Présence de rootkit

Léa -  
 Léa -
Bonjour,
J'ai Avast en tant qu'anti virus et depuis quelques temps il m'indique qu'un rootkit a été trouvé.
Nom du fichier : C:\Windows\System32\Drivers\wnvgz.sys
Type : services cachés
Nom du malware : Wi\Program Files\

J'ai essayé de le supprimer par différents moyens, j'ai installé AVG anti rootkit qui ne me le détecte pas. Je ne sais pas comment m'en débarrasser. De plus je ne sais pas quel dégâts il peut causer.
Je vous signale également que je ne suis pas très douée en informatique.
Si quelqu'un peut m'aider à résoudre mon problème je le remercie d'avance.
En attendant vos réponses, passer un bon réveillon.
Configuration: Windows Vista
Firefox 3.0.16

16 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  2. Léa
     
    Alors pour le log.txt

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by PoPo at 2009-12-31 12:34:50
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 51 GB (54%) free of 94 GB
    Total RAM: 2046 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:35:07, on 31/12/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18349)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Power Manager\PM.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Windows\BisonCam\BisonAPP.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\PoPo\Downloads\RSIT.exe
    C:\Program Files\trend micro\PoPo.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
    O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Power Notes] "C:\Program Files\Power Soft\Power Notes\Notes.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O13 - Gopher Prefix:
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F98D4363-8959-40F9-B8EF-7749A481F667}: NameServer = 212.27.40.240,212.27.40.241
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  3. Léa
     
    Et pour le info.txt

    info.txt logfile of random's system information tool 1.06 2009-12-31 12:35:13

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    -->C:\Windows\UNNeroShowTime.exe /UNINSTALL
    -->C:\Windows\UNNeroVision.exe /UNINSTALL
    -->C:\Windows\UNRecode.exe /UNINSTALL
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
    ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
    Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Bison WebCam-->C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\setup.exe -runfromtemp -l0x040c -removeonly
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
    Canon MP540 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series /L0x000c
    Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
    Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
    Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    Enregistrement utilisateur de Canon MP540 series-->C:\Program Files\Canon\IJEREG\MP540 series\UNINST.EXE
    FileZilla Client 3.0.6-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
    FLAC codecs-->C:\Program Files\illiminable\oggcodecs\uninst.exe
    Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)-->C:\Windows\system32\unwlsdrv.exe SiS163u
    Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
    HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001\UIU32m.exe -U -IPDAZLCMzK.inf
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HomePlayer 1.5.5-->C:\Program Files\HomePlayer1.5.5\uninst.exe
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c
    iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    myBabylon Toolbar-->C:\PROGRA~1\MYBABY~1\UNWISE.EXE C:\PROGRA~1\MYBABY~1\INSTALL.LOG
    Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571036}
    Nokia Connectivity Cable Driver-->MsiExec.exe /I{1597D0AE-34A7-4A8B-A395-2E30EB745470}
    Nokia Ovi Application Installer 6.85.3011-->msiexec /qn /x {42B74521-4706-412A-9A27-AED12B83E886}
    Nokia Ovi Application Installer-->MsiExec.exe /I{42B74521-4706-412A-9A27-AED12B83E886}
    Nokia Ovi Content Copier 6.85.3011-->msiexec /qn /x {6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
    Nokia Ovi Content Copier-->MsiExec.exe /X{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
    Nokia Ovi One Touch Access 6.85.3011-->msiexec /qn /x {4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}
    Nokia Ovi One Touch Access-->MsiExec.exe /I{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}
    Nokia Ovi Player-->MsiExec.exe /I{A528306A-C5EC-481C-A619-6106334E6800}
    Nokia Ovi Suite-->MsiExec.exe /I{150C6C87-D187-4105-BF7A-090378D7AE2A}
    Nokia Ovi System Utilities 6.85.3014-->msiexec /qn /x {C7CDB2AC-A0AB-4D83-B046-187E24D9EA68}
    Nokia Ovi System Utilities-->MsiExec.exe /X{C7CDB2AC-A0AB-4D83-B046-187E24D9EA68}
    Nokia Photos-->MsiExec.exe /I{B0B49C20-D2D1-437B-80F0-C2298F5DCD2B}
    Nokia Software Updater-->MsiExec.exe /X{2FA28330-2028-4033-BD10-425C87EB4D54}
    Nokia_Multimedia_Common_Components_2_5-->MsiExec.exe /I{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}
    NVIDIA Drivers-->C:\Windows\system32\nvunrm.exe UninstallGUI
    OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
    Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
    PC Connectivity Solution-->MsiExec.exe /I{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}
    Power Manager 2.1.7-->"C:\Program Files\Power Manager\unins000.exe"
    PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
    SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
    Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
    Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
    VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
    Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
    Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
    Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

