De fausses alertes sécurité sur mon PC?
Résolu
Lawrence
-
moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention -
moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
mon PC lance tout seul au démarrage puis a intervalles réguliers, un outil de detection de virus ("System Tool") qui rend compte de nombreux problèmes a résoudre et redirige vers un site de paiement. Des erreurs critiques sont signalées par l'orinateur. J'ai l'impresson qu'un virus produit tout ça.
Tous les antivirus installés sur mon ordi sont inactifs quand je les lance (rien ne se passe). Mon fond d'écran est un message en majuscules WARNING YOURE IN DANGER.....
confirmez vous que c'est un virus qui fait tout çà et non windows? que puis je faire?
merci beaucoup par avance.
mon PC lance tout seul au démarrage puis a intervalles réguliers, un outil de detection de virus ("System Tool") qui rend compte de nombreux problèmes a résoudre et redirige vers un site de paiement. Des erreurs critiques sont signalées par l'orinateur. J'ai l'impresson qu'un virus produit tout ça.
Tous les antivirus installés sur mon ordi sont inactifs quand je les lance (rien ne se passe). Mon fond d'écran est un message en majuscules WARNING YOURE IN DANGER.....
confirmez vous que c'est un virus qui fait tout çà et non windows? que puis je faire?
merci beaucoup par avance.
A voir également:
- De fausses alertes sécurité sur mon PC?
- Votre appareil ne dispose pas des correctifs de qualité et de sécurité importants - Guide
- Plus de son sur mon pc - Guide
- Mon pc est lent - Guide
- Reinitialiser pc - Guide
- Télécharger musique gratuitement sur pc - Télécharger - Conversion & Extraction
33 réponses
le rapport:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5592
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25/01/2011 03:23:08
mbam-log-2011-01-25 (03-23-08).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 254234
Temps écoulé: 48 minute(s), 16 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 42
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\WINDOWS\Toscan.dll (Trojan.Hiloti) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kdejikikod (Trojan.Hiloti) -> Value: Kdejikikod -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
c:\documents and settings\Laurent\application data\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\Toscan.dll (Trojan.Hiloti) -> Delete on reboot.
c:\documents and settings\Laurent\application data\Adobe\plugs\kb2460093.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\Laurent\local settings\Temp\tmp87.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\kxnffvdpkum.dll.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\mqnkfhrnkmped.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\ndhghdjexeq.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\gjenj06510\gjenj06510.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatolitesa.exe.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatolitesaax.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatolitesabho.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatolitesahook.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatoliteuninstaller.exe.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\fast browser search\IE\searchguardplus.exe.vir (PUP.Fbsearch) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\fast browser search\IE\update.exe.vir (PUP.Fbsearch) -> Not selected for removal.
c:\Qoobox\quarantine\C\WINDOWS\iniqevemiteduzu.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0079974.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0079980.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0080980.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0080988.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0081988.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0082995.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0083003.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0084002.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0085003.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0081997.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086036.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086066.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086067.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086068.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086069.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086073.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086074.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086075.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086076.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086077.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086078.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086085.exe (PUP.Fbsearch) -> Not selected for removal.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086094.exe (PUP.Fbsearch) -> Not selected for removal.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086097.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Laurent\application data\Adobe\plugs\kb2511843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Laurent\Bureau\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.
le logiciel me recommande de redemarrer pour finir la suppression. je vais le faire.
merci bcp
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5592
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25/01/2011 03:23:08
mbam-log-2011-01-25 (03-23-08).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 254234
Temps écoulé: 48 minute(s), 16 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 42
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\WINDOWS\Toscan.dll (Trojan.Hiloti) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kdejikikod (Trojan.Hiloti) -> Value: Kdejikikod -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
c:\documents and settings\Laurent\application data\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\Toscan.dll (Trojan.Hiloti) -> Delete on reboot.
c:\documents and settings\Laurent\application data\Adobe\plugs\kb2460093.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\Laurent\local settings\Temp\tmp87.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\kxnffvdpkum.dll.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\mqnkfhrnkmped.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\ndhghdjexeq.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\application data\gjenj06510\gjenj06510.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatolitesa.exe.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatolitesaax.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatolitesabho.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatolitesahook.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\clickpotatoliteuninstaller.exe.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\clickpotatolite\bin\10.0.536.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\fast browser search\IE\searchguardplus.exe.vir (PUP.Fbsearch) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\fast browser search\IE\update.exe.vir (PUP.Fbsearch) -> Not selected for removal.
c:\Qoobox\quarantine\C\WINDOWS\iniqevemiteduzu.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0079974.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0079980.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0080980.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0080988.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0081988.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0082995.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0083003.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0084002.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0085003.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0081997.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086036.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086066.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086067.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086068.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086069.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086073.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086074.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086075.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086076.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086077.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086078.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086085.exe (PUP.Fbsearch) -> Not selected for removal.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086094.exe (PUP.Fbsearch) -> Not selected for removal.
c:\system volume information\_restore{d475d116-df88-45c4-8bf3-9ab6fc089bd7}\RP311\A0086097.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Laurent\application data\Adobe\plugs\kb2511843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Laurent\Bureau\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.
le logiciel me recommande de redemarrer pour finir la suppression. je vais le faire.
merci bcp
ok
apres redemarrage, vide la quarantaine de MBAM
on touche au but
1)
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet utilisateur, il n'est pas transposable sur un autre ordinateur !
crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le
KillAll::
File::
c:\windows\Dvojeqov.bin
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kdejikikod"=-
* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://sd-2.archive-host.com/membres/images/135518691112296573/cfscriptop0.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
________________
2)
Télécharge SEAF ( de C__XX ) sur ton bureau :
ici http://www.teamxscript.org/SEAFTelechargement.html
* Double clique sur "SEAF.exe" ( clique droit et "Exécuter en tant qu'administrateur" pour Vista / 7 ) pour lancer l'outil.
* Dans l'encardré blanc " Entrez ci dessous...." copie/colle ceci :
iniqevemiteduzu.dll
* Au niveau des " options des fichiers ", fait les réglages suivant :
> A "Calculer le checksum" , choisis : MD5
> Coche la case devant " Info. supplémentaire ".
