Impossible de poster le rapport Findykill

Réponse 21 / 58

Utilisateur anonyme

ok pour navipromo

on recommence avec findykill :

Telecharge FindyKill sur ton bureau :

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Tuto : malekal
Tuto : 01net

Réponse 22 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

----------------- FindyKill V4.711 ------------------

* User : Marilyn - PC-DE-MARILYN
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 14:02:54 le 08/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Users\Marilyn\AppData\Roaming\drivers\winupgro.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange\browser\browser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

--------------- [ Processus infectieux stoppés ] ----------------

"C:\Users\Marilyn\AppData\Roaming\drivers\winupgro.exe" (4936)

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [08/01/2009 13:50] - C:\Windows\system32\mdelk.exe
Found ! [08/01/2009 13:50] - C:\Windows\system32\wintems.exe
Found ! [08/01/2009 13:51] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\Marilyn\AppData\Roaming

Found ! [08/01/2009 13:53] - "C:\Users\Marilyn\AppData\Roaming\m\flec006.exe"
Found ! [08/01/2009 13:53] - "C:\Users\Marilyn\AppData\Roaming\m\list.oct"
Found ! [08/01/2009 13:54] - "C:\Users\Marilyn\AppData\Roaming\m\data.oct"
Found ! [08/01/2009 13:54] - "C:\Users\Marilyn\AppData\Roaming\m\srvlist.oct"
Found ! [08/01/2009 13:56] - "C:\Users\Marilyn\AppData\Roaming\m\shared"
Found ! [31/12/2008 23:09] - "C:\Users\Marilyn\AppData\Roaming\m"
Found ! [31/12/2008 23:05] - "C:\Users\Marilyn\AppData\Roaming\drivers"
Found ! [08/01/2009 13:50] - "C:\Users\Marilyn\AppData\Roaming\drivers\srosa.sys"
Found ! [08/01/2009 13:50] - "C:\Users\Marilyn\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/02/2004 07:05] - "C:\Users\Marilyn\AppData\Roaming\drivers\winupgro.exe"
Found ! [08/01/2009 14:00] - "C:\Users\Marilyn\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Users\Marilyn\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5

Found ! [08/01/2009 03:27] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0Z7KP42N\b64_1[1].jpg
Found ! [06/01/2009 21:24] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0Z7KP42N\b64_3[1].jpg
Found ! [08/01/2009 08:38] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0Z7KP42N\b64_3[2].jpg
Found ! [06/01/2009 21:35] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1E0TGDZ2\b64_2[1].jpg
Found ! [08/01/2009 08:42] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VXA2I3P\b64[1].jpg
Found ! [03/01/2009 15:43] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VXA2I3P\b64[2].jpg
Found ! [08/01/2009 08:51] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_1[1].jpg
Found ! [08/01/2009 08:51] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_1[2].jpg
Found ! [08/01/2009 13:53] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_1[3].jpg
Found ! [08/01/2009 03:39] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_2[2].jpg
Found ! [08/01/2009 14:00] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_2[3].jpg
Found ! [02/01/2009 13:13] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_3[1].jpg
Found ! [06/01/2009 21:27] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7O76Y5NB\b64[1].jpg
Found ! [08/01/2009 13:53] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7O76Y5NB\b64[2].jpg
Found ! [04/01/2009 21:06] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7O76Y5NB\b64_1[4].jpg
Found ! [08/01/2009 13:50] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7O76Y5NB\b64_3[1].jpg
Found ! [08/01/2009 03:28] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYKVPBD1\b64[1].jpg
Found ! [08/01/2009 03:28] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYKVPBD1\b64[3].jpg
Found ! [08/01/2009 08:42] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYKVPBD1\b64[4].jpg
Found ! [06/01/2009 21:27] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYKVPBD1\b64_1[1].jpg
Found ! [06/01/2009 21:35] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYKVPBD1\b64_2[1].jpg
Found ! [08/01/2009 03:27] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KAAPYJRC\b64_1[1].jpg
Found ! [08/01/2009 03:39] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KAAPYJRC\b64_2[1].jpg
Found ! [08/01/2009 08:52] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KAAPYJRC\b64_2[2].jpg
Found ! [03/01/2009 15:31] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KAAPYJRC\mxd[1].jpg
Found ! [05/01/2009 15:41] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64[2].jpg
Found ! [05/01/2009 05:43] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64[3].jpg
Found ! [08/01/2009 03:37] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_1[1].jpg
Found ! [08/01/2009 08:42] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_1[3].jpg
Found ! [05/01/2009 05:51] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_2[1].jpg
Found ! [05/01/2009 15:36] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_3[1].jpg
Found ! [08/01/2009 03:23] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_3[3].jpg
Found ! [03/01/2009 11:59] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCK3Q5P5\mxd[1].jpg
Found ! [04/01/2009 21:07] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_1[1].jpg
Found ! [05/01/2009 05:50] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_1[2].jpg
Found ! [04/01/2009 21:07] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_2[1].jpg
Found ! [08/01/2009 03:38] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_2[2].jpg
Found ! [06/01/2009 21:34] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_5[1].jpg
Found ! [08/01/2009 13:51] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ4M5B88\file[1].txt
Found ! [01/01/2009 23:12] - C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ4M5B88\mxd[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
NVRaidService=C:\Windows\system32\nvraidservice.exe
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
PlayMovie="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck=C:\Windows\system32\NeroCheck.exe
ItsTV="C:\Program Files\ItsLabel\ItsTV.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
LogitechCommunicationsManager="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
ORAHSSSessionManager=C:\Program Files\Orange\SessionManager\SessionManager.exe
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Framework Windows=frmwrk32.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Reminder]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\SkyTel]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