    ======Security center information======

    AS: Windows Defender (disabled)

    ======System event log======

    Computer Name: PC-de-PoPo
    Event Code: 15016
    Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
    Record Number: 192930
    Source Name: Microsoft-Windows-HttpEvent
    Time Written: 20091230172112.454870-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-PoPo
    Event Code: 7022
    Message: Le service Windows Update est en attente de démarrage.
    Record Number: 193018
    Source Name: Service Control Manager
    Time Written: 20091230172713.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-PoPo
    Event Code: 4226
    Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
    Record Number: 193036
    Source Name: Tcpip
    Time Written: 20091230195908.517270-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-PoPo
    Event Code: 4001
    Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

    Record Number: 193052
    Source Name: Microsoft-Windows-WLAN-AutoConfig
    Time Written: 20091230200914.828600-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-PoPo
    Event Code: 15016
    Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
    Record Number: 193069
    Source Name: Microsoft-Windows-HttpEvent
    Time Written: 20091231101736.872196-000
    Event Type: Erreur
    User:

    =====Application event log=====

    Computer Name: PC-de-PoPo
    Event Code: 1
    Message: Nokia M Platform 2.5.197 (NLib 0.8.482)

    LIKE query is not supported with path properties in relative path datastores.
    errorcode: 51031
    Non implémenté
    errorcode: -2147467263

    Stack trace:
    .\MDSWatcher.cpp(1652) : CMDSWatcher::HandleFileEvent
    .\MDataStoreObj.cpp(2291) : CMDataStore::Get
    .\MDataStoreObj.cpp(3848) : CMDataStore::GetImpl
    .\MQueryProcessor.cpp(733) : CMQueryProcessor::caseAComparisonitemExpr
    .\MQueryProcessor.cpp(762) : CMQueryProcessor::caseACollateComparisonitemExpr
    .\MQueryProcessor.cpp(468) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(460) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(459) : CMQueryProcessor::caseALikeBinop

    Record Number: 52029
    Source Name: Nokia M Platform
    Time Written: 20091229212532.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-PoPo
    Event Code: 1
    Message: Nokia M Platform 2.5.197 (NLib 0.8.482)

    LIKE query is not supported with path properties in relative path datastores.
    errorcode: 51031
    Non implémenté
    errorcode: -2147467263

    Stack trace:
    .\MDSWatcher.cpp(1652) : CMDSWatcher::HandleFileEvent
    .\MDataStoreObj.cpp(2291) : CMDataStore::Get
    .\MDataStoreObj.cpp(3848) : CMDataStore::GetImpl
    .\MQueryProcessor.cpp(733) : CMQueryProcessor::caseAComparisonitemExpr
    .\MQueryProcessor.cpp(762) : CMQueryProcessor::caseACollateComparisonitemExpr
    .\MQueryProcessor.cpp(468) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(460) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(459) : CMQueryProcessor::caseALikeBinop

    Record Number: 52030
    Source Name: Nokia M Platform
    Time Written: 20091229212533.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-PoPo
    Event Code: 1
    Message: Nokia M Platform 2.5.197 (NLib 0.8.482)

    LIKE query is not supported with path properties in relative path datastores.
    errorcode: 51031
    Non implémenté
    errorcode: -2147467263

    Stack trace:
    .\MDSWatcher.cpp(1652) : CMDSWatcher::HandleFileEvent
    .\MDataStoreObj.cpp(2291) : CMDataStore::Get
    .\MDataStoreObj.cpp(3848) : CMDataStore::GetImpl
    .\MQueryProcessor.cpp(733) : CMQueryProcessor::caseAComparisonitemExpr
    .\MQueryProcessor.cpp(762) : CMQueryProcessor::caseACollateComparisonitemExpr
    .\MQueryProcessor.cpp(468) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(460) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(459) : CMQueryProcessor::caseALikeBinop

    Record Number: 52031
    Source Name: Nokia M Platform
    Time Written: 20091229212545.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-PoPo
    Event Code: 1
    Message: Nokia M Platform 2.5.197 (NLib 0.8.482)

