Bonjour, A la suite d'un mauvais téléchargement j'ai le message suivant : "ashavast.exe n'est pas une application win32 valide" En clair mon antivirus avast n'est plus en action et ne redémarre pas (j'obtiens le message si dessus). Après différentes visites sur des forums, je remarque que ce problème est récurent, il s'agirait d'un virus connu. Quelqu'un peut-il m'aider à ce sujet? Merci par avance

Ashavast.exe n'est pas une application win32

Réponse 1 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Salut, en effet, un mauvais téléchargement.
Tu as essayé d'installer un crack et tu es maintenant infecté !
Commence par supprimer tous tes cracks afin que tu ne reviennes pas dans une semaine après la désinfection !

Télécharge FindyKill (Merci à Chiquitine29 !!)
= = = = >>> En cliquant ici <<< = = = =

Fais un clic droit sur le lien, Enregistrer la cible sous (Internet Explorer) ou Enregistrer la cible du lien sous (Firefox) …
Choisis d’enregistrer le fichier sur le bureau.

Double clique sur FindyKill.exe
Choisis l’option 1 (Recherche)
Un rapport va s’ouvrir, poste le dans ta prochaine réponse.

Note :
Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt)

renaud

slt peut tu faire se si svp

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017 > renaud

Salut,
Infection Bagle => Le programme ne se lancera pas !

renaud > crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

ok,

fmagnier

Merci et pour la réponse.

Voici mon rapport issu de findykill :

------------------------------

----------------- FindyKill V4.710 ------------------

* User : Nanette - SANDRINA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 22:37:37 le 30/12/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Nanette\AppData\Roaming\drivers\winupgro.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Nanette\AppData\Roaming\drivers\downld\867583.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe

--------------- [ Processus infectieux stoppés ] ----------------

"C:\Users\Nanette\AppData\Roaming\drivers\downld\867583.exe" (2916)
"C:\Users\Nanette\AppData\Roaming\drivers\winupgro.exe" (2816)

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\132819.EXE-6B3793CC.pf
Found ! - C:\Windows\prefetch\211630.EXE-F2A93595.pf
Found ! - C:\Windows\prefetch\632162.EXE-1240D8F8.pf
Found ! - C:\Windows\prefetch\742330.EXE-86AD4823.pf
Found ! - C:\Windows\prefetch\838084.EXE-6EBC310F.pf
Found ! - C:\Windows\prefetch\867583.EXE-8FFB4AD5.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-18CD6AE6.pf
Found ! - C:\Windows\prefetch\MDELK.EXE-DC6EBAD6.pf
Found ! - C:\Windows\prefetch\WINTEMS.EXE-72D52E08.pf
Found ! - C:\Windows\prefetch\WINUPGRO.EXE-EC351287.pf
Found ! - C:\Windows\Prefetch\CRAC.EXE-42A0E8C6.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [30/12/2008 22:18] - C:\Windows\system32\mdelk.exe
Found ! [30/12/2008 22:18] - C:\Windows\system32\wintems.exe
Found ! [30/12/2008 22:18] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\Nanette\AppData\Roaming

Found ! [30/12/2008 22:19] - "C:\Users\Nanette\AppData\Roaming\m\flec006.exe"
Found ! [30/12/2008 22:20] - "C:\Users\Nanette\AppData\Roaming\m\list.oct"
Found ! [30/12/2008 22:20] - "C:\Users\Nanette\AppData\Roaming\m\data.oct"
Found ! [30/12/2008 22:20] - "C:\Users\Nanette\AppData\Roaming\m\srvlist.oct"
Found ! [30/12/2008 22:22] - "C:\Users\Nanette\AppData\Roaming\m\shared"
Found ! [30/12/2008 21:54] - "C:\Users\Nanette\AppData\Roaming\m"
Found ! [30/12/2008 21:28] - "C:\Users\Nanette\AppData\Roaming\drivers"
Found ! [30/12/2008 22:16] - "C:\Users\Nanette\AppData\Roaming\drivers\srosa.sys"
Found ! [30/12/2008 22:16] - "C:\Users\Nanette\AppData\Roaming\drivers\srosa2.sys"
Found ! [23/04/2004 09:03] - "C:\Users\Nanette\AppData\Roaming\drivers\winupgro.exe"
Found ! [30/12/2008 22:22] - "C:\Users\Nanette\AppData\Roaming\drivers\downld"
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\125097.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\126470.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\132819.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\200461.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\201896.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\201958.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\208401.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\209727.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\210429.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\211630.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\245389.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\247589.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\248181.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\400594.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\407677.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\408785.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\408972.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\444758.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\449080.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\449095.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\463541.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\465148.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\465600.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\466536.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\467441.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\467893.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\626609.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\627888.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\632162.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\651116.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\651943.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\655656.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\660586.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\661428.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\661756.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\685983.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\687137.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\687512.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\742330.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\745871.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\746854.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\747010.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\772298.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\781112.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\781674.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\782329.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\782688.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\783000.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\799895.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\801579.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\802063.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\802812.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\803748.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\804216.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\819956.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\821017.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\831500.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\832530.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\832858.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\835057.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\836664.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\837116.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\837881.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\838084.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\838786.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\839254.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\846555.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\847381.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\847803.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\866601.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\867443.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\867583.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\867771.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\874401.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\879518.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\880407.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\880469.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\897738.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\899018.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\899829.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\918237.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\936864.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\937628.exe
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Roaming\drivers\downld\937706.exe

»»»» Presence des fichiers dans C:\Users\Nanette\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\Nanette\Local Settings\Temporary Internet Files\Content.IE5

