Ms removal tool virusRésolu/Fermé

Question

Bonjour, 

Mon ordinateur vient d'etre infecte par Ms removal tool virus. Sachant qu'un trojan windows security alerte avait deja infecte mon ordinateur quelque temps auparavant j'ai voulu lancer le meme processus. Or cette fois ci je ne controle plus rien. Je ne peux rien lancer!! Quelqu'un pourrait il m'aider? Merci d'avance!

Mat

gen-hackman · Answer

salut qu'essaies-tu de lancer comme programme ?

gen-hackman · Answer

renomme roguekiller en winlogon

si ca ne fonctionne pas , cliques plusieurs fois dessus très rapidement

si ca ne fonctionne pas change l'extension en .com ou .scr

Mat · Answer

Euh j'ai du mal m'expliquer. En fait le fichier Roguekiller est dans un dossier sur mon bureau mais je ne parviens pas a ouvrir le dossier.

gen-hackman · Answer

tu as un message d'erreur ? 
G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....

Mat · Answer

Non, pas de message d'erreur. je ne peux voir que la fenetre Ms removal tool. Quand j'ai clique pour ouvrir le document contenant roguekiller il s'est ouvert mais juste apres la fenetre de Ms removal tool c'est ouvert et je ne pouvais pas acceder au document.

Mat · Answer

Ha ca je ne m'en souviens plus car comme je ne savais pas quoi faire j'ai etein l'ordi. Je le ralume

Mat · Answer

Oh c'est bon la j'ai acces a rogue killer!!! Je le lance!

Mat · Answer

Trop desole Je ne sais pas pourquoi tout a l'heure ca ne marchait pas! :s
Du coup je suis la procedure de votre site!

gen-hackman · Answer

fournis le rapport de roguekiller deja je te confirmerai la suite

Mat · Answer

Oki merci! Le rapport est le suivant:

Processus malicieux: 1
[APPDT/TMP/DESKTOP] lM31000Bjckc31000.exe -- c:\programdata\lm31000bjckc31000.exe ->KILLED

Entrees registre: 1
[APPDT/TMP/DESKTOP] HKCU\[...]\Runonce: lM31000Bjckc31000 (C:\ProgramData\lM31000Bjckc31000\lm31000.exe)

Fichier Hosts:
127.0.0.1 Local host
::1 Local host

Termine : <<RKreport [3].txt>>

desole c etait un peu long j avais d autre moyen que de le taper.

gen-hackman · Answer

les deux autres aussi stp

tu les ouvre , tu selectionnes tout et tu colles ici

Mat · Answer

Les deux autres sont de l'ancien malware ont ils un interet?

gen-hackman · Answer

dans ce cas non


&#9654 Télécharge ici : Ad-remover sur ton bureau : 


&#9654 Déconnecte toi et ferme toutes applications en cours ! 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

&#9654 sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9654 clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Mat · Answer

oki!!  je fais ca!! Merci :)

Mat · Answer

Salut Gen-Hackman, c'est Mat que tu as déjà commencer à aider.

Désolé! C'était un peu (beaucoup trop) long... J'ai dû rentrer chez moi pour connecté mon PC car j'étais aller a la bibli pour accéder à internet quand il ne marchait plus... Enfin, après ça impossible d'ecrire un message sur la discussion de départ (peut etre parce que je ne suis pas membre...). 

Bon! assez d'explication!! ^^ Je te passe le rapport!

Mat · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 20:03:57 le 30/04/2011, Mode normal

Microsoft® Windows Vista(TM) Édition Familiale Premium  Service Pack 2 (X86) 

 
============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Clé supprimée: HKLM\Software\Classes\AppID\{CC50232E-FDB1-436F-B658-452F88E81736}
Clé supprimée: HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
Clé supprimée: HKLM\Software\Classes\AppID\{E142D053-7023-4B33-AF22-91F14202142D}
Clé supprimée: HKLM\Software\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Clé supprimée: HKLM\Software\Classes\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Clé supprimée: HKLM\Software\Classes\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}
Clé supprimée: HKLM\Software\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Clé supprimée: HKLM\Software\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
Clé supprimée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
Clé supprimée: HKLM\Software\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Clé supprimée: HKLM\Software\Classes\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}
Clé supprimée: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Clé supprimée: HKLM\Software\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Clé supprimée: HKLM\Software\Classes\AG.MediaPlayerCOM
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar.1
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo.1
Clé supprimée: HKCU\Software\AGI
Clé supprimée: HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Clé supprimée: HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Clé supprimée: HKU\.DEFAULT\Software\AGI
Clé supprimée: HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine

gen-hackman · Answer

inscris-toi sur commentcamarche et remet ce rapport en entier stp

gen-hackman · Answer

desactive tes protections puis enregistre ceci sur ton bureau

Pre_Scan

Avertissement: Il y aura une extinction courte du bureau --> pas de panique. 

une fois telechargé lance-le , laisse faire le scan puis colle le contenu de "Pre_scan.txt" qui apparaitra à son terme , sur le bureau.

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus

mattk · Answer

Desole! 

Voilà le rapport: 

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= 

Mis à jour par TeamXscript le 12/04/11 
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com 
Site web: http://www.teamxscript.org 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 20:03:57 le 30/04/2011, Mode normal 

Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86) 


============== ACTION(S) ============== 



(!) -- Fichiers temporaires supprimés. 


Clé supprimée: HKLM\Software\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} 
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} 
Clé supprimée: HKLM\Software\Classes\AppID\{CC50232E-FDB1-436F-B658-452F88E81736} 
Clé supprimée: HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c} 
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260e0cc-0f75-462e-88a3-1e05c248bf4c} 
Clé supprimée: HKLM\Software\Classes\AppID\{E142D053-7023-4B33-AF22-91F14202142D} 
Clé supprimée: HKLM\Software\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} 
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} 
Clé supprimée: HKLM\Software\Classes\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB} 
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB} 
Clé supprimée: HKLM\Software\Classes\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68} 
Clé supprimée: HKLM\Software\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF} 
Clé supprimée: HKLM\Software\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142} 
Clé supprimée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393} 
Clé supprimée: HKLM\Software\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA} 
Clé supprimée: HKLM\Software\Classes\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A} 
Clé supprimée: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2} 
Clé supprimée: HKLM\Software\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9} 
Clé supprimée: HKLM\Software\Classes\AG.MediaPlayerCOM 
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar 
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar.1 
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo 
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo.1 
Clé supprimée: HKCU\Software\AGI 
Clé supprimée: HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe 
Clé supprimée: HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} 
Clé supprimée: HKU\.DEFAULT\Software\AGI 
Clé supprimée: HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder 

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine 


============== SCAN ADDITIONNEL ============== 

**** Mozilla Firefox Version [3.6.17 (fr)] **** 

Plugins
pDivxPlayerPlugin.dll (DivX, Inc) 
HKLM_MozillaPlugins\@veoh.com/VeohTVPlugin (x) 
HKLM_MozillaPlugins\@veoh.com/VeohWebPlayer (x) 
HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x) 
HKCU_MozillaPlugins\@movenetworks.com/Quantum Media Player (x) 
HKLM_Extensions|{3112ca9c-de6d-4884-a869-9855de68056c} - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} 
HKCU_Extensions|web@veoh.com - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder 

-- C:\Users\mathilde\AppData\Roaming\Mozilla\FireFox\Profiles\lwk8nc5j.default -- 
Extensions\moveplayer@movenetworks.com (Move Media Player) 
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox) 
Prefs.js - browser.download.dir, C:\Users\mathilde\Desktop 
Prefs.js - browser.download.lastDir, C:\Users\mathilde\Desktop 
Prefs.js - browser.search.defaultenginename, Bing 
Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q= 
Prefs.js - browser.search.selectedEngine, Google 
Prefs.js - browser.startup.homepage, hxxp://www.google.com/ 
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.17 
Prefs.js - keyword.URL, hxxp://www.bing.com/search?FORM=IEFM1&q= 

======================================== 

**** Internet Explorer Version [7.0.6002.18005] **** 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome 
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 
HKCU_Main|Start Page - hxxp://fr.msn.com/ 
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm 
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKLM_Main|Start Page - hxxp://fr.msn.com/ 
HKCU_SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} - "Google Desktop" (hxxp://127.0.0.1:4664/search&s=kDCjF4QBb7sF9Yr_7xIIALZgE4w?q={searchTerms}) 
HKLM_Toolbar|{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} (C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll) 
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll) 
HKCU_ElevationPolicy\{2E422264-6D8A-4ca0-97C7-A2CF868471EA} - C:\Users\mathilde\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe (?) 
HKLM_ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x) 
HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) 
HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?) 
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) 
BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre6\bin\ssv.dll) 
BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll) 
BHO\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - "CBrowserHelperObject Object" (C:\Program Files\Dell\BAE\BAE.dll) 

======================================== 

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) 
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s) 

C:\Ad-Report-CLEAN[1].txt - 30/04/2011 20:04:17 (6439 Octet(s)) 

Fin à: 20:06:16, 30/04/2011 

============== E.O.F ==============

gen-hackman · Answer

https://forums.commentcamarche.net/forum/affich-21976824-ms-removal-tool-virus#22

mattk · Answer

Il semble avoir bien fonctionné et n'a détecté aucun proxi. 
Voici le rapport:


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.0.40 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 ¤¤¤¤¤

Mis à jour le 30/04/2011 | 18.50 par g3n-h@ckm@n

Système d'exploitation : Windows Vista (TM) Home Premium (32 bits)
Internet Explorer : 7.0.6002.18005
Mozilla Firefox : 3.6.17 (fr)

Scan : 21:21:23 | 30/04/2011

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Winlogon] | Shell -> Modification apportée :  -> explorer.exe

¤

[HKLM\..\..\Winlogon] | Shell -> Aucune modification : explorer.exe -> explorer.exe
[HKLM\..\..\Winlogon] | AutoRestartShell -> Modification apportée : 0 -> 1
[HKLM\..\..\Winlogon] | userinit -> Aucune modification : C:\Windows\system32\userinit.exe, -> C:\Windows\system32\userinit.exe,
[HKLM\..\..\Winlogon] | PowerDownAfterShutdown -> Modification apportée : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : comfile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*

¤

[Firefox | Command] | @ -> Modification apportée : C:\Program Files\Mozilla Firefox\firefox.exe -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ -> Aucune modification : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode -> "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ -> Modification apportée : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ -> Aucune modification : "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> "C:\Program Files\Internet Explorer\iexplore.exe" %1
[Chrome | Command] | @ -> Aucune modification : "C:\Program Files\Google\Chrome\Application\chrome.exe" -> "C:\Program Files\Google\Chrome\Application\chrome.exe"
[Safari | Command] | @ -> Aucune modification : "C:\Program Files\Safari\Safari.exe" -> "C:\Program Files\Safari\Safari.exe"

¤

[Assoc | Applications] | @ -> Modification apportée : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤


¤


¤¤¤¤¤¤¤¤¤¤ Services

[Ndisuio] | Start -> Aucune modification : 3 -> 3
[lmhosts] | Start -> Aucune modification : 2 -> 2 : Service Actif
[LanmanWorkstation] | Start -> Aucune modification : 2 -> 2 : Service Actif
[LanmanServer] | Start -> Aucune modification : 2 -> 2 : Service Actif
[agp440] | Start -> Modification apportée : 3 -> 2 : Service Redemarré
[AudioEndpointBuilder] | Start -> Aucune modification : 2 -> 2 : Service Actif
[Audiosrv] | Start -> Aucune modification : 2 -> 2 : Service Actif
[BFE] | Start -> Aucune modification : 2 -> 2 : Service Actif
[Bits] | Start -> Aucune modification : 2 -> 2 : Service Actif
[CryptSvc] | Start -> Aucune modification : 2 -> 2 : Service Actif
[EapHost] | Start -> Modification apportée : 3 -> 2 : Service Actif
[Wlansvc] | Start -> Aucune modification : 2 -> 2 : Service Actif
[SharedAccess] | Start -> Modification apportée : 4 -> 2 : Service Redemarré
[windefend] | Start -> Aucune modification : 2 -> 2 : Service Actif
[wuauserv] | Start -> Aucune modification : 2 -> 2 : Service Actif
[WerSvc] | Start -> Aucune modification : 2 -> 2 : Service Actif
[wscsvc] | Start -> Aucune modification : 2 -> 2 : Service Actif

¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKCU | Main] | Start Page -> Modification apportée : https://www.msn.com/fr-fr -> https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page -> Aucune Modification : C:\Windows\system32\blank.htm -> C:\Windows\system32\blank.htm
[HKCU | Main] | Search Page -> Modification apportée :  -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Main] | Start Page -> Modification apportée : https://www.msn.com/fr-fr -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page -> Modification apportée : %SystemRoot%\system32\blank.htm -> C:\Windows\system32\blank.htm
[HKLM | Main] | Default_Search_URL -> Modification apportée : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL -> Modification apportée : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page -> Modification apportée : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

¤¤¤¤¤¤¤¤¤¤ Processus

C:\Windows\explorer.exe -> Processus stoppé 
C:\Windows
otepad.exe -> Processus stoppé 

¤¤¤¤¤¤¤¤¤¤ Clés supprimées et Fichier mis en quarantaine


¤¤¤¤¤¤¤¤¤¤ IFEO


¤¤¤¤¤¤¤¤¤¤ Mountpoints2

Supprimé : [HKCU\..\..\Mountpoints2\{24d8f1d2-8ca4-11de-b42b-00217083d9da}] -> command : E:\laucher.exe
Supprimé : [HKCU\..\..\Mountpoints2\{2ff4a377-46ee-11de-b7ec-00217083d9da}] -> command : E:\AutoRunCardDetector.exe
Supprimé : [HKCU\..\..\Mountpoints2\{647a618d-2070-11df-8a70-00217083d9da}] -> command : E:\autorun\autorun.exe
Supprimé : [HKCU\..\..\Mountpoints2\{ae824ac0-0b59-11e0-a600-00217083d9da}] -> command : "E:\WD SmartWare.exe" autoplay=true
Supprimé : [HKCU\..\..\Mountpoints2\{e4549409-0eac-11df-9179-00217083d9da}] -> command : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe foza_orana.vbe


¤¤¤¤¤¤¤¤¤¤ MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			-za C:\MBR\MBR.bin 
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Dell Inc.
BIOS Manufacturer:		Dell Inc.
System Manufacturer:		Dell Inc.
System Product Name:		Studio 1535
Logical Drives Mask:		0x0000002c

Analysis of file "C:\MBR\MBR.bin":
Windows Vista MBR code detected


Done!

¤¤¤

explorer.exe -> Processus redémarré

Fin : 21:22:07

¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤

mattk · Answer

Je pense que c'est bon merci pour tout!! ^^

gen-hackman · Answer

pas fini

&#9654 Télécharge ici : USBFIX sur ton bureau 

branche tous tes periphériques sans les ouvrir

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :

&#9654 choisi l option Suppression

&#9654 UsbFix scannera ton pc , laisse travailler l outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

&#9654 Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

mattk · Answer

Rapport n°1:

############################## | UsbFix 7.044 | [Suppression]

Mis à jour le 25/04/2011 par TeamXscript
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium  (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 7.0.6002.18005

Pare-feu Windows: Activé
Antivirus: avast! antivirus 4.8.1290 [VPS 081123-0] 4.8.1290 [Enabled | Updated]
RAM -> 3069 Mo 
C:\ (%systemdrive%) -> Disque fixe # 223 Go (56 Go libre(s) - 25%) [OS] # NTFS
D:\ -> Disque fixe # 10 Go (5 Go libre(s) - 52%) [RECOVERY] # NTFS
F:\ -> CD-ROM

################## | Éléments infectieux |


Supprimé! C:\$RECYCLE.BIN\S-1-5-21-216863160-1275855522-2206553457-1000
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-216863160-1275855522-2206553457-500
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3395499582-3656299844-1299793059-500
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-216863160-1275855522-2206553457-1000
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-216863160-1275855522-2206553457-500

################## | Registre |

Supprimé! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|google update

################## | Mountpoints2 |


################## | Listing |

[01/05/2011 - 03:40:12 | SHD ] 	C:\$Recycle.Bin
[30/04/2011 - 20:06:17 | N | 6578] 	C:\Ad-Report-CLEAN[1].txt
[18/09/2006 - 22:43:36 | N | 24] 	C:\autoexec.bat
[28/01/2011 - 18:56:08 | SHD ] 	C:\Boot
[11/04/2009 - 07:36:36 | RASH | 333257] 	C:\bootmgr
[18/09/2006 - 22:43:37 | N | 10] 	C:\config.sys
[02/10/2008 - 11:46:11 | D ] 	C:\DELL
[24/09/2008 - 00:40:34 | N | 4484] 	C:\dell.sdr
[24/09/2008 - 00:31:38 | D ] 	C:\doctemp
[01/10/2008 - 17:51:09 | SHD ] 	C:\Documents and Settings
[14/03/2008 - 14:04:22 | D ] 	C:\Drivers
[06/01/2011 - 07:33:17 | D ] 	C:\Google
[30/04/2011 - 21:57:34 | ASH | 3219103744] 	C:\hiberfil.sys
[25/10/2008 - 19:28:12 | N | 1256] 	C:\INSTALL.LOG
[20/03/2010 - 20:04:51 | N | 0] 	C:\IO.SYS
[30/04/2011 - 21:21:24 | D ] 	C:\Kill'em
[20/03/2010 - 20:04:51 | N | 0] 	C:\MSDOS.SYS
[26/10/2008 - 13:08:56 | RHD ] 	C:\MSOCache
[30/04/2011 - 21:57:32 | ASH | 3532906496] 	C:\pagefile.sys
[21/01/2008 - 03:32:31 | D ] 	C:\PerfLogs
[30/04/2011 - 20:03:00 | D ] 	C:\Program Files
[30/04/2011 - 17:03:25 | HD ] 	C:\ProgramData
[10/10/2009 - 13:36:52 | D ] 	C:\Studyrama
[30/04/2011 - 22:17:15 | SHD ] 	C:\System Volume Information
[20/03/2010 - 10:46:51 | D ] 	C:\UnrealTournament
[24/05/2001 - 11:59:30 | N | 162304] 	C:\UNWISE.EXE
[01/05/2011 - 03:40:12 | D ] 	C:\UsbFix
[01/05/2011 - 03:36:40 | A | 2878] 	C:\UsbFix.txt
[01/10/2008 - 17:54:57 | D ] 	C:\Users
[30/04/2011 - 22:02:52 | D ] 	C:\Windows
[01/05/2011 - 03:40:12 | SHD ] 	D:\$RECYCLE.BIN
[23/09/2008 - 16:27:40 | D ] 	D:\dell
[19/01/2008 - 09:45:45 | D ] 	D:\Program Files
[19/01/2008 - 09:45:30 | HD ] 	D:\ProgramData
[29/01/2008 - 18:53:24 | D ] 	D:\sources
[23/09/2008 - 16:44:28 | SHD ] 	D:\System Volume Information
[23/09/2008 - 16:43:12 | D ] 	D:\Tools
[19/01/2008 - 09:45:30 | D ] 	D:\Users
[23/09/2008 - 16:27:07 | D ] 	D:\Windows