    LIKE query is not supported with path properties in relative path datastores.
    errorcode: 51031
    Non implémenté
    errorcode: -2147467263

    Stack trace:
    .\MDSWatcher.cpp(1652) : CMDSWatcher::HandleFileEvent
    .\MDataStoreObj.cpp(2291) : CMDataStore::Get
    .\MDataStoreObj.cpp(3848) : CMDataStore::GetImpl
    .\MQueryProcessor.cpp(733) : CMQueryProcessor::caseAComparisonitemExpr
    .\MQueryProcessor.cpp(762) : CMQueryProcessor::caseACollateComparisonitemExpr
    .\MQueryProcessor.cpp(468) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(460) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(459) : CMQueryProcessor::caseALikeBinop

    Record Number: 52032
    Source Name: Nokia M Platform
    Time Written: 20091229212545.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-PoPo
    Event Code: 1
    Message: Nokia M Platform 2.5.197 (NLib 0.8.482)

    LIKE query is not supported with path properties in relative path datastores.
    errorcode: 51031
    Non implémenté
    errorcode: -2147467263

    Stack trace:
    .\MDSWatcher.cpp(2155) : CMDSWatcher::HandleFolderEvent
    .\MDataStoreObj.cpp(2291) : CMDataStore::Get
    .\MDataStoreObj.cpp(3848) : CMDataStore::GetImpl
    .\MQueryProcessor.cpp(762) : CMQueryProcessor::caseACollateComparisonitemExpr
    .\MQueryProcessor.cpp(468) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(460) : CMQueryProcessor::caseALikeBinop
    .\MQueryProcessor.cpp(459) : CMQueryProcessor::caseALikeBinop

    Record Number: 52033
    Source Name: Nokia M Platform
    Time Written: 20091229212619.000000-000
    Event Type: Avertissement
    User:

    =====Security event log=====

    Computer Name: PC-de-PoPo
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : PC-DE-POPO$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7

    Type d’ouverture de session : 5

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x294
    Nom du processus : C:\Windows\System32\services.exe

    Informations sur le réseau :
    Nom de la station de travail :
    Adresse du réseau source : -
    Port source : -

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : Advapi
    Package d’authentification : Negotiate
    Services en transit : -
    Nom du package (NTLM uniquement) : -
    Longueur de la clé : 0

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 37308
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090704114414.851168-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-PoPo
    Event Code: 4672
    Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7

    Privilèges : SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 37309
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090704114414.851168-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-PoPo
    Event Code: 4616
    Message: L’heure du système a été modifiée.

    Sujet :
    ID de sécurité : S-1-5-19
    Nom du compte : SERVICE LOCAL
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e5

    Informations sur le processus :
    ID du processus : 0x520
    Nom : C:\Windows\System32\svchost.exe

    Heure précédente : 13:44:16 04/07/2009
    Nouvelle heure : 13:44:16 04/07/2009

    Cet événement est généré lorsque l’heure du système est modifiée. Le changement régulier de l’heure du système est une opération normale de la part du service de temps Windows qui s’exécute avec des privilèges système. Mais, d’autres modifications de l’heure du système peuvent indiquer des tentatives de falsification de l’ordinateur.
    Record Number: 37310
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090704114416.738600-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-PoPo
    Event Code: 4634
    Message: Fermeture de session d’un compte.

    Sujet :
    ID de sécurité : S-1-5-7
    Nom du compte : ANONYMOUS LOGON
    Domaine du compte : AUTORITE NT
    ID du compte : 0x2c4c6

    Type d’ouverture de session : 3

    Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
    Record Number: 37311
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090704114418.220600-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-PoPo
    Event Code: 4608
    Message: Windows démarre.

    Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
    Record Number: 37312
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090705135333.700535-000
    Event Type: Succès de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=C:\Program Files\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\VistaCodecPack\QT\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
    "PROCESSOR_REVISION"=6801
    "NUMBER_OF_PROCESSORS"=2
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------
    0
  4. Léa
     
    Alors pour moi c'est du charabia mais j'espère que ça va me permettre de résoudre le problème.
    Merci en tout cas d'avoir répondu si rapidement.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    open office est à la version 3 ...