> Coche la case devant " Afficher les ADS "
* Au niveau des " options du registre " :
> coche " chercher également dans le registre "
( ne touche à aucun autre réglage )
* Clique sur " Lancer la recherche " et laisse travailler l'outil ...
( cela peut-être plus ou moins long suivant les cas ).
--> Une fois terminé, une fenêtre avec un log .txt va s'afficher. Enregistre ce rapport de façon à le retrouver facilement ( sur le bureau par exemple ). Sinon il sera en outre sauvegardé à la racine de ton disque dur ( ici > C:\SEAFLog.txt )
apres redemarrage, vide la quarantaine de MBAM
on touche au but
1)
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet utilisateur, il n'est pas transposable sur un autre ordinateur !
crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le
KillAll::
File::
c:\windows\Dvojeqov.bin
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kdejikikod"=-
* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://sd-2.archive-host.com/membres/images/135518691112296573/cfscriptop0.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
________________
2)
Télécharge SEAF ( de C__XX ) sur ton bureau :
ici http://www.teamxscript.org/SEAFTelechargement.html
* Double clique sur "SEAF.exe" ( clique droit et "Exécuter en tant qu'administrateur" pour Vista / 7 ) pour lancer l'outil.
* Dans l'encardré blanc " Entrez ci dessous...." copie/colle ceci :
iniqevemiteduzu.dll
* Au niveau des " options des fichiers ", fait les réglages suivant :
> A "Calculer le checksum" , choisis : MD5
> Coche la case devant " Info. supplémentaire ".
> Coche la case devant " Afficher les ADS "
* Au niveau des " options du registre " :
> coche " chercher également dans le registre "
( ne touche à aucun autre réglage )
* Clique sur " Lancer la recherche " et laisse travailler l'outil ...
( cela peut-être plus ou moins long suivant les cas ).
--> Une fois terminé, une fenêtre avec un log .txt va s'afficher. Enregistre ce rapport de façon à le retrouver facilement ( sur le bureau par exemple ). Sinon il sera en outre sauvegardé à la racine de ton disque dur ( ici > C:\SEAFLog.txt )
voila le rapport:
ComboFix 11-01-23.03 - Laurent 25/01/2011 3:51.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1506 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurent\Bureau\LAW.exe
Commutateurs utilisés :: c:\documents and settings\Laurent\Bureau\CFScript.txt
FILE ::
"c:\windows\Dvojeqov.bin"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Laurent\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Laurent\Application Data\Adobe\plugs
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}\chrome.manifest
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}\chrome\content\_cfg.js
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}\chrome\content\overlay.xul
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}\install.rdf
c:\documents and settings\Laurent\Menu Démarrer\Programmes\System Tool
c:\windows\Dvojeqov.bin
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-25 au 2011-01-25 ))))))))))))))))))))))))))))))))))))
.
2011-01-24 02:31 . 2011-01-24 02:31 -------- d-----w- C:\tdsskiller
2011-01-24 02:18 . 2011-01-24 02:19 -------- d-----w- c:\program files\ZHPDiag
2011-01-24 01:42 . 2011-01-24 02:05 -------- d-----w- c:\documents and settings\Administrateur
2011-01-20 18:14 . 2011-01-20 18:21 -------- d-----w- c:\windows\BDOSCAN8
2011-01-03 22:12 . 2011-01-03 22:13 -------- d-----w- c:\program files\iTunes
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-01-03 22:06 . 2011-01-03 22:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-01-03 22:05 . 2011-01-03 22:05 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-01-29 23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-01-29 23:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-01-16 16:35 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-01-16 16:23 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2006-01-16 16:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2006-01-16 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2006-01-16 16:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2006-01-16 16:23 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-01-16 16:23 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:14 . 2006-01-16 16:22 290048 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-15 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 64256]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-11-12 821384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
c:\documents and settings\Laurent\Menu D'marrer\Programmes\D'marrage\
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-11 380928]
PowerReg Scheduler.exe [2007-1-7 225280]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
play2p.lnk - c:\program files\play2p\play2p.exe [2009-5-31 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayerHelper.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUHDD1AppLauncher.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporter.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporterLauncher.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\play2p\\play2p.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [12/11/2010 10:31 214664]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [12/11/2010 10:31 1145992]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/01/2010 09:44 135664]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [11/10/2006 00:03 370536]
S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [07/01/2007 14:47 101120]
.
Contenu du dossier 'Tâches planifiées'
2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]
2011-01-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 19:35]
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2011-01-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-25 03:59
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(6464)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2011-01-25 04:03:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-25 03:03
ComboFix2.txt 2011-01-24 03:24
Avant-CF: 4 580 552 704 octets libres
Après-CF: 5 185 146 880 octets libres
- - End Of File - - 854A271BFC846D6FE2DCDCDA85FFE89E
je passe a la phase 2
ComboFix 11-01-23.03 - Laurent 25/01/2011 3:51.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1506 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurent\Bureau\LAW.exe
Commutateurs utilisés :: c:\documents and settings\Laurent\Bureau\CFScript.txt
FILE ::
"c:\windows\Dvojeqov.bin"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Laurent\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Laurent\Application Data\Adobe\plugs
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}\chrome.manifest
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}\chrome\content\_cfg.js
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}\chrome\content\overlay.xul
c:\documents and settings\Laurent\Local Settings\Application Data\{F34B76A6-0945-4DE4-AFD3-7D3BECBB0CA2}\install.rdf
c:\documents and settings\Laurent\Menu Démarrer\Programmes\System Tool
c:\windows\Dvojeqov.bin
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-25 au 2011-01-25 ))))))))))))))))))))))))))))))))))))
.
