08-01 14:00 . 2008-08-01 14:00 <REP> d-------- C:\Program Files\Avira

2008-08-01 12:41 . 2008-08-01 12:41 <REP> d-------- C:\Program Files\Trend Micro

2008-08-01 00:19 . 2008-08-01 00:19 19,627 --a------ C:\Program Files\Fichiers communs\uboleqo.pif

2008-08-01 00:19 . 2008-08-01 00:19 19,006 --a------ C:\WINDOWS\enulu.db

2008-08-01 00:19 . 2008-08-01 00:19 17,305 --a------ C:\WINDOWS\ikypyfodax.reg

2008-08-01 00:19 . 2008-08-01 00:19 17,192 --a------ C:\WINDOWS\unysopy.vbs

2008-08-01 00:19 . 2008-08-01 00:19 14,945 --a------ C:\Documents and Settings\1-Farrid\Application Data\efuqaf.vbs

2008-08-01 00:19 . 2008-08-01 00:19 14,783 --a------ C:\WINDOWS\symuh.exe

2008-08-01 00:19 . 2008-08-01 00:19 12,784 --a------ C:\WINDOWS\zupajibefi.sys

2008-08-01 00:19 . 2008-08-01 00:19 12,667 --a------ C:\WINDOWS\system32\xaqyfoba._sy

2008-08-01 00:19 . 2008-08-01 00:19 12,229 --a------ C:\Documents and Settings\1-Farrid\Application Data\imomosypyx.scr

2008-08-01 00:19 . 2008-08-01 00:19 11,892 --a------ C:\Program Files\Fichiers communs\perurowyq.reg

2008-08-01 00:19 . 2008-08-01 00:19 11,291 --a------ C:\Program Files\Fichiers communs\upyrygetiz.pif

2008-08-01 00:19 . 2008-08-01 00:19 11,255 --a------ C:\WINDOWS\system32\towu.lib

2008-08-01 00:19 . 2008-08-01 00:19 10,968 --a------ C:\Program Files\Fichiers communs\inybusiry.dll

2008-08-01 00:11 . 2008-08-01 00:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-07-31 23:48 . 2008-07-31 23:48 <REP> d-------- C:\WINDOWS\system32\AVGUARD_4c3ecb17

2008-07-31 23:47 . 2008-08-01 11:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-07-31 23:47 . 2008-08-01 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-31 06:27 . 2008-07-31 06:27 18,213 --a------ C:\Documents and Settings\All Users\Application Data\uroky.bin

2008-07-31 06:27 . 2008-07-31 06:27 16,977 --a------ C:\WINDOWS\ixine.lib

2008-07-31 06:27 . 2008-07-31 06:27 16,160 --a------ C:\Program Files\Fichiers communs\ajococasu.bin

2008-07-31 06:27 . 2008-07-31 06:27 13,025 --a------ C:\WINDOWS\aqacuvi.dat

2008-07-31 06:27 . 2008-07-31 06:27 12,785 --a------ C:\WINDOWS\system32\bikuf.pif

2008-07-31 06:27 . 2008-07-31 06:27 12,039 --a------ C:\Documents and Settings\All Users\Application Data\zogad.reg

2008-07-31 06:27 . 2008-07-31 06:27 11,614 --a------ C:\WINDOWS\ypigafubih.exe

2008-07-31 06:27 . 2008-07-31 06:27 11,051 --a------ C:\Documents and Settings\1-Farrid\Application Data\ohukegufyk.bat

2008-07-22 18:31 . 2008-07-22 18:31 <REP> d-------- C:\Program Files\Sun

2008-07-09 08:52 . 2008-07-09 08:52 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\DivX

2008-07-08 06:19 . 2008-07-08 06:19 <REP> d-------- C:\Program Files\Lecteur CANALPLAY

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-05 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-08-03 11:25 --------- d-----w C:\Program Files\Google

2008-07-31 22:19 17,064 ----a-w C:\Program Files\Fichiers communs\kaho.inf

2008-07-31 04:27 17,256 ----a-w C:\Program Files\Fichiers communs\bosoduqe.inf

2008-07-22 16:30 --------- d-----w C:\Program Files\Java

2008-07-09 07:07 19,104 ----a-w C:\Documents and Settings\1-Farrid\Application Data\GDIPFONTCACHEV1.DAT

2008-07-08 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-24 18:08 --------- d-----w C:\Documents and Settings\2-Housnat\Application Data\Yahoo!