/!\ UAC is Disable

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841c0ad0-621b-11dd-b7fa-001d926b1590}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa8bf2fe-ebb6-11dc-bd6a-001d926b1590}\Shell\AutoRun\command

------------------- ! Fin du rapport ! --------------------

Réponse 23 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

----------------- FindyKill V4.711 ------------------

* User : Marilyn - PC-DE-MARILYN
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 14:34:49 the 08/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\Windows

»»»» Supression files in C:\Windows\Prefetch

»»»» Supression files in C:\Windows\system32

Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt

»»»» Supression files in C:\Windows\system32\drivers

»»»» Supression files in C:\Users\Marilyn\AppData\Roaming

Deleted ! - "C:\Users\Marilyn\AppData\Roaming\drivers\srosa.sys"
Deleted ! - "C:\Users\Marilyn\AppData\Roaming\drivers\srosa2.sys"
Deleted ! - "C:\Users\Marilyn\AppData\Roaming\drivers\winupgro.exe"
Deleted ! - "C:\Users\Marilyn\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\Marilyn\AppData\Roaming\drivers"

»»»» Supression files in C:\Users\Marilyn\AppData\Local\Temp

»»»» Supression files in C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\0Z7KP42N\b64_1[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\0Z7KP42N\b64_3[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\0Z7KP42N\b64_3[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\1E0TGDZ2\b64_2[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\b64[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\b64[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_1[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_1[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_1[3].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_2[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_2[3].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_3[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\b64_3[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\2VXA2I3P\file[1].txt
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\7O76Y5NB\b64[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\7O76Y5NB\b64[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\7O76Y5NB\b64_1[4].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\7O76Y5NB\b64_3[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\7O76Y5NB\file[1].txt
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\IYKVPBD1\b64[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\IYKVPBD1\b64[3].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\IYKVPBD1\b64[4].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\IYKVPBD1\b64_1[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\IYKVPBD1\b64_2[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\KAAPYJRC\b64_1[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\KAAPYJRC\b64_2[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\KAAPYJRC\b64_2[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\KAAPYJRC\b64_3[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\KAAPYJRC\mxd[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64[3].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_1[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_1[3].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_2[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_3[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\MCK3Q5P5\b64_3[3].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\MCK3Q5P5\mxd[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_1[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_1[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_2[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_2[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_3[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_3[2].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\RZ4M5B88\b64_5[1].jpg
Deleted ! - C:\Users\Marilyn\Local Settings\Temporary Internet Files\Content.IE5\RZ4M5B88\mxd[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1079612985-591374189-3100081051-1000\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

-> UAC is Enable

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841c0ad0-621b-11dd-b7fa-001d926b1590}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa8bf2fe-ebb6-11dc-bd6a-001d926b1590}\Shell\AutoRun\command