Found ! [17/04/2008 20:55] - C:\ProgramData\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [17/04/2008 20:55] - C:\Users\All Users\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [28/11/2005 19:14] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\28a3beD52E7d8B2a1Bf45bb641e0A00E\fit 014.jpg
Found ! [25/11/2005 17:14] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\28a3beD52E7d8B2a1Bf45bb641e0A00E\IMGP1362.JPG
Found ! [03/08/2004 05:33] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0401.JPG
Found ! [03/08/2004 05:33] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0402.JPG
Found ! [03/08/2003 08:08] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0441.JPG
Found ! [03/08/2003 08:08] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0442.JPG
Found ! [03/08/2003 08:23] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0445.JPG
Found ! [06/08/2004 03:46] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0446.JPG
Found ! [03/08/2003 08:24] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0451.JPG
Found ! [03/08/2003 08:43] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0452.JPG
Found ! [06/08/2004 03:46] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0453.JPG
Found ! [03/08/2003 10:55] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0454.JPG
Found ! [03/08/2003 10:55] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0455.JPG
Found ! [06/08/2004 03:46] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0456.JPG
Found ! [03/08/2003 10:55] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0457.JPG
Found ! [03/08/2003 10:58] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0458.JPG
Found ! [06/08/2004 03:46] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0459.JPG
Found ! [06/08/2004 03:46] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0460.JPG
Found ! [06/08/2004 03:46] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0462.JPG
Found ! [03/08/2003 10:59] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0463.JPG
Found ! [06/08/2004 03:46] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0464.JPG
Found ! [04/08/2003 09:26] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0465.JPG
Found ! [04/08/2003 09:27] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0467.JPG
Found ! [28/06/2004 07:31] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\barque-mer-pirogue-baie-nouvelle-.jpg
Found ! [28/06/2004 06:51] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Bourail.jpg
Found ! [28/06/2004 07:00] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Hienghene1.jpg
Found ! [28/06/2004 06:56] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Hienghene_nord.jpg
Found ! [28/06/2004 06:58] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Hienghene_panorama.jpg
Found ! [28/06/2004 07:21] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\IleDesPins1.jpg
Found ! [28/06/2004 07:23] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\IleDesPins2.jpg
Found ! [28/06/2004 07:24] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Kanumera.jpg
Found ! [28/06/2004 07:17] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Kuto.jpg
Found ! [28/06/2004 07:15] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Lifou5.jpg
Found ! [28/06/2004 07:05] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Lifou_sable.jpg
Found ! [28/06/2004 07:03] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Mare.jpg
Found ! [28/06/2004 07:04] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Mare_corail.jpg
Found ! [28/06/2004 07:06] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Mare_plage.jpg
Found ! [28/06/2004 07:29] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\mer-piscine-ile-nouvelle-noumea-.jpg
Found ! [28/06/2004 07:26] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\montagne-foret-parc-yate-nouvelle-.jpg
Found ! [28/06/2004 07:25] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nea_catedrale.jpg
Found ! [01/05/2002 09:39] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nohkanoui.jpg
Found ! [01/05/2002 09:39] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nohkanoui1.jpg
Found ! [01/05/2002 09:40] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nohkanoui2.jpg
Found ! [28/06/2004 06:49] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Noumea_panorama.jpg
Found ! [28/06/2004 07:28] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\palmier-coucher-soleil-mer-drepuscule-.jpg
Found ! [28/06/2004 07:10] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Parc_bleu.jpg
Found ! [28/06/2004 07:16] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Pirogue.jpg
Found ! [28/06/2004 07:29] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\plage-ile-sports-free-ilot-.jpg
Found ! [28/06/2004 07:01] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Poindimie1.jpg
Found ! [28/06/2004 07:02] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Poindimie_case.jpg
Found ! [28/06/2004 07:22] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Poissons.jpg
Found ! [28/06/2004 07:12] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\PouleCouveuse.jpg
Found ! [28/06/2004 07:07] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Region_sud.jpg
Found ! [28/06/2004 06:53] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Tricot_Raye.jpg
Found ! [19/07/2005 11:32] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 020.jpg
Found ! [19/07/2005 11:32] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 022.jpg
Found ! [19/07/2005 11:32] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 023.jpg
Found ! [19/07/2005 11:32] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 025.jpg
Found ! [19/07/2005 11:32] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 026.jpg
Found ! [19/07/2005 11:34] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 077.jpg
Found ! [19/07/2005 11:34] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 078.jpg
Found ! [19/07/2005 11:34] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 079.jpg
Found ! [19/07/2005 11:34] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 080.jpg
Found ! [19/07/2005 11:34] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 081.jpg
Found ! [19/07/2005 11:34] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 082.jpg
Found ! [23/08/2005 10:24] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\phabeco 035.jpg
Found ! [23/08/2005 10:24] - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\phabeco 045.jpg
Found ! [30/12/2008 21:57] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_1[1].jpg
Found ! [30/12/2008 21:57] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_2[1].jpg
Found ! [30/12/2008 21:29] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_3[1].jpg
Found ! [30/12/2008 21:34] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_3[2].jpg
Found ! [30/12/2008 21:38] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\mxd[1].jpg
Found ! [30/12/2008 22:18] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM6U1YY9\b64_3[1].jpg
Found ! [30/12/2008 22:21] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSS9R93R\b64_1[1].jpg
Found ! [30/12/2008 22:22] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSS9R93R\b64_2[1].jpg
Found ! [30/12/2008 21:53] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSS9R93R\b64_3[1].jpg
Found ! [30/12/2008 21:37] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JP4JOH8Q\b64[1].jpg
Found ! [30/12/2008 21:55] - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JP4JOH8Q\b64[2].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ehTray.exe=C:\Windows\ehome\ehTray.exe
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Apoint=C:\Program Files\DellTPad\Apoint.exe
IgfxTray=C:\Windows\system32\igfxtray.exe
HotKeysCmds=C:\Windows\system32\hkcmd.exe
Persistence=C:\Windows\system32\igfxpers.exe
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\crac]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Réponse 2 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Salut,
Désinstalle tout de suite MSN messenger car il a été touché, tu devras le réinstaller.
Si tu ne le fais pas, tu seras réinfecté à chaque redémarrage.

******************

Nettoyage :

--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l’option 2 (Suppression)

/!\ Il y aura deux redémarrages, laisse travailler l’outil jusqu’à l’apparition du message "nettoyage effectué" /!\

/!\ Ne te sert pas du pc durant la suppression, ton bureau ne sera pas accessible, c’est normal ! /!\</gras>

Ensuite poste le rapport FindyKill.txt

Notes :
* Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\ FindyKill.txt)
* Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide

fmagnier

----------------- FindyKill V4.710 ------------------

* User : Nanette - SANDRINA
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 22:59:40 the 30/12/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\Windows

»»»» Supression files in C:\Windows\Prefetch

Deleted ! - C:\Windows\prefetch\132819.EXE-6B3793CC.pf
Deleted ! - C:\Windows\prefetch\211630.EXE-F2A93595.pf
Deleted ! - C:\Windows\prefetch\632162.EXE-1240D8F8.pf
Deleted ! - C:\Windows\prefetch\742330.EXE-86AD4823.pf
Deleted ! - C:\Windows\prefetch\838084.EXE-6EBC310F.pf
Deleted ! - C:\Windows\prefetch\867583.EXE-8FFB4AD5.pf
Deleted ! - C:\Windows\prefetch\CRAC.EXE-42A0E8C6.pf
Deleted ! - C:\Windows\prefetch\FLEC006.EXE-18CD6AE6.pf
Deleted ! - C:\Windows\prefetch\MDELK.EXE-DC6EBAD6.pf
Deleted ! - C:\Windows\prefetch\WINTEMS.EXE-72D52E08.pf
Deleted ! - C:\Windows\prefetch\WINUPGRO.EXE-EC351287.pf

»»»» Supression files in C:\Windows\system32

Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt

»»»» Supression files in C:\Windows\system32\config\systemprofile\AppData\Roaming

»»»» Supression files in C:\Windows\system32\drivers

Deleted ! - C:\Windows\system32\drivers\srosa.sys
Deleted ! - C:\Windows\system32\drivers\srosa2.sys