2008-06-21 15:59 --------- d-----w C:\Documents and Settings\3-Enfants\Application Data\Yahoo!

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-06-10 02:59 --------- d-----w C:\Documents and Settings\1-Farrid\Application Data\Yahoo!

2008-06-10 02:58 --------- d-----w C:\Program Files\DivX

2008-06-10 02:57 --------- d-----w C:\Program Files\Yahoo!

2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll

2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll

2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 07:19 68856]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2008-06-20 18:28 2144128]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 22:43 86016]

"HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 16:36 684032]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-06 14:44 98304]

"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-08 13:16 69632]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 13:16 185896]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe]

"CHotkey"="mHotkey.exe" [2004-02-24 15:05 508416 C:\WINDOWS\mHotkey.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\NetMeeting\\Conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=

"C:\\Program Files\\Hamachi\\hamachi.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=

 

R3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]

R3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 18:28]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-BullGuard - C:\Program Files\BullGuard Software\BullGuard\bullguard.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-05 16:44:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PAStiSvc.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-08-05 16:48:13 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-05 14:48:10

 

Pre-Run: 195,891,765,248 octets libres

Post-Run: 195,895,799,808 octets libres

 

178 --- E O F --- 2008-07-09 01:33:23

 

bonne lecture

[WawaSeb]

Bonjour toutclic !

 

*** Nous sommes presqu'arrivés au terme de la désinfection ! ***

 

1) Installons d'abord la Console de Récupération sur ton pc. Cela nous permettra de réparer ton système au cas ou le pc ne redémarrerait plus suite à la désinfection.

 

Clique sur Télécharger (dans le lien suivant http://www.microsoft.com/downloads/details...0c-0a0205368124 ) : afin de récupérer le package d'installation : Ne modifie pas le nom du fichier que tu mets sur ton bureau.

 

 

Fais glisser ce fichier sur le fichier ComboFix.exe comme dans cet exemple >

 

 

 

Suis les indications à l'écran pour lancer ComboFix et accepte le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

En fin de procédure, un message te disant que la Console a bien été installée apparait, puis un rapport nommé CF_RC.txt va s'afficher: poste le contenu de ce rapport.

 

--- Si et seulement si la procédure #1 a fonctionné parfaitement, tu passes à l'étape #2 ---

 

2) Nous allons maintenant exécuter un script personnalisé pour Combofix

 

• Déconnecte-toi du net et désactive ton antivirus (juste le temps de la procédure !)
  
• Ouvre le bloc-note et colles-y les lignes écrites en citation ci-dessous :

  File::
  C:\Program Files\Fichiers communs\uboleqo.pif
  C:\WINDOWS\enulu.db
  C:\WINDOWS\ikypyfodax.reg
  C:\WINDOWS\unysopy.vbs
  C:\Documents and Settings\1-Farrid\Application Data\efuqaf.vbs
  C:\WINDOWS\symuh.exe
  C:\WINDOWS\zupajibefi.sys
  C:\WINDOWS\system32\xaqyfoba._sy
  C:\Documents and Settings\1-Farrid\Application Data\imomosypyx.scr
  C:\Program Files\Fichiers communs\perurowyq.reg
  C:\Program Files\Fichiers communs\upyrygetiz.pif
  C:\WINDOWS\system32\towu.lib
  C:\Program Files\Fichiers communs\inybusiry.dll
  C:\Documents and Settings\All Users\Application Data\uroky.bin
  C:\WINDOWS\ixine.lib
  C:\Program Files\Fichiers communs\ajococasu.bin
  C:\WINDOWS\aqacuvi.dat
  C:\WINDOWS\system32\bikuf.pif
  C:\Documents and Settings\All Users\Application Data\zogad.reg
  C:\WINDOWS\ypigafubih.exe
  C:\Documents and Settings\1-Farrid\Application Data\ohukegufyk.bat

  * Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le ré-utiliser dans d'autres cas !
   
  
• Enregistre-le en lui donnant le nom CFScript
  
• Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
  
  

  
  

• Poste le résultat et un nouveau rapport HijackThis !
  

