infection supprimée ? Résolu/Fermé

Question

Bonjour, 

Je me suis aperçu que mon pc ramait vraiment. J'étais tranquillement sur nygmatick.com (site sûr !), quand Microsoft Security Essentials m'alerte d'un virus (trojan). Bon, il me dit qu'il l'a nettoyé... Je vous en renseigne plus : 

"TrojanDownloader:Win32/VB.CE | Niveau d'alerte : Grave |Date : 14/02/2011 19:43 |Action effectuée : Mise en quarantaine"

Configuration: {Ordinateur Portable} MS Windows 7 Home Premium 32-bits en dualboot avec Ubuntu 10.04 lts
Intel Celeron CPU 900 @ 2.20GHz, 3,0GB RAM, Mobile Intel 4 Series Express Chipset Family

gen-hackman · Answer

salut

Télécharge ici :OTL

&#9654 enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant tous les utilisateurs

&#9654 règle age du fichier sur "60 jours"

&#9654 dans les 6 onglets de la moitié gauche , mets tout sur "tous"

ne modifie pas ceci : 

"fichiers créés" et "fichiers Modifiés" 

&#9654Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM (il est trop long)

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

gen-hackman · Answer

clearcloud ? c'est quoi ?

sorcierinfernal · Answer

C'est bon ! 

-OTL.txt
-Extras.txt

J'en ai profité pour brancher mon DD externe

sorcierinfernal · Answer

Mince je viens de m'aperçevoir que l'age du fichier n'est pas bon ! Je recommence ?

gen-hackman · Answer

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\ __________________________________________________________ >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.< >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<< ===================================================== ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur Telecharge ici : Combofix Avant d'utiliser ComboFix : Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système. La simple désactivation du résident n'est pas suffisante. Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover Choisis la version adéquate (32 ou 64 bits)/!\ Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement : ▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau ▶ Lance le Une fenêtre apparait : clique sur "Disable" ▶ Fais redémarrer l'ordinateur si l'outil te le demande Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable" _________________________________________________________ >> referme les fenêtres de tous les programmes en cours. >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, >>la protection en temps réel de ton Antivirus et de tes Antispywares, >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° si tu as XP => double clique si tu as Vista ou windows 7 => clic droit "executer en tant que...." sur combofix renommé ¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤ ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!! ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

sorcierinfernal · Answer

Et bien, je ne suis pas venu pour rien =p

ComboFix 11-02-13.04 - gabriel 14/02/2011  21:00:38.1.1 - x86
Lancé depuis: c:\users\gabriel\Desktop\Gabriel.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\muzapp.exe
c:\windows\system32\skinboxer43.dll
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll

----- BITS: Il y a peut-être des sites infectés -----

hxxp://apnmedia.ask.com
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-01-14 au 2011-02-14  ))))))))))))))))))))))))))))))))))))
.

2011-02-14 20:10 . 2011-02-14 20:10	--------	d-----w-	c:\users\Sandra\AppData\Local	emp
2011-02-14 19:52 . 2011-02-14 19:52	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\MpKsl30983519.sys
2011-02-14 18:41 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\mpengine.dll
2011-02-13 15:15 . 2011-02-13 15:15	134464	----a-w-	c:\windows\system32\LnkProtect.dll
2011-02-10 12:17 . 2011-02-10 12:17	--------	d-----w-	c:\users\gabriel\AppData\Local\#N
2011-02-10 12:15 . 2011-02-10 12:16	--------	d-----w-	c:\users\gabriel\AppData\Roaming\Doodle_Jump_PC
2011-02-10 12:14 . 2011-02-10 12:14	--------	d-----w-	c:\program files\Doodle Jump
2011-02-10 12:12 . 2011-02-10 12:12	--------	d-----w-	c:\program files\Microsoft XNA
2011-02-10 10:10 . 2011-01-05 03:37	2329088	----a-w-	c:\windows\system32\win32k.sys
2011-02-10 10:06 . 2010-12-18 05:29	541184	----a-w-	c:\windows\system32\kerberos.dll
2011-02-10 09:56 . 2011-01-05 05:37	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-02-10 09:54 . 2010-12-18 05:29	860160	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2011-02-10 09:54 . 2010-12-18 05:33	673040	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2011-02-10 09:53 . 2010-12-18 05:29	44544	----a-w-	c:\windows\system32\licmgr10.dll
2011-02-10 09:53 . 2010-12-18 05:29	163328	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2011-02-10 09:53 . 2010-12-18 04:20	386048	----a-w-	c:\windows\system32\html.iec
2011-02-10 09:53 . 2010-12-18 03:47	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-02-10 09:51 . 2011-01-07 05:33	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-02-10 09:51 . 2011-01-07 07:27	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-02-10 09:51 . 2010-10-27 04:40	1289536	----a-w-	c:\windows\system32
tdll.dll
2011-02-10 09:51 . 2010-10-27 04:43	3901824	----a-w-	c:\windows\system32
toskrnl.exe
2011-02-10 09:51 . 2010-10-27 04:43	3957120	----a-w-	c:\windows\system32
tkrnlpa.exe
2011-02-10 09:49 . 2010-12-21 05:38	204288	----a-w-	c:\windows\system32\upnp.dll
2011-02-10 09:48 . 2010-12-21 05:36	1389568	----a-w-	c:\windows\system32\msxml6.dll
2011-02-10 09:48 . 2010-12-21 05:38	981504	----a-w-	c:\windows\system32\wininet.dll
2011-02-10 09:48 . 2010-12-21 05:36	1236992	----a-w-	c:\windows\system32\msxml3.dll
2011-02-10 09:48 . 2010-12-21 05:38	350720	----a-w-	c:\windows\system32\winhttp.dll
2011-02-10 09:48 . 2010-12-21 05:38	204800	----a-w-	c:\windows\system32\WebClnt.dll
2011-02-10 09:48 . 2010-12-21 05:34	80384	----a-w-	c:\windows\system32\davclnt.dll
2011-02-10 09:48 . 2010-12-21 05:38	51200	----a-w-	c:\windows\system32\wscapi.dll
2011-02-10 09:48 . 2010-12-21 05:38	14336	----a-w-	c:\windows\system32\slwga.dll
2011-02-10 09:48 . 2010-12-21 05:38	73728	----a-w-	c:\windows\system32\wscsvc.dll
2011-02-10 09:48 . 2011-02-03 05:45	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-08 19:30 . 2010-07-27 15:13	27136	----a-w-	c:\program files\Mozilla Firefox\plugins
pijjiautoinstallpluginff.dll
2011-02-08 19:30 . 2010-03-24 15:57	713312	----a-w-	c:\windows\system32\ijjiSetup.exe
2011-02-08 19:30 . 2010-03-24 15:56	62048	----a-w-	c:\windows\system32\ijjiProcessRestarter.exe
2011-02-08 19:30 . 2011-02-09 15:37	--------	d-----w-	c:\program files\REACTOR
2011-02-07 18:26 . 2011-02-07 20:28	--------	d-----w-	C:\UsbFix
2011-02-06 20:38 . 2011-01-29 16:00	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-02-06 20:31 . 2011-01-31 01:01	87340080	----a-w-	c:\users\gabriel\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
2011-02-06 19:36 . 2011-02-06 19:47	53248	----a-w-	c:\windows\fados.exe
2011-02-06 19:31 . 2011-02-06 19:31	--------	d-----w-	c:\program files\Common Files\Atlence
2011-02-03 17:49 . 2011-02-03 17:49	--------	d-----w-	c:\users\gabriel\AppData\Roaming\Synaptics
2011-02-02 19:19 . 2011-02-02 19:19	--------	d-----w-	c:\programdata\Synaptics
2011-02-02 19:04 . 2010-10-29 11:31	120104	----a-w-	c:\windows\system32\SynTPCo4.dll
2011-02-02 19:04 . 2009-08-07 07:49	1461992	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2011-02-02 19:04 . 2010-10-29 11:30	218408	----a-w-	c:\windows\system32\SynCtrl.dll
2011-02-02 19:04 . 2010-10-29 11:30	173352	----a-w-	c:\windows\system32\SynCOM.dll
2011-02-02 19:04 . 2010-10-29 11:31	165160	----a-w-	c:\windows\system32\SynTPAPI.dll
2011-02-02 19:04 . 2010-10-29 11:32	1317552	----a-w-	c:\windows\system32\drivers\SynTP.sys
2011-02-02 15:48 . 2011-02-06 19:51	--------	d-----w-	c:\program files\Doblon
2011-01-30 20:32 . 2011-01-31 19:00	--------	d-----w-	c:\program files\Keyboard Logger
2011-01-30 20:32 . 2011-01-30 20:32	--------	d-----w-	c:\programdata\Keyboard Logger
2011-01-30 20:24 . 2011-01-30 20:24	--------	d-----w-	c:\users\gabriel\AppData\Roaming\Zabersoft
2011-01-30 20:24 . 2011-01-30 20:24	--------	d-----w-	c:\programdata\Zabersoft
2011-01-30 20:24 . 2011-01-30 20:24	--------	d-----w-	c:\program files\PimpFish
2011-01-30 16:59 . 2011-01-30 17:09	--------	d-----w-	C:\BuilderProjects
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Mozilla Firefox\plugins
ppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Internet Explorer\PLUGINS
ppdf32.dll
2011-01-29 22:16 . 2011-01-29 22:16	30056	----a-w-	c:\windows\system32\MASetupCleaner.exe
2011-01-29 10:22 . 2008-10-20 10:31	41216	----a-w-	c:\windows\system32\drivers\Capt905c.sys
2011-01-29 10:22 . 2008-10-20 10:30	26496	----a-w-	c:\windows\system32\drivers\Camd905c.sys
2011-01-29 10:22 . 2011-01-29 10:23	--------	d-----w-	c:\program files\MyDSC2
2011-01-26 13:48 . 2004-01-09 09:54	188416	----a-w-	c:\windows\system32\actsplash.ocx
2011-01-26 13:48 . 2004-01-07 23:43	253952	----a-w-	c:\windows\system32\histogram.ocx
2011-01-26 11:46 . 2010-11-30 09:43	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10DEDD39-BB68-4859-9D16-5F52E6029621}\gapaengine.dll
2011-01-26 08:21 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-26 08:21 . 2011-01-26 08:22	--------	d-----w-	c:\program files\Microsoft Security Client
2011-01-26 08:20 . 2010-04-09 07:24	240008	----a-w-	c:\windows\system32\drivers
etio.sys
2011-01-23 20:02 . 2011-01-24 18:18	--------	d-----w-	c:\program files\GtkRadiant 1.5.0
2011-01-23 15:02 . 2011-02-06 16:17	--------	d-----w-	c:\users\gabriel\AppData\Local\PBlackout
2011-01-19 15:00 . 2011-02-02 16:09	--------	d-----w-	c:\users\gabriel\AppData\Local\Paint.NET
2011-01-19 14:21 . 2011-01-19 14:21	--------	d-----w-	c:\program files\FileZilla FTP Client
2011-01-17 20:14 . 2011-01-17 20:14	--------	d-----w-	c:\program files\Notepad++
2011-01-15 21:12 . 2010-10-19 08:10	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-07 18:35 . 2011-02-07 18:35	8678	----a-w-	C:\UsbFix_Upload_Me_GABRIEL-TOSH.zip
2011-01-13 11:13 . 2010-06-01 18:00	285480	----a-w-	c:\windows\system32\guard32.dll
2011-01-13 11:13 . 2010-06-01 18:00	80064	----a-w-	c:\windows\system32\drivers\inspect.sys
2011-01-13 11:13 . 2010-06-01 18:00	35768	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-01-13 11:13 . 2010-06-01 18:00	17256	----a-w-	c:\windows\system32\drivers\cmderd.sys
2011-01-13 11:13 . 2010-06-04 10:55	236600	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-01-13 09:41 . 2010-10-16 10:28	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-31 17:20 . 2009-07-14 02:05	152064	----a-w-	c:\windows\system32\msclmd.dll
2010-12-23 15:43 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCAM_WDM03.sys
2010-12-23 15:43 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCAM_WDM02.sys
2010-12-23 15:42 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCam_WDM01.sys
2010-12-23 15:42 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCam_WDM.sys
2010-12-23 10:09 . 2009-09-04 08:36	53248	----a-w-	c:\windows\system32\CSVer.dll
2010-12-20 17:09 . 2010-06-29 07:28	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-06-29 07:28	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-20 11:03 . 2010-03-29 17:56	436792	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-12-18 17:19 . 2010-03-31 07:18	499712	----a-w-	c:\windows\system32\msvcp71.dll
2010-12-18 17:19 . 2010-03-31 07:18	348160	----a-w-	c:\windows\system32\msvcr71.dll
2010-12-10 17:29 . 2010-12-10 17:29	64864	----a-w-	c:\windows\system32\sqlctr90.dll
2010-12-10 17:29 . 2010-12-10 17:29	2248032	----a-w-	c:\windows\system32\sqlncli.dll
2010-11-29 18:58 . 2010-11-29 18:58	16968	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-11-28 12:44 . 2010-11-28 12:44	164352	----a-w-	c:\windows\system32\SpoonUninstall.exe
2010-11-24 19:05 . 2010-11-24 19:05	27632	----a-w-	c:\windows\system32\drivers\seehcri.sys
2010-11-24 19:04 . 2010-11-24 19:04	25512	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2010-11-24 19:04 . 2010-11-24 19:04	13224	----a-w-	c:\windows\system32\drivers\ggflt.sys
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-01-24 2200376]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]
"C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-02-10 994872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe  -osboot" [X]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-21 2548552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\G:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
backup=c:\windows\pss\Scrybe.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run]
2011-02-10 03:14	994872	----a-w-	c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 14:00	199680	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
2010-11-24 09:47	108344	----a-w-	c:\program files\Glary Utilities\memdefrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16	1820040	----a-w-	d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08	963976	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47	4240760	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-12-18 17:19	274608	----a-w-	c:\program files\Real\RealPlayer\Updateealsched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"Google Update"="c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OBealsched.exe"  -osboot
"SmartFaceVWatcher"=%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
"TkBellExe"="c:\program files\Real\RealPlayer\updateealsched.exe"  -osboot
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R1 MpKsl8805db57;MpKsl8805db57;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsl8805db57.sys [x]
R1 MpKsld88f92b6;MpKsld88f92b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC1E1FC7-9966-4CDF-9A10-3D2F1243146C}\MpKsld88f92b6.sys [x]
R1 MpKsle8162d77;MpKsle8162d77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsle8162d77.sys [x]
R1 MpKslf2fef066;MpKslf2fef066;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E061F170-3A19-4D84-B5B5-50C8CDCA7727}\MpKslf2fef066.sys [x]
R1 MpKslfb85e415;MpKslfb85e415;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKslfb85e415.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;h:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-11-24 13224]
R3 MailScan;MailScan; [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\Drivers\PMUSB.sys [2004-11-25 18944]
R3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-03-05 13440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver; [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS	eamviewervpn.sys [2010-03-11 25088]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
R3 VBoxNetFlt;VBoxNetFlt Service; [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-10-08 31888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1343400]
R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-01-24 310640]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-20 436792]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-13 236600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-13 35768]
S1 MpKsl30983519;MpKsl30983519;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\MpKsl30983519.sys [2011-02-14 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2008-01-11 13696]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 ScrybeUpdater;Programme de mise à jour de Scrybe;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2010-08-03 1294848]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERSdpdispm.sys [2010-09-22 15488]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-09-20 279656]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-11-24 27632]
S3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [2010-12-23 106208]
S3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\DRIVERS\VCam_WDM01.sys [2010-12-23 106208]
S3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\DRIVERS\VCAM_WDM02.sys [2010-12-23 106208]
S3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\DRIVERS\VCAM_WDM03.sys [2010-12-23 106208]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - MPKSL30983519