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\wintems.exe
a65df3bf680cdf6162eda49bb58bc38b C:\Users\Marilyn\AppData\Roaming\drivers\winupgro.exe

Suspect ! - a65df3bf680cdf6162eda49bb58bc38b C:\Acer\AcerTour\Reminder.exe
Suspect ! - a65df3bf680cdf6162eda49bb58bc38b C:\Users\Marilyn\Downloads\eMule\Incoming\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0825\run.exe
Suspect ! - a65df3bf680cdf6162eda49bb58bc38b C:\Users\Marilyn\Downloads\eMule\Incoming\key_generator.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ACCESS.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\AUTORUN.INF
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\CATALOG
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\EXCEL.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\INFOPATH.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\Key serial Crack.doc
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\Le site.url
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE64.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OUTLOOK.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\POWERPOINT.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PUBLISHER.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ROSEBUD.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\SaveAsPDFandXPS.exe
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\SETUP.EXE
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\UPDATES
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\WORD.FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ACCESS.FR-FR\ACCESSMUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ACCESS.FR-FR\ACCESSMUI.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ACCESS.FR-FR\ACCLR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ACCESS.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\OCT.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\OCTCA.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\ACCESS12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\CPAO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\EXCEL12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\GROOVE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\IC12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\INF12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\OCT.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\OCTRES.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\OFFICE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\ONENT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\OUTLK12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\PPT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\PROJ12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\PUB12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\SPD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\VISIO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE\WORD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\ACCESS12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\CPAO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\EXCEL12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\GROOVE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\IC12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\INF12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\OCT.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\OCTRES.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\OFFICE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\ONENT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\OUTLK12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\PPT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\PROJ12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\PUB12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\SPD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\VISIO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US\WORD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\ACCESS12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\CPAO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\EXCEL12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\GROOVE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\IC12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\INF12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\OCT.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\OCTRES.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\OFFICE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\ONENT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\OUTLK12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\PPT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\PROJ12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\PUB12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\SPD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\VISIO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES\WORD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\ACCESS12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\CPAO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\EXCEL12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\GROOVE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\IC12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\INF12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\OCT.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\OCTRES.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\OFFICE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\ONENT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\OUTLK12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\PPT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\PROJ12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\PUB12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\SPD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\VISIO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR\WORD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\ACCESS12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\CPAO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\EXCEL12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\GROOVE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\IC12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\INF12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\OCT.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\OCTRES.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\OFFICE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\ONENT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\OUTLK12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\PPT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\PROJ12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\PUB12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\SPD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\VISIO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT\WORD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\ACCESS12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\CPAO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\EXCEL12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\GROOVE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\IC12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\INF12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\OCT.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\OCTRES.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\OFFICE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\ONENT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\OUTLK12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\PPT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\PROJ12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\PUB12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\SPD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\VISIO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP\WORD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\ACCESS12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\CPAO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\EXCEL12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\GROOVE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\IC12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\INF12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\OCT.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\OCTRES.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\OFFICE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\ONENT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\OUTLK12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\PPT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\PROJ12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\PUB12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\SPD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\VISIO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR\WORD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\ACCESS12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\CPAO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\EXCEL12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\GROOVE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\IC12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\INF12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\OCT.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\OCTRES.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\OFFICE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\ONENT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\OUTLK12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\PPT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\PROJ12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\PUB12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\SPD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\VISIO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN\WORD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\ACCESS12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\CPAO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\EXCEL12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\GROOVE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\IC12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\INF12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\OCT.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\OCTRES.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\OFFICE12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\ONENT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\OUTLK12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\PPT12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\PROJ12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\PUB12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\SPD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\VISIO12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW\WORD12.OPA
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\CATALOG\FILES12.CAT
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\EXCEL.FR-FR\EXCELLR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\EXCEL.FR-FR\EXCELMUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\EXCEL.FR-FR\EXCELMUI.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\EXCEL.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\INFOPATH.FR-FR\INFLR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\INFOPATH.FR-FR\INFOPATHMUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\INFOPATH.FR-FR\INFOPATHMUI.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\INFOPATH.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\1036
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\BRANDING.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\DW20.EXE
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\DWDCW20.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\DWTRIG20.EXE
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\MICROSOFT.VC80.CRT.MANIFEST
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\MSVCR80.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\OFFICELR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\OFFICEMUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\OFFICEMUI.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\OSETUPUI.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\PSS10R.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\SETUP.CHM
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\SHELLUI.MST
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\1036\DWINTL20.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE64.FR-FR\OFFICE64MUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE64.FR-FR\OFFICE64MUI.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE64.FR-FR\OWOW64LR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE64.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OUTLOOK.FR-FR\OUTLKLR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OUTLOOK.FR-FR\OUTLOOKMUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OUTLOOK.FR-FR\OUTLOOKMUI.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OUTLOOK.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\POWERPOINT.FR-FR\POWERPOINTMUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\POWERPOINT.FR-FR\POWERPOINTMUI.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\POWERPOINT.FR-FR\PPTLR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\POWERPOINT.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.AR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.DE
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.EN
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.ES
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.FR
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.NL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOFING.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOFING.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.AR\PROOF.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.AR\PROOF.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.AR\PROOF.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.DE\PROOF.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.DE\PROOF.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.DE\PROOF.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.EN\PROOF.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.EN\PROOF.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.EN\PROOF.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.ES\PROOF.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.ES\PROOF.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.ES\PROOF.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.FR\PROOF.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.FR\PROOF.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.FR\PROOF.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.NL\PROOF.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.NL\PROOF.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.NL\PROOF.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\CONFIG.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\ID_00011.DPC
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\OFFICE64WW.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\OFFICE64WW.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\OSE.EXE
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\OSETUP.DLL
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\OWOW64WW.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\PROPLSWW.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\PROPLUSWW.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\PROPLUSWW.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PUBLISHER.FR-FR\PUBLISHERMUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PUBLISHER.FR-FR\PUBLISHERMUI.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PUBLISHER.FR-FR\PUBLR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PUBLISHER.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ROSEBUD.FR-FR\RBUDLR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ROSEBUD.FR-FR\ROSEBUDMUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ROSEBUD.FR-FR\ROSEBUDMUI.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ROSEBUD.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\UPDATES\LISEZMOI.TXT
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\WORD.FR-FR\SETUP.XML
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\WORD.FR-FR\WORDLR.CAB
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\WORD.FR-FR\WORDMUI.MSI
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\WORD.FR-FR\WORDMUI.XML
C:\Users\Marilyn\Desktop\office 2007\Key serial Crack.doc