 

Note : l'icône de ComboFix a changé récemment, il s'agit probablement de celle-ci maintenant : à la place de celle-là

 

Merci de poster :

1. Le premier rapport de ComboFix (installation de la console)
   
2. Le second rapport de ComboFix (CFScript)
   
3. Un nouveau log HijackThis...
   

 

# Rencontres-tu encore des problèmes avec ta machine ?

# Si oui, lesquels ?

 

[toutclic]

Bonjour

 

Voici le premier rapport :

 

ComboFix 08-08-04.06 - 1-Farrid 2008-08-09 16:14:42.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.607 [GMT 2:00]

Endroit: C:\Documents and Settings\1-Farrid\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\1-Farrid\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

* Création d'un nouveau point de restauration

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\Malwarebytes

2008-08-04 19:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-04 19:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-02 16:21 . 2008-08-02 16:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-08-02 16:15 . 2008-08-02 16:15 <REP> d-------- C:\Deckard

2008-08-01 20:59 . 2008-08-01 20:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-08-01 20:53 . 2008-08-01 20:54 <REP> d-------- C:\WINDOWS\ERUNT

2008-08-01 14:00 . 2008-08-01 14:00 <REP> d-------- C:\Program Files\Avira

2008-08-01 12:41 . 2008-08-01 12:41 <REP> d-------- C:\Program Files\Trend Micro

2008-08-01 00:19 . 2008-08-01 00:19 19,627 --a------ C:\Program Files\Fichiers communs\uboleqo.pif

2008-08-01 00:19 . 2008-08-01 00:19 19,006 --a------ C:\WINDOWS\enulu.db

2008-08-01 00:19 . 2008-08-01 00:19 17,305 --a------ C:\WINDOWS\ikypyfodax.reg

2008-08-01 00:19 . 2008-08-01 00:19 17,192 --a------ C:\WINDOWS\unysopy.vbs

2008-08-01 00:19 . 2008-08-01 00:19 14,945 --a------ C:\Documents and Settings\1-Farrid\Application Data\efuqaf.vbs

2008-08-01 00:19 . 2008-08-01 00:19 14,783 --a------ C:\WINDOWS\symuh.exe

2008-08-01 00:19 . 2008-08-01 00:19 12,784 --a------ C:\WINDOWS\zupajibefi.sys

2008-08-01 00:19 . 2008-08-01 00:19 12,667 --a------ C:\WINDOWS\system32\xaqyfoba._sy

2008-08-01 00:19 . 2008-08-01 00:19 12,229 --a------ C:\Documents and Settings\1-Farrid\Application Data\imomosypyx.scr

2008-08-01 00:19 . 2008-08-01 00:19 11,892 --a------ C:\Program Files\Fichiers communs\perurowyq.reg

2008-08-01 00:19 . 2008-08-01 00:19 11,291 --a------ C:\Program Files\Fichiers communs\upyrygetiz.pif

2008-08-01 00:19 . 2008-08-01 00:19 11,255 --a------ C:\WINDOWS\system32\towu.lib

2008-08-01 00:19 . 2008-08-01 00:19 10,968 --a------ C:\Program Files\Fichiers communs\inybusiry.dll

2008-08-01 00:11 . 2008-08-01 00:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-07-31 23:48 . 2008-07-31 23:48 <REP> d-------- C:\WINDOWS\system32\AVGUARD_4c3ecb17

2008-07-31 23:47 . 2008-08-01 11:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-07-31 23:47 . 2008-08-01 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-31 06:27 . 2008-07-31 06:27 18,213 --a------ C:\Documents and Settings\All Users\Application Data\uroky.bin

2008-07-31 06:27 . 2008-07-31 06:27 16,977 --a------ C:\WINDOWS\ixine.lib

2008-07-31 06:27 . 2008-07-31 06:27 16,160 --a------ C:\Program Files\Fichiers communs\ajococasu.bin

2008-07-31 06:27 . 2008-07-31 06:27 13,025 --a------ C:\WINDOWS\aqacuvi.dat

2008-07-31 06:27 . 2008-07-31 06:27 12,785 --a------ C:\WINDOWS\system32\bikuf.pif

2008-07-31 06:27 . 2008-07-31 06:27 12,039 --a------ C:\Documents and Settings\All Users\Application Data\zogad.reg

2008-07-31 06:27 . 2008-07-31 06:27 11,614 --a------ C:\WINDOWS\ypigafubih.exe

2008-07-31 06:27 . 2008-07-31 06:27 11,051 --a------ C:\Documents and Settings\1-Farrid\Application Data\ohukegufyk.bat

2008-07-22 18:31 . 2008-07-22 18:31 <REP> d-------- C:\Program Files\Sun

2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR

2008-07-09 08:52 . 2008-07-09 08:52 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\DivX

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-05 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-08-03 11:25 --------- d-----w C:\Program Files\Google