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |

mattk · Answer

Rapport n°2 avec ma carte memoire: 

############################## | UsbFix 7.044 | [Suppression]

Mis à jour le 25/04/2011 par TeamXscript

Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Internet Explorer 7.0.6002.18005

Pare-feu Windows: Activé
Antivirus: avast! antivirus 4.8.1290 [VPS 081123-0] 4.8.1290 [Enabled | Updated]
RAM -> 3069 Mo 
C:\ (%systemdrive%) -> Disque fixe # 223 Go (56 Go libre(s) - 25%) [OS] # NTFS
D:\ -> Disque fixe # 10 Go (5 Go libre(s) - 52%) [RECOVERY] # NTFS
E:\ -> Disque amovible # 4 Go (3 Go libre(s) - 79%) [] # FAT32
F:\ -> CD-ROM

################## | Éléments infectieux |


Supprimé! C:\$RECYCLE.BIN\S-1-5-21-216863160-1275855522-2206553457-1000
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-216863160-1275855522-2206553457-1000

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[01/05/2011 - 03:57:56 | SHD ] 	C:\$Recycle.Bin
[30/04/2011 - 20:06:17 | N | 6578] 	C:\Ad-Report-CLEAN[1].txt
[18/09/2006 - 22:43:36 | N | 24] 	C:\autoexec.bat
[01/05/2011 - 03:51:57 | RASHD ] 	C:\Autorun.inf
[28/01/2011 - 18:56:08 | SHD ] 	C:\Boot
[11/04/2009 - 07:36:36 | RASH | 333257] 	C:\bootmgr
[18/09/2006 - 22:43:37 | N | 10] 	C:\config.sys
[02/10/2008 - 11:46:11 | D ] 	C:\DELL
[24/09/2008 - 00:40:34 | N | 4484] 	C:\dell.sdr
[24/09/2008 - 00:31:38 | D ] 	C:\doctemp
[01/10/2008 - 17:51:09 | SHD ] 	C:\Documents and Settings
[14/03/2008 - 14:04:22 | D ] 	C:\Drivers
[06/01/2011 - 07:33:17 | D ] 	C:\Google
[30/04/2011 - 21:57:34 | ASH | 3219103744] 	C:\hiberfil.sys
[25/10/2008 - 19:28:12 | N | 1256] 	C:\INSTALL.LOG
[20/03/2010 - 20:04:51 | N | 0] 	C:\IO.SYS
[30/04/2011 - 21:21:24 | D ] 	C:\Kill'em
[20/03/2010 - 20:04:51 | N | 0] 	C:\MSDOS.SYS
[26/10/2008 - 13:08:56 | RHD ] 	C:\MSOCache
[30/04/2011 - 21:57:32 | ASH | 3532906496] 	C:\pagefile.sys
[21/01/2008 - 03:32:31 | D ] 	C:\PerfLogs
[30/04/2011 - 20:03:00 | D ] 	C:\Program Files
[30/04/2011 - 17:03:25 | HD ] 	C:\ProgramData
[10/10/2009 - 13:36:52 | D ] 	C:\Studyrama
[30/04/2011 - 22:17:15 | SHD ] 	C:\System Volume Information
[20/03/2010 - 10:46:51 | D ] 	C:\UnrealTournament
[24/05/2001 - 11:59:30 | N | 162304] 	C:\UNWISE.EXE
[01/05/2011 - 03:57:56 | D ] 	C:\UsbFix
[01/05/2011 - 03:56:54 | A | 2621] 	C:\UsbFix.txt
[01/05/2011 - 03:52:01 | N | 33511] 	C:\UsbFix_Upload_Me_PC-DE-MATHILDE.zip
[01/10/2008 - 17:54:57 | D ] 	C:\Users
[30/04/2011 - 22:02:52 | D ] 	C:\Windows
[01/05/2011 - 03:57:56 | SHD ] 	D:\$RECYCLE.BIN
[01/05/2011 - 03:51:57 | RASHD ] 	D:\Autorun.inf
[23/09/2008 - 16:27:40 | D ] 	D:\dell
[19/01/2008 - 09:45:45 | D ] 	D:\Program Files
[19/01/2008 - 09:45:30 | HD ] 	D:\ProgramData
[29/01/2008 - 18:53:24 | D ] 	D:\sources
[23/09/2008 - 16:44:28 | SHD ] 	D:\System Volume Information
[23/09/2008 - 16:43:12 | D ] 	D:\Tools
[19/01/2008 - 09:45:30 | D ] 	D:\Users
[23/09/2008 - 16:27:07 | D ] 	D:\Windows
[27/12/2010 - 04:14:32 | N | 512] 	E:\NIKON001.DSC
[27/12/2010 - 04:14:32 | D ] 	E:\DCIM
[26/02/2011 - 15:28:28 | D ] 	E:\MISC

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
E:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PC-DE-MATHILDE.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |

mattk · Answer

Voilà! ^^ Que dois-je faire maintenant? Est-ce bon ?

gen-hackman · Answer

Télécharge ici :OTL

&#9654 enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.

&#9654 => Configuration

&#9654Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM (il est trop long)

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

mattk · Answer

Voilà c'est fait: 

http://www.cijoint.fr/cjlink.php?file=cj201105/cijBzn3NMT.docx

http://www.cijoint.fr/cjlink.php?file=cj201105/cijo4hTyFi.docx

Je les ai copié sur word car je ne les trouvais pas sur mon bureau et n'ai pas réussi à les enregistrer en format note...(je ne sais pas pourquoi)

Peux tu m'expliquer quelle est la signification des rapports d' OTL? Je suis un peu perdue dans tout cela. On a supprimer les fichiers infectés avec Roguekiller et ad-remover. Nettoyé tous les périphériques pour qu'ils ne contaminent pas de nouveau l'ordi. Otl est une dernière mesure de sécurité pour être sur qu'il ne reste plus rien? Est-ce bien cela? 

Il m'a semblé que Ad-remover et Usb avait trouvé pas mal de fichier infectés. Est-ce dû à un seul virus ou plusieurs? 

Merci en tout cas pour ton aide!! :)

gen-hackman · Answer

chaque outil comme son nom l'indique est désigné pour un type d'infection , sauf malwarebytes qui lui , est generaliste :)

OTL est un logiciel de diagnostic

que tu peux d'ailleurs recommencer car tu n'as pas suivi la config

mattk · Answer

Hehe! Désolé... :) 

Ca devrait etre bon cette fois ci ^^: 

http://www.cijoint.fr/cjlink.php?file=cj201105/cijPOhPLvE.docx

http://www.cijoint.fr/cjlink.php?file=cj201105/cijW0wsIpJ.docx


Les rapports transmis par ad-remover et Usb indiquent la présence d'un nombre important de de fichiers infectés et de ce fait leur suppression. Est-ce dû à un seul virus?  Aurais tu un conseil pour éviter de ravoir ce type de virus?

mattk · Answer

Voilà le résultat pour total virus: 

http://www.virustotal.com/file-scan/reanalysis.html?id=bd77beb532483fbdbe2d69a7d5193f1eb43514ca7a65934f17ae71dcf397ccd4-1304289022

mattk · Answer

Je viens de lancer la deuxième tâche. Tout c'est bien passé jusqu'à ce qu'il arrive à [emptytemp]. Le logiciel ne fait qu'afficher: le file nommé "..." n'existe pas. (j'ai cliqué sur ignorer pour les premiers. Dois-je continuer d'ignorer? Je te joins deux exemples: 

http://www.cijoint.fr/cjlink.php?file=cj201105/cijijTCmCL.docx

gen-hackman · Answer

coche la case faire ceci blabla....et clic sur ignorer

mattk · Answer

Je fais cette action dès que cette fenetre s'ouvre? Car ça fait déjà plusieurs fois que je le fait (600 fichiers ignorer jusqu'à maintenant)? Je continu a les ignorer tous?

gen-hackman · Answer

ok arrete-le si tu peux

mattk · Answer

Nan il n'a pas l'air de vouloir s'arrêter ou s'annuler!

mattk · Answer

Je mets fin au programme!?

gen-hackman · Answer

oui stoppe le processsus OTL.exe

mattk · Answer

Ca y est! Qu'est ce que tu en penses? Il n'y a pas de rapport du coup... Faut-il lancer autre chose?