---------------- ! End of report ! ------------------

Réponse 24 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

Process explorer.exe killed successfully.
========== FILES ==========
C:\Acer\AcerTour\Reminder.exe moved successfully.
C:\Users\Marilyn\Downloads\eMule\Incoming\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0825\run.exe moved successfully.
C:\Users\Marilyn\Downloads\eMule\Incoming\key_generator.exe moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\WORD.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\UPDATES moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ROSEBUD.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PUBLISHER.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROPLUS.WW moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.NL moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.ES moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.EN moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.DE moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR\PROOF.AR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\PROOFING.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\POWERPOINT.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OUTLOOK.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE64.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR\1036 moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\OFFICE.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\INFOPATH.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\EXCEL.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\CATALOG moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-TW moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ZH-CN moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\KO-KR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\JA-JP moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\IT-IT moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\ES-ES moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\EN-US moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN\DE-DE moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ADMIN moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK)\ACCESS.FR-FR moved successfully.
C:\Users\Marilyn\Desktop\Microsoft.Office.Professional.2007.Francais + Key Crack (OK) moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Marilyn\AppData\Local\Temp\ntdll64.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\Marilyn\AppData\Local\Temp\qoMfcAtT.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\Marilyn\AppData\Local\Temp\~DF10A4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Marilyn\AppData\Local\Temp\~DFD34D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_150547

Files moved on Reboot...
LoadLibrary failed for C:\Users\Marilyn\AppData\Local\Temp\ntdll64.dll
C:\Users\Marilyn\AppData\Local\Temp\ntdll64.dll NOT unregistered.
C:\Users\Marilyn\AppData\Local\Temp\ntdll64.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Marilyn\AppData\Local\Temp\qoMfcAtT.dll
C:\Users\Marilyn\AppData\Local\Temp\qoMfcAtT.dll NOT unregistered.
C:\Users\Marilyn\AppData\Local\Temp\qoMfcAtT.dll moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\~DF10A4.tmp moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\~DFD34D.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Windows\temp\logishrd\LVPrcInj01.dll
C:\Windows\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Réponse 25 / 58

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

slt à tous . Merci toptitbal pour ta restauration de message comme toujours! Et merci chiquitine29 pour le relais ! Et un grand bravo encore pour findykill et usbfix dont on a bien du mal à se passer!