2008-07-31 22:19 17,064 ----a-w C:\Program Files\Fichiers communs\kaho.inf

2008-07-31 04:27 17,256 ----a-w C:\Program Files\Fichiers communs\bosoduqe.inf

2008-07-22 16:30 --------- d-----w C:\Program Files\Java

2008-07-09 07:07 19,104 ----a-w C:\Documents and Settings\1-Farrid\Application Data\GDIPFONTCACHEV1.DAT

2008-07-08 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-08 04:19 --------- d-----w C:\Program Files\Lecteur CANALPLAY

2008-06-24 18:08 --------- d-----w C:\Documents and Settings\2-Housnat\Application Data\Yahoo!

2008-06-21 15:59 --------- d-----w C:\Documents and Settings\3-Enfants\Application Data\Yahoo!

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-06-10 02:59 --------- d-----w C:\Documents and Settings\1-Farrid\Application Data\Yahoo!

2008-06-10 02:58 --------- d-----w C:\Program Files\DivX

2008-06-10 02:57 --------- d-----w C:\Program Files\Yahoo!

2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll

2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll

2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-05_16.47.55.62 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-02-04 08:10:10 208,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingDevice.dll

+ 2008-02-04 08:06:54 417,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingServices.dll

+ 2008-02-04 08:08:42 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\LiveAlbumXCtrl.dll

+ 2008-02-04 08:07:46 1,779,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\MicrosoftEffects.dll

+ 2008-02-04 08:05:04 46,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\PhotoViewerShim.dll

+ 2008-02-04 08:06:46 372,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXAlbumDownloadWizard.exe

+ 2008-02-01 09:23:12 279,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\wlxclip.dll

+ 2008-02-01 09:13:40 191,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXDSPA.dll

+ 2008-02-04 08:10:02 130,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXGrinderScheduler.dll

+ 2008-02-04 08:06:00 59,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXImageTranscode.dll

+ 2008-02-04 08:08:26 712,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXMediaPublishSubscribe.dll

+ 2008-02-01 09:17:40 587,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPGSS.SCR

+ 2008-02-04 08:07:22 1,565,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcq.dll

+ 2008-02-01 09:13:40 227,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcquireWizard.exe

+ 2008-02-04 08:08:38 86,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoCinematic.dll

+ 2008-02-04 08:08:32 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoClassic.dll

+ 2008-02-04 08:09:08 125,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGallery.exe

+ 2008-02-01 09:13:42 16,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGalleryRepair.exe

+ 2008-02-04 08:06:54 394,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoLibraryDatabase.dll

+ 2008-02-04 08:06:20 1,515,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoViewer.dll

+ 2008-02-04 08:06:20 1,250,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoVoyager.dll

+ 2008-02-04 08:06:18 752,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipeline.dll

+ 2008-02-04 08:06:14 734,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipetran.dll

+ 2008-02-01 09:13:42 101,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHost.exe

+ 2008-02-04 08:05:00 20,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHostPS.dll

+ 2008-02-04 08:05:04 53,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeShellExt.dll

+ 2008-02-04 08:08:42 85,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXThumbCache.dll

+ 2008-02-04 08:10:04 144,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVAFilt.dll

+ 2008-02-04 08:07:40 675,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoAcquireWizard.exe

+ 2008-02-04 08:07:10 69,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoCameraAutoPlayManager.exe

+ 2008-02-04 08:10:10 165,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoTrim.dll

- 2008-04-13 21:12:35 123,008 ----a-r C:\WINDOWS\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe

+ 2008-08-07 19:24:16 123,008 ----a-r C:\WINDOWS\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe

- 2008-03-04 11:28:49 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2008-08-06 12:01:59 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 07:19 68856]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2008-06-20 18:28 2144128]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 22:43 86016]

"HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 16:36 684032]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-06 14:44 98304]

"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-08 13:16 69632]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 13:16 185896]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

"nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe]

"CHotkey"="mHotkey.exe" [2004-02-24 15:05 508416 C:\WINDOWS\mHotkey.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\NetMeeting\\Conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=

"C:\\Program Files\\Hamachi\\hamachi.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=

 

R3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]

R3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 18:28]

 

*Newly Created Service* - CATCHME

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\1-Farrid\Application Data\Mozilla\Firefox\Profiles\v1ks5dsj.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-09 16:16:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-08-09 16:18:00

ComboFix-quarantined-files.txt 2008-08-09 14:17:57

ComboFix2.txt 2008-08-05 14:48:14

 