2011-01-24 02:31 . 2011-01-24 02:31 -------- d-----w- C:\tdsskiller
2011-01-24 02:18 . 2011-01-24 02:19 -------- d-----w- c:\program files\ZHPDiag
2011-01-24 01:42 . 2011-01-24 02:05 -------- d-----w- c:\documents and settings\Administrateur
2011-01-20 18:14 . 2011-01-20 18:21 -------- d-----w- c:\windows\BDOSCAN8
2011-01-03 22:12 . 2011-01-03 22:13 -------- d-----w- c:\program files\iTunes
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-01-03 22:06 . 2011-01-03 22:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-01-03 22:05 . 2011-01-03 22:05 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-01-29 23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-01-29 23:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-01-16 16:35 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-01-16 16:23 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2006-01-16 16:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2006-01-16 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2006-01-16 16:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2006-01-16 16:23 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-01-16 16:23 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:14 . 2006-01-16 16:22 290048 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-15 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 64256]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-11-12 821384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
c:\documents and settings\Laurent\Menu D'marrer\Programmes\D'marrage\
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-11 380928]
PowerReg Scheduler.exe [2007-1-7 225280]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
play2p.lnk - c:\program files\play2p\play2p.exe [2009-5-31 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayerHelper.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUHDD1AppLauncher.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporter.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporterLauncher.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\play2p\\play2p.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [12/11/2010 10:31 214664]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [12/11/2010 10:31 1145992]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/01/2010 09:44 135664]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [11/10/2006 00:03 370536]
S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [07/01/2007 14:47 101120]
.
Contenu du dossier 'Tâches planifiées'
2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]
2011-01-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 19:35]
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2011-01-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-25 03:59
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(6464)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2011-01-25 04:03:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-25 03:03
ComboFix2.txt 2011-01-24 03:24
Avant-CF: 4 580 552 704 octets libres
Après-CF: 5 185 146 880 octets libres
- - End Of File - - 854A271BFC846D6FE2DCDCDA85FFE89E
je passe a la phase 2
(sourire)
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 04:08:21 le 25/01/2011
4.
5. Valeur(s) recherchée(s):
6. iniqevemiteduzu.dll
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Calcul du Hash "MD5"
11. (!) --- Informations supplémentaires
12. (!) --- Affichage des ADS
13. (!) --- Recherche registre
14.
15. ====== Fichier(s) ======
16.
17. Aucun fichier trouvé
18.
19.
20. ====== Entrée(s) du registre ======
21.
22.
23. [HKU\S-1-5-21-3722365561-4284195903-2926877600-1006\Software\Microsoft\Search Assistant\ACMru\5603]
24. "001"="iniqevemiteduzu.dll" (REG_SZ)
25.
26. =========================
27.
28. Fin à: 04:10:53 le 25/01/2011
29. 262676 Éléments analysés
30.
31. =========================
32. E.O.F
merci bcp
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 04:08:21 le 25/01/2011
4.
5. Valeur(s) recherchée(s):
6. iniqevemiteduzu.dll
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Calcul du Hash "MD5"
11. (!) --- Informations supplémentaires
12. (!) --- Affichage des ADS
13. (!) --- Recherche registre
14.
15. ====== Fichier(s) ======
16.
17. Aucun fichier trouvé
18.
19.
20. ====== Entrée(s) du registre ======
21.
22.
23. [HKU\S-1-5-21-3722365561-4284195903-2926877600-1006\Software\Microsoft\Search Assistant\ACMru\5603]
24. "001"="iniqevemiteduzu.dll" (REG_SZ)
25.
26. =========================
27.
28. Fin à: 04:10:53 le 25/01/2011
29. 262676 Éléments analysés
30.
31. =========================
32. E.O.F
merci bcp
arf, il n' y a plus de fichier
dommage
comment va ce pc
__________
? Télécharge OTM (OldTimer) sur ton Bureau :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
? Double-clique sur OTM.exe afin de le lancer.
? Copie (Ctrl+C) le texte suivant ci-dessous :
:Reg
[HKU\S-1-5-21-3722365561-4284195903-2926877600-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=-
:commands
[emptytemp]
[start explorer]
[reboot]
? Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
? Clique maintenant sur le bouton MoveIt! puis ferme OTM
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
? Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
*Le nom du rapport correspond au moment de sa création : date_heure.log
dommage
comment va ce pc
__________
? Télécharge OTM (OldTimer) sur ton Bureau :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
? Double-clique sur OTM.exe afin de le lancer.
? Copie (Ctrl+C) le texte suivant ci-dessous :
:Reg
[HKU\S-1-5-21-3722365561-4284195903-2926877600-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=-
:commands
[emptytemp]
[start explorer]
[reboot]
? Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
? Clique maintenant sur le bouton MoveIt! puis ferme OTM
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
? Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
*Le nom du rapport correspond au moment de sa création : date_heure.log
All processes killed
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-21-3722365561-4284195903-2926877600-1006\Software\Microsoft\Search Assistant\ACMru\5603\\001 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 497 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
User: Laurent
->Temp folder emptied: 401 bytes
->Temporary Internet Files folder emptied: 3145586 bytes
->Java cache emptied: 2287144 bytes
->Flash cache emptied: 126953 bytes
User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 111759 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 8630 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
je dois partir (imperatif)
je te retrouve?
merci beaucoup beaucoup le PC a l'air d'aller tres bien
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-21-3722365561-4284195903-2926877600-1006\Software\Microsoft\Search Assistant\ACMru\5603\\001 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 497 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
User: Laurent
->Temp folder emptied: 401 bytes
->Temporary Internet Files folder emptied: 3145586 bytes
->Java cache emptied: 2287144 bytes
->Flash cache emptied: 126953 bytes
User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 111759 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 8630 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
je dois partir (imperatif)
je te retrouve?
merci beaucoup beaucoup le PC a l'air d'aller tres bien
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
hello l'ami
content de te revoir...tu as raison
@ lawrence
cherche sur C le dossier Qoobox, puis celui de la quarantaine, tu y trouveras ce fichier iniqevemiteduzu.dll
peux tu l'envoyer ici http://www.teamxscript.org/Upload.php
CONTRIBUTEUR SECURITE
Désinfection = diagnostic + traitement + finalisation
"Restez" jusqu'au bout...merci
content de te revoir...tu as raison
@ lawrence
cherche sur C le dossier Qoobox, puis celui de la quarantaine, tu y trouveras ce fichier iniqevemiteduzu.dll
peux tu l'envoyer ici http://www.teamxscript.org/Upload.php
CONTRIBUTEUR SECURITE
Désinfection = diagnostic + traitement + finalisation
"Restez" jusqu'au bout...merci
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet utilisateur, il n'est pas transposable sur un autre ordinateur !
crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le
DeQuarantine::
C:\Qoobox\Quarantine\C\Windows\iniqevemiteduzu.dll
* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://sd-2.archive-host.com/membres/images/135518691112296573/cfscriptop0.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le
DeQuarantine::
C:\Qoobox\Quarantine\C\Windows\iniqevemiteduzu.dll
* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://sd-2.archive-host.com/membres/images/135518691112296573/cfscriptop0.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
hello voici le fichier
ComboFix 11-01-23.03 - Laurent 26/01/2011 8:46.3.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1478 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurent\Bureau\LAW.exe
Commutateurs utilisés :: c:\documents and settings\Laurent\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-26 au 2011-01-26 ))))))))))))))))))))))))))))))))))))
.