Réponse 26 / 58

Utilisateur anonyme

merci jlpjlp,

Marilyn , on va s occuper des autres infection :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517

Telecharge UsbFix sur ton bureau

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Fais un clic Droit sur le raccourci UsbFix sur ton bureau et choisi executer en tant qu administrateur
-->choisi l option 1 (nettoyage)

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

Réponse 27 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

-------------- UsbFix V2.413.9 ---------------

* User : Marilyn - PC-DE-MARILYN
* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:34:34 le 08/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
D: - Lecteur fixe
K: - Lecteur fixe

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[18/09/2006 22:43][--a------] C:\autoexec.bat
[08/01/2009 13:49][--a------] C:\cleannavi.txt
[08/01/2009 13:49][--a------] C:\FindyKill.txt
[08/01/2009 13:49][--a------] C:\fixnavi.txt
[08/01/2009 13:49][--a------] C:\TCleaner.txt
[08/01/2009 13:49][--a------] C:\UsbFix.txt
[18/09/2006 22:43][--a------] C:\config.sys
[18/09/2006 22:43][--a------] C:\IO.SYS
[18/09/2006 22:43][--a------] C:\MSDOS.SYS
[18/09/2006 22:43][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

+- Listing des fichiers présents :

[22/12/2008 19:34][--a------] D:\FreeYouTubeToiPodConverter.exe
[22/12/2008 19:34][--a------] D:\iTunes8Setup.exe
[22/12/2008 19:34][--a------] D:\xvid4psp-v5-036_153352.exe
[22/12/2008 19:34][--a------] D:\YouTubeMateReg.exe
[06/06/2008 23:21][--a------] D:\readme.txt

--------------- [ Lecteur K ] ----------------

K: - Lecteur fixe

+- Listing des fichiers présents :

[25/07/2006 08:34][--ahs----] K:\Desktop.ini

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
NVRaidService=C:\Windows\system32\nvraidservice.exe
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
PlayMovie="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck=C:\Windows\system32\NeroCheck.exe
ItsTV="C:\Program Files\ItsLabel\ItsTV.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
LogitechCommunicationsManager="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
ORAHSSSessionManager=C:\Program Files\Orange\SessionManager\SessionManager.exe
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f051f5b-e916-11dc-a7f9-001d926b1590}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [28/12/2008 21:23][--a------] C:\Windows\system32\frmwrk32.exe

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[18/09/2006 22:43][--a------] C:\autoexec.bat
[22/12/2008 19:34][--a------] D:\FreeYouTubeToiPodConverter.exe
[22/12/2008 19:34][--a------] D:\iTunes8Setup.exe
[22/12/2008 19:34][--a------] D:\xvid4psp-v5-036_153352.exe
[22/12/2008 19:34][--a------] D:\YouTubeMateReg.exe
[25/07/2006 08:34][--ahs----] K:\Desktop.ini

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
K:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

Réponse 28 / 58

Utilisateur anonyme

ok parfait,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Tuto : https://sites.google.com/site/toolbarsd/aideenimages
info : https://forum.malekal.com/viewtopic.php?f=45&t=6173

Réponse 29 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 11/23/07 18:30:01 Ver: 08.00.15
USER : Marilyn ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:228 Go (Free:151 Go)
D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
K:\ (Local Disk) - NTFS - Total:372 Go (Free:319 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 08/01/2009|15:43 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Dealio
C:\Program Files\Dealio\kb127
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Marilyn\Desktop\office 2007\Key serial Crack.doc

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 08/01/2009|15:44 - Option : [1]