»»»» Supression files in C:\Users\Nanette\AppData\Roaming

Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\1D Barcode Encode SDK Static Library 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\225726_Million_Dollar_Poker_Nokia_6280_EN_IGP_105_s-c.ru.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\3D Solar System Screensaver 1.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\3DFieldPro 1.10.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\42 Always-Connected Plug 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Advanced WMA Workshop 2.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Agile SWF Video Converter 2.7.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Aldo's QuickTime Player 1.1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Ap TIFF To PDF Convert 3.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\ArcSoft MediaImpression 1.2.0.246.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Avast.Home.Edition.2006.+.crack.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\AVG.7.5.Antivirus.compatible.VISTA.Complete.Keygen.updated-fixed.01-2007.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Avg.anti.spyware.7.5.0.50.+.Ewido.Anti-Spyware.v.4.0.0.172.plus.+serial.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\AXARScan 4.1 r1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Bagle.AH Remover 3.5.1.11.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\BCTW 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\BigSpeed Secure Socket Library 3.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\BlackBerry Master Control Program 0.9.1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Blue Cat's Triple EQ 3.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Book2Folder 3.25.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\BrownIE 3.0.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Brute Force Uninstaller 1.11.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Clear Read-Only 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Clone Table for MS SQL Server Professional 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Collectorz.com Movie Collector 5.6.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Colorjinn Calibrize 1.0.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\CombiWave Lite 4.0.0.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\CryptDisk.4h Manager 3.0.0.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Desktop Rover 3.2.0.8.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Diagnostic System for Sound Fields 3.1.5.9.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Disk Cleaner 1.5.7.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\DiskAnalyzer Professional 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Disketch CD Label Software 1.11.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Dodge Slingshot Screensaver.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Domain Search Gadget 1.0.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Double Tone Generator 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\DUQ Radio Player 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\ExeDesk Standard Edition 3.0.5.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Ezine Mailer Pro 5.00.15.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Field2Base Forms Designer 4.0.5.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\ftpdmin 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Fx MPEG Writer 9.8.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Gdow 1.020081028.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Google Ranking Search Engine Optimization Tool 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Gradient Effect 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\GryzClock 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\HashX 1.0.1.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Heather Locklear ScreenSaver 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Human Calculator 2.17.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\IBM DB2 Editor Software 7.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\iMonitorPC Home 2.5.7.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\InEventScript 1.0.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\InfoSpace Drive 1.5.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Intuition training 1.1.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\iOrgSoft MOV Converter 1.6.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\iProtectYou Pro 8.6.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\iSchedule 1.0.4.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\IsMyLcdOK 1.00.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\JavaScript PixLines PopMenu 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\JoJoThumb 2.10.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Kaspersky.Antivirus.6.0.0.300.KEY.twk.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\LingvoSoft Picture Dictionary 2008 Chinese Mandarin Traditional - Korean 1.2.26.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Magic Player 1.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MAGIX Audio Cleaning Lab 14 9.01.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Magnificent Waterfall Wallpaper 1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MB Free Mahjong Oracle 1.10.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MB4-212 Practice Exam Testing Engine Software 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\McAfee.Desktop.Firewall.v8.5.591-LTW.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\McAfee.MemoKit.3.1.[with.keygen].zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Mcafee.VirusScan.2006.v10.0.Retail.FR.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MealPlanner 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Mediaplazza Dating Valentine 2006 Symbian J2me.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Metar Audit 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\multiSearch 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MYRIAD 7.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Nabit 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Nod32.v2.50.32.Italiano.+.crack.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\NOD32_2.70.23_cht.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\NOKIA - Tomb_Raider_Legend_tokyo õ Lara Croff - Fantastico! õ.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Nokia.F-Secure.Antivirus.2005(6631).zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\OEChangeMac 1.0.0 Beta.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\OpenOffice Writer Import Multiple Word Documents Software 7.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\OS2]_DrWeb_4.x_Universal_Registrator.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Oscar Wilde's 1.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Outlook Email Address Validator 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\P2P Music Jukebox 1.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Pablo Commander 1.4.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Panda.Platinum.2005.Internet.Security.v9.00.00.Final.-.English.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PassControl 3.1.0.59.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PBTray 1.7.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PDF.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Pegasus Mail 4.41.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Photo Frame Genius 2.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PN2 Text Clip Creator 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PrintSniffer 1.0.0.58.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PSP PianoVerb 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PumpKIN TFTP 2.7.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\QuickBooks Password 11.1(build 8110).zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\QuickVoice for Windows 2.2.0.210.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Rob's Clock & Alarm 3.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\RomDoor 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\RQ Search and View 1.04.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Sam Gurgis BMI Tool 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Search Videos on GoogleVideo With a Single Click 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\SeddyShop 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Serial Activation Key(Keygen) For Norton Antivirus 2006.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\SerialNull 1.7.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\SignMyImage 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Sizzle Babes 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\SnoopFree Privacy Shield 1.07.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Snow Screen Saver 1.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Sofa Screen Saver 1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Speech Profile Manager 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Star Wars Icons.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Swiftpage for QuickBooks 1.3.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Syscalculator 1.71 Build 279.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\The actuation manages master 3.6.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\The Lords 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\ThunderSetup Professional 2.0.1.11.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Tweak Genie 6.01.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\UltiSum 1.15.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Uptimer4 1.00.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Virtual CD Manager 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Wolves Of The Wild Volume 1 1.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\xSQL Script Executor 2.0.0.0.zip
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers\srosa.sys"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers\srosa2.sys"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers\winupgro.exe"
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\125097.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\126470.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\132819.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\200461.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\201896.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\201958.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\208401.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\209727.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\210429.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\211630.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\245389.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\247589.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\248181.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\400594.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\407677.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\408785.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\408972.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\444758.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\449080.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\449095.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\463541.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\465148.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\465600.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\466536.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\467441.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\467893.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\626609.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\627888.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\632162.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\651116.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\651943.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\655656.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\660586.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\661428.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\661756.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\685983.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\687137.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\687512.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\742330.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\745871.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\746854.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\747010.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\772298.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\781112.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\781674.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\782329.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\782688.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\783000.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\799895.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\801579.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\802063.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\802812.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\803748.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\804216.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\819956.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\821017.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\831500.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\832530.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\832858.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\835057.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\836664.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\837116.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\837881.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\838084.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\838786.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\839254.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\846555.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\847381.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\847803.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\866601.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\867443.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\867583.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\867771.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\874401.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\879518.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\880407.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\880469.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\897738.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\899018.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\899829.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\918237.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\936864.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\937628.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\937706.exe
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers"