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000Core.job
- c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000UA.job
- c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = localhost:8118
IE: &Envoyer à OneNote - /105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
IE: Rechercher avec &Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Traduire la page avec Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: Visualiser l'ancienne version sur &archives.org - c:\programdata\TuneUp Software\TuneUp Utilities\Web	uarch.htm
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
FF - ProfilePath - c:\users\gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\jhdhd9yz.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,4d,00,11,ad,23,d7,c6,c7,d3,e1,b2,17,28,9c,0f,c9,bc,5f,c7,aa,
   f8,d4,11,3b,23,6f,d0,87,1f,7e,13,fc,56,7f,47,1b,41,5e,ee,46,8c,db,73,99,8b,\
"rkeysecu"=hex:a8,3b,2d,c8,54,89,92,f1,13,dc,21,e3,9b,68,56,fd

[HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):93,62,77,2f,0b,6f,d6,ac,83,15,77,37,52,d5,f9,99,57,a5,a4,96,7a,
   8a,51,05,a8,97,0b,79,04,53,5e,d8,28,f1,b5,96,6f,3e,2c,2d,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{db7bbf4c-27ee-4689-bd45-b6ee8bac47fd}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000016c
"Therad"=dword:0000000c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\guard32.dll
.
Heure de fin: 2011-02-14  21:16:41
ComboFix-quarantined-files.txt  2011-02-14 20:16

Avant-CF: 65 233 690 624 octets libres
Après-CF: 64 845 873 152 octets libres

- - End Of File - - 5FC59CC40447494312AE1A4C20246394

sorcierinfernal · Answer

ComboFix 11-02-13.04 - gabriel 14/02/2011  21:00:38.1.1 - x86
Lancé depuis: c:\users\gabriel\Desktop\Gabriel.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\muzapp.exe
c:\windows\system32\skinboxer43.dll
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll

----- BITS: Il y a peut-être des sites infectés -----

hxxp://apnmedia.ask.com
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-01-14 au 2011-02-14  ))))))))))))))))))))))))))))))))))))
.