-----------\\ Fin du rapport a 15:44:04,23

Réponse 30 / 58

Utilisateur anonyme

Relance Toolbar-S&D en double-cliquant sur le raccourci.
Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Réponse 31 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 11/23/07 18:30:01 Ver: 08.00.15
USER : Marilyn ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:228 Go (Free:151 Go)
D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
K:\ (Local Disk) - NTFS - Total:372 Go (Free:319 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 08/01/2009|15:49 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Marilyn\Desktop\office 2007\Key serial Crack.doc

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 08/01/2009|15:44 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 08/01/2009|15:49 - Option : [2]

-----------\\ Fin du rapport a 15:49:40,51

Réponse 32 / 58

Utilisateur anonyme

ok Marilyn , on a bien avancé et tu t en sors tres bien

on va faire un avant dernier scan -;)

refais cette oprération avant car l uac a été réactivé par toolbar S&D

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517

ensuite :

Télécharge Ad-remover ( de C_XX ) sur ton bureau ( et pas ailleurs!) :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

! Déconnecte toi et ferme toutes applications en cours !

* Clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installe par défaut .
* Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
* Au menu principal choisis l'option "A" et tape sur [entrée] .

Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Réponse 33 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

------- Logfile of AD-Remover 1.0.8.6 by C_XX | ONLY XP/VISTA -------

# START at: 16:03:41 | Thu 08/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-MARILYN | USER: Marilyn ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- K:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000

# RUNNING PROCESSES: 80

+-----------------------| Boonty/Boonty Games Elements found :

.
.

+-----------------------| Eorezo Elements found :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
C:\Program Files\EoRezo\EoAdv\tmp
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.2989
C:\Users\Marilyn\AppData\Roaming\EoRezo
C:\Users\Marilyn\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Marilyn\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Marilyn\AppData\Roaming\EoRezo\db
C:\Users\Marilyn\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Marilyn\AppData\Roaming\EoRezo\host.cyp
C:\Users\Marilyn\AppData\Roaming\EoRezo\user.cyp
C:\Users\Marilyn\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Marilyn\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Marilyn\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Marilyn\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml

+-----------------------| Everest Poker Elements found :

.
.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
.

+-----------------------| It's TV Elements found :

HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ItsTV
.
C:\Program Files\ItsLabel
C:\Program Files\ItsLabel\ItsTV.exe
C:\Program Files\ItsLabel\ItsTV.url
C:\Program Files\ItsLabel\ItsTV.xml
C:\Program Files\ItsLabel\Loading.swf
C:\Program Files\ItsLabel\unins000.dat
C:\Program Files\ItsLabel\unins000.exe
C:\Users\Marilyn\AppData\Roaming\ItsLabel
C:\Users\Marilyn\AppData\Roaming\ItsLabel\ItsTV
C:\Users\Marilyn\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml
C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\ItsLabel
C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\ItsLabel\ItsTV.lnk

+-----------------------| Sweetim Elements found :

.
.

+-----------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\hzkelibj.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.4 ~~~~

* Browser Search Selected Engine: "hoolight"
* Browser Startup HomePage: "http://www.hoolight.com/"

.

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/

+---------------------------------------------------------------------------+

[~3657 bytes] - "C:\AD-report-Scan-08.01.2009.log"

# END at: 16:04:02 | 08/01/2009 - Time elapsed: 20.4 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 84 lines ]
+---------------------------------------------------------------------------+

Réponse 34 / 58

Utilisateur anonyme

Nettoyage AD-Remover :

! Déconnecte toi et ferme toutes application en cours ( navigarteur compris ) !

* Relance "Ad-remover" : au menu principal choisis l'option "B" .

* A l'écran de sélection ( écran ) :

> choisis le(s) chiffre(s) suivant pour nettoyer les traces de :

2 - "Eorezo" puis [entrée]
5 - "it's TV" puis [entrée]

Une fois la sélection faite, tape S puis [entrée] pour lancer la suppression .

--> le programme va travailler , ne touche à rien ...