2011-01-25 03:35 . 2011-01-25 03:35 -------- d-----w- C:\_OTM
2011-01-25 03:07 . 2011-01-25 03:07 -------- d-----w- c:\program files\SEAF
2011-01-24 02:31 . 2011-01-24 02:31 -------- d-----w- C:\tdsskiller
2011-01-24 02:18 . 2011-01-24 02:19 -------- d-----w- c:\program files\ZHPDiag
2011-01-24 01:42 . 2011-01-24 02:05 -------- d-----w- c:\documents and settings\Administrateur
2011-01-20 18:14 . 2011-01-20 18:21 -------- d-----w- c:\windows\BDOSCAN8
2011-01-03 22:12 . 2011-01-03 22:13 -------- d-----w- c:\program files\iTunes
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-01-03 22:06 . 2011-01-03 22:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-01-03 22:05 . 2011-01-03 22:05 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-01-29 23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-01-29 23:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-01-16 16:35 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-01-16 16:23 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2006-01-16 16:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2006-01-16 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2006-01-16 16:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2006-01-16 16:23 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-01-16 16:23 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:14 . 2006-01-16 16:22 290048 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-15 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 64256]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-11-12 821384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
c:\documents and settings\Laurent\Menu D'marrer\Programmes\D'marrage\
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-11 380928]
PowerReg Scheduler.exe [2007-1-7 225280]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
play2p.lnk - c:\program files\play2p\play2p.exe [2009-5-31 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayerHelper.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUHDD1AppLauncher.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporter.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporterLauncher.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\play2p\\play2p.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [12/11/2010 10:31 214664]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [12/11/2010 10:31 1145992]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/01/2010 09:44 135664]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [11/10/2006 00:03 370536]
S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [07/01/2007 14:47 101120]
.
Contenu du dossier 'Tâches planifiées'
2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]
2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 19:35]
2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2011-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 08:53
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(500)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2011-01-26 08:58:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-26 07:58
ComboFix2.txt 2011-01-25 03:03
ComboFix3.txt 2011-01-24 03:24
Avant-CF: 5 169 946 624 octets libres
Après-CF: 5 159 612 416 octets libres
- - End Of File - - FABBBB538DFC62D211D864FD7F42A372
ComboFix 11-01-23.03 - Laurent 26/01/2011 8:46.3.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1478 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurent\Bureau\LAW.exe
Commutateurs utilisés :: c:\documents and settings\Laurent\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-26 au 2011-01-26 ))))))))))))))))))))))))))))))))))))
.
2011-01-25 03:35 . 2011-01-25 03:35 -------- d-----w- C:\_OTM
2011-01-25 03:07 . 2011-01-25 03:07 -------- d-----w- c:\program files\SEAF
2011-01-24 02:31 . 2011-01-24 02:31 -------- d-----w- C:\tdsskiller
2011-01-24 02:18 . 2011-01-24 02:19 -------- d-----w- c:\program files\ZHPDiag
2011-01-24 01:42 . 2011-01-24 02:05 -------- d-----w- c:\documents and settings\Administrateur
2011-01-20 18:14 . 2011-01-20 18:21 -------- d-----w- c:\windows\BDOSCAN8
2011-01-03 22:12 . 2011-01-03 22:13 -------- d-----w- c:\program files\iTunes
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-01-03 22:06 . 2011-01-03 22:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-01-03 22:05 . 2011-01-03 22:05 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-01-29 23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-01-29 23:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-01-16 16:35 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-01-16 16:23 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2006-01-16 16:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2006-01-16 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2006-01-16 16:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2006-01-16 16:23 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-01-16 16:23 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:14 . 2006-01-16 16:22 290048 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-15 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 64256]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-11-12 821384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
c:\documents and settings\Laurent\Menu D'marrer\Programmes\D'marrage\
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-11 380928]
PowerReg Scheduler.exe [2007-1-7 225280]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
play2p.lnk - c:\program files\play2p\play2p.exe [2009-5-31 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayerHelper.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUHDD1AppLauncher.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporter.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporterLauncher.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\play2p\\play2p.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [12/11/2010 10:31 214664]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [12/11/2010 10:31 1145992]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/01/2010 09:44 135664]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [11/10/2006 00:03 370536]
S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [07/01/2007 14:47 101120]
.
Contenu du dossier 'Tâches planifiées'
2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]
2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 19:35]
2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2011-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 08:53
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(500)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2011-01-26 08:58:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-26 07:58
ComboFix2.txt 2011-01-25 03:03
ComboFix3.txt 2011-01-24 03:24
Avant-CF: 5 169 946 624 octets libres
Après-CF: 5 159 612 416 octets libres
- - End Of File - - FABBBB538DFC62D211D864FD7F42A372
peux tu refaire la manip script combofix avec ce texte là
KillAll::
DeQuarantine::
C:\Qoobox\Quarantine\C\Windows\iniqevemiteduzu.dll
KillAll::
DeQuarantine::
C:\Qoobox\Quarantine\C\Windows\iniqevemiteduzu.dll
voici le resultat
ComboFix 11-01-23.03 - Laurent 27/01/2011 20:10:56.4.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1500 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurent\Bureau\LAW.exe
Commutateurs utilisés :: c:\documents and settings\Laurent\Bureau\CFScript.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-27 au 2011-01-27 ))))))))))))))))))))))))))))))))))))
.