mattk · Answer

Ca n'a pas l'air bon signe!! qu'est-ce que tu en penses?  Si tu as d'autre consignes à me donner, je suis preneuse! Je le ferai demain, encore merci! ^^

gen-hackman · Answer

le rapport :

C:\_OTL\Moved Files\la_date_et_l'heure.txt

mattk · Answer

Je n'arrive pas a le trouver. C'est le même problème que tout à l'heure, si je ne l'enregistrait pas moi même je ne le trouvais pas. 
Je suis allée dans la barre de recherche dans mon ordinateur et celle de windows en bas de l'écran mais pas moyen de trouver quoi que ce soit!?

gen-hackman · Answer

&#9654 Télécharge Reload_TDSSKiller

&#9654 Lance le 

choisis : télécharger la derniere version

&#9654 relance-le 

choisis : lancer le nettoyage

TDSSKiller va s'ouvrir , clique sur "Start Scan"

une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer

sinon , ferme tdssKiller et le rapport s'affichera sur le bureau

&#9654 Copie/Colle son contenu dans ta prochaine réponse.

mattk · Answer

Voici le rapport: 

2011/05/02 16:01:13.0384 3844	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/02 16:01:13.0598 3844	================================================================================
2011/05/02 16:01:13.0598 3844	SystemInfo:
2011/05/02 16:01:13.0598 3844	
2011/05/02 16:01:13.0598 3844	OS Version: 6.0.6002 ServicePack: 2.0
2011/05/02 16:01:13.0598 3844	Product type: Workstation
2011/05/02 16:01:13.0598 3844	ComputerName: PC-DE-MATHILDE
2011/05/02 16:01:13.0598 3844	UserName: mathilde
2011/05/02 16:01:13.0598 3844	Windows directory: C:\Windows
2011/05/02 16:01:13.0598 3844	System windows directory: C:\Windows
2011/05/02 16:01:13.0598 3844	Processor architecture: Intel x86
2011/05/02 16:01:13.0598 3844	Number of processors: 2
2011/05/02 16:01:13.0598 3844	Page size: 0x1000
2011/05/02 16:01:13.0598 3844	Boot type: Normal boot
2011/05/02 16:01:13.0598 3844	================================================================================
2011/05/02 16:01:22.0680 3844	Initialize success
2011/05/02 16:01:27.0340 4736	================================================================================
2011/05/02 16:01:27.0340 4736	Scan started
2011/05/02 16:01:27.0340 4736	Mode: Manual; 
2011/05/02 16:01:27.0340 4736	================================================================================
2011/05/02 16:01:28.0040 4736	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/02 16:01:28.0106 4736	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/02 16:01:28.0143 4736	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/02 16:01:28.0182 4736	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/02 16:01:28.0225 4736	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/02 16:01:28.0327 4736	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/02 16:01:28.0387 4736	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/02 16:01:28.0418 4736	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/02 16:01:28.0465 4736	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/02 16:01:28.0497 4736	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/02 16:01:28.0519 4736	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/02 16:01:28.0561 4736	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/02 16:01:28.0584 4736	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/02 16:01:28.0629 4736	ApfiltrService  (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/05/02 16:01:28.0683 4736	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/02 16:01:28.0717 4736	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/02 16:01:28.0760 4736	aswFsBlk        (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/02 16:01:28.0824 4736	aswMonFlt       (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/02 16:01:28.0867 4736	aswRdr          (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys
2011/05/02 16:01:28.0930 4736	aswSnx          (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys
2011/05/02 16:01:29.0008 4736	aswSP           (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys
2011/05/02 16:01:29.0037 4736	aswTdi          (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys
2011/05/02 16:01:29.0094 4736	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/02 16:01:29.0134 4736	atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/05/02 16:01:29.0301 4736	atikmdag        (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/02 16:01:29.0605 4736	BCM43XX         (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/02 16:01:29.0685 4736	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/02 16:01:29.0821 4736	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/02 16:01:29.0953 4736	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/02 16:01:29.0994 4736	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/02 16:01:30.0016 4736	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/02 16:01:30.0054 4736	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/02 16:01:30.0078 4736	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/02 16:01:30.0111 4736	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/02 16:01:30.0129 4736	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/02 16:01:30.0157 4736	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/02 16:01:30.0207 4736	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/02 16:01:30.0286 4736	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/02 16:01:30.0317 4736	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/02 16:01:30.0376 4736	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/02 16:01:30.0443 4736	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/02 16:01:30.0477 4736	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/02 16:01:30.0497 4736	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/02 16:01:30.0529 4736	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/02 16:01:30.0583 4736	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/02 16:01:30.0661 4736	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/02 16:01:30.0746 4736	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/02 16:01:30.0840 4736	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/02 16:01:30.0892 4736	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/02 16:01:30.0958 4736	e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/02 16:01:31.0007 4736	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/02 16:01:31.0095 4736	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/02 16:01:31.0156 4736	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/02 16:01:31.0232 4736	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/02 16:01:31.0315 4736	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/02 16:01:31.0379 4736	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/02 16:01:31.0422 4736	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/02 16:01:31.0465 4736	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/02 16:01:31.0499 4736	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/02 16:01:31.0616 4736	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/02 16:01:31.0670 4736	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/02 16:01:31.0750 4736	fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/02 16:01:31.0811 4736	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/02 16:01:31.0902 4736	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/02 16:01:31.0950 4736	GEARAspiWDM     (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/02 16:01:32.0086 4736	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/02 16:01:32.0174 4736	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/02 16:01:32.0228 4736	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/02 16:01:32.0271 4736	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/02 16:01:32.0352 4736	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/02 16:01:32.0396 4736	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/02 16:01:32.0459 4736	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/02 16:01:32.0522 4736	hwdatacard      (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/05/02 16:01:32.0582 4736	hwusbfake       (e66710639a292f6341d63b01ee8e8037) C:\Windows\system32\DRIVERS\ewusbfake.sys
2011/05/02 16:01:32.0633 4736	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/02 16:01:32.0676 4736	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/02 16:01:32.0767 4736	iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
2011/05/02 16:01:32.0812 4736	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/02 16:01:32.0853 4736	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/02 16:01:32.0893 4736	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/02 16:01:32.0935 4736	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/02 16:01:32.0972 4736	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/02 16:01:33.0030 4736	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/02 16:01:33.0065 4736	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/02 16:01:33.0111 4736	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/02 16:01:33.0140 4736	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/02 16:01:33.0203 4736	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/02 16:01:33.0230 4736	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/02 16:01:33.0290 4736	itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
2011/05/02 16:01:33.0310 4736	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/02 16:01:33.0372 4736	k57nd60x        (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/05/02 16:01:33.0409 4736	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/02 16:01:33.0485 4736	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/02 16:01:33.0534 4736	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/02 16:01:33.0590 4736	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/02 16:01:33.0641 4736	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/02 16:01:33.0667 4736	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/02 16:01:33.0698 4736	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/02 16:01:33.0751 4736	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/02 16:01:33.0800 4736	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/02 16:01:33.0841 4736	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/02 16:01:33.0883 4736	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/02 16:01:33.0916 4736	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/02 16:01:33.0947 4736	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/02 16:01:33.0972 4736	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/02 16:01:34.0000 4736	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/02 16:01:34.0045 4736	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/02 16:01:34.0075 4736	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/02 16:01:34.0128 4736	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/02 16:01:34.0175 4736	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/02 16:01:34.0232 4736	mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/02 16:01:34.0262 4736	mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/02 16:01:34.0290 4736	mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/02 16:01:34.0310 4736	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/05/02 16:01:34.0344 4736	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/02 16:01:34.0388 4736	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/02 16:01:34.0428 4736	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/02 16:01:34.0471 4736	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/02 16:01:34.0505 4736	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/02 16:01:34.0526 4736	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/02 16:01:34.0581 4736	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/02 16:01:34.0648 4736	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/02 16:01:34.0696 4736	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/02 16:01:34.0730 4736	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/02 16:01:34.0787 4736	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS
wifi.sys
2011/05/02 16:01:34.0873 4736	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers
dis.sys
2011/05/02 16:01:34.0930 4736	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS
distapi.sys
2011/05/02 16:01:34.0960 4736	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS
disuio.sys
2011/05/02 16:01:35.0007 4736	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS
diswan.sys
2011/05/02 16:01:35.0040 4736	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/02 16:01:35.0065 4736	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS
etbios.sys
2011/05/02 16:01:35.0128 4736	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS
etbt.sys
2011/05/02 16:01:35.0185 4736	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers
frd960.sys
2011/05/02 16:01:35.0210 4736	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/02 16:01:35.0248 4736	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers
siproxy.sys
2011/05/02 16:01:35.0319 4736	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/02 16:01:35.0378 4736	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers
trigdigi.sys
2011/05/02 16:01:35.0397 4736	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/02 16:01:35.0430 4736	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers
vraid.sys
2011/05/02 16:01:35.0462 4736	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers
vstor.sys
2011/05/02 16:01:35.0499 4736	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers
v_agp.sys
2011/05/02 16:01:35.0613 4736	OA001Ufd        (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2011/05/02 16:01:35.0648 4736	OA001Vid        (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys
2011/05/02 16:01:35.0727 4736	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/02 16:01:35.0784 4736	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/02 16:01:35.0832 4736	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/02 16:01:35.0863 4736	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/02 16:01:35.0952 4736	PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/05/02 16:01:36.0024 4736	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/02 16:01:36.0059 4736	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/02 16:01:36.0100 4736	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/02 16:01:36.0176 4736	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/02 16:01:36.0329 4736	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERSaspptp.sys
2011/05/02 16:01:36.0359 4736	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/02 16:01:36.0419 4736	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/02 16:01:36.0486 4736	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/02 16:01:36.0546 4736	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/02 16:01:36.0580 4736	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/02 16:01:36.0714 4736	R300            (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/02 16:01:36.0786 4736	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERSasacd.sys
2011/05/02 16:01:36.0816 4736	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERSasl2tp.sys
2011/05/02 16:01:36.0869 4736	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERSaspppoe.sys
2011/05/02 16:01:36.0913 4736	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERSassstp.sys
2011/05/02 16:01:36.0972 4736	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERSdbss.sys
2011/05/02 16:01:36.0997 4736	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/02 16:01:37.0036 4736	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\driversdpdr.sys
2011/05/02 16:01:37.0060 4736	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\driversdpencdd.sys
2011/05/02 16:01:37.0115 4736	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/02 16:01:37.0196 4736	rimmptsk        (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERSimmptsk.sys
2011/05/02 16:01:37.0217 4736	rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERSimsptsk.sys
2011/05/02 16:01:37.0239 4736	rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERSixdptsk.sys
2011/05/02 16:01:37.0277 4736	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERSspndr.sys
2011/05/02 16:01:37.0309 4736	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/02 16:01:37.0411 4736	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/02 16:01:37.0462 4736	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/02 16:01:37.0508 4736	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/02 16:01:37.0539 4736	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/02 16:01:37.0561 4736	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/02 16:01:37.0622 4736	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/02 16:01:37.0643 4736	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/02 16:01:37.0677 4736	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/02 16:01:37.0706 4736	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/02 16:01:37.0747 4736	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/02 16:01:37.0767 4736	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/02 16:01:37.0801 4736	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/02 16:01:37.0859 4736	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/02 16:01:37.0895 4736	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/02 16:01:37.0967 4736	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/02 16:01:38.0008 4736	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/02 16:01:38.0047 4736	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/02 16:01:38.0158 4736	STHDA           (805b1fc7e25613ce2dc93c0759d0aa30) C:\Windows\system32\DRIVERS\stwrt.sys
2011/05/02 16:01:38.0210 4736	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/02 16:01:38.0241 4736	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/02 16:01:38.0267 4736	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/02 16:01:38.0288 4736	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/02 16:01:38.0381 4736	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers	cpip.sys
2011/05/02 16:01:38.0454 4736	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS	cpip.sys
2011/05/02 16:01:38.0504 4736	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers	cpipreg.sys
2011/05/02 16:01:38.0548 4736	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers	dpipe.sys
2011/05/02 16:01:38.0586 4736	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers	dtcp.sys
2011/05/02 16:01:38.0649 4736	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS	dx.sys
2011/05/02 16:01:38.0715 4736	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS	ermdd.sys
2011/05/02 16:01:38.0796 4736	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS	ssecsrv.sys
2011/05/02 16:01:38.0819 4736	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS	unmp.sys
2011/05/02 16:01:38.0880 4736	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS	unnel.sys
2011/05/02 16:01:38.0927 4736	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/02 16:01:38.0993 4736	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/02 16:01:39.0077 4736	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/02 16:01:39.0122 4736	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/02 16:01:39.0178 4736	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/02 16:01:39.0225 4736	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/02 16:01:39.0277 4736	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/02 16:01:39.0346 4736	USBAAPL         (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/02 16:01:39.0405 4736	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/02 16:01:39.0444 4736	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/02 16:01:39.0510 4736	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/02 16:01:39.0584 4736	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/02 16:01:39.0631 4736	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/02 16:01:39.0703 4736	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/02 16:01:39.0763 4736	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/02 16:01:39.0811 4736	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/02 16:01:39.0877 4736	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/02 16:01:39.0932 4736	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/02 16:01:39.0973 4736	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/02 16:01:40.0011 4736	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/02 16:01:40.0052 4736	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/02 16:01:40.0113 4736	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/02 16:01:40.0151 4736	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/02 16:01:40.0214 4736	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/02 16:01:40.0287 4736	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/02 16:01:40.0347 4736	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/02 16:01:40.0419 4736	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/02 16:01:40.0488 4736	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 16:01:40.0502 4736	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 16:01:40.0566 4736	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/02 16:01:40.0626 4736	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/02 16:01:40.0755 4736	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/02 16:01:40.0840 4736	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/02 16:01:40.0889 4736	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/02 16:01:40.0969 4736	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/02 16:01:41.0047 4736	================================================================================
2011/05/02 16:01:41.0047 4736	Scan finished
2011/05/02 16:01:41.0048 4736	================================================================================
2011/05/02 16:02:59.0696 3952	Deinitialize success