    ____________

    Mettre a jour java:
    https://javara.fr.malavida.com/­indows

    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
    Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    Double-clique sur le répertoire JavaRa obtenu.
    Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    Clique sur Search For Updates.
    Sélectionne Update Using jucheck.exe puis clique sur Search.
    Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
    (c:\JavaRa.log)
    Ferme l'application.

    si cela ne fonctionne pas

    https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

    tu peux désinstaller les vieilles versions.

    ____________________

    branche tous tes supports externes puis colle un rapport usbfix option 2
    0
  7. Léa
     
    Voici le rapport de JavaRa.log

    JavaRa 1.15 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Thu Dec 31 13:37:10 2009

    Found and removed: C:\Program Files\Java\jre1.6.0_03

    Found and removed: C:\Program Files\Java\jre1.6.0_04

    Found and removed: C:\Program Files\Java\jre1.6.0_05

    Found and removed: C:\Program Files\Java\jre1.6.0_07

    Found and removed: C:\Users\PoPo\AppData\LocalLow\Sun\Java\jre1.6.0_04

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\JavaPlugin.160_03

    Found and removed: Software\Classes\JavaPlugin.160_04

    Found and removed: Software\Classes\JavaPlugin.160_05

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

    Found and removed: Software\JavaSoft\Java2D\1.6.0_01

    Found and removed: Software\JavaSoft\Java2D\1.6.0_03

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

    ------------------------------------

    Finished reporting.
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais usbfix
    0
  9. Léa
     
    Oula j'ai pas compris. Je fais quoi exactement et où?
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    c'est indiqué sous la procédure de javara
    0
  11. Léa
     
    Je suis désolée mais je comprends rien :s
    Je trouve pas ce qu'il faut faire. Je ne sais pas où se trouve la procédure de javara.
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    f

    je remets mais c'est ecrit au dessus!

    branche tous tes supports externes puis colle un rapport usbfix option 2
    0
  13. Léa
     
    Alors voila j'ai trouvé. J'ai fait avec ma clé usb qui se ballade sur beaucoup de pc mais je suis censée faire quelque chose pour réparer ou c'est déjà fait?

    ############################## | UsbFix V6.068 |

    User : PoPo (Administrateurs) # PC-DE-POPO
    Update on 28/12/2009 by El Desaparecido , C_XX & Chimay8
    Start at: 15:11:42 | 31/12/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    Internet Explorer 7.0.6001.18000
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 92,21 Go (51,52 Go free) [System] # NTFS
    D:\ -> Disque fixe local # 45,12 Go (21,03 Go free) [DATA] # NTFS
    E:\ -> Disque CD-ROM

    ############################## | Processus actifs |

    C:\Windows\System32\smss.exe 428
    C:\Windows\system32\csrss.exe 564
    C:\Windows\system32\wininit.exe 616
    C:\Windows\system32\csrss.exe 624
    C:\Windows\system32\services.exe 664
    C:\Windows\system32\lsass.exe 676
    C:\Windows\system32\lsm.exe 684
    C:\Windows\system32\winlogon.exe 812
    C:\Windows\system32\svchost.exe 888
    C:\Windows\system32\svchost.exe 956
    C:\Windows\System32\svchost.exe 992
    C:\Windows\System32\svchost.exe 1136
    C:\Windows\System32\svchost.exe 1180
    C:\Windows\system32\svchost.exe 1192
    C:\Windows\system32\SLsvc.exe 1300
    C:\Windows\system32\svchost.exe 1372
    C:\Windows\system32\svchost.exe 1496
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1724
    C:\Program Files\Alwil Software\Avast4\ashServ.exe 1764
    C:\Windows\system32\Dwm.exe 1772
    C:\Windows\Explorer.EXE 1800
    C:\Program Files\Windows Defender\MSASCui.exe 1908
    C:\Windows\RtHDVCpl.exe 1916
    C:\Program Files\Apoint2K\Apoint.exe 2000
    C:\Program Files\Power Manager\PM.exe 196
    C:\Windows\BisonCam\BisonAPP.exe 312
    C:\Windows\System32\rundll32.exe 12
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe 556
    C:\Program Files\Apoint2K\ApMsgFwd.exe 1260
    C:\Program Files\iTunes\iTunesHelper.exe 872
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 1532
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe 1520
    C:\Program Files\Windows Sidebar\sidebar.exe 1668
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1868
    C:\Windows\System32\spoolsv.exe 1676
    C:\Windows\ehome\ehtray.exe 1652
    C:\Windows\system32\taskeng.exe 884
    C:\Windows\system32\svchost.exe 1760
    C:\Windows\System32\rundll32.exe 1612
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe 540
    C:\Windows\system32\taskeng.exe 2068
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN 2276
    C:\Program Files\Apoint2K\Apntex.exe 2384
    C:\Windows\ehome\ehmsas.exe 2540
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2804
    C:\Program Files\Bonjour\mDNSResponder.exe 2820
    C:\Windows\system32\svchost.exe 2856
    c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 2916
    C:\Windows\system32\svchost.exe 2968
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe 3168
    C:\Windows\system32\svchost.exe 3292
    C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe 3332
    C:\Windows\System32\svchost.exe 3392
    C:\Windows\system32\SearchIndexer.exe 3432
    C:\Windows\system32\DRIVERS\xaudio.exe 3496
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3592
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3652
    C:\Program Files\iPod\bin\iPodService.exe 3724
    C:\Windows\system32\wbem\wmiprvse.exe 2332
    C:\Windows\system32\wbem\unsecapp.exe 3372
    C:\Program Files\Windows Live\Contacts\wlcomm.exe 2568
    C:\Windows\system32\wuauclt.exe 6060
    C:\Windows\system32\NOTEPAD.EXE 5832
    C:\Windows\system32\conime.exe 756
    C:\Program Files\Mozilla Firefox\firefox.exe 4192
    C:\Windows\system32\wbem\wmiprvse.exe 764