»»»» Supression files in C:\Users\Nanette\AppData\Local\Temp

»»»» Supression files in C:\Users\Nanette\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\ProgramData\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\All Users\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\28a3beD52E7d8B2a1Bf45bb641e0A00E\fit 014.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\28a3beD52E7d8B2a1Bf45bb641e0A00E\IMGP1362.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0401.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0402.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0441.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0442.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0445.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0446.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0451.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0452.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0453.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0454.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0455.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0456.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0457.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0458.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0459.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0460.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0462.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0463.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0464.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0465.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0467.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\barque-mer-pirogue-baie-nouvelle-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Bourail.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Hienghene1.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Hienghene_nord.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Hienghene_panorama.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\IleDesPins1.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\IleDesPins2.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Kanumera.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Kuto.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Lifou5.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Lifou_sable.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Mare.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Mare_corail.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Mare_plage.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\mer-piscine-ile-nouvelle-noumea-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\montagne-foret-parc-yate-nouvelle-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nea_catedrale.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nohkanoui.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nohkanoui1.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nohkanoui2.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Noumea_panorama.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\palmier-coucher-soleil-mer-drepuscule-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Parc_bleu.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Pirogue.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\plage-ile-sports-free-ilot-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Poindimie1.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Poindimie_case.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Poissons.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\PouleCouveuse.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Region_sud.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Tricot_Raye.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 020.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 022.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 023.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 025.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 026.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 077.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 078.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 079.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 080.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 081.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 082.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\phabeco 035.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\phabeco 045.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_1[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_2[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_3[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_3[2].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\mxd[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM6U1YY9\b64_3[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSS9R93R\b64_1[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSS9R93R\b64_2[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSS9R93R\b64_3[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JP4JOH8Q\b64[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JP4JOH8Q\b64[2].jpg

--------------- [ Other deleting ] ----------------

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\Local AppWizard-Generated Applications\winupgro

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Nanette\Pictures\a trier\trier\musique nanette bis\The Dandy Warhols - The Black Album\02 Crack Cocaine Rager.mp3

---------------- ! End of report ! ------------------

fmagnier

Voila le rapport :

----------------- FindyKill V4.710 ------------------

* User : Nanette - SANDRINA
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 22:59:40 the 30/12/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\Windows

»»»» Supression files in C:\Windows\Prefetch

Deleted ! - C:\Windows\prefetch\132819.EXE-6B3793CC.pf
Deleted ! - C:\Windows\prefetch\211630.EXE-F2A93595.pf
Deleted ! - C:\Windows\prefetch\632162.EXE-1240D8F8.pf
Deleted ! - C:\Windows\prefetch\742330.EXE-86AD4823.pf
Deleted ! - C:\Windows\prefetch\838084.EXE-6EBC310F.pf
Deleted ! - C:\Windows\prefetch\867583.EXE-8FFB4AD5.pf
Deleted ! - C:\Windows\prefetch\CRAC.EXE-42A0E8C6.pf
Deleted ! - C:\Windows\prefetch\FLEC006.EXE-18CD6AE6.pf
Deleted ! - C:\Windows\prefetch\MDELK.EXE-DC6EBAD6.pf
Deleted ! - C:\Windows\prefetch\WINTEMS.EXE-72D52E08.pf
Deleted ! - C:\Windows\prefetch\WINUPGRO.EXE-EC351287.pf

»»»» Supression files in C:\Windows\system32

Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt

»»»» Supression files in C:\Windows\system32\config\systemprofile\AppData\Roaming

»»»» Supression files in C:\Windows\system32\drivers

Deleted ! - C:\Windows\system32\drivers\srosa.sys
Deleted ! - C:\Windows\system32\drivers\srosa2.sys

»»»» Supression files in C:\Users\Nanette\AppData\Roaming

Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\1D Barcode Encode SDK Static Library 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\225726_Million_Dollar_Poker_Nokia_6280_EN_IGP_105_s-c.ru.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\3D Solar System Screensaver 1.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\3DFieldPro 1.10.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\42 Always-Connected Plug 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Advanced WMA Workshop 2.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Agile SWF Video Converter 2.7.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Aldo's QuickTime Player 1.1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Ap TIFF To PDF Convert 3.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\ArcSoft MediaImpression 1.2.0.246.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Avast.Home.Edition.2006.+.crack.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\AVG.7.5.Antivirus.compatible.VISTA.Complete.Keygen.updated-fixed.01-2007.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Avg.anti.spyware.7.5.0.50.+.Ewido.Anti-Spyware.v.4.0.0.172.plus.+serial.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\AXARScan 4.1 r1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Bagle.AH Remover 3.5.1.11.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\BCTW 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\BigSpeed Secure Socket Library 3.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\BlackBerry Master Control Program 0.9.1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Blue Cat's Triple EQ 3.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Book2Folder 3.25.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\BrownIE 3.0.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Brute Force Uninstaller 1.11.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Clear Read-Only 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Clone Table for MS SQL Server Professional 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Collectorz.com Movie Collector 5.6.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Colorjinn Calibrize 1.0.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\CombiWave Lite 4.0.0.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\CryptDisk.4h Manager 3.0.0.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Desktop Rover 3.2.0.8.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Diagnostic System for Sound Fields 3.1.5.9.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Disk Cleaner 1.5.7.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\DiskAnalyzer Professional 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Disketch CD Label Software 1.11.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Dodge Slingshot Screensaver.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Domain Search Gadget 1.0.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Double Tone Generator 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\DUQ Radio Player 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\ExeDesk Standard Edition 3.0.5.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Ezine Mailer Pro 5.00.15.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Field2Base Forms Designer 4.0.5.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\ftpdmin 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Fx MPEG Writer 9.8.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Gdow 1.020081028.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Google Ranking Search Engine Optimization Tool 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Gradient Effect 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\GryzClock 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\HashX 1.0.1.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Heather Locklear ScreenSaver 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Human Calculator 2.17.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\IBM DB2 Editor Software 7.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\iMonitorPC Home 2.5.7.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\InEventScript 1.0.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\InfoSpace Drive 1.5.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Intuition training 1.1.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\iOrgSoft MOV Converter 1.6.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\iProtectYou Pro 8.6.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\iSchedule 1.0.4.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\IsMyLcdOK 1.00.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\JavaScript PixLines PopMenu 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\JoJoThumb 2.10.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Kaspersky.Antivirus.6.0.0.300.KEY.twk.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\LingvoSoft Picture Dictionary 2008 Chinese Mandarin Traditional - Korean 1.2.26.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Magic Player 1.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MAGIX Audio Cleaning Lab 14 9.01.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Magnificent Waterfall Wallpaper 1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MB Free Mahjong Oracle 1.10.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MB4-212 Practice Exam Testing Engine Software 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\McAfee.Desktop.Firewall.v8.5.591-LTW.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\McAfee.MemoKit.3.1.[with.keygen].zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Mcafee.VirusScan.2006.v10.0.Retail.FR.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MealPlanner 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Mediaplazza Dating Valentine 2006 Symbian J2me.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Metar Audit 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\multiSearch 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\MYRIAD 7.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Nabit 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Nod32.v2.50.32.Italiano.+.crack.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\NOD32_2.70.23_cht.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\NOKIA - Tomb_Raider_Legend_tokyo õ Lara Croff - Fantastico! õ.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Nokia.F-Secure.Antivirus.2005(6631).zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\OEChangeMac 1.0.0 Beta.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\OpenOffice Writer Import Multiple Word Documents Software 7.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\OS2]_DrWeb_4.x_Universal_Registrator.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Oscar Wilde's 1.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Outlook Email Address Validator 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\P2P Music Jukebox 1.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Pablo Commander 1.4.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Panda.Platinum.2005.Internet.Security.v9.00.00.Final.-.English.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PassControl 3.1.0.59.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PBTray 1.7.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PDF.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Pegasus Mail 4.41.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Photo Frame Genius 2.3.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PN2 Text Clip Creator 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PrintSniffer 1.0.0.58.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PSP PianoVerb 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\PumpKIN TFTP 2.7.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\QuickBooks Password 11.1(build 8110).zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\QuickVoice for Windows 2.2.0.210.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Rob's Clock & Alarm 3.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\RomDoor 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\RQ Search and View 1.04.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Sam Gurgis BMI Tool 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Search Videos on GoogleVideo With a Single Click 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\SeddyShop 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Serial Activation Key(Keygen) For Norton Antivirus 2006.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\SerialNull 1.7.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\SignMyImage 2.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Sizzle Babes 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\SnoopFree Privacy Shield 1.07.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Snow Screen Saver 1.0.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Sofa Screen Saver 1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Speech Profile Manager 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Star Wars Icons.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Swiftpage for QuickBooks 1.3.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Syscalculator 1.71 Build 279.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\The actuation manages master 3.6.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\The Lords 1.0.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\ThunderSetup Professional 2.0.1.11.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Tweak Genie 6.01.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\UltiSum 1.15.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Uptimer4 1.00.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Virtual CD Manager 1.1.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\Wolves Of The Wild Volume 1 1.2.zip
Deleted ! - C:\Users\Nanette\AppData\Roaming\m\shared\xSQL Script Executor 2.0.0.0.zip
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\m"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers\srosa.sys"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers\srosa2.sys"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers\winupgro.exe"
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\125097.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\126470.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\132819.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\200461.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\201896.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\201958.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\208401.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\209727.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\210429.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\211630.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\245389.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\247589.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\248181.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\400594.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\407677.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\408785.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\408972.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\444758.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\449080.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\449095.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\463541.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\465148.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\465600.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\466536.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\467441.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\467893.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\626609.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\627888.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\632162.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\651116.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\651943.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\655656.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\660586.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\661428.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\661756.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\685983.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\687137.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\687512.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\742330.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\745871.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\746854.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\747010.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\772298.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\781112.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\781674.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\782329.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\782688.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\783000.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\799895.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\801579.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\802063.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\802812.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\803748.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\804216.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\819956.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\821017.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\831500.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\832530.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\832858.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\835057.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\836664.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\837116.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\837881.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\838084.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\838786.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\839254.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\846555.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\847381.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\847803.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\866601.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\867443.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\867583.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\867771.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\874401.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\879518.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\880407.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\880469.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\897738.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\899018.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\899829.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\918237.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\936864.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\937628.exe
Deleted ! - C:\Users\Nanette\AppData\Roaming\drivers\downld\937706.exe
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\Nanette\AppData\Roaming\drivers"