* Poste le rapport qui apparait à la fin

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide ) /!\

Réponse 35 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

------- Logfile of AD-Remover 1.0.8.6 by C_XX | ONLY XP/VISTA -------

*** Limited to ***

Eorezo
It's TV

******************

# START at: 16:15:32 | Thu 08/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-MARILYN | USER: Marilyn ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- K:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000

# RUNNING PROCESSES: 79

(!) ---- IE start pages reset

+-----------------------| Eorezo Elements Deleted :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Program Files\EoRezo
C:\Users\Marilyn\AppData\Roaming\EoRezo

+-----------------------| It's TV Elements Deleted :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ItsTV
HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
.
C:\Program Files\ItsLabel
C:\Users\Marilyn\AppData\Roaming\ItsLabel
C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\ItsLabel

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+-----------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\hzkelibj.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.4 ~~~~

* Browser Search Selected Engine: "hoolight"
* Browser Startup HomePage: "http://www.hoolight.com/"

.

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~2367 bytes] - "C:\AD-report-Clean-08.01.2009.log"
[~3991 bytes] - "C:\AD-report-Scan-08.01.2009.log"

# END at: 16:15:48 | 08/01/2009 - Time elapsed: 16.3 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 55 lines ]

Réponse 36 / 58

Utilisateur anonyme

ok nickel

va dans panneau de configuration \ programme et fonctionnalité et désinstal Ad-Remover

ensuite on va supprimer les autres outils :

Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

ensuite , Avast doit etre toujours HS , il faut le désinstaller et le réinstaller mais :

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->Antivir le telecharger

-> http://www.commentcamarche.net/telecharger/telecharger 55 antivir

tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

Pour désinstaller Avast telecharge cet outil

ensuite Réactive l UAC ( contrôle des comptes utilisateurs )

puis :

Telecharge malwarebytes
https://www.malwarebytes.com/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen Rapide".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

2 rapports (toolcleaner et malewarebyte)

Réponse 37 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

-->- Recherche:

C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\UsbFix: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix\UsbFix.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\UsbFix: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\UsbFix: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\UsbFix\UsbFix.lnk: trouvé !
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\UsbFix: trouvé !
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UsbFix: trouvé !
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\Marilyn\Desktop\Navilog1.exe: trouvé !
C:\Users\Marilyn\Desktop\ToolBarSD.exe: trouvé !
C:\Users\Marilyn\Desktop\FindyKill.txt: trouvé !
C:\Users\Marilyn\Desktop\UsbFix.exe: trouvé !
C:\Users\Marilyn\Desktop\UsbFix.lnk: trouvé !
C:\Users\Marilyn\Desktop\OTMoveIt3.exe: trouvé !
C:\Users\Public\Desktop\Navilog1.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Users\Marilyn\Desktop\Navilog1.exe: supprimé !
C:\Users\Marilyn\Desktop\ToolBarSD.exe: supprimé !
C:\Users\Public\Desktop\Navilog1.lnk: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix\UsbFix.lnk: supprimé !
C:\Users\Marilyn\Desktop\FindyKill.txt: supprimé !
C:\Users\Marilyn\Desktop\UsbFix.exe: supprimé !
C:\Users\Marilyn\Desktop\UsbFix.lnk: supprimé !
C:\Users\Marilyn\Desktop\OTMoveIt3.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\UsbFix: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\UsbFix: ERREUR DE SUPPRESSION !!
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UsbFix: supprimé !
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !

Réponse 38 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

Version de la base de données: 1631
Windows 6.0.6001 Service Pack 1

08/01/2009 17:13:28
mbam-log-2009-01-08 (17-13-23).txt

Type de recherche: Examen rapide
Eléments examinés: 51083
Temps écoulé: 2 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1eb3d362-8c50-41dc-a17f-92a3b1c76cd8} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1eb3d362-8c50-41dc-a17f-92a3b1c76cd8} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Marilyn\AppData\Local\Temp\qoMfcAtT.dll (Trojan.BHO.H) -> No action taken.
C:\Windows\System32\ntdll64.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\warning.gif (Trojan.FakeAlert) -> No action taken.
C:\Windows\System32\ahtn.htm (Trojan.FakeAlert) -> No action taken.

Réponse 39 / 58

Utilisateur anonyme

No action taken

tu as cliqué sur "supprimé la selection" ???

Réponse 40 / 58

marilyn57 Messages postés 37 Date d'inscription Statut Membre Dernière intervention 1

çà y est c'est fait

Impossible de poster le rapport Findykill

58 réponses

Votre réponse

Discussions similaires