    ################## | Elements infectieux |

    C:\Windows\msnimport.exe
    F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
    F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

    ################## | Registre |

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\G
    shell\AutoRun\command =G:\LaunchU3.exe -a

    HKCU\..\..\Explorer\MountPoints2\I
    shell\AutoRun\command =wd_windows_tools\setup.exe

    HKCU\..\..\Explorer\MountPoints2\{13b06fed-d7bd-11dc-a701-001060d07d2e}
    shell\Auto\command =AdobeR.exe e
    shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    HKCU\..\..\Explorer\MountPoints2\{13b06ffa-d7bd-11dc-a701-001060d07d2e}
    shell\AutoRun\command =F:\LaunchU3.exe -a

    HKCU\..\..\Explorer\MountPoints2\{7e45ed65-cf29-11dc-9331-001060d07d2e}
    shell\AutoRun\command =wd_windows_tools\setup.exe

    ################## | Cracks > Keygens > Serials |

    ################## | ! Fin du rapport # UsbFix V6.068 ! |
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais l'option 2 et mets le rapport
    0
  15. Léa
     
    Désolée pour tout à l'heure j'avais pas lu jusqu'au bout.
    Voici le rapport

    ############################## | UsbFix V6.068 |

    User : PoPo (Administrateurs) # PC-DE-POPO
    Update on 28/12/2009 by El Desaparecido , C_XX & Chimay8
    Start at: 15:41:23 | 31/12/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    Internet Explorer 7.0.6001.18000
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 92,21 Go (51,44 Go free) [System] # NTFS
    D:\ -> Disque fixe local # 45,12 Go (21,03 Go free) [DATA] # NTFS
    E:\ -> Disque CD-ROM

    ############################## | Processus actifs |

    C:\Windows\System32\smss.exe 492
    C:\Windows\system32\csrss.exe 564
    C:\Windows\system32\wininit.exe 616
    C:\Windows\system32\csrss.exe 628
    C:\Windows\system32\services.exe 664
    C:\Windows\system32\lsass.exe 676
    C:\Windows\system32\lsm.exe 684
    C:\Windows\system32\winlogon.exe 804
    C:\Windows\system32\svchost.exe 880
    C:\Windows\system32\svchost.exe 944
    C:\Windows\System32\svchost.exe 984
    C:\Windows\System32\svchost.exe 1104
    C:\Windows\System32\svchost.exe 1176
    C:\Windows\system32\svchost.exe 1188
    C:\Windows\system32\SLsvc.exe 1304
    C:\Windows\system32\svchost.exe 1356
    C:\Windows\system32\svchost.exe 1500
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1732
    C:\Program Files\Alwil Software\Avast4\ashServ.exe 1752
    C:\Windows\system32\Dwm.exe 1812
    C:\Windows\Explorer.EXE 1824
    C:\Windows\system32\runonce.exe 1884
    C:\Windows\System32\spoolsv.exe 1264
    C:\Windows\system32\svchost.exe 1468
    C:\Windows\system32\taskeng.exe 1512
    C:\Windows\system32\taskeng.exe 1660
    C:\Windows\system32\PresentationSettings.exe 2044
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1124
    C:\Program Files\Bonjour\mDNSResponder.exe 1144
    C:\Windows\system32\svchost.exe 1032
    c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 1960
    C:\Windows\system32\svchost.exe 2080
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2112
    C:\Windows\system32\svchost.exe 2160
    C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe 2320
    C:\Windows\System32\svchost.exe 2344
    C:\Windows\system32\SearchIndexer.exe 2404
    C:\Windows\system32\DRIVERS\xaudio.exe 2512
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2612
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2632
    C:\Windows\system32\wbem\wmiprvse.exe 2816