gen-hackman · Answer

fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


&#9654 Télécharge ici :

Malwarebytes  

&#9654 Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

&#9654 Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

&#9654 Lance Malwarebyte's .

Fais un examen dit "Complet" .

&#9654 Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
&#9654 à la fin tu cliques sur "résultat" .
&#9654 Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

&#9654 Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


&#9654 Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

mattk · Answer

Voici le rapport: 

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6492

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02/05/2011 20:41:23
mbam-log-2011-05-02 (20-41-23).txt

Type d'examen: Examen complet (C:\|D:\|F:\|)
Elément(s) analysé(s): 417182
Temps écoulé: 1 heure(s), 48 minute(s), 47 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\programdata\lm31000bjckc31000\lm31000bjckc31000.exe (Trojan.FakeAlert.RGen) -> Quarantined and deleted successfully.
c:\Users\mathilde\AppData\LocalLow\Sun\Java\deployment\cache\6.0\52\44d78734-3c489465 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\mathilde\AppData\LocalLow\Sun\Java\deployment\cache\6.0\6\412d8346-26ce68d1 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\mathilde\Desktop\Virus\rk_quarantine\lm31000bjckc31000.exe.vir (Trojan.FakeAlert.RGen) -> Quarantined and deleted successfully.

gen-hackman · Answer

refais OTL ?

mattk · Answer

La personnalisation?

gen-hackman · Answer

non un scan

mattk · Answer

Voici les rapports:

OTL: 
http://www.cijoint.fr/cjlink.php?file=cj201105/cij5BVJUVk.docx

Extra: 
http://www.cijoint.fr/cjlink.php?file=cj201105/cij1IUF3RB.docx

gen-hackman · Answer

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !! 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:Services
Bonjour Service

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11  
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13  
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19      
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21  
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
[2009/01/03 16:07:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/10 16:47:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}  
[2010/01/09 14:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}  
[2010/04/05 10:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}      
[2010/09/12 11:04:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/28 09:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} 
[2011/01/05 16:37:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}  

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"BEWINTERNET-FR-DMGP-V2SessionManager"=-
"DellSupportCenter"=-
"iTunesHelper"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"=-
"swg"=-

:Files
C:\Users\mathilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk 
C:\Users\mathilde\Desktop\malwarebytes-anti-malware_malwarebytes_anti-malware_1.50_francais_215092.exe      
C:\ProgramData\lM31000BjCkC31000      

:commands
[emptytemp]
[start explorer]
[reboot]


&#9654 Clique sur "Correction" pour lancer la suppression.


&#9654 Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

mattk · Answer

Je me demandais tu n'as pas précisé si je devais la même configuration que pour le scan normal?

gen-hackman · Answer

non bien vu :)

laisse comme ca :)

mattk · Answer

Oki ^^

mattk · Answer

Ah! Ca recommence comme la dernière fois ça bloque sur [emptytemp]!!? :s

As tu une idée de ce que ça veut dire?

gen-hackman · Answer

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\ __________________________________________________________ >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.< >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<< ===================================================== ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur Telecharge ici : Combofix Avant d'utiliser ComboFix : Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système. La simple désactivation du résident n'est pas suffisante. Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover Choisis la version adéquate (32 ou 64 bits)/!\ Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement : ▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau ▶ Lance le Une fenêtre apparait : clique sur "Disable" ▶ Fais redémarrer l'ordinateur si l'outil te le demande Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable" _________________________________________________________ >> referme les fenêtres de tous les programmes en cours. >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, >>la protection en temps réel de ton Antivirus et de tes Antispywares, >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° si tu as XP => double clique si tu as Vista ou windows 7 => clic droit "executer en tant que...." sur combofix renommé ¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤ ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!! ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

mattk · Answer

Qu'est-ce que AVG?

gen-hackman · Answer

oublie ce passage passe directement à defogger

mattk · Answer

As tu un autre lien pour combofix ? Celui ci ne marche pas.

mattk · Answer

Ah nan c'est bon j'ai trouvé celui là: https://combofix.fr.softonic.com/telecharger

mattk · Answer

Euh... petit soucis... Tout c'est bien passé, j'ai eu le rapport et je l'ai copier sur word et enregistrer sur le bureau. Mais lorsque que j'ai voulu le rouvrir il me met ce message: 
"tentative d'opération non autorisée sur une clé de registre marquée pour suppression" 