Pre-Run: 195,693,629,440 octets libres

Post-Run: 195,819,352,064 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

209 --- E O F --- 2008-08-07 19:24:18

Modifié le 10 août 2008 par toutclic

[toutclic]

Voici le deuxieme rapport :

 

ComboFix 08-08-04.06 - 1-Farrid 2008-08-09 16:28:31.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.609 [GMT 2:00]

Endroit: C:\Documents and Settings\1-Farrid\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\1-Farrid\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-04 19:25 . 2008-08-04 19:25 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\Malwarebytes

2008-08-04 19:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-04 19:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-02 16:21 . 2008-08-02 16:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-08-02 16:15 . 2008-08-02 16:15 <REP> d-------- C:\Deckard

2008-08-01 20:59 . 2008-08-01 20:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-08-01 20:53 . 2008-08-01 20:54 <REP> d-------- C:\WINDOWS\ERUNT

2008-08-01 14:00 . 2008-08-01 14:00 <REP> d-------- C:\Program Files\Avira

2008-08-01 12:41 . 2008-08-01 12:41 <REP> d-------- C:\Program Files\Trend Micro

2008-08-01 00:19 . 2008-08-01 00:19 19,627 --a------ C:\Program Files\Fichiers communs\uboleqo.pif

2008-08-01 00:19 . 2008-08-01 00:19 19,006 --a------ C:\WINDOWS\enulu.db

2008-08-01 00:19 . 2008-08-01 00:19 17,305 --a------ C:\WINDOWS\ikypyfodax.reg

2008-08-01 00:19 . 2008-08-01 00:19 17,192 --a------ C:\WINDOWS\unysopy.vbs

2008-08-01 00:19 . 2008-08-01 00:19 14,945 --a------ C:\Documents and Settings\1-Farrid\Application Data\efuqaf.vbs

2008-08-01 00:19 . 2008-08-01 00:19 14,783 --a------ C:\WINDOWS\symuh.exe

2008-08-01 00:19 . 2008-08-01 00:19 12,784 --a------ C:\WINDOWS\zupajibefi.sys

2008-08-01 00:19 . 2008-08-01 00:19 12,667 --a------ C:\WINDOWS\system32\xaqyfoba._sy

2008-08-01 00:19 . 2008-08-01 00:19 12,229 --a------ C:\Documents and Settings\1-Farrid\Application Data\imomosypyx.scr

2008-08-01 00:19 . 2008-08-01 00:19 11,892 --a------ C:\Program Files\Fichiers communs\perurowyq.reg

2008-08-01 00:19 . 2008-08-01 00:19 11,291 --a------ C:\Program Files\Fichiers communs\upyrygetiz.pif

2008-08-01 00:19 . 2008-08-01 00:19 11,255 --a------ C:\WINDOWS\system32\towu.lib

2008-08-01 00:19 . 2008-08-01 00:19 10,968 --a------ C:\Program Files\Fichiers communs\inybusiry.dll

2008-08-01 00:11 . 2008-08-01 00:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-07-31 23:48 . 2008-07-31 23:48 <REP> d-------- C:\WINDOWS\system32\AVGUARD_4c3ecb17

2008-07-31 23:47 . 2008-08-01 11:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-07-31 23:47 . 2008-08-01 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-31 06:27 . 2008-07-31 06:27 18,213 --a------ C:\Documents and Settings\All Users\Application Data\uroky.bin

2008-07-31 06:27 . 2008-07-31 06:27 16,977 --a------ C:\WINDOWS\ixine.lib

2008-07-31 06:27 . 2008-07-31 06:27 16,160 --a------ C:\Program Files\Fichiers communs\ajococasu.bin

2008-07-31 06:27 . 2008-07-31 06:27 13,025 --a------ C:\WINDOWS\aqacuvi.dat

2008-07-31 06:27 . 2008-07-31 06:27 12,785 --a------ C:\WINDOWS\system32\bikuf.pif

2008-07-31 06:27 . 2008-07-31 06:27 12,039 --a------ C:\Documents and Settings\All Users\Application Data\zogad.reg

2008-07-31 06:27 . 2008-07-31 06:27 11,614 --a------ C:\WINDOWS\ypigafubih.exe

2008-07-31 06:27 . 2008-07-31 06:27 11,051 --a------ C:\Documents and Settings\1-Farrid\Application Data\ohukegufyk.bat