2011-01-25 03:35 . 2011-01-25 03:35 -------- d-----w- C:\_OTM
2011-01-25 03:07 . 2011-01-25 03:07 -------- d-----w- c:\program files\SEAF
2011-01-24 02:31 . 2011-01-24 02:31 -------- d-----w- C:\tdsskiller
2011-01-24 02:18 . 2011-01-24 02:19 -------- d-----w- c:\program files\ZHPDiag
2011-01-24 01:42 . 2011-01-24 02:05 -------- d-----w- c:\documents and settings\Administrateur
2011-01-20 18:14 . 2011-01-20 18:21 -------- d-----w- c:\windows\BDOSCAN8
2011-01-03 22:12 . 2011-01-03 22:13 -------- d-----w- c:\program files\iTunes
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-01-03 22:06 . 2011-01-03 22:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-01-03 22:05 . 2011-01-03 22:05 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-01-29 23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-01-29 23:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-01-16 16:35 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-01-16 16:23 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2006-01-16 16:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2006-01-16 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2006-01-16 16:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2006-01-16 16:23 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-01-16 16:23 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-15 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 64256]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-11-12 821384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
c:\documents and settings\Laurent\Menu D'marrer\Programmes\D'marrage\
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-11 380928]
PowerReg Scheduler.exe [2007-1-7 225280]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
play2p.lnk - c:\program files\play2p\play2p.exe [2009-5-31 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayerHelper.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUHDD1AppLauncher.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporter.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporterLauncher.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\play2p\\play2p.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [12/11/2010 10:31 214664]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [12/11/2010 10:31 1145992]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/01/2010 09:44 135664]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [11/10/2006 00:03 370536]
S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [07/01/2007 14:47 101120]
.
Contenu du dossier 'Tâches planifiées'
2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]
2011-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 19:35]
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2011-01-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 20:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(508)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2011-01-27 20:29:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-27 19:28
ComboFix2.txt 2011-01-26 07:58
ComboFix3.txt 2011-01-25 03:03
ComboFix4.txt 2011-01-24 03:24
Avant-CF: 5 159 456 768 octets libres
Après-CF: 5 148 311 552 octets libres
- - End Of File - - 157C5F4E3AEAF7516F114D1719481CE8
ComboFix 11-01-23.03 - Laurent 27/01/2011 20:10:56.4.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1500 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurent\Bureau\LAW.exe
Commutateurs utilisés :: c:\documents and settings\Laurent\Bureau\CFScript.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-27 au 2011-01-27 ))))))))))))))))))))))))))))))))))))
.
2011-01-25 03:35 . 2011-01-25 03:35 -------- d-----w- C:\_OTM
2011-01-25 03:07 . 2011-01-25 03:07 -------- d-----w- c:\program files\SEAF
2011-01-24 02:31 . 2011-01-24 02:31 -------- d-----w- C:\tdsskiller
2011-01-24 02:18 . 2011-01-24 02:19 -------- d-----w- c:\program files\ZHPDiag
2011-01-24 01:42 . 2011-01-24 02:05 -------- d-----w- c:\documents and settings\Administrateur
2011-01-20 18:14 . 2011-01-20 18:21 -------- d-----w- c:\windows\BDOSCAN8
2011-01-03 22:12 . 2011-01-03 22:13 -------- d-----w- c:\program files\iTunes
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-01-03 22:09 . 2011-01-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-01-03 22:06 . 2011-01-03 22:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-01-03 22:05 . 2011-01-03 22:05 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-01-29 23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-01-29 23:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-01-16 16:35 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-01-16 16:23 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2006-01-16 16:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2006-01-16 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2006-01-16 16:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2006-01-16 16:23 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-01-16 16:23 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-15 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 64256]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-11-12 821384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
c:\documents and settings\Laurent\Menu D'marrer\Programmes\D'marrage\
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-11 380928]
PowerReg Scheduler.exe [2007-1-7 225280]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
play2p.lnk - c:\program files\play2p\play2p.exe [2009-5-31 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayerHelper.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUHDD1AppLauncher.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporter.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\VideoUtility\\SPUDiscImporterLauncher.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\play2p\\play2p.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [12/11/2010 10:31 214664]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [12/11/2010 10:31 1145992]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/01/2010 09:44 135664]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [11/10/2006 00:03 370536]
S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [07/01/2007 14:47 101120]
.
Contenu du dossier 'Tâches planifiées'
2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]
2011-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 19:35]
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 08:44]
2011-01-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2011-01-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3722365561-4284195903-2926877600-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 20:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(508)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2011-01-27 20:29:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-27 19:28
ComboFix2.txt 2011-01-26 07:58
ComboFix3.txt 2011-01-25 03:03
ComboFix4.txt 2011-01-24 03:24
Avant-CF: 5 159 456 768 octets libres
Après-CF: 5 148 311 552 octets libres
- - End Of File - - 157C5F4E3AEAF7516F114D1719481CE8
on laisse tomber
et on va finir
Fais un nouveau rapport ZHPdiag stp
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
et on va finir
Fais un nouveau rapport ZHPdiag stp
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
pour finir
1)
* Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O69 - SBI: SearchScopes [HKCU] {A3C2A144-66C6-4B3B-A9B2-A2DB8C3CF49F} - (Fast Browser Search) - http://www.fastbrowsersearch.com
Puis Lance ZHPFix depuis le raccourci du bureau .
* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .
* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".
Copie/Colle le rapport à l'écran dans ton prochain message
( ce rapport est sauvegardé dans ce dossier C:\Program files\ZHPDiag\ZHPFixReport.txt )
..........................
2)
Mettre à jour la Console Java ? :
https://www.java.com/fr/download/uninstalltool.jsp
et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version).
voici pour desinstaller :
JavaRa
http://raproducts.org/click/click.php?id=1
Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Choisis Français puis clique sur Select.
* Clique sur Recherche de mises à jour.
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
* Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.
Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
.............
3)
Mets à jour Adobe Reader (désinstalle avant la version antérieure)
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
puis
* Lancez Adobe Reader
* Cliquez sur Edition --> Préférences --> JavaScript
* Décochez "Activer Acrobat JavaScript"
* Validez
....................
4)
IMPORTANT
Purger les points de restauration système:
Télécharge OneClick2RestorePoint
http://www.multifa7.be/Laddy/OneClick2RP.exe
Mirroirs si non accessible :
http://batchdhelus.open-web.fr/Laddy/OneClick2RP.exe
https://app.box.com/s/cqcsz5m0oz
* Double clic sur OneClick2RP pour l'exécuter (Clic-droit choisir Executer en tant qu'administrateur sous Vista/Seven)
* Clic sur le bouton "Purger", l'outil de nettoyage de windows va s'ouvrir
* Choisis ton disque dur principal en général (C:\) ... Patiente pendant le scan...