Qu'est-ce que ça veut dire?

gen-hackman · Answer

redemarre ton pc et il n'en sera plus :)

mattk · Answer

Ah oui tu as raison! 
Voilà le rapport: 
ComboFix 11-05-02.03 - mathilde 02/05/2011  23:16:17.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium   6.0.6002.2.1252.33.1036.18.3069.1827 [GMT 1:00]
Lancé depuis: c:\users\mathilde\Desktop\Mattk.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5744\Downloads\162088e9-0b41-471a-947d-e6bfb7774266.dll
c:\programdata\PCDr\5744\Downloads\26671a7e-758b-4293-8191-e6b81368d7ac.dll
c:\programdata\PCDr\5744\Downloads\295a87df-c8df-47c1-8928-31d3bc55eae3.dll
c:\programdata\PCDr\5744\Downloads\2da1393a-9d2c-436b-a660-c3dd133e9836.dll
c:\programdata\PCDr\5744\Downloads\3060b7ae-c612-4b71-be9a-0721727ba831.dll
c:\programdata\PCDr\5744\Downloads\38db339b-86cf-40c4-86da-57495513b374.dll
c:\programdata\PCDr\5744\Downloads\3abc4f65-3752-4824-83cd-674c30d9f41c.dll
c:\programdata\PCDr\5744\Downloads\4128ef4c-5308-415e-947b-b523a115be2d.dll
c:\programdata\PCDr\5744\Downloads\4b07fd4d-6cb2-4166-8e08-7e3d0fb96a24.dll
c:\programdata\PCDr\5744\Downloads\5f66a5f6-96e8-487a-b1da-d49f4e9f0813.dll
c:\programdata\PCDr\5744\Downloads\61963b16-da7a-4faf-ba6b-14eb102d0df8.dll
c:\programdata\PCDr\5744\Downloads\654e4133-96c6-421b-9240-26a29538de3f.dll
c:\programdata\PCDr\5744\Downloads\69bf7709-6da5-40eb-b648-3731ebda143c.dll
c:\programdata\PCDr\5744\Downloads\69df3b5e-bee6-4786-8070-a683635a81cd.dll
c:\programdata\PCDr\5744\Downloads\70b66070-48fe-4fad-ac33-5f17042d5ee7.dll
c:\programdata\PCDr\5744\Downloads\7cfc7ddb-2ff0-41ad-a5d7-3e2c7c6da278.dll
c:\programdata\PCDr\5744\Downloads\890823c6-b297-4c5e-8839-80468e0508dc.dll
c:\programdata\PCDr\5744\Downloads\920b4bdb-56cb-44d8-b977-2de6535367f0.dll
c:\programdata\PCDr\5744\Downloads\94c1bf6e-ecf1-4c5d-ad15-1b8540879958.dll
c:\programdata\PCDr\5744\Downloads\a12cd2ff-9e6d-4d89-a010-63188cb6a861.dll
c:\programdata\PCDr\5744\Downloads\a2f393bb-92a1-4fda-a382-66896efa06dd.dll
c:\programdata\PCDr\5744\Downloads\b0ad9f03-890a-4558-bcd7-38c10ea44def.dll
c:\programdata\PCDr\5744\Downloads\c6bcc260-2097-4f4f-a0c3-098183f01ac5.dll
c:\programdata\PCDr\5744\Downloads\db49fe36-7c40-41f5-b9c1-5a7c3297c269.dll
c:\programdata\PCDr\5744\Downloads\db760e79-da96-4a2b-a687-8256c6e72fb6.dll
c:\programdata\PCDr\5744\Downloads\e3d50fea-9128-4ef0-9ea5-b4d74186612f.dll
c:\programdata\PCDr\5744\Downloads\f6b10855-5837-4857-9c20-c7b6a6dc2589.dll
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-04-02 au 2011-05-02  ))))))))))))))))))))))))))))))))))))
.
.
2011-05-02 22:28 . 2011-05-02 22:28	--------	d-----w-	c:\users\Default\AppData\Local	emp
2011-05-02 17:36 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 17:36 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-01 21:54 . 2011-05-01 21:54	--------	d-----w-	c:\users\mathilde\AppData\Local\{88E35A36-D71A-488C-B950-9DEBA16080F6}
2011-05-01 02:36 . 2011-05-01 03:02	--------	d-----w-	C:\UsbFix
2011-04-30 20:21 . 2011-04-30 20:21	--------	d-----w-	C:\Kill'em
2011-04-30 19:03 . 2011-04-30 19:03	--------	d-----w-	c:\program files\Ad-Remover
2011-04-30 16:03 . 2011-05-02 19:41	--------	d-----w-	c:\programdata\lM31000BjCkC31000
2011-04-29 11:55 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABE02DAE-CFE4-43FC-9DDF-14BB8471534A}\mpengine.dll
2011-04-27 12:51 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-27 12:51 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 12:51 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-14 14:03 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-14 09:38 . 2011-04-14 09:38	--------	d-----w-	c:\users\mathilde\Etranger
2011-04-12 18:01 . 2011-04-12 18:01	--------	d-----w-	c:\users\mathilde\AppData\Local\{E3F70CE5-EE54-4CD2-8D83-943B0751F197}
2011-04-09 20:59 . 2011-04-09 20:59	--------	d-----w-	c:\users\mathilde\AppData\Roaming\Malwarebytes
2011-04-09 20:59 . 2011-04-09 20:59	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-09 20:59 . 2011-05-02 17:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-06 06:59 . 2011-04-06 06:59	--------	d-----w-	c:\users\mathilde\AppData\Local\{57AC2C09-8F84-42EE-8EF6-51DB30359E65}
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 02:58 . 2011-05-01 02:40	32836	----a-w-	C:\UsbFix_Upload_Me_PC-DE-MATHILDE.zip
2011-04-18 17:25 . 2011-01-07 08:37	40112	----a-w-	c:\windows\avastSS.scr
2011-04-18 17:25 . 2008-10-05 20:09	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2011-03-02 07:59	441176	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:17 . 2008-10-05 20:09	307288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2008-10-05 20:09	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2008-10-05 20:09	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2008-10-05 20:09	53592	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:12 . 2008-10-05 20:09	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-03-09 18:36 . 2010-06-24 11:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-27 12:51	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 12:51	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 12:51	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 12:51	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-24 01:12 . 2011-02-24 01:12	653576	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-22 14:13 . 2011-03-23 10:58	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 10:58	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 10:58	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-02 17:11 . 2009-10-02 20:28	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-07-20 20:05 . 2009-12-14 23:19	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-20 30192]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"OA001Cfg.exe"="OA001Cfg.exe" [2008-07-28 32768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\mathilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-3-17 1207376]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist]
2008-09-23 14:11	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-20 30192]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-11-12 100224]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-06-26 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-03-14 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-23 16:25]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 20:43]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 20:43]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-216863160-1275855522-2206553457-1000Core.job
- c:\users\mathilde\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-11 19:04]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-216863160-1275855522-2206553457-1000UA.job
- c:\users\mathilde\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-11 19:04]
.
2011-04-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-05-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\mathilde\AppData\Roaming\Mozilla\Firefox\Profiles\lwk8nc5j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-BEWINTERNET-FR-DMGP-V2SessionManager - c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 23:28
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
.
C:\## aswSnx private storage
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1f8c2dbb-c4f4-48bb-ae2e-0ee608666be9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{838c0d03-76f8-40a7-a7b3-ad91ac4712e1}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001372
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b194e2d3-2bc1-4ec7-9525-de02e48d44cf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f002170
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{dba0bd33-91b7-4b4b-8bae-afdd8df7a1e9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c002269
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
Heure de fin: 2011-05-02  23:31:44
ComboFix-quarantined-files.txt  2011-05-02 22:31
.
Avant-CF: 58 905 120 768 octets libres
Après-CF: 60 211 322 880 octets libres
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 89F6341FD30E0D2DFB51A947C5243B60

gen-hackman · Answer

__________________________________________________ =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <= =>il est fort déconseillé de le transposer sur un autre ordinateur !<= ---------------------------------------------------------------------------- Toujours avec toutes les protections désactivées, fais ceci : ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) : ---------------------------------------------------------- KillAll:: Folder:: c:\programdata\lM31000BjCkC31000 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=- "iTunesHelper"=- "Adobe Reader Speed Launcher"=- "OA001Cfg.exe"=- Firefox:: FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1f8c2dbb-c4f4-48bb-ae2e-0ee608666be9}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{838c0d03-76f8-40a7-a7b3-ad91ac4712e1}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b194e2d3-2bc1-4ec7-9525-de02e48d44cf}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{dba0bd33-91b7-4b4b-8bae-afdd8df7a1e9}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}] ------------------------------------------------------------------ ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt ▶ Quitte le Bloc Notes ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier Mattk.exe ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu. ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

mattk · Answer

Voici le nouveau rapport: 