»»»» Supression files in C:\Users\Nanette\AppData\Local\Temp

»»»» Supression files in C:\Users\Nanette\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\ProgramData\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\All Users\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\28a3beD52E7d8B2a1Bf45bb641e0A00E\fit 014.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\28a3beD52E7d8B2a1Bf45bb641e0A00E\IMGP1362.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0401.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0402.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0441.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0442.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0445.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0446.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0451.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0452.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0453.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0454.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0455.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0456.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0457.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0458.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0459.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0460.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0462.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0463.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0464.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0465.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\7D39f4725B64455d7A3d7a032f0956FC\104_0467.JPG
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\barque-mer-pirogue-baie-nouvelle-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Bourail.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Hienghene1.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Hienghene_nord.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Hienghene_panorama.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\IleDesPins1.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\IleDesPins2.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Kanumera.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Kuto.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Lifou5.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Lifou_sable.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Mare.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Mare_corail.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Mare_plage.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\mer-piscine-ile-nouvelle-noumea-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\montagne-foret-parc-yate-nouvelle-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nea_catedrale.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nohkanoui.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nohkanoui1.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Nohkanoui2.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Noumea_panorama.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\palmier-coucher-soleil-mer-drepuscule-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Parc_bleu.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Pirogue.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\plage-ile-sports-free-ilot-.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Poindimie1.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Poindimie_case.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Poissons.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\PouleCouveuse.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Region_sud.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\9Ee7e1CDFC3e1Feb648057736e394B1E\Tricot_Raye.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 020.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 022.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 023.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 025.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 026.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 077.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 078.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 079.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 080.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 081.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\bourail 082.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\phabeco 035.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Corel\Thumbs\B50919302B8977a5CF54b1b64f630DFF\phabeco 045.jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_1[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_2[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_3[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\b64_3[2].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IDPXSYO\mxd[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM6U1YY9\b64_3[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSS9R93R\b64_1[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSS9R93R\b64_2[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSS9R93R\b64_3[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JP4JOH8Q\b64[1].jpg
Deleted ! - C:\Users\Nanette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JP4JOH8Q\b64[2].jpg

--------------- [ Other deleting ] ----------------

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-1963607990-2116859823-712148686-1000\Software\Local AppWizard-Generated Applications\winupgro

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Nanette\Pictures\a trier\trier\musique nanette bis\The Dandy Warhols - The Black Album\02 Crack Cocaine Rager.mp3

---------------- ! End of report ! ------------------

Réponse 3 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Il a été filtré, arrête de le poster, je vais le faire débloquer par un modérateur.

fmagnier

OK, merci

fmagnier

Rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:56, on 30/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{319DD42A-CE14-4C3D-B3D7-562D7356872A}: NameServer = 86.64.145.142 84.103.237.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{319DD42A-CE14-4C3D-B3D7-562D7356872A}: NameServer = 86.64.145.142 84.103.237.142
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 4 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Très bien, c'est passé.

Télécharge Malwarebytes’ Anti-Malware
= = = = >>> En cliquant ici <<< = = = =

- Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
- Enregistres le sur le bureau
- Double cliques sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-cliques sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Cliques sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu cliques dessus pour l’afficher une fois affiché
- Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu cliques droit dans le cadre de la réponse et coller

Si tu as besoin d’aide regarde ce tutorial ICI

fmagnier

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1579
Windows 6.0.6001 Service Pack 1

30/12/2008 23:38:59
mbam-log-2008-12-30 (23-38-59).txt

Type de recherche: Examen rapide
Eléments examinés: 43880
Temps écoulé: 2 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Nanette\Local Settings\Application Data\ycuouos_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Nanette\Local Settings\Application Data\ycuouos_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Nanette\Local Settings\Application Data\ycuouos.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Nanette\Local Settings\Application Data\ycuouos.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

assimi

salut a tout le monde
je crois que j ai le même problème et voila le raport

-------------- [ Processus actifs ] ----------------

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\program files\rnamfler\naomf.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\Documents and Settings\yacine\Application Data\drivers\winupgro.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Internet Download Manager\IDMan.exe
d:\program files\rnamfler\radprcmp.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\rnamfler\naofsvc.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe

--------------- [ Processus infectieux stoppés ] ----------------

"D:\Documents and Settings\yacine\Application Data\drivers\winupgro.exe" (1776)

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans D:

»»»» Presence des fichiers dans D:\WINDOWS

»»»» Presence des fichiers dans D:\WINDOWS\Prefetch

Found ! - D:\WINDOWS\prefetch\242281.EXE-071519A3.pf
Found ! - D:\WINDOWS\prefetch\655281.EXE-17A3CAC3.pf
Found ! - D:\WINDOWS\prefetch\FLEC006.EXE-161DAA9B.pf
Found ! - D:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Found ! - D:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
Found ! - D:\WINDOWS\prefetch\WINUPGRO.EXE-2BCAD6F9.pf

»»»» Presence des fichiers dans D:\WINDOWS\system32

Found ! [30/12/2008 23:28] - D:\WINDOWS\system32\mdelk.exe
Found ! [30/12/2008 23:28] - D:\WINDOWS\system32\wintems.exe
Found ! [30/12/2008 23:28] - D:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans D:\WINDOWS\system32\config\systemprofile\AppData\Roaming

»»»» Presence des fichiers dans D:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans D:\Documents and Settings\yacine\Application Data

Found ! [30/12/2008 23:35] - "D:\Documents and Settings\yacine\Application Data\m\flec006.exe"
Found ! [30/12/2008 23:35] - "D:\Documents and Settings\yacine\Application Data\m\list.oct"
Found ! [30/12/2008 23:35] - "D:\Documents and Settings\yacine\Application Data\m"
Found ! [30/12/2008 18:17] - "D:\Documents and Settings\yacine\Application Data\drivers"
Found ! [30/12/2008 23:25] - "D:\Documents and Settings\yacine\Application Data\drivers\srosa.sys"
Found ! [30/12/2008 23:25] - "D:\Documents and Settings\yacine\Application Data\drivers\srosa2.sys"
Found ! [21/08/2006 10:10] - "D:\Documents and Settings\yacine\Application Data\drivers\winupgro.exe"
Found ! [30/12/2008 23:35] - "D:\Documents and Settings\yacine\Application Data\drivers\downld"
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\188078.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\188578.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\189468.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\190031.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\208500.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\209250.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\242281.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\290750.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\291500.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\291546.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\295359.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\297234.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\297765.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\357078.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\358171.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\361750.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\379609.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\380312.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\407484.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\407859.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\545578.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\546687.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\546765.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\655281.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\696796.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\697578.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\697781.exe

»»»» Presence des fichiers dans D:\DOCUME~1\yacine\LOCALS~1\Temp

»»»» Presence des fichiers dans D:\Documents and Settings\yacine\Local Settings\Temporary Internet Files\Content.IE5

Found ! [30/08/2008 18:56] - D:\Documents and Settings\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [30/12/2008 23:28] - D:\Documents and Settings\yacine\Local Settings\Temporary Internet Files\Content.IE5\2XX3PWU2\b64_3[1].jpg
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Local Settings\Temporary Internet Files\Content.IE5\IJ8BRUZQ\b64[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=D:\WINDOWS\system32\ctfmon.exe
IDMan=D:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
wrna3ls=D:\program files\rnamfler\naomf.exe
SoundMan=SOUNDMAN.EXE
VTTimer=VTTimer.exe
VTTrayp=VTtrayp.exe
MsmqIntCert=regsvr32 /s mqrt.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\crac]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\playplus]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Producer]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\RtlRack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\VIA RAID Tool]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\vscap]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-507921405-1275210071-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-507921405-1275210071-1801674531-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-507921405-1275210071-1801674531-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-507921405-1275210071-1801674531-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

assimi

salut a tout le monde
je crois que j ai le même problème et voila le raport

-------------- [ Processus actifs ] ----------------

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\program files\rnamfler\naomf.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\Documents and Settings\yacine\Application Data\drivers\winupgro.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Internet Download Manager\IDMan.exe
d:\program files\rnamfler\radprcmp.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\rnamfler\naofsvc.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe

--------------- [ Processus infectieux stoppés ] ----------------

"D:\Documents and Settings\yacine\Application Data\drivers\winupgro.exe" (1776)

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans D:

»»»» Presence des fichiers dans D:\WINDOWS

»»»» Presence des fichiers dans D:\WINDOWS\Prefetch

Found ! - D:\WINDOWS\prefetch\242281.EXE-071519A3.pf
Found ! - D:\WINDOWS\prefetch\655281.EXE-17A3CAC3.pf
Found ! - D:\WINDOWS\prefetch\FLEC006.EXE-161DAA9B.pf
Found ! - D:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Found ! - D:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
Found ! - D:\WINDOWS\prefetch\WINUPGRO.EXE-2BCAD6F9.pf

»»»» Presence des fichiers dans D:\WINDOWS\system32

Found ! [30/12/2008 23:28] - D:\WINDOWS\system32\mdelk.exe
Found ! [30/12/2008 23:28] - D:\WINDOWS\system32\wintems.exe
Found ! [30/12/2008 23:28] - D:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans D:\WINDOWS\system32\config\systemprofile\AppData\Roaming

»»»» Presence des fichiers dans D:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans D:\Documents and Settings\yacine\Application Data

Found ! [30/12/2008 23:35] - "D:\Documents and Settings\yacine\Application Data\m\flec006.exe"
Found ! [30/12/2008 23:35] - "D:\Documents and Settings\yacine\Application Data\m\list.oct"
Found ! [30/12/2008 23:35] - "D:\Documents and Settings\yacine\Application Data\m"
Found ! [30/12/2008 18:17] - "D:\Documents and Settings\yacine\Application Data\drivers"
Found ! [30/12/2008 23:25] - "D:\Documents and Settings\yacine\Application Data\drivers\srosa.sys"
Found ! [30/12/2008 23:25] - "D:\Documents and Settings\yacine\Application Data\drivers\srosa2.sys"
Found ! [21/08/2006 10:10] - "D:\Documents and Settings\yacine\Application Data\drivers\winupgro.exe"
Found ! [30/12/2008 23:35] - "D:\Documents and Settings\yacine\Application Data\drivers\downld"
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\188078.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\188578.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\189468.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\190031.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\208500.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\209250.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\242281.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\290750.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\291500.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\291546.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\295359.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\297234.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\297765.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\357078.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\358171.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\361750.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\379609.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\380312.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\407484.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\407859.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\545578.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\546687.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\546765.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\655281.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\696796.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\697578.exe
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Application Data\drivers\downld\697781.exe

»»»» Presence des fichiers dans D:\DOCUME~1\yacine\LOCALS~1\Temp

»»»» Presence des fichiers dans D:\Documents and Settings\yacine\Local Settings\Temporary Internet Files\Content.IE5

Found ! [30/08/2008 18:56] - D:\Documents and Settings\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [30/12/2008 23:28] - D:\Documents and Settings\yacine\Local Settings\Temporary Internet Files\Content.IE5\2XX3PWU2\b64_3[1].jpg
Found ! [30/12/2008 23:35] - D:\Documents and Settings\yacine\Local Settings\Temporary Internet Files\Content.IE5\IJ8BRUZQ\b64[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=D:\WINDOWS\system32\ctfmon.exe
IDMan=D:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
wrna3ls=D:\program files\rnamfler\naomf.exe
SoundMan=SOUNDMAN.EXE
VTTimer=VTTimer.exe
VTTrayp=VTtrayp.exe
MsmqIntCert=regsvr32 /s mqrt.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\crac]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\playplus]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Producer]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\RtlRack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\VIA RAID Tool]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\vscap]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-507921405-1275210071-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-507921405-1275210071-1801674531-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-507921405-1275210071-1801674531-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-507921405-1275210071-1801674531-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

ET MERCI

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017 > assimi

Salut,
Poste ton propre topic stp !