* Rends toi dans l'onglet "Autres options"
* Dans la zone restauration système, clic sur le bouton nettoyer puis sur le bouton Supprimer.
* Les points de restauration système seront purgés sauf le dernier créé.
Ensuite avec le même outil
Créer un nouveau point de restauration reconnaissable
.................
5)
Télécharge DelFix sur ton bureau.
http://www.teamxscript.org/too/Xplode/DelFix.exe
1. Lance le, choisis le bouton SUPPRESSION
2. Patiente pendant le scan jusqu'à l'ouverture du rapport.
3. Copie/Colle le contenu du rapport dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\DelFixSearch
__________________
Recommandations pour l'avenir
Tu es la meilleure protection pour ton pc que tout autre antivirus, si tu admets un minimum de rigueur dans son utilisation...Les virus sont vigilants et pénètrent ta machine par toutes les portes que tu laisseras ouvertes...
- logiciels non à jour (windows, internet explorer, java, adobe reader etc)
- installation de toolbar
- fréquentation de sites piégés
- P2P
- Application de cracks
- Supports usb
Pour t'aider dans cette tâche, voici quelques pistes
Pour naviguer sur internet plus en sécurité et à l'abri des publicités, je te conseille vivement d'installer et d'utiliser le navigateur firefox
http://www.mozilla-europe.org/fr/firefox/
Une fois que c'est fait, lances le et installe l'extension de sécurité adblock plus
pour bloquer les publicités
http://www.clubic.com/telecharger-fiche45912-adblock-plus.html
............................
WOT - Extension pour ton navigateur internet :
Voici une extension à télécharger qui te permettra, en faisant tes recherches sur google, de savoir si le site proposé lors de tes recherches est un site de confiance ou un site à éviter car il pourrait infecter ton PC :
Pour Firefox : https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
Pour internet explorer : https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
........................
Pour éviter une infection toolbar, il faut tout lire attentivement lorsque tu installes un programme gratuit, et décocher tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !
..........................
Vaccines tes disques amovibles à l'aide de USBFix (de Chiquitine29 et C_XX)
http://www.teamxscript.org/usbfixTelechargement.html
Au menu principal, choisis l'option 3 (Vaccination).
............................
garder Malwarebytes et faire un examen de temps en temps ton PC, avec mise à jour avant chaque scan
.......................
Pour savoir si ton PC est à jour utilise Sécunia
https://www.donnemoilinfo.com/sujet/Securiser/secunia-personal-inspector.php
...................
Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
* Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse
..........................
utilitaire pour défragmenter , utilises pour ce faire Defraggler https://www.clubic.com/telecharger-fiche44314-defraggler.html
........................
A lire pour mieux comprendre l'environnement qui t'entoure
http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html
https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
http://www.libellules.ch/...
1)
* Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O69 - SBI: SearchScopes [HKCU] {A3C2A144-66C6-4B3B-A9B2-A2DB8C3CF49F} - (Fast Browser Search) - http://www.fastbrowsersearch.com
Puis Lance ZHPFix depuis le raccourci du bureau .
* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .
* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".
Copie/Colle le rapport à l'écran dans ton prochain message
( ce rapport est sauvegardé dans ce dossier C:\Program files\ZHPDiag\ZHPFixReport.txt )
..........................
2)
Mettre à jour la Console Java ? :
https://www.java.com/fr/download/uninstalltool.jsp
et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version).
voici pour desinstaller :
JavaRa
http://raproducts.org/click/click.php?id=1
Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Choisis Français puis clique sur Select.
* Clique sur Recherche de mises à jour.
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
* Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.
Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
.............
3)
Mets à jour Adobe Reader (désinstalle avant la version antérieure)
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
puis
* Lancez Adobe Reader
* Cliquez sur Edition --> Préférences --> JavaScript
* Décochez "Activer Acrobat JavaScript"
* Validez
....................
4)
IMPORTANT
Purger les points de restauration système:
Télécharge OneClick2RestorePoint
http://www.multifa7.be/Laddy/OneClick2RP.exe
Mirroirs si non accessible :
http://batchdhelus.open-web.fr/Laddy/OneClick2RP.exe
https://app.box.com/s/cqcsz5m0oz
* Double clic sur OneClick2RP pour l'exécuter (Clic-droit choisir Executer en tant qu'administrateur sous Vista/Seven)
* Clic sur le bouton "Purger", l'outil de nettoyage de windows va s'ouvrir
* Choisis ton disque dur principal en général (C:\) ... Patiente pendant le scan...
* Rends toi dans l'onglet "Autres options"
* Dans la zone restauration système, clic sur le bouton nettoyer puis sur le bouton Supprimer.
* Les points de restauration système seront purgés sauf le dernier créé.
Ensuite avec le même outil
Créer un nouveau point de restauration reconnaissable
.................
5)
Télécharge DelFix sur ton bureau.
http://www.teamxscript.org/too/Xplode/DelFix.exe
1. Lance le, choisis le bouton SUPPRESSION
2. Patiente pendant le scan jusqu'à l'ouverture du rapport.
3. Copie/Colle le contenu du rapport dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\DelFixSearch
__________________
Recommandations pour l'avenir
Tu es la meilleure protection pour ton pc que tout autre antivirus, si tu admets un minimum de rigueur dans son utilisation...Les virus sont vigilants et pénètrent ta machine par toutes les portes que tu laisseras ouvertes...
- logiciels non à jour (windows, internet explorer, java, adobe reader etc)
- installation de toolbar
- fréquentation de sites piégés
- P2P
- Application de cracks
- Supports usb
Pour t'aider dans cette tâche, voici quelques pistes
Pour naviguer sur internet plus en sécurité et à l'abri des publicités, je te conseille vivement d'installer et d'utiliser le navigateur firefox
http://www.mozilla-europe.org/fr/firefox/
Une fois que c'est fait, lances le et installe l'extension de sécurité adblock plus
pour bloquer les publicités
http://www.clubic.com/telecharger-fiche45912-adblock-plus.html
............................
WOT - Extension pour ton navigateur internet :
Voici une extension à télécharger qui te permettra, en faisant tes recherches sur google, de savoir si le site proposé lors de tes recherches est un site de confiance ou un site à éviter car il pourrait infecter ton PC :
Pour Firefox : https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
Pour internet explorer : https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
........................