2011-02-14 20:10 . 2011-02-14 20:10	--------	d-----w-	c:\users\Sandra\AppData\Local	emp
2011-02-14 19:52 . 2011-02-14 19:52	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\MpKsl30983519.sys
2011-02-14 18:41 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\mpengine.dll
2011-02-13 15:15 . 2011-02-13 15:15	134464	----a-w-	c:\windows\system32\LnkProtect.dll
2011-02-10 12:17 . 2011-02-10 12:17	--------	d-----w-	c:\users\gabriel\AppData\Local\#N
2011-02-10 12:15 . 2011-02-10 12:16	--------	d-----w-	c:\users\gabriel\AppData\Roaming\Doodle_Jump_PC
2011-02-10 12:14 . 2011-02-10 12:14	--------	d-----w-	c:\program files\Doodle Jump
2011-02-10 12:12 . 2011-02-10 12:12	--------	d-----w-	c:\program files\Microsoft XNA
2011-02-10 10:10 . 2011-01-05 03:37	2329088	----a-w-	c:\windows\system32\win32k.sys
2011-02-10 10:06 . 2010-12-18 05:29	541184	----a-w-	c:\windows\system32\kerberos.dll
2011-02-10 09:56 . 2011-01-05 05:37	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-02-10 09:54 . 2010-12-18 05:29	860160	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2011-02-10 09:54 . 2010-12-18 05:33	673040	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2011-02-10 09:53 . 2010-12-18 05:29	44544	----a-w-	c:\windows\system32\licmgr10.dll
2011-02-10 09:53 . 2010-12-18 05:29	163328	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2011-02-10 09:53 . 2010-12-18 04:20	386048	----a-w-	c:\windows\system32\html.iec
2011-02-10 09:53 . 2010-12-18 03:47	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-02-10 09:51 . 2011-01-07 05:33	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-02-10 09:51 . 2011-01-07 07:27	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-02-10 09:51 . 2010-10-27 04:40	1289536	----a-w-	c:\windows\system32
tdll.dll
2011-02-10 09:51 . 2010-10-27 04:43	3901824	----a-w-	c:\windows\system32
toskrnl.exe
2011-02-10 09:51 . 2010-10-27 04:43	3957120	----a-w-	c:\windows\system32
tkrnlpa.exe
2011-02-10 09:49 . 2010-12-21 05:38	204288	----a-w-	c:\windows\system32\upnp.dll
2011-02-10 09:48 . 2010-12-21 05:36	1389568	----a-w-	c:\windows\system32\msxml6.dll
2011-02-10 09:48 . 2010-12-21 05:38	981504	----a-w-	c:\windows\system32\wininet.dll
2011-02-10 09:48 . 2010-12-21 05:36	1236992	----a-w-	c:\windows\system32\msxml3.dll
2011-02-10 09:48 . 2010-12-21 05:38	350720	----a-w-	c:\windows\system32\winhttp.dll
2011-02-10 09:48 . 2010-12-21 05:38	204800	----a-w-	c:\windows\system32\WebClnt.dll
2011-02-10 09:48 . 2010-12-21 05:34	80384	----a-w-	c:\windows\system32\davclnt.dll
2011-02-10 09:48 . 2010-12-21 05:38	51200	----a-w-	c:\windows\system32\wscapi.dll
2011-02-10 09:48 . 2010-12-21 05:38	14336	----a-w-	c:\windows\system32\slwga.dll
2011-02-10 09:48 . 2010-12-21 05:38	73728	----a-w-	c:\windows\system32\wscsvc.dll
2011-02-10 09:48 . 2011-02-03 05:45	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-08 19:30 . 2010-07-27 15:13	27136	----a-w-	c:\program files\Mozilla Firefox\plugins
pijjiautoinstallpluginff.dll
2011-02-08 19:30 . 2010-03-24 15:57	713312	----a-w-	c:\windows\system32\ijjiSetup.exe
2011-02-08 19:30 . 2010-03-24 15:56	62048	----a-w-	c:\windows\system32\ijjiProcessRestarter.exe
2011-02-08 19:30 . 2011-02-09 15:37	--------	d-----w-	c:\program files\REACTOR
2011-02-07 18:26 . 2011-02-07 20:28	--------	d-----w-	C:\UsbFix
2011-02-06 20:38 . 2011-01-29 16:00	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-02-06 20:31 . 2011-01-31 01:01	87340080	----a-w-	c:\users\gabriel\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
2011-02-06 19:36 . 2011-02-06 19:47	53248	----a-w-	c:\windows\fados.exe
2011-02-06 19:31 . 2011-02-06 19:31	--------	d-----w-	c:\program files\Common Files\Atlence
2011-02-03 17:49 . 2011-02-03 17:49	--------	d-----w-	c:\users\gabriel\AppData\Roaming\Synaptics
2011-02-02 19:19 . 2011-02-02 19:19	--------	d-----w-	c:\programdata\Synaptics
2011-02-02 19:04 . 2010-10-29 11:31	120104	----a-w-	c:\windows\system32\SynTPCo4.dll
2011-02-02 19:04 . 2009-08-07 07:49	1461992	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2011-02-02 19:04 . 2010-10-29 11:30	218408	----a-w-	c:\windows\system32\SynCtrl.dll
2011-02-02 19:04 . 2010-10-29 11:30	173352	----a-w-	c:\windows\system32\SynCOM.dll
2011-02-02 19:04 . 2010-10-29 11:31	165160	----a-w-	c:\windows\system32\SynTPAPI.dll
2011-02-02 19:04 . 2010-10-29 11:32	1317552	----a-w-	c:\windows\system32\drivers\SynTP.sys
2011-02-02 15:48 . 2011-02-06 19:51	--------	d-----w-	c:\program files\Doblon
2011-01-30 20:32 . 2011-01-31 19:00	--------	d-----w-	c:\program files\Keyboard Logger
2011-01-30 20:32 . 2011-01-30 20:32	--------	d-----w-	c:\programdata\Keyboard Logger
2011-01-30 20:24 . 2011-01-30 20:24	--------	d-----w-	c:\users\gabriel\AppData\Roaming\Zabersoft
2011-01-30 20:24 . 2011-01-30 20:24	--------	d-----w-	c:\programdata\Zabersoft
2011-01-30 20:24 . 2011-01-30 20:24	--------	d-----w-	c:\program files\PimpFish
2011-01-30 16:59 . 2011-01-30 17:09	--------	d-----w-	C:\BuilderProjects
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Mozilla Firefox\plugins
ppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Internet Explorer\PLUGINS
ppdf32.dll
2011-01-29 22:16 . 2011-01-29 22:16	30056	----a-w-	c:\windows\system32\MASetupCleaner.exe
2011-01-29 10:22 . 2008-10-20 10:31	41216	----a-w-	c:\windows\system32\drivers\Capt905c.sys
2011-01-29 10:22 . 2008-10-20 10:30	26496	----a-w-	c:\windows\system32\drivers\Camd905c.sys
2011-01-29 10:22 . 2011-01-29 10:23	--------	d-----w-	c:\program files\MyDSC2
2011-01-26 13:48 . 2004-01-09 09:54	188416	----a-w-	c:\windows\system32\actsplash.ocx
2011-01-26 13:48 . 2004-01-07 23:43	253952	----a-w-	c:\windows\system32\histogram.ocx
2011-01-26 11:46 . 2010-11-30 09:43	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10DEDD39-BB68-4859-9D16-5F52E6029621}\gapaengine.dll
2011-01-26 08:21 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-26 08:21 . 2011-01-26 08:22	--------	d-----w-	c:\program files\Microsoft Security Client
2011-01-26 08:20 . 2010-04-09 07:24	240008	----a-w-	c:\windows\system32\drivers
etio.sys
2011-01-23 20:02 . 2011-01-24 18:18	--------	d-----w-	c:\program files\GtkRadiant 1.5.0
2011-01-23 15:02 . 2011-02-06 16:17	--------	d-----w-	c:\users\gabriel\AppData\Local\PBlackout
2011-01-19 15:00 . 2011-02-02 16:09	--------	d-----w-	c:\users\gabriel\AppData\Local\Paint.NET
2011-01-19 14:21 . 2011-01-19 14:21	--------	d-----w-	c:\program files\FileZilla FTP Client
2011-01-17 20:14 . 2011-01-17 20:14	--------	d-----w-	c:\program files\Notepad++
2011-01-15 21:12 . 2010-10-19 08:10	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-07 18:35 . 2011-02-07 18:35	8678	----a-w-	C:\UsbFix_Upload_Me_GABRIEL-TOSH.zip
2011-01-13 11:13 . 2010-06-01 18:00	285480	----a-w-	c:\windows\system32\guard32.dll
2011-01-13 11:13 . 2010-06-01 18:00	80064	----a-w-	c:\windows\system32\drivers\inspect.sys
2011-01-13 11:13 . 2010-06-01 18:00	35768	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-01-13 11:13 . 2010-06-01 18:00	17256	----a-w-	c:\windows\system32\drivers\cmderd.sys
2011-01-13 11:13 . 2010-06-04 10:55	236600	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-01-13 09:41 . 2010-10-16 10:28	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-31 17:20 . 2009-07-14 02:05	152064	----a-w-	c:\windows\system32\msclmd.dll
2010-12-23 15:43 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCAM_WDM03.sys
2010-12-23 15:43 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCAM_WDM02.sys
2010-12-23 15:42 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCam_WDM01.sys
2010-12-23 15:42 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCam_WDM.sys
2010-12-23 10:09 . 2009-09-04 08:36	53248	----a-w-	c:\windows\system32\CSVer.dll
2010-12-20 17:09 . 2010-06-29 07:28	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-06-29 07:28	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-20 11:03 . 2010-03-29 17:56	436792	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-12-18 17:19 . 2010-03-31 07:18	499712	----a-w-	c:\windows\system32\msvcp71.dll
2010-12-18 17:19 . 2010-03-31 07:18	348160	----a-w-	c:\windows\system32\msvcr71.dll
2010-12-10 17:29 . 2010-12-10 17:29	64864	----a-w-	c:\windows\system32\sqlctr90.dll
2010-12-10 17:29 . 2010-12-10 17:29	2248032	----a-w-	c:\windows\system32\sqlncli.dll
2010-11-29 18:58 . 2010-11-29 18:58	16968	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-11-28 12:44 . 2010-11-28 12:44	164352	----a-w-	c:\windows\system32\SpoonUninstall.exe
2010-11-24 19:05 . 2010-11-24 19:05	27632	----a-w-	c:\windows\system32\drivers\seehcri.sys
2010-11-24 19:04 . 2010-11-24 19:04	25512	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2010-11-24 19:04 . 2010-11-24 19:04	13224	----a-w-	c:\windows\system32\drivers\ggflt.sys
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-01-24 2200376]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]
"C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-02-10 994872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe  -osboot" [X]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-21 2548552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\G:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
backup=c:\windows\pss\Scrybe.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run]
2011-02-10 03:14	994872	----a-w-	c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 14:00	199680	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
2010-11-24 09:47	108344	----a-w-	c:\program files\Glary Utilities\memdefrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16	1820040	----a-w-	d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08	963976	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47	4240760	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-12-18 17:19	274608	----a-w-	c:\program files\Real\RealPlayer\Updateealsched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"Google Update"="c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OBealsched.exe"  -osboot
"SmartFaceVWatcher"=%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
"TkBellExe"="c:\program files\Real\RealPlayer\updateealsched.exe"  -osboot
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R1 MpKsl8805db57;MpKsl8805db57;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsl8805db57.sys [x]
R1 MpKsld88f92b6;MpKsld88f92b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC1E1FC7-9966-4CDF-9A10-3D2F1243146C}\MpKsld88f92b6.sys [x]
R1 MpKsle8162d77;MpKsle8162d77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsle8162d77.sys [x]
R1 MpKslf2fef066;MpKslf2fef066;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E061F170-3A19-4D84-B5B5-50C8CDCA7727}\MpKslf2fef066.sys [x]
R1 MpKslfb85e415;MpKslfb85e415;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKslfb85e415.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;h:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-11-24 13224]
R3 MailScan;MailScan; [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\Drivers\PMUSB.sys [2004-11-25 18944]
R3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-03-05 13440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver; [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS	eamviewervpn.sys [2010-03-11 25088]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
R3 VBoxNetFlt;VBoxNetFlt Service; [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-10-08 31888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1343400]
R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-01-24 310640]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-20 436792]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-13 236600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-13 35768]
S1 MpKsl30983519;MpKsl30983519;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\MpKsl30983519.sys [2011-02-14 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2008-01-11 13696]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 ScrybeUpdater;Programme de mise à jour de Scrybe;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2010-08-03 1294848]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERSdpdispm.sys [2010-09-22 15488]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-09-20 279656]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-11-24 27632]
S3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [2010-12-23 106208]
S3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\DRIVERS\VCam_WDM01.sys [2010-12-23 106208]
S3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\DRIVERS\VCAM_WDM02.sys [2010-12-23 106208]
S3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\DRIVERS\VCAM_WDM03.sys [2010-12-23 106208]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - MPKSL30983519