ComboFix 11-05-02.03 - mathilde 03/05/2011   0:20.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium   6.0.6002.2.1252.33.1036.18.3069.1964 [GMT 1:00]
Lancé depuis: c:\users\mathilde\Desktop\Mattk.exe
Commutateurs utilisés :: c:\users\mathilde\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\lM31000BjCkC31000
c:\programdata\lM31000BjCkC31000\lM31000BjCkC31000
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-04-02 au 2011-05-02  ))))))))))))))))))))))))))))))))))))
.
.
2011-05-02 23:28 . 2011-05-02 23:30	--------	d-----w-	c:\users\mathilde\AppData\Local	emp
2011-05-02 22:13 . 2011-05-02 22:31	--------	d-----w-	C:\Mattk
2011-05-02 17:36 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 17:36 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-01 21:54 . 2011-05-01 21:54	--------	d-----w-	c:\users\mathilde\AppData\Local\{88E35A36-D71A-488C-B950-9DEBA16080F6}
2011-05-01 02:36 . 2011-05-01 03:02	--------	d-----w-	C:\UsbFix
2011-04-30 20:21 . 2011-04-30 20:21	--------	d-----w-	C:\Kill'em
2011-04-30 19:03 . 2011-04-30 19:03	--------	d-----w-	c:\program files\Ad-Remover
2011-04-29 11:55 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABE02DAE-CFE4-43FC-9DDF-14BB8471534A}\mpengine.dll
2011-04-27 12:51 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-27 12:51 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 12:51 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-14 14:03 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-14 09:38 . 2011-04-14 09:38	--------	d-----w-	c:\users\mathilde\Etranger
2011-04-12 18:01 . 2011-04-12 18:01	--------	d-----w-	c:\users\mathilde\AppData\Local\{E3F70CE5-EE54-4CD2-8D83-943B0751F197}
2011-04-09 20:59 . 2011-04-09 20:59	--------	d-----w-	c:\users\mathilde\AppData\Roaming\Malwarebytes
2011-04-09 20:59 . 2011-04-09 20:59	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-09 20:59 . 2011-05-02 17:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-06 06:59 . 2011-04-06 06:59	--------	d-----w-	c:\users\mathilde\AppData\Local\{57AC2C09-8F84-42EE-8EF6-51DB30359E65}
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 02:58 . 2011-05-01 02:40	32836	----a-w-	C:\UsbFix_Upload_Me_PC-DE-MATHILDE.zip
2011-04-18 17:25 . 2011-01-07 08:37	40112	----a-w-	c:\windows\avastSS.scr
2011-04-18 17:25 . 2008-10-05 20:09	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2011-03-02 07:59	441176	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:17 . 2008-10-05 20:09	307288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2008-10-05 20:09	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2008-10-05 20:09	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2008-10-05 20:09	53592	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:12 . 2008-10-05 20:09	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-03-09 18:36 . 2010-06-24 11:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-27 12:51	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 12:51	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 12:51	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 12:51	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-24 01:12 . 2011-02-24 01:12	653576	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-22 14:13 . 2011-03-23 10:58	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 10:58	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 10:58	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-02 17:11 . 2009-10-02 20:28	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-07-20 20:05 . 2009-12-14 23:19	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-20 30192]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\mathilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-3-17 1207376]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist]
2008-09-23 14:11	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-20 30192]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-11-12 100224]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-06-26 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-03-14 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-23 16:25]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 20:43]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 20:43]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-216863160-1275855522-2206553457-1000Core.job
- c:\users\mathilde\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-11 19:04]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-216863160-1275855522-2206553457-1000UA.job
- c:\users\mathilde\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-11 19:04]
.
2011-04-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-05-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\mathilde\AppData\Roaming\Mozilla\Firefox\Profiles\lwk8nc5j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 00:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2011-05-03  00:39:32 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-05-02 23:39
ComboFix2.txt  2011-05-02 22:31
.
Avant-CF: 60 060 295 168 octets libres
Après-CF: 59 907 543 040 octets libres
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 69D94B9D8835C2317E138F59167A2C80

gen-hackman · Answer

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

c:\program files\dell support center\pcdsrvc.pkms     

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s)  dans ta prochaine réponse.

mattk · Answer

C'est le même que l'a dernière fois il n'avait rien trouvé: 

gen-hackman - 2 mai 2011 à 00:11 

Fais analyser le(s) fichier(s) suivants sur Virustotal : 

Virus Total 

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) : 

c:\Program Files\Dell Support Center\pcdsrvc.pkms 


Voilà le résultat pour total virus: 

https://www.virustotal.com/gui/

gen-hackman · Answer

ok c'est bon j'ai ce que je voulais savoir :)

refais OTL

mattk · Answer

Cool! ^^ 
Peux tu m'expliquer ce qu'on fait exactement maintenant, où ce qu'on cherche? Moi je suis un peu (beaucoup) perdu! Lol :)

Voilà les rapports: 

Extra: 
http://www.cijoint.fr/cjlink.php?file=cj201105/cijIlNOPUC.txt

Otl: 
http://www.cijoint.fr/cjlink.php?file=cj201105/cij3cNbF5w.txt

gen-hackman · Answer

j'ai l'impression que l'infection se relance

reessaie ca en mode sans echec

https://forums.commentcamarche.net/forum/affich-21976824-ms-removal-tool-virus?full#61

mattk · Answer

Ah pas super alors... 

Désolé je t'en demande beaucoup... Peux tu expliquer comment lancer le mode sans échec déjà?

gen-hackman · Answer

Comment aller en Mode sans échec :

&#9654 Redémarres ton ordi 
&#9654 Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
&#9654 Tu verras un écran avec options de démarrage apparaître 
&#9654 Choisis la première option : Sans Échec, et valide avec "Entrée"

mattk · Answer

Désolé pour hier soir. Tout c'est bien passé, ça à l'air de les avoirs suprimer cette fois ci. Mais quand j'ai redémarré mon ordi je n'avais plus accès à internet. Je ne sais pas si c'est le réseau de la résidence ou pas. Et Internet explorer que j'avais supprimer car je ne l'utilise pas c'est installé tout seul?

Enfin voilà c'est bizarre. Le rapport est le suivant: 

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BEWINTERNET-FR-DMGP-V2SessionManager not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DellSupportCenter not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iTunesHelper not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\DellSupportCenter not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\swg deleted successfully.
========== FILES ==========
C:\Users\mathilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk moved successfully.
C:\Users\mathilde\Desktop\malwarebytes-anti-malware_malwarebytes_anti-malware_1.50_francais_215092.exe moved successfully.
File\Folder C:\ProgramData\lM31000BjCkC31000 not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56543 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: mathilde
->Temp folder emptied: 599755 bytes
->Temporary Internet Files folder emptied: 105613513 bytes
->Java cache emptied: 65382127 bytes
->FireFox cache emptied: 116115787 bytes
->Google Chrome cache emptied: 23386790 bytes
->Apple Safari cache emptied: 1772544 bytes
->Flash cache emptied: 205480 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 1184 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 299,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05032011_020043

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

gen-hackman · Answer

tu veux dire :

l'ordi en mode normal n'a plus de connection internet ?

mattk · Answer

Oui il n'en avait plus mais c'est revenu ce matin!

gen-hackman · Answer

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

c:\windows\system32\conime.exe  

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s)  dans ta prochaine réponse.

mattk · Answer

Il a aussi déjà été analysé: 

http://www.virustotal.com/file-scan/reanalysis.html?id=2e661732f83521ab1e33749de7e1478a05bc182b14f101531e908b1b555aca18-1304417801

gen-hackman · Answer

ok quels soucis persistent ?