Pour éviter une infection toolbar, il faut tout lire attentivement lorsque tu installes un programme gratuit, et décocher tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !
..........................
Vaccines tes disques amovibles à l'aide de USBFix (de Chiquitine29 et C_XX)
http://www.teamxscript.org/usbfixTelechargement.html
Au menu principal, choisis l'option 3 (Vaccination).
............................
garder Malwarebytes et faire un examen de temps en temps ton PC, avec mise à jour avant chaque scan
.......................
Pour savoir si ton PC est à jour utilise Sécunia
https://www.donnemoilinfo.com/sujet/Securiser/secunia-personal-inspector.php
...................
Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
* Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse
..........................
utilitaire pour défragmenter , utilises pour ce faire Defraggler https://www.clubic.com/telecharger-fiche44314-defraggler.html
........................
A lire pour mieux comprendre l'environnement qui t'entoure
http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html
https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
http://www.libellules.ch/...
le rapport...
Rapport de ZHPFix 1.12.3240 par Nicolas Coolman, Update du 21/01/2011
Fichier d'export Registre : C:\ZHPExportRegistry-27-01-2011-21-46-33.txt
Run by Laurent at 27/01/2011 21:46:33
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr
========== Clé(s) du Registre ==========
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll => Clé supprimée avec succès
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] => Clé supprimée avec succès
[HKCR\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] => Clé supprimée avec succès
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}] => Clé supprimée avec succès
[HKCR\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}] => Clé supprimée avec succès
O69 - SBI: SearchScopes [HKCU] {A3C2A144-66C6-4B3B-A9B2-A2DB8C3CF49F} - (Fast Browser Search) - http://www.fastbrowsersearch.com => Clé supprimée avec succès
========== Valeur(s) du Registre ==========
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur absente
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur absente
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll => Valeur supprimée avec succès
========== Fichier(s) ==========
c:\program files\fast browser search\ie\fbstoolbar.dll => Fichier absent
========== Récapitulatif ==========
6 : Clé(s) du Registre
3 : Valeur(s) du Registre
1 : Fichier(s)
Rapport de ZHPFix 1.12.3240 par Nicolas Coolman, Update du 21/01/2011
Fichier d'export Registre : C:\ZHPExportRegistry-27-01-2011-21-46-33.txt
Run by Laurent at 27/01/2011 21:46:33
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr
========== Clé(s) du Registre ==========
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll => Clé supprimée avec succès
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] => Clé supprimée avec succès
[HKCR\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] => Clé supprimée avec succès
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}] => Clé supprimée avec succès
[HKCR\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}] => Clé supprimée avec succès
O69 - SBI: SearchScopes [HKCU] {A3C2A144-66C6-4B3B-A9B2-A2DB8C3CF49F} - (Fast Browser Search) - http://www.fastbrowsersearch.com => Clé supprimée avec succès
========== Valeur(s) du Registre ==========
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur absente
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur absente
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll => Valeur supprimée avec succès
========== Fichier(s) ==========
c:\program files\fast browser search\ie\fbstoolbar.dll => Fichier absent
========== Récapitulatif ==========
6 : Clé(s) du Registre
3 : Valeur(s) du Registre
1 : Fichier(s)
Voici le rapport JAVA:
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sun Feb 01 13:42:11 2009
Found and removed: C:\Program Files\Java\jre1.5.0_04
Found and removed: C:\Program Files\Java\jre1.6.0_01
Found and removed: C:\Program Files\Java\jre1.6.0_02
Found and removed: C:\Program Files\Java\jre1.6.0_03
Found and removed: C:\Program Files\Java\jre1.6.0_05
Found and removed: C:\Program Files\Java\jre1.6.0_07
Found and removed: Software\JavaSoft\Java2D\1.5.0_04
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004
Found and removed: SOFTWARE\Classes\JavaPlugin.150_04
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\JavaPlugin.160_01
Found and removed: SOFTWARE\Classes\JavaPlugin.160_02
Found and removed: SOFTWARE\Classes\JavaPlugin.160_03
Found and removed: SOFTWARE\Classes\JavaPlugin.160_05
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04
Found and removed: Software\Classes\JavaPlugin.160_01
Found and removed: Software\Classes\JavaPlugin.160_02
Found and removed: Software\Classes\JavaPlugin.160_03
Found and removed: Software\Classes\JavaPlugin.160_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05
Found and removed: Software\JavaSoft\Java2D\1.6.0_01
Found and removed: Software\JavaSoft\Java2D\1.6.0_03
Found and removed: Software\JavaSoft\Java2D\1.6.0_05
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
------------------------------------
Finished reporting.
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Jan 28 21:00:02 2011
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_11
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_14
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_15
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_17
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_20
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_21
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_22
Found and removed: Applications\java.exe
Found and removed: Applications\javaw.exe
Found and removed: JavaPlugin.FamilyVersionSupport
Found and removed: Installer\Products\8A0F842331866D117AB7000B0D610007
Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
Found and removed: JavaScript
Found and removed: JavaScript Author
Found and removed: JavaScript1.1
Found and removed: JavaScript1.1 Author
Found and removed: JavaScript1.2
Found and removed: JavaScript1.2 Author
Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}
Found and removed: Software\Classes\JavaPlugin.160_07
Found and removed: Software\Classes\JavaPlugin.160_20
Found and removed: Software\JavaSoft\Java Update
Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_04
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_20
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\JavaPlugin
Found and removed: SOFTWARE\Classes\JavaPlugin.160_07
Found and removed: SOFTWARE\Classes\JavaPlugin.160_20
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_20
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_20
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_20
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Jan 28 21:02:00 2011
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
------------------------------------
Finished reporting.