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000Core.job
- c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000UA.job
- c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = localhost:8118
IE: &Envoyer à OneNote - /105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
IE: Rechercher avec &Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Traduire la page avec Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: Visualiser l'ancienne version sur &archives.org - c:\programdata\TuneUp Software\TuneUp Utilities\Web	uarch.htm
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
FF - ProfilePath - c:\users\gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\jhdhd9yz.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,4d,00,11,ad,23,d7,c6,c7,d3,e1,b2,17,28,9c,0f,c9,bc,5f,c7,aa,
   f8,d4,11,3b,23,6f,d0,87,1f,7e,13,fc,56,7f,47,1b,41,5e,ee,46,8c,db,73,99,8b,\
"rkeysecu"=hex:a8,3b,2d,c8,54,89,92,f1,13,dc,21,e3,9b,68,56,fd

[HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):93,62,77,2f,0b,6f,d6,ac,83,15,77,37,52,d5,f9,99,57,a5,a4,96,7a,
   8a,51,05,a8,97,0b,79,04,53,5e,d8,28,f1,b5,96,6f,3e,2c,2d,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{db7bbf4c-27ee-4689-bd45-b6ee8bac47fd}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000016c
"Therad"=dword:0000000c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\guard32.dll
.
Heure de fin: 2011-02-14  21:16:41
ComboFix-quarantined-files.txt  2011-02-14 20:16

Avant-CF: 65 233 690 624 octets libres
Après-CF: 64 845 873 152 octets libres

- - End Of File - - 5FC59CC40447494312AE1A4C20246394

sorcierinfernal · Answer

Apparemment, je ne suis pas venu pour rien ;) a demain alors

gen-hackman · Answer

oui ce fichier va sauter :

C:\Windows\Fados.exe ainsi que d'autres :)

sorcierinfernal · Answer

Bon, me revoilà !! Ensuite ?

gen-hackman · Answer

hello __________________________________________________ =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <= =>il est fort déconseillé de le transposer sur un autre ordinateur !<= ---------------------------------------------------------------------------- Toujours avec toutes les protections désactivées, fais ceci : ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) : ---------------------------------------------------------- KillAll:: Domains:: File:: c:\windows\fados.exe DDS:: uInternet Settings,ProxyOverride = local uInternet Settings,ProxyServer = localhost:8118 Firefox:: FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} => NCH Toolbar RegLock:: [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\SecuROM\License information*] [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{db7bbf4c-27ee-4689-bd45-b6ee8bac47fd}] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] MBR:: ------------------------------------------------------------------ ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt ▶ Quitte le Bloc Notes ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu. ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

sorcierinfernal · Answer

Re

Bon, cela va faire 20 minutes que ComboFix reste sur la préparation du contre-rendu. Il a voulu que je fasse une mise à jour. J'ai accepté. Il a aussi redémarré mon pc

sorcierinfernal · Answer

ComboFix 11-02-15.01 - gabriel 15/02/2011  19:55:49.2.1 - x86
Lancé depuis: c:\users\gabriel\Desktop\Gabriel.exe
Commutateurs utilisés :: c:\users\gabriel\Desktop\CFScript.txt

FILE ::
"c:\windows\fados.exe"
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\fados.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-01-15 au 2011-02-15  ))))))))))))))))))))))))))))))))))))
.

2011-02-15 19:11 . 2011-02-15 19:11	--------	d-----w-	c:\users\Sandra\AppData\Local	emp
2011-02-15 19:11 . 2011-02-15 19:11	--------	d-----w-	c:\users\Default\AppData\Local	emp
2011-02-15 18:46 . 2011-02-15 18:53	--------	d-----w-	C:\Gabriel13940G
2011-02-15 17:56 . 2011-02-15 17:56	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BAF7791-EBBB-48C6-94C9-9ED7EDC63677}\MpKsl08af7f2a.sys
2011-02-14 20:17 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BAF7791-EBBB-48C6-94C9-9ED7EDC63677}\mpengine.dll
2011-02-13 15:15 . 2011-02-13 15:15	134464	----a-w-	c:\windows\system32\LnkProtect.dll
2011-02-10 12:17 . 2011-02-10 12:17	--------	d-----w-	c:\users\gabriel\AppData\Local\#N
2011-02-10 12:15 . 2011-02-10 12:16	--------	d-----w-	c:\users\gabriel\AppData\Roaming\Doodle_Jump_PC
2011-02-10 12:14 . 2011-02-10 12:14	--------	d-----w-	c:\program files\Doodle Jump
2011-02-10 12:12 . 2011-02-10 12:12	--------	d-----w-	c:\program files\Microsoft XNA
2011-02-10 10:10 . 2011-01-05 03:37	2329088	----a-w-	c:\windows\system32\win32k.sys
2011-02-10 10:06 . 2010-12-18 05:29	541184	----a-w-	c:\windows\system32\kerberos.dll
2011-02-10 09:56 . 2011-01-05 05:37	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-02-10 09:54 . 2010-12-18 05:29	860160	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2011-02-10 09:54 . 2010-12-18 05:33	673040	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2011-02-10 09:53 . 2010-12-18 05:29	44544	----a-w-	c:\windows\system32\licmgr10.dll
2011-02-10 09:53 . 2010-12-18 05:29	163328	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2011-02-10 09:53 . 2010-12-18 04:20	386048	----a-w-	c:\windows\system32\html.iec
2011-02-10 09:53 . 2010-12-18 03:47	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-02-10 09:51 . 2011-01-07 05:33	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-02-10 09:51 . 2011-01-07 07:27	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-02-10 09:51 . 2010-10-27 04:40	1289536	----a-w-	c:\windows\system32
tdll.dll
2011-02-10 09:51 . 2010-10-27 04:43	3901824	----a-w-	c:\windows\system32
toskrnl.exe
2011-02-10 09:51 . 2010-10-27 04:43	3957120	----a-w-	c:\windows\system32
tkrnlpa.exe
2011-02-10 09:49 . 2010-12-21 05:38	204288	----a-w-	c:\windows\system32\upnp.dll
2011-02-10 09:48 . 2010-12-21 05:36	1389568	----a-w-	c:\windows\system32\msxml6.dll
2011-02-10 09:48 . 2010-12-21 05:38	981504	----a-w-	c:\windows\system32\wininet.dll
2011-02-10 09:48 . 2010-12-21 05:36	1236992	----a-w-	c:\windows\system32\msxml3.dll
2011-02-10 09:48 . 2010-12-21 05:38	350720	----a-w-	c:\windows\system32\winhttp.dll
2011-02-10 09:48 . 2010-12-21 05:38	204800	----a-w-	c:\windows\system32\WebClnt.dll
2011-02-10 09:48 . 2010-12-21 05:34	80384	----a-w-	c:\windows\system32\davclnt.dll
2011-02-10 09:48 . 2010-12-21 05:38	51200	----a-w-	c:\windows\system32\wscapi.dll
2011-02-10 09:48 . 2010-12-21 05:38	14336	----a-w-	c:\windows\system32\slwga.dll
2011-02-10 09:48 . 2010-12-21 05:38	73728	----a-w-	c:\windows\system32\wscsvc.dll
2011-02-10 09:48 . 2011-02-03 05:45	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-08 19:30 . 2010-07-27 15:13	27136	----a-w-	c:\program files\Mozilla Firefox\plugins
pijjiautoinstallpluginff.dll
2011-02-08 19:30 . 2010-03-24 15:57	713312	----a-w-	c:\windows\system32\ijjiSetup.exe
2011-02-08 19:30 . 2010-03-24 15:56	62048	----a-w-	c:\windows\system32\ijjiProcessRestarter.exe
2011-02-08 19:30 . 2011-02-09 15:37	--------	d-----w-	c:\program files\REACTOR
2011-02-07 18:26 . 2011-02-07 20:28	--------	d-----w-	C:\UsbFix
2011-02-06 20:38 . 2011-01-29 16:00	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-02-06 20:31 . 2011-01-31 01:01	87340080	----a-w-	c:\users\gabriel\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
2011-02-06 19:31 . 2011-02-06 19:31	--------	d-----w-	c:\program files\Common Files\Atlence
2011-02-03 17:49 . 2011-02-03 17:49	--------	d-----w-	c:\users\gabriel\AppData\Roaming\Synaptics
2011-02-02 19:19 . 2011-02-02 19:19	--------	d-----w-	c:\programdata\Synaptics
2011-02-02 19:04 . 2010-10-29 11:31	120104	----a-w-	c:\windows\system32\SynTPCo4.dll
2011-02-02 19:04 . 2009-08-07 07:49	1461992	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2011-02-02 19:04 . 2010-10-29 11:30	218408	----a-w-	c:\windows\system32\SynCtrl.dll
2011-02-02 19:04 . 2010-10-29 11:30	173352	----a-w-	c:\windows\system32\SynCOM.dll
2011-02-02 19:04 . 2010-10-29 11:31	165160	----a-w-	c:\windows\system32\SynTPAPI.dll
2011-02-02 19:04 . 2010-10-29 11:32	1317552	----a-w-	c:\windows\system32\drivers\SynTP.sys
2011-02-02 15:48 . 2011-02-06 19:51	--------	d-----w-	c:\program files\Doblon
2011-01-30 20:32 . 2011-01-31 19:00	--------	d-----w-	c:\program files\Keyboard Logger
2011-01-30 20:32 . 2011-01-30 20:32	--------	d-----w-	c:\programdata\Keyboard Logger
2011-01-30 20:24 . 2011-01-30 20:24	--------	d-----w-	c:\users\gabriel\AppData\Roaming\Zabersoft
2011-01-30 20:24 . 2011-01-30 20:24	--------	d-----w-	c:\programdata\Zabersoft
2011-01-30 20:24 . 2011-01-30 20:24	--------	d-----w-	c:\program files\PimpFish
2011-01-30 16:59 . 2011-01-30 17:09	--------	d-----w-	C:\BuilderProjects
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Mozilla Firefox\plugins
ppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Internet Explorer\PLUGINS
ppdf32.dll
2011-01-29 22:16 . 2011-01-29 22:16	30056	----a-w-	c:\windows\system32\MASetupCleaner.exe
2011-01-29 10:22 . 2008-10-20 10:31	41216	----a-w-	c:\windows\system32\drivers\Capt905c.sys
2011-01-29 10:22 . 2008-10-20 10:30	26496	----a-w-	c:\windows\system32\drivers\Camd905c.sys
2011-01-29 10:22 . 2011-01-29 10:23	--------	d-----w-	c:\program files\MyDSC2
2011-01-26 13:48 . 2004-01-09 09:54	188416	----a-w-	c:\windows\system32\actsplash.ocx
2011-01-26 13:48 . 2004-01-07 23:43	253952	----a-w-	c:\windows\system32\histogram.ocx
2011-01-26 11:46 . 2010-11-30 09:43	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10DEDD39-BB68-4859-9D16-5F52E6029621}\gapaengine.dll
2011-01-26 08:21 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-26 08:21 . 2011-01-26 08:22	--------	d-----w-	c:\program files\Microsoft Security Client
2011-01-26 08:20 . 2010-04-09 07:24	240008	----a-w-	c:\windows\system32\drivers
etio.sys
2011-01-23 20:02 . 2011-01-24 18:18	--------	d-----w-	c:\program files\GtkRadiant 1.5.0
2011-01-23 15:02 . 2011-02-06 16:17	--------	d-----w-	c:\users\gabriel\AppData\Local\PBlackout
2011-01-19 15:00 . 2011-02-02 16:09	--------	d-----w-	c:\users\gabriel\AppData\Local\Paint.NET
2011-01-19 14:21 . 2011-01-19 14:21	--------	d-----w-	c:\program files\FileZilla FTP Client
2011-01-17 20:14 . 2011-01-17 20:14	--------	d-----w-	c:\program files\Notepad++