2008-07-22 18:31 . 2008-07-22 18:31 <REP> d-------- C:\Program Files\Sun

2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR

2008-07-09 08:52 . 2008-07-09 08:52 <REP> d-------- C:\Documents and Settings\1-Farrid\Application Data\DivX

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-05 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-08-03 11:25 --------- d-----w C:\Program Files\Google

2008-07-31 22:19 17,064 ----a-w C:\Program Files\Fichiers communs\kaho.inf

2008-07-31 04:27 17,256 ----a-w C:\Program Files\Fichiers communs\bosoduqe.inf

2008-07-22 16:30 --------- d-----w C:\Program Files\Java

2008-07-09 07:07 19,104 ----a-w C:\Documents and Settings\1-Farrid\Application Data\GDIPFONTCACHEV1.DAT

2008-07-08 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-08 04:19 --------- d-----w C:\Program Files\Lecteur CANALPLAY

2008-06-24 18:08 --------- d-----w C:\Documents and Settings\2-Housnat\Application Data\Yahoo!

2008-06-21 15:59 --------- d-----w C:\Documents and Settings\3-Enfants\Application Data\Yahoo!

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-06-10 02:59 --------- d-----w C:\Documents and Settings\1-Farrid\Application Data\Yahoo!

2008-06-10 02:58 --------- d-----w C:\Program Files\DivX

2008-06-10 02:57 --------- d-----w C:\Program Files\Yahoo!

2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll

2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll

2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 07:19 68856]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2008-06-20 18:28 2144128]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 22:43 86016]

"HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 16:36 684032]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-06 14:44 98304]

"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-08 13:16 69632]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 13:16 185896]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

"nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe]

"CHotkey"="mHotkey.exe" [2004-02-24 15:05 508416 C:\WINDOWS\mHotkey.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\NetMeeting\\Conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=

"C:\\Program Files\\Hamachi\\hamachi.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=

 

R3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]

R3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 18:28]

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-09 16:29:23

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-08-09 16:30:19

ComboFix-quarantined-files.txt 2008-08-09 14:30:03

ComboFix2.txt 2008-08-09 14:18:01

ComboFix3.txt 2008-08-05 14:48:14

 

Pre-Run: 195,803,987,968 octets libres

Post-Run: 195,792,969,728 octets libres

 

157 --- E O F --- 2008-08-07 19:24:18

 

et voici le rapport hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:32:08, on 09/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.fr/

O15 - Trusted Zone: *.canalplay.com

O15 - Trusted Zone: *.canalplusactive.com

O15 - Trusted Zone: *.canalplay.com (HKLM)

O15 - Trusted Zone: *.canalplusactive.com (HKLM)

O16 - DPF: CANALPLAY Installer - http://www.canalplay.com/cabs/CanalInstaller.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162823266296

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162823248765

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B36719-0CD1-4CF4-B744-BB3D4C80C25B}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 8936 bytes

 

Et oui j'ai encore un probleme. Tout les jours antivir me detecte un virus voici son rapport :

 

Virus or unwanted program 'TR/Trash.Gen [trojan]'

detected in file 'C:\System Volume Information\_restore{1D571015-0B84-4D59-834E-BE56DAC462EC}\RP147\A0011156.dll.

Action performed: Delete file

Comment je fais pour l'enlever definitivement.

Modifié le 9 août 2008 par toutclic

[WawaSeb]

Bonjour toutclic !

 

*** Je te remercie pour ta patience et je m'excuse pour ce délai trop long ! ***

--> En plus, tu suis super bien les procédures... Excellent...

 

1. La console de récupération a bien été installée sur le système
   
2. Le CFScript n'a pas fonctionné et ce n'est pas de ta faute !!
   

 

1) Copie-colle ComboFix à la racine de ton disque dur (C:\ComboFix.exe)

 

2) Recrée le fichier CFScipt.txt et copie-le au même endroit (C:\CFScript.txt)

 

3) Recommence la deuxième étape de mon post du 06 août 2008 (fais glisser le fichier texte dans l'exécutable)

 

==> Ton nom d'utilisateur contient un caractère qui peut interférer avec l'outil de sUBs et je pense que ComboFix n'a pas fonctionné à cause de cela (merci à Mérillym pour ce rappel très important...) !

 

 

 

Tout les jours antivir me detecte un virus voici son rapport :

--> On traitera cela en fin de procédure, rien de grave normalement !

 

 

# Poste bien sûr le nouveau rapport avec le CFScript !

 

@ très vite !