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sun Feb 01 13:42:11 2009
Found and removed: C:\Program Files\Java\jre1.5.0_04
Found and removed: C:\Program Files\Java\jre1.6.0_01
Found and removed: C:\Program Files\Java\jre1.6.0_02
Found and removed: C:\Program Files\Java\jre1.6.0_03
Found and removed: C:\Program Files\Java\jre1.6.0_05
Found and removed: C:\Program Files\Java\jre1.6.0_07
Found and removed: Software\JavaSoft\Java2D\1.5.0_04
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004
Found and removed: SOFTWARE\Classes\JavaPlugin.150_04
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\JavaPlugin.160_01
Found and removed: SOFTWARE\Classes\JavaPlugin.160_02
Found and removed: SOFTWARE\Classes\JavaPlugin.160_03
Found and removed: SOFTWARE\Classes\JavaPlugin.160_05
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04
Found and removed: Software\Classes\JavaPlugin.160_01
Found and removed: Software\Classes\JavaPlugin.160_02
Found and removed: Software\Classes\JavaPlugin.160_03
Found and removed: Software\Classes\JavaPlugin.160_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05
Found and removed: Software\JavaSoft\Java2D\1.6.0_01
Found and removed: Software\JavaSoft\Java2D\1.6.0_03
Found and removed: Software\JavaSoft\Java2D\1.6.0_05
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
------------------------------------
Finished reporting.
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Jan 28 21:00:02 2011
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_11
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_14
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_15
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_17
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_20
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_21
Found and removed: C:\Documents and Settings\Laurent\Application Data\Sun\Java\jre1.6.0_22
Found and removed: Applications\java.exe
Found and removed: Applications\javaw.exe
Found and removed: JavaPlugin.FamilyVersionSupport
Found and removed: Installer\Products\8A0F842331866D117AB7000B0D610007
Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
Found and removed: JavaScript
Found and removed: JavaScript Author
Found and removed: JavaScript1.1
Found and removed: JavaScript1.1 Author
Found and removed: JavaScript1.2
Found and removed: JavaScript1.2 Author
Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}
Found and removed: Software\Classes\JavaPlugin.160_07
Found and removed: Software\Classes\JavaPlugin.160_20
Found and removed: Software\JavaSoft\Java Update
Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_04
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_20
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\JavaPlugin
Found and removed: SOFTWARE\Classes\JavaPlugin.160_07
Found and removed: SOFTWARE\Classes\JavaPlugin.160_20
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_20
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_20
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_20
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Jan 28 21:02:00 2011
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
------------------------------------
Finished reporting.
et le bloc notes Delfix:
# DelFix v7.1 - Rapport créé le 28/01/2011 à 22:29
# Mis à jour le 16/01/11 à 15h30 par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Nom d'utilisateur : Laurent - LHASSID (Administrateur)
# Exécuté depuis : C:\Documents and Settings\Laurent\Bureau\DelFix.exe
# Option [Suppression]
~~~~~~ Dossier(s) ~~~~~~
-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\_OTM
Supprimé : C:\Lop SD
Supprimé : C:\RSIT
Supprimé : C:\tdsskiller
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\Program Files\SEAF
Supprimé : C:\Program Files\trend micro\Hijackthis
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hijackthis
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\Documents and Settings\Laurent\Bureau\LAW.exe <-- Combofix
Supprimé : C:\ComboFix.txt
Supprimé : C:\lopR.txt
Supprimé : C:\TDSSKiller.2.4.15.0_24.01.2011_03.31.35_log.txt
Supprimé : C:\ZHPExportRegistry-27-01-2011-21-46-33.txt
Supprimé : C:\JavaRa.log
Supprimé : C:\WINDOWS\grep.exe
Supprimé : C:\WINDOWS\PEV.exe
Supprimé : C:\WINDOWS\NIRCMD.exe
Supprimé : C:\WINDOWS\MBR.exe
Supprimé : C:\WINDOWS\sed.exe
Supprimé : C:\WINDOWS\SWREG.exe
Supprimé : C:\WINDOWS\SWSC.exe
Supprimé : C:\WINDOWS\SWXCACLS.exe
Supprimé : C:\WINDOWS\zip.exe
Supprimé : C:\Documents and Settings\Laurent\Bureau\ZHPDiag.txt
Supprimé : C:\Documents and Settings\Laurent\Bureau\ZHPFixReport.txt
Supprimé : C:\Documents and Settings\Laurent\Bureau\OneClick2RP.exe
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\OldTimer Tools
Clé Supprimée : HKLM\Software\TrendMicro
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SEAF
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~~~~~~ Autre ~~~~~~
-> BitDefender Online Scanner ... Désinstallé avec succès
########## EOF - "C:\DelFixSuppr.txt" - [2523 octets] ##########
# DelFix v7.1 - Rapport créé le 28/01/2011 à 22:29
# Mis à jour le 16/01/11 à 15h30 par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Nom d'utilisateur : Laurent - LHASSID (Administrateur)
# Exécuté depuis : C:\Documents and Settings\Laurent\Bureau\DelFix.exe
# Option [Suppression]
~~~~~~ Dossier(s) ~~~~~~
-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\_OTM
Supprimé : C:\Lop SD
Supprimé : C:\RSIT
Supprimé : C:\tdsskiller
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\Program Files\SEAF
Supprimé : C:\Program Files\trend micro\Hijackthis
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hijackthis
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\Documents and Settings\Laurent\Bureau\LAW.exe <-- Combofix
Supprimé : C:\ComboFix.txt
Supprimé : C:\lopR.txt
Supprimé : C:\TDSSKiller.2.4.15.0_24.01.2011_03.31.35_log.txt
Supprimé : C:\ZHPExportRegistry-27-01-2011-21-46-33.txt
Supprimé : C:\JavaRa.log
Supprimé : C:\WINDOWS\grep.exe
Supprimé : C:\WINDOWS\PEV.exe
Supprimé : C:\WINDOWS\NIRCMD.exe
Supprimé : C:\WINDOWS\MBR.exe
Supprimé : C:\WINDOWS\sed.exe
Supprimé : C:\WINDOWS\SWREG.exe
Supprimé : C:\WINDOWS\SWSC.exe
Supprimé : C:\WINDOWS\SWXCACLS.exe
Supprimé : C:\WINDOWS\zip.exe
Supprimé : C:\Documents and Settings\Laurent\Bureau\ZHPDiag.txt
Supprimé : C:\Documents and Settings\Laurent\Bureau\ZHPFixReport.txt
Supprimé : C:\Documents and Settings\Laurent\Bureau\OneClick2RP.exe
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\OldTimer Tools
Clé Supprimée : HKLM\Software\TrendMicro
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SEAF
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~~~~~~ Autre ~~~~~~
-> BitDefender Online Scanner ... Désinstallé avec succès
########## EOF - "C:\DelFixSuppr.txt" - [2523 octets] ##########