Réponse 5 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Télécharge sur le bureau Navilog1 (Merci à IL-MAFIOSO)
= = = = >>> En cliquant ici <<< = = = =
* La console noire de Navilog1 doit s’ouvrir après l’installation
* Sinon, pour l’ouvrir, double-clique sur le raccourci « Navilog1 » sur ton bureau
* Appuie sur la lettre F de ton clavier puis sur la touche Entrée
* Appuie sur une touche de ton clavier pour continuer...
* Tape 1, puis appuie sur la touche Entrée de ton clavier
* Ainsi, Navilog1 va effectuer la recherche des fichiers infectieux sur ton PC.
* NE PAS UTILISER L’OPTION 2, 3, 4 SANS AVIS
* Sois patient, cela peut prendre une dizaine de minutes
* Navilog1 t’informe que la recherche est terminée
* Appuie sur une touche de ton clavier pour afficher le rapport qu’il a généré
* Le rapport sera sauvegardé dans le fichier suivant : « fixnavi.txt » à la racine de ton disque dur (C:\fixnavi.txt).
* Poste le rapport généré

fmagnier

Search Navipromo version 3.7.0 commencé le 30/12/2008 à 23:43:14,46

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
USER : Nanette ( Administrator )
BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:220 Go (Free:61 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
F:\ (CD or DVD)

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\Windows" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

*** Recherche dossiers dans "C:\ProgramData" ***

*** Recherche dossiers dans "c:\users\nanette\appdata\roaming\micros~1\windows\startm~1\programs" ***

*** Recherche dossiers dans "C:\Users\Nanette\AppData\Local\virtualstore\Program Files" ***

*** Recherche dossiers dans "C:\Users\Nanette\AppData\Roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Nanette\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Nanette\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\Nanette\AppData\Local" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\Windows\system32" :

* Dans "C:\Users\Nanette\AppData\Local\Microsoft" :

* Dans "C:\Users\Nanette\AppData\Local\virtualstore\windows\system32" :

* Dans "C:\Users\Nanette\AppData\Local" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 30/12/2008 à 23:54:34,25 ***

Réponse 6 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Nettoyage :

* Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
* Relance Navilog en faisant un clic droit sur le raccourci Navilog présent sur ton bureau et en choisissant
« Exécuter en tant qu’administrateur ». (si tu as Vista)
* Au menu principal, choisis 2 et valide.
* Il va t’informer qu’il va alors redémarrer ton PC
* Appuie sur une touche comme demandé (Si ton Pc ne redémarre pas automatiquement, fais le toi même)
* Au redémarrage de ton PC, choisis ta session habituelle.

* Patiente jusqu’au message :
*** Nettoyage Termine le ..... ***

* Le bloc note va s’ouvrir, copie/colle ici le rapport, comme tu l’as fait pour l’autre.

Réponse 7 / 17

fmagnier

Clean Navipromo version 3.7.0 commencé le 30/12/2008 à 23:58:34,10

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
USER : Nanette ( Administrator )
BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:220 Go (Free:61 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
F:\ (CD or DVD)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *

* Suppression dans "C:\Users\Nanette\AppData\Local\Microsoft" *

* Suppression dans "C:\Users\Nanette\AppData\Local\virtualstore\windows\system32" *

* Suppression dans "C:\Users\Nanette\AppData\Local" *

*** Suppression dossiers dans "C:\Windows" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

*** Suppression dossiers dans "C:\ProgramData" ***

*** Suppression dossiers dans c:\users\nanette\appdata\roaming\micros~1\windows\startm~1\programs ***

*** Suppression dossiers dans "C:\Users\Nanette\AppData\Local\virtualstore\Program Files" ***

*** Suppression dossiers dans "C:\Users\Nanette\AppData\Roaming" ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Nanette\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\Windows\system32" *

* Dans "C:\Users\Nanette\AppData\Local\Microsoft" *

* Dans "C:\Users\Nanette\AppData\Local\virtualstore\windows\system32" *

* Dans "C:\Users\Nanette\AppData\Local" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

*** Nettoyage terminé le 31/12/2008 à 0:01:10,18 ***

Réponse 8 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Poste un nouveau rapport hijackthis stp.

Désinstalle MSN messenger si ce n'est déjà fait.

fmagnier

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:00, on 31/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{319DD42A-CE14-4C3D-B3D7-562D7356872A}: NameServer = 84.103.237.146 86.64.145.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{319DD42A-CE14-4C3D-B3D7-562D7356872A}: NameServer = 84.103.237.146 86.64.145.146
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 9 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

/!\ Très important /!\

Désactive et réactive ta restauration système.
Démarrer, clic droit</gras> sur Poste de travail, Propriétés, onglet Restauration du système, Désactiver la restauration du système, puis Appliquer et ok.
(N'oublie pas la manipulation inverse pour la réactiver).

****************************

Désinstalle Avast proprement par l'ajout/suppression de programmes.

Il existe un utilitaire pour désinstaller Avast proprement :
Télécharge le = = = =>>> En cliquant ici <<<= = = = et suis la procédure expliquée sur ce lien.

**************************

Pour supprimer les anciennes versions de Java et télécharger la nouvelle,
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries sur ton Bureau :
= = = =>>> En cliquant ici <<<= = = =
* Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique sur le répertoire JavaRa
* Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher).
* Clique sur Search For Updates
* Sélectionne Update Using jucheck.exe puis clique sur Search.
* Autorise le processus à se connecter s'il le demande, clique sur Install et suis les instructions d'installation qui prennent quelques minutes
* L'installation est terminée
* Reviens à l'écran de JavaRa et clique sur Remove Older Versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur Ok, puis une deuxième fois sur Ok.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.
Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

*************************

Installe Antivir d'Avira, antivirus meilleur qu'Avast.
Tout est expliqué sur ce lien, du téléchargement à la configuration.

************************

* Télécharge Ccleaner (N’installe pas la barre d’outil Yahoo):

= = = = >>> En cliquant ici <<< = = = =

* L´installer.