    ################## | Elements infectieux |

    Supprimé ! C:\Windows\msnimport.exe
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-1654671940-757179397-1803065850-1000
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-2152478756-3922319563-605102323-500
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-3432319531-4188733938-1215649882-500
    Supprimé ! D:\$Recycle.Bin\S-1-5-21-1654671940-757179397-1803065850-1000
    Supprimé ! D:\$Recycle.Bin\S-1-5-21-3432319531-4188733938-1215649882-500

    ################## | Registre |

    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\G\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\I\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{13b06fed-d7bd-11dc-a701-001060d07d2e}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{13b06ffa-d7bd-11dc-a701-001060d07d2e}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{7e45ed65-cf29-11dc-9331-001060d07d2e}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [18/09/2006 22:43|--a------|24] C:\autoexec.bat
    [05/01/2007 12:29|--a------|30] C:\batch.wtc
    [19/01/2008 08:45|-rahs----|333203] C:\bootmgr
    [01/07/2006 22:42|-ra-s----|8192] C:\BOOTSECT.BAK
    [05/04/2008 20:34|--a------|74] C:\CMLoader.log
    [18/09/2006 22:43|--a------|10] C:\config.sys
    [03/01/2007 09:19|--a------|0] C:\DVD.TAG
    [?|?|?] C:\hiberfil.sys
    [10/02/2008 21:15|-rahs----|0] C:\IO.SYS
    [31/12/2009 13:37|--a------|19684] C:\JavaRa.log
    [10/02/2008 21:15|-rahs----|0] C:\MSDOS.SYS
    [?|?|?] C:\pagefile.sys
    [20/10/2007 17:58|--a------|9136] C:\Prodlog.txt
    [31/12/2009 15:48|--a------|4119] C:\UsbFix.txt
    [01/07/2006 14:08|--a------|475384] C:\vcredist_x86.log

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix.
    # D:\autorun.inf -> Dossier créé par UsbFix.

    ################## | Crack > Keygen > Serial |

    ################## | Upload |

    Veuillez envoyer le fichier : C:\Users\PoPo\Desktop\UsbFix_Upload_Me_PC-de-PoPo.zip : https://www.ionos.fr/?affiliate_id=77097
    Merci pour votre contribution .

    ################## | ! Fin du rapport # UsbFix V6.068 ! |
    0
  16. Léa
     
    Alors tout d'abord Bonne Année et sinon voici les résultats du scan

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2010-01-01 18:47:28
    PROTECTIONS: 2
    MALWARE: 23
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus Yes Yes
    Windows Defender Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@atdmt[1].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@tradedoubler[1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@fastclick[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@tribalfusion[2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@mediaplex[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@com[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@xiti[1].txt
    00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@fe.lea.lycos[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@ad.yieldmanager[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@apmebf[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@bs.serving-sys[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@weborama[1].txt
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@adtech[1].txt
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@fl01.ct2.comclick[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@ads.pointroll[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@questionmarket[1].txt
    00187950 Cookie/bravenetA TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@bravenet[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@go[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\popo\appdata\roaming\microsoft\windows\cookies\popo@smartadserver[1].txt
    01308377 Application/MSNContentPlus HackTools No 0 Yes No c:\usbfix\quarantine\c\windows\msnimport.exe.usbfix
    01308377 Application/MSNContentPlus HackTools No 0 Yes No c:\users\popo\desktop\usbfix_upload_me_pc-de-popo.zip[usbfix_upload_me/msnimport.exe.usbfix]
    05825509 Trj/Downloader.MDW Virus/Trojan No 1 Yes No c:\windows\system32\drivers\wnvgz.sys
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No c:\usbfix\bypass.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0