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-07 18:35 . 2011-02-07 18:35	8678	----a-w-	C:\UsbFix_Upload_Me_GABRIEL-TOSH.zip
2011-01-13 11:13 . 2010-06-01 18:00	285480	----a-w-	c:\windows\system32\guard32.dll
2011-01-13 11:13 . 2010-06-01 18:00	80064	----a-w-	c:\windows\system32\drivers\inspect.sys
2011-01-13 11:13 . 2010-06-01 18:00	35768	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-01-13 11:13 . 2010-06-01 18:00	17256	----a-w-	c:\windows\system32\drivers\cmderd.sys
2011-01-13 11:13 . 2010-06-04 10:55	236600	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-01-13 09:41 . 2010-10-16 10:28	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-31 17:20 . 2009-07-14 02:05	152064	----a-w-	c:\windows\system32\msclmd.dll
2010-12-23 15:43 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCAM_WDM03.sys
2010-12-23 15:43 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCAM_WDM02.sys
2010-12-23 15:42 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCam_WDM01.sys
2010-12-23 15:42 . 2011-01-08 18:32	106208	----a-w-	c:\windows\system32\drivers\VCam_WDM.sys
2010-12-23 10:09 . 2009-09-04 08:36	53248	----a-w-	c:\windows\system32\CSVer.dll
2010-12-20 17:09 . 2010-06-29 07:28	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-06-29 07:28	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-20 11:03 . 2010-03-29 17:56	436792	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-12-18 17:19 . 2010-03-31 07:18	499712	----a-w-	c:\windows\system32\msvcp71.dll
2010-12-18 17:19 . 2010-03-31 07:18	348160	----a-w-	c:\windows\system32\msvcr71.dll
2010-12-10 17:29 . 2010-12-10 17:29	64864	----a-w-	c:\windows\system32\sqlctr90.dll
2010-12-10 17:29 . 2010-12-10 17:29	2248032	----a-w-	c:\windows\system32\sqlncli.dll
2010-11-29 18:58 . 2010-11-29 18:58	16968	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-11-28 12:44 . 2010-11-28 12:44	164352	----a-w-	c:\windows\system32\SpoonUninstall.exe
2010-11-24 19:05 . 2010-11-24 19:05	27632	----a-w-	c:\windows\system32\drivers\seehcri.sys
2010-11-24 19:04 . 2010-11-24 19:04	25512	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2010-11-24 19:04 . 2010-11-24 19:04	13224	----a-w-	c:\windows\system32\drivers\ggflt.sys
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-01-24 2200376]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]
"C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-02-10 994872]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe  -osboot" [X]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-21 2548552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\G:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
backup=c:\windows\pss\Scrybe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run]
2011-02-10 03:14	994872	----a-w-	c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 14:00	199680	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
2010-11-24 09:47	108344	----a-w-	c:\program files\Glary Utilities\memdefrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16	1820040	----a-w-	d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08	963976	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47	4240760	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-12-18 17:19	274608	----a-w-	c:\program files\Real\RealPlayer\Updateealsched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"Google Update"="c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OBealsched.exe"  -osboot
"SmartFaceVWatcher"=%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
"TkBellExe"="c:\program files\Real\RealPlayer\updateealsched.exe"  -osboot
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R1 MpKsl8805db57;MpKsl8805db57;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsl8805db57.sys [x]
R1 MpKsld88f92b6;MpKsld88f92b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC1E1FC7-9966-4CDF-9A10-3D2F1243146C}\MpKsld88f92b6.sys [x]
R1 MpKsle8162d77;MpKsle8162d77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsle8162d77.sys [x]
R1 MpKslf2fef066;MpKslf2fef066;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E061F170-3A19-4D84-B5B5-50C8CDCA7727}\MpKslf2fef066.sys [x]
R1 MpKslfb85e415;MpKslfb85e415;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKslfb85e415.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;h:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-11-24 13224]
R3 MailScan;MailScan; [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\Drivers\PMUSB.sys [2004-11-25 18944]
R3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-03-05 13440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver; [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS	eamviewervpn.sys [2010-03-11 25088]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
R3 VBoxNetFlt;VBoxNetFlt Service; [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-10-08 31888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1343400]
R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-01-24 310640]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-20 436792]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-13 236600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-13 35768]
S1 MpKsl08af7f2a;MpKsl08af7f2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BAF7791-EBBB-48C6-94C9-9ED7EDC63677}\MpKsl08af7f2a.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2008-01-11 13696]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 ScrybeUpdater;Programme de mise à jour de Scrybe;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2010-08-03 1294848]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERSdpdispm.sys [2010-09-22 15488]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-09-20 279656]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-11-24 27632]
S3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [2010-12-23 106208]
S3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\DRIVERS\VCam_WDM01.sys [2010-12-23 106208]
S3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\DRIVERS\VCAM_WDM02.sys [2010-12-23 106208]
S3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\DRIVERS\VCAM_WDM03.sys [2010-12-23 106208]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2011-02-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000Core.job
- c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000UA.job
- c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: &Envoyer à OneNote - /105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
IE: Rechercher avec &Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Traduire la page avec Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: Visualiser l'ancienne version sur &archives.org - c:\programdata\TuneUp Software\TuneUp Utilities\Web	uarch.htm
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
FF - ProfilePath - c:\users\gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\jhdhd9yz.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
# Mozilla User Preferences
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
 */
FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,4d,00,11,ad,23,d7,c6,c7,d3,e1,b2,17,28,9c,0f,c9,bc,5f,c7,aa,
   f8,d4,11,3b,23,6f,d0,87,1f,7e,13,fc,56,7f,47,1b,41,5e,ee,46,8c,db,73,99,8b,\
"rkeysecu"=hex:a8,3b,2d,c8,54,89,92,f1,13,dc,21,e3,9b,68,56,fd
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(2320)
c:\windows\system32\guard32.dll
c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\conhost.exe
c:\windows\system32	askhost.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32	askhost.exe
c:\program files\SpywareGuard\sgmain.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Heure de fin: 2011-02-15  20:47:30 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-02-15 19:47
ComboFix2.txt  2011-02-14 20:16

Avant-CF: 64 877 703 168 octets libres
Après-CF: 65 066 004 480 octets libres

- - End Of File - - D665E5DE8BAB0B05BEE2FF867724A134

gen-hackman · Answer

re , tu connais ca  :

Doodle_Jump_PC

sorcierinfernal · Answer

Re, 

Oui, je connais ce jeu. C'est un pote qui me l'a filé par e-mail. 

Un virus :s ? 
La prochaine fois, y aura pas de prochaine fois.

gen-hackman · Answer

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)

&#9654 Télécharge ici :List_Kill'em

 et enregistre le sur ton bureau 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

&#9830 Executer List_Kill'em

une fois terminée , clic sur "terminer" 

choisis l'option Search

&#9654 laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95% à l'affichage "2nd Check", relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan

&#9654 Poste les rapports qui apparaitront sur ton bureau

&#9654&#9654&#9654 NE LES POSTE PAS SUR LE FORUM 

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/ 

&#9654 Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau 

&#9654 Clique sur Ouvrir. 

&#9654 Clique sur "Cliquez ici pour déposer le fichier". 

Un lien de cette forme : 

http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt 

est ajouté dans la page. 

&#9654 Copie ce lien dans ta réponse. 

&#9654 Fais de même avec more.txt qui se trouve sur ton bureau

sorcierinfernal · Answer

Hello ! 