* Choisis l’onglet Nettoyeur

Quitte ton navigateur Internet avant de le lancer, décoche la dernière case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" quand il aura terminé le scan cliques en bas à droite sur "lancer le nettoyage" et accepte par oui.
Attention, il risque de vider ta corbeille : si tu veux récupérer des fichiers effacés par erreur, mieux vaut le faire maintenant.

* Choisis l’onglet Registre

- Clic sur Chercher des erreurs
- Une fois la recherche terminée, clic sur Réparer les erreurs sélectionnées (par défaut, tout est sélectionné, laisse comme ça)
- Au message Voulez-vous sauvegarder les changements faits dans le registre, répond oui et enregistre le fichier « .reg » en le nommant par la date par exemple en le mettant sur le bureau. Puis continue.
- A la fenêtre qui s’ouvre ensuite, clic sur Corriger toutes les erreurs sélectionnées puis OK
- Ferme Ccleaner.

* Tutoriel en image ICI si besoin.

Note : La sauvegarde utilisée permet de remettre tel que la base était avant la manipulation au cas où il y aurait des soucis mais cela ne m’est jamais arrivé ! Il vaut mieux prendre des précautions, c’est tout. ;-)

**************************

Installe un pare feu car celui de Windows n’est pas suffisant.
ZoneAlarm :
= = = = >>> En cliquant ici <<< = = = =
Un tutorial pour le configurer
= = = = >>> En cliquant ici <<< = = = =

fmagnier

Désolé mais je trouve pas comment désactiver la restauration système...je suis sous vista.
Quand je clique sous propriété sur "ordinateur"...pas d'onglet restauration de système.

Merci

Réponse 10 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Ok.
Suis ce tuto :
http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista
Je dois y aller.
Fais la suite également. ;-).

fmagnier

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Dec 31 11:54:21 2008

Found and removed: C:\Program Files\Java\jre1.6.0

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\JavaPlugin.160

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\JavaPlugin.160

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0

Found and removed: Software\JavaSoft\Java2D\1.6.0

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\

------------------------------------

Finished reporting.

Je continu avec l'installation d'antivir + scan

Réponse 11 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Ok, tiens moi au courant.

fmagnier

Alors le rapport antivir :

Avira AntiVir Personal
Date de création du fichier de rapport : mercredi 31 décembre 2008 12:02

La recherche porte sur 1138943 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows Vista
Version de Windows :(Service Pack 1) [6.0.6001]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur :SANDRINA

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 10:58:47
ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 24/12/2008 10:58:47
ANTIVIR3.VDF : 7.1.1.57 277504 Bytes 31/12/2008 10:58:49
Version du moteur: 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 31/12/2008 10:58:59
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 31/12/2008 10:58:58
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 31/12/2008 10:58:57
AEHELP.DLL : 8.1.2.0 119159 Bytes 31/12/2008 10:58:52
AEGEN.DLL : 8.1.1.8 323956 Bytes 31/12/2008 10:58:51
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 31/12/2008 10:58:50
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: C:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, D:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: marche
Fichier mode de recherche........: Tous les fichiers
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen
Catégories de dangers divergentes: +APPL,+GAME,+JOKE,+PCK,+SPR,

Début de la recherche : mercredi 31 décembre 2008 12:02

La recherche d'objets cachés commence.
'112745' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'notepad.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés
Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'XAudio.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'stacsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RegSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PsiService_2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EvtEng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CreativeLicensing.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AEstSrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ApntEx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hidfind.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxsrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxpers.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ApMsgFwd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Apoint.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wlanext.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'60' processus ont été contrôlés avec '60' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '41' fichiers).

La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <OS>
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\$Recycle.Bin\S-1-5-21-1963607990-2116859823-712148686-1000\$RV69S2X.zip
[0] Type d'archive: ZIP
--> crac.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Bagle.ajn
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49b156d5.qua' !
C:\$Recycle.Bin\S-1-5-21-1963607990-2116859823-712148686-1000\$RTK2Y03.50\crac.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Bagle.ajn
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49bc56f6.qua' !
C:\Program Files\FindyKill\Tools\Kill.exe
[RESULTAT] Contient le modèle de détection de l'application APPL/Tool.PsKill.2
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49c75c15.qua' !
C:\Windows\System32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Recherche débutant dans 'D:\' <RECOVERY>

Fin de la recherche : mercredi 31 décembre 2008 13:40
Temps nécessaire: 1:38:07 Heure(s)

La recherche a été effectuée intégralement

21749 Les répertoires ont été contrôlés
330487 Des fichiers ont été contrôlés
3 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
3 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
330482 Fichiers non infectés
2058 Les archives ont été contrôlées
2 Avertissements
3 Consignes
112745 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Pour le moment, j'ai tout mis en quarantaine pour ne pas faire de bêtise.

Je part pour la fin de la semaine, donc ne serait pas chez moi, je reviens dimanche.

Est ce que je suis sur d'être désinfecté?
Est ce que je doit continuer la procédure? (ccleaner)

Je finirai dimanche en rentrant.

merci pour tout,

Bon réveillon

Réponse 12 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

As-tu bien purgé la restauration système ?
Poste un nouveau rapport hijackthis pour terminer stp.

assimi

salut et bonne année atout le monde
merci a crapoulou
j ai réinstaller windows et ça bien marcher merci

Réponse 13 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Tu as totalement réinstallé Windows ?
Formaté ton PC ?

fmagnier

Salut,

moi non pas formaté le PC, mais pas d'accès aux PC avant demain soir voire dimanche... je t'envoie le rapport hijackthis dès mon retour.

Réponse 14 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

ah ok.
A dimanche alors !

fmagnier

Bonsoir,

ci joint le rapport Hijackthis demandé après toutes les manipulations faites.

Merci,

fmagnier

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:29, on 03/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{319DD42A-CE14-4C3D-B3D7-562D7356872A}: NameServer = 84.103.237.140 86.64.145.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{319DD42A-CE14-4C3D-B3D7-562D7356872A}: NameServer = 84.103.237.140 86.64.145.140
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 15 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Tu n'as pas installé de parefeu ou alors il n'est pas actif ...!

fmagnier

Non pas encore.... j'attends d'être clean...

Est-ce OK?
Merci

Réponse 16 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Oui tu peux, j'espère que tu as bien fait toutes las manipulations données dans le long message.

************

Relance Hijackthis.
Clic sur "Do a system scan only".
Coche ces lignes :
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

Clic ensuite sur fix checked.

*************

OK, tout est bon :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

Télécharge toolscleaner sur ton Bureau
= = = =>>> En cliquant ici <<<= = = =
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse.

fmagnier

[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\Nanette\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\Nanette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\Nanette\Desktop\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Users\Nanette\Desktop\HijackThis.lnk: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
C:\Users\Nanette\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\Users\Nanette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !

Réponse 17 / 17

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Parfait, d'autres questions ?

fmagnier

Non,

Merci bcp pour tout....

Bonne continuation

Ashavast.exe n'est pas une application win32

17 réponses

Votre réponse

Discussions similaires

Newsletters