mattk · Answer

Euh plus rien, je crois! internet est revenu et semble bien fonctionner! ^^

gen-hackman · Answer

Pour nettoyer les outils utilsés et mieux sécuriser ton pc -------------------------------------------------------------- Je t'invite à suivre ce tutoriel pour le final il inclut ♦ du nettoyage après desinfection ♦ des mises à jour pour combler des failles de securité de logiciels importants non mis à jour ▶ et enfin quelques conseils à suivre afin que la protection soit plus efficace _________________________________________________ Telecharge ici : PureRa (par l'editeur de JavaRa) Lance-le (clic droit "executer en tant qu'administrateur" pour Vista/7) => Configuration clique sur "Clean" L'outil va faire son scan puis son nettoyage à la fin du rapport tu auras une ligne comme ca : Total space cleaned: 8140878 bytes transmets juste cette ligne , le reste importe peu __________________________________________________ Si nous avons utilisé Defogger et cliqué sur "disable" , tu peux le "reenable" __________________________________________________ ▶ Télécharge DelFix sur ton bureau. ▶ Lance le, tape suppression puis valide Patiente pendant le scan jusqu'à l'ouverture du rapport. ▶ Copie/Colle le contenu du rapport dans ta prochaine réponse. Note : Le rapport se trouve également sous C:\DelFix.txt tu peux le desinstaller ___________________________________________________ ▶ Télécharge :ATF Cleaner par Atribune Ferme tous tes navigateurs Double-clique (clic droit "en tant qu'administrateur" pour Vista) ATF-Cleaner.exe afin de lancer le programme. Sous l'onglet Main, choisis : Select All Clique sur le bouton Empty Selected Si tu utilises le navigateur Firefox : Clique Firefox au haut et choisis : Select All Clique le bouton Empty Selected a NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité. Si tu utilises le navigateur Opera : Clique Opera au haut et choisis : Select All Clique le bouton Empty Selected NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité. Clique Exit, du menu prinicipal, afin de fermer le programme. Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus. __________________________________________________ ▶ Tu peux garder ATF pour d'eventuels nettoyages un peu plus poussés __________________________________________________ ▶ Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) : * Lance-le.(clic droit "en tant qu'administrateur" pour Vista) => Configuration fais le nettoyage dans le registre et dans le nettoyeur autant de fois qu'il trouve des choses à l analyse __________________________________________________ Attention : ne pas toucher au PC pendant qu'il travaille ! ▶ Nettoyage et Défragmentation de tes Disques *Nettoyage : Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" Cliques sur le bouton "nettoyage de disque", OK tu le fais pour chacun de tes disques ________________________________________________ *Vérifications des erreurs : Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" "Vérifier maintenant", une boîte s'ouvre, cocher les cases : -réparer automatiquement les erreurs... -rechercher et tenter une récupération... --->Démarrer, ok Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal tu le fais pour chacun de tes disques ________________________________________________ ensuite toujours dans le même onglet tu choisis : *Défragmentation : "défragmenter maintenant", OK une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK tu le fais pour chacun de tes disques _______________________________________________ Note : si tu as un utilitaire pour défragmenter , utilises le à la place pour ce faire Defraggler est proposé _________________________________________________ ▶ Peux-tu vérifier ta Console Java ? : et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version). voici pour desinstaller : JavaRa Décompresse le fichier sur le Bureau (Clic droit > Extraire tout). * Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa. * Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher). * Choisis Français puis clique sur Select. * Clique sur Recherche de mises à jour. * Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher. * Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes. * L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions. * Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK. * Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse. * Ferme l'application. Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log. _________________________________________________ ▶ Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure) et pense à decocher l'installation de McAfee proposée discrêtement __________________________________________________ ▶ Je te conseille si tu n en as pas , afin de mieux securiser ton pc , d'installer un parefeu : Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO https://www.commentcamarche.net/telecharger/securite/16545-online-armor-personal-firewall/ https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html https://forum.pcastuces.com/sujet.asp?f=25&s=35606 https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html https://manuelsdaide.com/contact/ http://www.open-files.com/forum/index.php?showtopic=29277 https://www.commentcamarche.net/telecharger/securite/24863-zonealarm/ ___________________________________________________ ▶ Tu peux aussi vider ta corbeille,quoi que Ccleaner le fasse tout seul _____________________________________________________ ▶ Si nous avons utilisé MalwareByte's Anti-Malware , vide sa quarantaine : * Lance le programme puis clique sur . * Sélectionne tous les éléments puis clique sur . * Quitte le programme. ______________________________________________________ ▶ si tu as installé Antivir : Configuration ________________________________________________________ ▶ Idem pour ton antivirus : vide sa quarantaine si ce n'est pas déjà fait ______________________________________________________ ▶ Désactive et réactive la restauration de système, pour cela : suis les instructions du lien : Lien XP Lien Vista ▶ Sitôt fait , recrées un point de restoration dit "sain" pour parer à quelques eventuels problêmes dans le futur ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quelques conseils et recommandations pour l'avenir : ▶ Passe un coup de MalwareByte's Anti-Malware de temps en temps (1 fois par semaine , suivant l'utilisation que tu fais de ton PC. ▶ Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser. * Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise)) _____________ ▶ Pour bien protéger ton PC : [1 seul Antivirus] + [1 seul Pare feu] + [Un bon Antispyware] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows et Windows live Messenger)] Je te conseille d'installer cette extension pour Firefox pour securiser ton surf : WOT Je te conseille d'installer cette extension pour Internet Explorer pour securiser ton surf : WOT PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect.... Les virus utilisent les failles de ton PC pour infecter un système à lire aussi Et ceci ▶ dans le souhait de vouloir desinstaller un antivirus au profit d'un autre , voici quelques liens : Desinstaller Avast Desinstaller BitDefender Desinstaller Norton Desinstaller Kaspersky Desinstaller AVG ou tout en un : Désinstallation Antivirus , Parefeu , Antispyware _____________ ▶ Si tu as Vista n'oublie pas de réactiver le controle des comptes des utilisateurs(UAC) ___________ ▶ si nous avons affiché les fichiers cachés , n'oublies pas de les remettre en attribut "caché" ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage * - Décoche Afficher les fichiers et dossiers cachés * - coche Masquer les extensions des fichiers dont le type est connu * - coche Masquer les fichiers protégés du système d'exploitation (recommandé) ▶ clique sur Appliquer, puis OK. ____________ Voila, Bonne lecture, à bientot , une fois tout ceci fait, tu peux mettre le topic en resolu Bonne continuation et surtout , prudence et bon surf :)

mattk · Answer

Voilà la ligne du rapport: 
Total space cleaned: 1636143908 bytes

Pour Defogger j'avais déjà fait "reenable" avant?

gen-hackman · Answer

non je ne pense pas :)

mattk · Answer

Euh si si!! Je m'en souviens! Est-ce embêtant? :s

gen-hackman · Answer

non

mattk · Answer

oki cool! ^^

mattk · Answer

Bon je continu la grande liste que tu m'as donné! ^^ 
Je vais connaître mon ordi de fond en comble à la fin!! 

Voici le rapport de Delfix: 

# DelFix v7.8 - Rapport créé le 03/05/2011 à 11:55
# Mis à jour le 02/05/11 à 18h par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium (32 bits) [version 6.0.6002] Service Pack 2
# Nom d'utilisateur : mathilde - PC-DE-MATHILDE (Administrateur)
# Exécuté depuis : C:\Users\mathilde\Desktop\delfix.exe
# Option [Suppression]


~~~~~~ Dossier(s) ~~~~~~

-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\_OTL
-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Kill'em
-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\USBFix
Supprimé : C:\Program Files\Ad-Remover

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\Users\mathilde\Desktop\Mattk.exe <-- Combofix
Supprimé : C:\Ad-Report-CLEAN[1].txt
Supprimé : C:\ComboFix.txt
Supprimé : C:\UsbFix.txt
Supprimé : C:\UsbFix_Upload_Me_PC-DE-MATHILDE.zip
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\sed.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\zip.exe
Supprimé : C:\Users\mathilde\Desktop\AD-R.lnk
Supprimé : C:\Users\mathilde\Desktop\ComboFix 11.docx
Supprimé : C:\Users\mathilde\Desktop\Defogger.exe
Supprimé : C:\Users\mathilde\Desktop\defogger_disable.log
Supprimé : C:\Users\mathilde\Desktop\defogger_enable.log
Supprimé : C:\Users\mathilde\Desktop\OTL 2.docx
Supprimé : C:\Users\mathilde\Desktop\OTL Personnalisation.docx
Supprimé : C:\Users\mathilde\Desktop\OTL.exe
Supprimé : C:\Users\mathilde\Desktop\OTL3.txt

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\SOFTWARE\Ad-Remover
Clé Supprimée : HKCU\SOFTWARE\USBFix
Clé Supprimée : HKLM\Software\OldTimer Tools
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
ACL [0] -> [7] & Clé Supprimée : HKLM\SOFTWARE\Swearware

~~~~~~ Autre ~~~~~~

-> Prefetch vidé

########## EOF - "C:\DelFixSuppr.txt" - [2375 octets] ##########

gen-hackman · Answer

impec :)

mattk · Answer

Ah je ne parviens pas à télécharger ccleaner?

mattk · Answer

Ah nan c'est bon le deuxieme serveur à fonctionné

mattk · Answer

Pour c cleaner lorsque qu'on fait la config, dans l'onglet application j'en ai en plus: 
tel que safari: selectionnés: cache, historique, cookies
Google chrome: cache historique cookies histo telechargement et session
Adobe 
google earth
et d'autres..

dois je y toucher?

mattk · Answer

Autre petite question pour etre sur: quand je m'occupe du registre il se met à  chercher des erreurs. quand il a finit  je clic sur les corriger c'est bien ça?

mattk · Answer

Wouah la défragmentation et la vérification des erreurs etaient longue!! 
Voilà le rapport de Java:
JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed May 04 15:03:10 2011

Found and removed: C:\Users\mathilde\AppData\LocalLow\Sun\Java\jre1.6.0_11

Found and removed: C:\Users\mathilde\AppData\LocalLow\Sun\Java\jre1.6.0_13

Found and removed: C:\Users\mathilde\AppData\LocalLow\Sun\Java\jre1.6.0_15

Found and removed: C:\Users\mathilde\AppData\LocalLow\Sun\Java\jre1.6.0_17

Found and removed: C:\Users\mathilde\AppData\LocalLow\Sun\Java\jre1.6.0_19

Found and removed: C:\Users\mathilde\AppData\LocalLow\Sun\Java\jre1.6.0_20

Found and removed: C:\Users\mathilde\AppData\LocalLow\Sun\Java\jre1.6.0_21

Found and removed: C:\Users\mathilde\AppData\LocalLow\Sun\Java\jre1.6.0_22

Found and removed: C:\Users\mathilde\AppData\LocalLow\Sun\Java\jre1.6.0_23

Found and removed: C:\Windows\_delis43.ini

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\JavaSoft\Java Update

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\JRE\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

gen-hackman · Answer

jolie collection :)

mattk · Answer

Merci :)

Ms removal tool virus

94 réponses

Discussions similaires

Newsletters