Rapport 1
et ça pour more.txt

gen-hackman · Answer

tu as bien desactivé toutes tes protections avant le scan ?
pare-feu windows compris ?

sorcierinfernal · Answer

Bonjour !

Je reviens sans rapport car mon système à planté. J'ai eu un blue screen avec écrit un truc du genre : "Windows à crashé : Vérifiez si il reste assez d'espace sur le disque-sur, etc.... Vidange de la mémoire physique" il a planté quand 'était écrit : MBR a été correctement enregistré (écran blanc du logiciel) bon j'ai bien évidemment un rapport de windows...

Ce que j'ai trouvé "drole" c'est que mon pc à démarré au quart de tour

gen-hackman · Answer

ok reessaie en mode sans echec

sorcierinfernal · Answer

Re ! Le scan à été 3fois +vite en mode sans-échec.

List'em
et More !

Ouf ! Alors, sa avance ? ;p

gen-hackman · Answer

ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!

&#9654 Relance List&Kill'em,avec le raccourci sur ton bureau.

mais cette fois-ci :

&#9654 choisis l'option Tools puis Script

une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer

un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :


REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "TkBellExe"
ADD:"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "PowerdownAfterShutdown" /t REG_SZ /d 1
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}"      
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2E485DEF-0DB3-2C4B-60F2-D02006D0B1F2}"   
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8F875D1F-AF0E-196E-8D08-10CE08DFB5E9}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A41E52E5-51C7-F5A7-2B83-811105937945}"
REM:HKEY_CURRENT_USER\software\ImInstaller
REM:HKEY_LOCAL_MACHINE\software\ImInstaller
REM:HKEY_LOCAL_MACHINE\software\McAfeeInstaller
REM:HKEY_LOCAL_MACHINE\software\Norton
REM:HKEY_LOCAL_MACHINE\software\Symantec   
REM:HKEY_CURRENT_USER\software\Norton
KLOOK:HKEY_LOCAL_MACHINE\software\Zabersoft
REM:"HKEY_LOCAL_MACHINE\software\Safer Networking Limited"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "TCP Query User{39F09022-DCA2-45E2-8884-A490ECC429C3}C:\program files\dap\dap.exe"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "UDP Query User{6D9443BB-C40F-4B2B-8F33-2217BE7E8189}C:\program files\dap\dap.exe"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{3BC3C460-E228-40FB-BC30-09E6A667FD44}"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{C738FB2C-D319-4BD2-9C40-2963A8DBF0B0}"
SIGN:C:\Windows\System32\actskn43.ocx    
SIGN:C:\Windows\System32\MSLUR71.dll      
FILE:C:\Windows\System32	emp.000      
FILE:C:\Windows\System32	emp.001      
FILE:C:\Windows\System32	emp.002      
FILE:C:\Windows\System32	emp.003      
FILE:C:\Windows\System32	emp.004
FILE:C:\Windows\System32	emp.005
FILE:C:\Windows\System32	emp.006
FILE:C:\Windows\System32	emp.007
FILE:C:\Windows\System32	emp.008
FILE:C:\Windows\System32	emp.009
FILE:C:\Windows\System32	emp.00A
FILE:C:\Windows\System32	emp.00B
FILE:C:\Windows\System32	emp.00C
FILE:C:\Windows\System32	emp.00D
FILE:C:\Windows\System32	emp.00E      

&#9654 enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le

laisse travailler l'outil

&#9654 poste le resultat
 
&#9654 Ferme List_Kill'em

Note : le rapport est sur ton bureau : Script_(4 chiffres).txt

gen-hackman · Answer

ok

sorcierinfernal · Answer

Re bonjour !

List_Kill'em ne fonctionne plus... J'étais obligé de le supprimer à la rache (supprimer le dossier de fichiers) et quand j'essaie de le réinstaller : même erreur : "Windows ne parvien pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié... bla bla.."

Voila, je suis bien embêté maintenant !

gen-hackman · Answer

refais un scan OTL ?

-- 
G3?-?@¢??@?......Concepteur de List_Kill'em...

sorcierinfernal · Answer

Up svp :/ ;(

sorcierinfernal · Answer

C'est bon, sa marche ! COMODO bloquait en arrière plan... je fais ça

sorcierinfernal · Answer

Voici donc le rapport : ¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤ Processes : ¤¤¤¤¤¤¤¤¤¤ Added Keys : Added : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" : "PowerdownAfterShutdown" /t REG_SZ /d 1 ¤¤¤¤¤¤¤¤¤¤ Removed Keys : Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" : "TkBellExe" Deleted : HKEY_LOCAL_MACHINE\software\Safer Networking Limited Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "TCP Query User{39F09022-DCA2-45E2-8884-A490ECC429C3}C:\program files\dap\dap.exe" Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "UDP Query User{6D9443BB-C40F-4B2B-8F33-2217BE7E8189}C:\program files\dap\dap.exe" Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "{3BC3C460-E228-40FB-BC30-09E6A667FD44}" Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "{C738FB2C-D319-4BD2-9C40-2963A8DBF0B0}" ¤¤¤¤¤¤¤¤¤¤ Ports closed : ¤¤¤¤¤¤¤¤¤¤ File|Folder deleted : Deleted !! : C:\Windows\System32 emp.000 Deleted !! : C:\Windows\System32 emp.001 Deleted !! : C:\Windows\System32 emp.002 Deleted !! : C:\Windows\System32 emp.003 Deleted !! : C:\Windows\System32 emp.004 Deleted !! : C:\Windows\System32 emp.005 Deleted !! : C:\Windows\System32 emp.006 Deleted !! : C:\Windows\System32 emp.007 Deleted !! : C:\Windows\System32 emp.008 Deleted !! : C:\Windows\System32 emp.009 Deleted !! : C:\Windows\System32 emp.00A Deleted !! : C:\Windows\System32 emp.00B Deleted !! : C:\Windows\System32 emp.00C Deleted !! : C:\Windows\System32 emp.00D Deleted !! : C:\Windows\System32 emp.00E ¤¤¤¤¤¤¤¤¤¤ Drivers deleted : ¤¤¤¤¤¤¤¤¤¤ Object Restored : ¤¤¤¤¤¤¤¤¤¤ Folder List : ¤¤¤¤¤¤¤¤¤¤ Read File : ¤¤¤¤¤¤¤¤¤¤ Sign control : c:\windows\system32\actskn43.ocx: Verified: Unsigned File date: 02:07 15/05/2003 Publisher: Description: ActiveSkin Module Product: ActiveSkin Module Version: 4, 3, 0, 0 File version: 4, 3, 0, 0 Strong Name: Unsigned Original Name: actskn43.ocx Internal Name: ActiveSkin Copyright: Copyright (C) 2001-2002 SoftShape Development Comments: MD5: 958dd02d69dc43406810d62a607dfd1d SHA1: 8928b0bcd4ef25fed0e9809ea9c5fb14850fc34d SHA256: 5e6fbb1afff99f4b61f6ec281adafd46c8bc86bcd0550d5b59c873b8ecf48106 c:\windows\system32\MSLUR71.dll: Verified: Unsigned File date: 17:00 29/01/2011 Publisher: Sample Corporation Description: User-Generated Microsoft (R) C/C++ Runtime Library Product: Sample Application DLL Version: 7.10.0000 File version: 7.10.0000 Strong Name: Unsigned Original Name: _SAMPLE_.DLL Internal Name: _SAMPLE_.DLL Copyright: Copyright (C) Microsoft Corporation. Comments: n/a MD5: 958dd02d69dc43406810d62a607dfd1d SHA1: 8928b0bcd4ef25fed0e9809ea9c5fb14850fc34d SHA256: 5e6fbb1afff99f4b61f6ec281adafd46c8bc86bcd0550d5b59c873b8ecf48106 c:\windows\system32\MSLUR71.dll: Verified: Unsigned File date: 17:00 29/01/2011 Publisher: Sample Corporation Description: User-Generated Microsoft (R) C/C++ Runtime Library Product: Sample Application DLL Version: 7.10.0000 File version: 7.10.0000 MD5: 42fe78b9671fa5a7337883d15263c249 SHA1: bd02e73f8684247a535c3bed296731c56f4795df SHA256: 5577dbe8498713637541c9de21b021710dd5de68f9a13c589ec99a92409913fc ¤¤¤¤¤¤¤¤¤¤ Key Look : HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2d46b6dc-2207-486b-b523-a557e6d54b47} REG_SZ Internet Explorer ComponentID REG_SZ ClearIconCache IsInstalled REG_DWORD 1 (0x1) Locale REG_SZ * StubPath REG_SZ C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache Version REG_SZ 9,0,7930,16406 HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2e485def-0db3-2c4b-60f2-d02006d0b1f2} REG_SZ Java (Sun) ComponentID REG_SZ JAVAVM IsInstalled REG_DWORD 1 (0x1) Local REG_SZ EN Version REG_SZ 5,0,5000,0 HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8f875d1f-af0e-196e-8d08-10ce08dfb5e9} REG_SZ Microsoft Windows Media Player 12.0 ComponentID REG_SZ IsInstalled REG_DWORD 1 (0x1) Local REG_SZ EN Version REG_SZ 12,0,7600,16415 HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{a41e52e5-51c7-f5a7-2b83-811105937945} REG_SZ Internet Explorer ComponentID REG_SZ IEACCESS IsInstalled REG_DWORD 1 (0x1) Local REG_SZ EN Version REG_SZ 8,0,7600,17136 Error: Key: software\zabersoft does not exist! End at 21:38:37 ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤ Il m'a demandé d'accepter un truc, je l'ai fait...

gen-hackman · Answer

tu as bien fait :)

&#9654 Relance List_Kill'em,avec le raccourci sur ton bureau.

mais cette fois-ci :

&#9654 choisis l'Option Clean

&#9654&#9654&#9654 Ne clique qu'une seule fois sur le bouton !!

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

&#9654 colle le contenu dans ta reponse 

&#9654 envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr

sorcierinfernal · Answer

Voili voilou !

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤ 
 
 
Killed : PID 2732 'Msnmsgr.exe'
Killed : PID 2732 'Msnmsgr.exe'
Killed : PID 2044 'explorer.exe'
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

 
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1       localhost   

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	http://go.microsoft.com/fwlink/?LinkId=69157
Local Page	=         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	=         	http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL	=         	http://go.microsoft.com/fwlink/?LinkId=69157
Search Page	=         	http://go.microsoft.com/fwlink/?LinkId=54896

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	http://www.google.com/
Local Page	=         	C:\WINDOWS\system32\blank.htm
Search Page	=         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
cval	=      	0 (0x0) 
AntiVirusDisableNotify	=      	0 (0x0) 
FirewallDisableNotify	=      	0 (0x0) 
UpdatesDisableNotify	=      	0 (0x0) 
FirstRunDisabled	=      	1 (0x1) 
AntiVirusOverride	=      	0 (0x0) 
FirewallOverride	=      	0 (0x0) 
InternetSettingsDisableNotify	=      	0 (0x0) 
AutoUpdateDisableNotify	=      	0 (0x0) 
UacDisableNotify	=      	0 (0x0) 
AntispywareOverride	=      	0 (0x0) 
 
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

 Ndisuio -> Start = 3   
 EapHost -> Start = 2   
 Wlansvc -> Start = 2   
 SharedAccess -> Start = 2   
 windefend -> Start = 3   
 wuauserv -> Start = 2   
 wscsvc -> Start = 2   
 
 ¤¤¤¤¤¤¤¤¤¤ Winlogon
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 AutoRestartShell	=      	1 (0x1) 
 Shell	=         	explorer.exe 
 Userinit	=         	C:\Windows\System32\userinit.exe, 
 System	=         	 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FEATURE_BROWSER_EMULATION | svchost : 
====================================
 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: FUJITSU_ rev.0040 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Rapid Storage Technology driver 
1 ntkrnlpa!IofCallDriver[0x8388F448] -> \Device\Harddisk0\DR0[0x86521AC8]
3 CLASSPNP[0x845AD59E] -> ntkrnlpa!IofCallDriver[0x8388F448] -> \Device\Ide\IAAStorageDevice-1[0x86E3D028]
kernel: MBR read successfully
user & kernel MBR OK 


End of Scan : 14:56:35

 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

et le fichier .zip

gen-hackman · Answer

Fais analyser le(s) fichier(s) suivants sur Virustotal : 

Virus Total 

    *  * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse : 

C:\Users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe 
 
    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché. 
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page. 
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s)  dans ta prochaine réponse. 

Edit::

c'est toi qui as installé ca ? :

c:\program files\Keyboard Logger 
G3?-?@¢??@?......Concepteur de List_Kill'em...

sorcierinfernal · Answer

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: chrome.exe
Submission date: 2011-02-18 16:29:29 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community

not reviewed
 Safety score: - 
Compact
Print results 
Antivirus	Version	Last Update	Result
AhnLab-V3	2011.02.14.02	2011.02.14	-
AntiVir	7.11.3.140	2011.02.18	-
Antiy-AVL	2.0.3.7	2011.02.18	-
Avast	4.8.1351.0	2011.02.18	-
Avast5	5.0.677.0	2011.02.18	-
AVG	10.0.0.1190	2011.02.18	-
BitDefender	7.2	2011.02.18	-
CAT-QuickHeal	11.00	2011.02.18	-
ClamAV	0.96.4.0	2011.02.18	-
Commtouch	5.2.11.5	2011.02.18	-
Comodo	7732	2011.02.18	-
DrWeb	5.0.2.03300	2011.02.18	-
Emsisoft	5.1.0.2	2011.02.18	-
eSafe	7.0.17.0	2011.02.17	-
eTrust-Vet	36.1.8168	2011.02.18	-
F-Prot	4.6.2.117	2011.02.18	-
F-Secure	9.0.16160.0	2011.02.18	-
Fortinet	4.2.254.0	2011.02.18	-
GData	21	2011.02.18	-
Ikarus	T3.1.1.97.0	2011.02.18	-
Jiangmin	13.0.900	2011.02.18	-
K7AntiVirus	9.87.3898	2011.02.18	-
Kaspersky	7.0.0.125	2011.02.18	-
McAfee	5.400.0.1158	2011.02.18	-
McAfee-GW-Edition	2010.1C	2011.02.18	-
Microsoft	1.6502	2011.02.18	-
NOD32	5886	2011.02.18	-
Norman	6.07.03	2011.02.18	-
nProtect	2011-02-10.01	2011.02.15	-
Panda	10.0.3.5	2011.02.18	-
PCTools	7.0.3.5	2011.02.18	-
Prevx	3.0	2011.02.18	-
Rising	23.45.04.06	2011.02.18	-
Sophos	4.61.0	2011.02.18	-
SUPERAntiSpyware	4.40.0.1006	2011.02.18	-
Symantec	20101.3.0.103	2011.02.18	-
TheHacker	6.7.0.1.132	2011.02.17	-
TrendMicro	9.200.0.1012	2011.02.18	-
TrendMicro-HouseCall	9.200.0.1012	2011.02.15	-
VBA32	3.12.14.3	2011.02.18	-
VIPRE	8462	2011.02.18	-
ViRobot	   2011.2.18.4317	2011.02.18	-
VirusBuster	13.6.207.0	2011.02.18	-

Additional informationShow all
MD5   : de86d371b2517562e91905d104c186fc
SHA1  : abd41d4555916815c379e47cd2e3df6ab4afa22a
SHA256: 38b34bbccbfff55acb69231a88232f57cf6e73dd3b8f7cd550a63607fee61bc4
VT Community

sorcierinfernal · Answer

Up svp :'(

gen-hackman · Answer

refais OTL stp

désolé pour le temps mais je suis sur 3 os differents dans le meme pc donc pas dispo 24/24

sorcierinfernal · Answer

Otl.txt

Extras.txt

gen-hackman · Answer

telecharge ca :

http://www.teamxscript.org/too/Xplode/RstAssociations.exe

coche tout puis "OK"

=======================================

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !! 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:Services
Bonjour Service

:OTL
IE - HKU\S-1-5-21-3369345975-770697619-2869376061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/proxy.pac      
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present  
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found

:Reg

:Files
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34      
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05EE1EEF      

:commands
[emptytemp]
[start explorer]
[reboot]


&#9654 Clique sur "Correction" pour lancer la suppression.


&#9654 Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

sorcierinfernal · Answer

Scan d'OTL

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
========== REGISTRY ==========
========== FILES ==========
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: gabriel
->Temp folder emptied: 3382792 bytes
->Temporary Internet Files folder emptied: 5276295 bytes
->Java cache emptied: 102600 bytes
->FireFox cache emptied: 37345861 bytes
->Google Chrome cache emptied: 63688559 bytes
->Opera cache emptied: 272 bytes
->Flash cache emptied: 56973 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328057 bytes
->FireFox cache emptied: 97057306 bytes
->Flash cache emptied: 1506 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3234 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 198,00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02182011_212706

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Merci ! Tu as fait remarché mon Opera...

gen-hackman · Answer

en fait trompé :

c'est restaurer dans le premier logiciel :)

gen-hackman · Answer

non que ca :)

sorcierinfernal · Answer

OK je savais pas si il fallait que je mette le rapport ou pas :p..

RstAssociations v1.1 - Rapport créé le 18/02/2011 à 21:52
Mis à jour le 26/12/10 à 23h par Xplode
Système d'exploitation : Windows 7 Home Premium (32 bits) [version 6.1.7600] 
Nom d'utilisateur : gabriel - GABRIEL-TOSH (Administrateur)
Exécuté depuis : C:\Users\gabriel\Downloads\RstAssociations.exe

-> asf ... association de fichiers restaurée !
-> asx ... association de fichiers restaurée !
-> audioCD ... association de fichiers restaurée !
-> avi ... association de fichiers restaurée !
-> bat ... association de fichiers restaurée !
-> bmp ... association de fichiers restaurée !
-> cab ... association de fichiers restaurée !
-> chm ... association de fichiers restaurée !
-> cmd ... association de fichiers restaurée !
-> com ... association de fichiers restaurée !
-> cpl ... association de fichiers restaurée !
-> cur ... association de fichiers restaurée !
-> directory ... association de fichiers restaurée !
-> dll ... association de fichiers restaurée !
-> drive ... association de fichiers restaurée !
-> drvms ... association de fichiers restaurée !
-> eml ... association de fichiers restaurée !
-> exe ... association de fichiers restaurée !
-> folder ... association de fichiers restaurée !
-> gif ... association de fichiers restaurée !
-> hlp ... association de fichiers restaurée !
-> hta ... association de fichiers restaurée !
-> htm ... association de fichiers restaurée !
-> html ... association de fichiers restaurée !
-> ico ... association de fichiers restaurée !
-> img ... association de fichiers restaurée !
-> inf ... association de fichiers restaurée !
-> ini ... association de fichiers restaurée !
-> iso ... association de fichiers restaurée !
-> jpe ... association de fichiers restaurée !
-> jpeg ... association de fichiers restaurée !
-> jpg ... association de fichiers restaurée !
-> js ... association de fichiers restaurée !
-> libraryms ... association de fichiers restaurée !
-> lnk ... association de fichiers restaurée !
-> m3u ... association de fichiers restaurée !
-> mp3 ... association de fichiers restaurée !
-> mp4 ... association de fichiers restaurée !
-> mpa ... association de fichiers restaurée !
-> mpe ... association de fichiers restaurée !
-> mpeg ... association de fichiers restaurée !
-> mpg ... association de fichiers restaurée !
-> msc ... association de fichiers restaurée !
-> msi ... association de fichiers restaurée !
-> png ... association de fichiers restaurée !
-> reg ... association de fichiers restaurée !
-> rtf ... association de fichiers restaurée !
-> scr ... association de fichiers restaurée !
-> tif ... association de fichiers restaurée !
-> tiff ... association de fichiers restaurée !
-> txt ... association de fichiers restaurée !
-> url ... association de fichiers restaurée !
-> vbe ... association de fichiers restaurée !
-> vbs ... association de fichiers restaurée !
-> wma ... association de fichiers restaurée !
-> wmv ... association de fichiers restaurée !
-> wsf ... association de fichiers restaurée !
-> xml ... association de fichiers restaurée !
-> xps ... association de fichiers restaurée !
-> zip ... association de fichiers restaurée !

########## EOF - "C:\RstAssociations.txt" - [3326 octets] ##########

gen-hackman · Answer

fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


&#9654 Télécharge ici :

Malwarebytes  

&#9654 Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

&#9654 Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

&#9654 Lance Malwarebyte's .

Fais un examen dit "Complet" .

&#9654 Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
&#9654 à la fin tu cliques sur "résultat" .
&#9654 Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

&#9654 Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


&#9654 Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

gen-hackman · Answer

ok pense à mettre à jour avant

sorcierinfernal · Answer

Bon, apparemment sa a duré moins longtemps que prévu :p

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5804

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/02/2011 08:33:34  Gabiou 88
mbam-log-2011-02-19 (08-33-34).txt

Type d'examen: Examen complet (C:\|D:\|H:\|)
Elément(s) analysé(s): 426612
Temps écoulé: 2 heure(s), 39 minute(s), 23 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\list_kill'em\Upl.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\program files\e2eSoft\VCam\ffplugins\lumaedges.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

gen-hackman · Answer

hello encore des soucis ?

gen-hackman · Answer

un peu de menage devrait régler le souci :) Pour nettoyer les outils utilsés et mieux sécuriser ton pc -------------------------------------------------------------- Je t'invite à suivre ce tutoriel pour le final il inclut ♦ du nettoyage après desinfection ♦ des mises à jour pour combler des failles de securité de logiciels importants non mis à jour ▶ et enfin quelques conseils à suivre afin que la protection soit plus efficace __________________________________________________ Si nous avons utilisé Defogger et cliqué sur "disable" , tu peux le "reenable" __________________________________________________ ▶ Télécharge DelFix sur ton bureau. ▶ Lance le, tape suppression puis valide Patiente pendant le scan jusqu'à l'ouverture du rapport. ▶ Copie/Colle le contenu du rapport dans ta prochaine réponse. Note : Le rapport se trouve également sous C:\DelFix.txt tu peux le desinstaller ___________________________________________________ ▶ Télécharge :ATF Cleaner par Atribune Ferme tous tes navigateurs Double-clique (clic droit "en tant qu'administrateur" pour Vista) ATF-Cleaner.exe afin de lancer le programme. Sous l'onglet Main, choisis : Select All Clique sur le bouton Empty Selected Si tu utilises le navigateur Firefox : Clique Firefox au haut et choisis : Select All Clique le bouton Empty Selected a NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité. Si tu utilises le navigateur Opera : Clique Opera au haut et choisis : Select All Clique le bouton Empty Selected NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité. Clique Exit, du menu prinicipal, afin de fermer le programme. Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus. __________________________________________________ ▶ Tu peux garder ATF pour d'eventuels nettoyages un peu plus poussés __________________________________________________ ▶ Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) : * Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc.... * Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. * Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse * Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman) __________________________________________________ Attention : ne pas toucher au PC pendant qu'il travaille ! ▶ Nettoyage et Défragmentation de tes Disques *Nettoyage : Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" Cliques sur le bouton "nettoyage de disque", OK tu le fais pour chacun de tes disques ________________________________________________ *Vérifications des erreurs : Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" "Vérifier maintenant", une boîte s'ouvre, cocher les cases : -réparer automatiquement les erreurs... -rechercher et tenter une récupération... --->Démarrer, ok Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal tu le fais pour chacun de tes disques ________________________________________________ ensuite toujours dans le même onglet tu choisis : *Défragmentation : "défragmenter maintenant", OK une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK tu le fais pour chacun de tes disques _______________________________________________ Note : si tu as un utilitaire pour défragmenter , utilises le à la place pour ce faire Defraggler est proposé _________________________________________________ ▶ Peux-tu vérifier ta Console Java ? : et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version). voici pour desinstaller : JavaRa Décompresse le fichier sur le Bureau (Clic droit > Extraire tout). * Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa. * Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher). * Choisis Français puis clique sur Select. * Clique sur Recherche de mises à jour. * Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher. * Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes. * L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions. * Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK. * Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse. * Ferme l'application. Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log. _________________________________________________ ▶ Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure) et pense à decocher l'installation de McAfee proposée discrêtement __________________________________________________ ▶ Je te conseille si tu n en as pas , afin de mieux securiser ton pc , d'installer un parefeu : Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO https://www.commentcamarche.net/telecharger/securite/16545-online-armor-personal-firewall/ https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html https://forum.pcastuces.com/sujet.asp?f=25&s=35606 https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html https://manuelsdaide.com/contact/ http://www.open-files.com/forum/index.php?showtopic=29277 https://www.commentcamarche.net/telecharger/securite/24863-zonealarm/ ___________________________________________________ ▶ Tu peux aussi vider ta corbeille,quoi que Ccleaner le fasse tout seul _____________________________________________________ ▶ Si nous avons utilisé MalwareByte's Anti-Malware , vide sa quarantaine : * Lance le programme puis clique sur . * Sélectionne tous les éléments puis clique sur . * Quitte le programme. ______________________________________________________ ▶ si tu as installé Antivir : Configuration ________________________________________________________ ▶ Idem pour ton antivirus : vide sa quarantaine si ce n'est pas déjà fait ______________________________________________________ ▶ Désactive et réactive la restauration de système, pour cela : suis les instructions du lien : Lien XP Lien Vista ▶ Sitôt fait , recrées un point de restoration dit "sain" pour parer à quelques eventuels problêmes dans le futur ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quelques conseils et recommandations pour l'avenir : ▶ Passe un coup de MalwareByte's Anti-Malware de temps en temps (1 fois par semaine , suivant l'utilisation que tu fais de ton PC. ▶ Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser. * Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise)) _____________ ▶ Pour bien protéger ton PC : [1 seul Antivirus] + [1 seul Pare feu] + [Un bon Antispyware] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows et Windows live Messenger)] Je te conseille d'installer cette extension pour Firefox pour securiser ton surf : WOT Je te conseille d'installer cette extension pour Internet Explorer pour securiser ton surf : WOT PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect.... Les virus utilisent les failles de ton PC pour infecter un système à lire aussi Et ceci ▶ dans le souhait de vouloir desinstaller un antivirus au profit d'un autre , voici quelques liens : Desinstaller Avast Desinstaller BitDefender Desinstaller Norton Desinstaller Kaspersky Desinstaller AVG ou tout en un : Désinstallation Antivirus , Parefeu , Antispyware _____________ ▶ Si tu as Vista n'oublie pas de réactiver le controle des comptes des utilisateurs(UAC) ___________ ▶ Si tu as Spybot S&D et que nous avons desactive le "Tea-timer" tu peux le réactiver ___________ ▶ si nous avons affiché les fichiers cachés , n'oublies pas de les remettre en attribut "caché" ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage * - Décoche Afficher les fichiers et dossiers cachés * - coche Masquer les extensions des fichiers dont le type est connu * - coche Masquer les fichiers protégés du système d'exploitation (recommandé) ▶ clique sur Appliquer, puis OK. ____________ Voila, Bonne lecture, à bientot , une fois tout ceci fait, tu peux mettre le topic en resolu Bonne continuation et surtout , prudence et bon surf :)

sorcierinfernal · Answer

Delfix :

# DelFix v7.4 - Rapport créé le 19/02/2011 à 17:02
# Mis à jour le 09/02/11 à 23h par Xplode
# Système d'exploitation : Windows 7 Home Premium (32 bits) [version 6.1.7600] 
# Nom d'utilisateur : gabriel - GABRIEL-TOSH (Administrateur)
# Exécuté depuis : C:\Users\gabriel\Desktop\DelFix (1).exe
# Option [Suppression]


~~~~~~ Dossier(s) ~~~~~~

-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\USBFix
Supprimé : C:\_OTL
Supprimé : C:\Kill'em
Supprimé : C:\Program Files\List_Kill'em

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\Users\gabriel\Desktop\Gabriel.exe <-- Combofix
Supprimé : C:\ComboFix.txt
Supprimé : C:\List'em.txt
Supprimé : C:\UsbFix_Upload_Me_GABRIEL-TOSH.zip
Supprimé : C:\RstAssociations.txt
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\sed.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\zip.exe
Supprimé : C:\Users\gabriel\Desktop\List_Killem_Install.exe
Supprimé : C:\Users\gabriel\Desktop\ZHPDiag.txt
Supprimé : C:\Users\gabriel\Desktop\Kill'em.txt
Supprimé : C:\Users\gabriel\Desktop\More.txt
Supprimé : C:\Users\gabriel\Desktop\Script_1307 .txt
Supprimé : C:\Users\gabriel\Desktop\List_Kill'em.lnk
Supprimé : C:\Users\gabriel\Downloads\OTL.exe
Supprimé : C:\Users\gabriel\Downloads\OTL.Txt
Supprimé : C:\Users\gabriel\Downloads\otl4_htm.zip
Supprimé : C:\Users\gabriel\Downloads\otlv4_h.zip
Supprimé : C:\Users\gabriel\Downloads\UsbFix.exe
Supprimé : C:\Users\gabriel\Downloads\Extras.Txt
Supprimé : C:\Users\gabriel\Downloads\AD-R.exe
Supprimé : C:\Users\gabriel\Downloads\Defogger.exe
Supprimé : C:\Users\gabriel\Downloads\defogger_disable.log
Supprimé : C:\Users\gabriel\Downloads\RstAssociations.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfxxe
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\OldTimer Tools
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Autre ~~~~~~

-> Prefetch vidé

########## EOF - "C:\DelFixSuppr.txt" - [2545 octets] ##########

sorcierinfernal · Answer

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Feb 19 17:07:10 2011

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\JavaSoft\Java Update

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

------------------------------------

Finished reporting.

gen-hackman · Answer

oui fais bien tout le menage surtout

Infection supprimée ?

48 réponses

Discussions similaires