Un autre cas de A360 et Antiviruspro 2009...

Résolu
Etienne -  
 Etienne -
Bonjour,

J'ai l'immense bonheur (blarg...) d'être un autre infecté...

En plus, je ne peux pas accéder à 95% des pages qui traitent du sujet, tant à travers IE que Firefox. Je suis un peu dépassé, quoi... J'avais tout de même réussi à me débarasser d'un virus semblable il y a quelques mois, mais rien n'y fait cette fois-ci. Et puisque je ne peux pas accéder à la majorité des sites traitant d'antivirus/spyware/malware et compagnie, et que je peux encore moins télécharger des programmes utiles...

Enfin, au moins, j'avais déjà HijackThis sur mon ordi, et voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:43, on 2008-12-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CD Anywhere Launcher] "C:\Program Files\CDAnywhere_Free\insdrive.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [svschost.exe] C:\WINDOWS\system32\svschost.exe -check
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://sso.epost.ca/pkmsvouchfor?CPG_eCommunity&https://www.epost.ca/printing/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 5990 bytes

Merci d'avance !
Configuration: Windows XP
Firefox 2.0.0.18

33 réponses

  • 1
  • 2
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Tu n'as pas suivi la procédure.
    1
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Etienne, Etienne, Etienne, Oh ! Tiens-le bien...

    - Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    - Double-clique sur RSIT.exe afin de lancer le programme.

    - Clique sur Continue à l'écran Disclaimer.

    - Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    - Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
    0
  3. Etienne
     
    Ah ben, c'est le problème (ou enfin, un des problèmes)... Je ne peux pas télécharger le fichier. J'obtiens toujours un message comme quoi la connexion a échoué, autant sur Firefox que sur IE. D'après ce que j'ai pu lire, c'est un effet d'un de ces deux malwares et non un réel problème avec la connection.

    Est-ce que c'est un gros fichier ? Est-ce que quelqu'un aurait la gentillesse de m'offrir un lien alternatif ou de me l'envoyer par courriel ?
    0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    http://sd-1.archive-host.com/membres/up/3288717712384394/RSIT.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Etienne
     
    Génial, merci !

    Alors, pour log.txt :

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Administrateur at 2008-12-15 19:13:22
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 693 MB (4%) free of 19 GB
    Total RAM: 767 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:13:36, on 2008-12-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\svschost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\WINDOWS\system32\svñshost.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\A360\av360.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Download\Administrateur.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [CD Anywhere Launcher] "C:\Program Files\CDAnywhere_Free\insdrive.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [svschost.exe] C:\WINDOWS\system32\svschost.exe -check
    O4 - HKCU\..\Run: [09523894237974157637522255400082] C:\Program Files\A360\av360.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://sso.epost.ca/pkmsvouchfor?CPG_eCommunity&https://www.epost.ca/printing/smsx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge SDFix (créé par AndyManchesta) sur ton Bureau :
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    - Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    - Redémarre ton ordinateur en mode sans échec.

    ---> Pour redémarrer en mode sans échec :
    - Redémarre ton PC.
    - Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
    - Dans le menu d'options avancées, choisis Mode sans échec.
    - Choisis ta session.

    ---> Déroule la liste des instructions ci-dessous :
    - Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
    - Appuie sur Y pour commencer le processus de nettoyage.
    - Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    - Appuie sur une touche pour redémarrer le PC.
    - Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    - Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    - Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    - Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    - Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
    0
  8. Etienne
     
    Je déteste te faire travailler autant, mais ça me joue la même farce de connexion ratée lorsque je veux télécharger cet autre programme...
    0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    http://sd-1.archive-host.com/membres/up/3288717712384394/SDFix.exe
    0
  10. Etienne
     
    Merci beaucoup pour ton aide.

    Voilà :

    [b]SDFix: Version 1.240 [/b]
    Run by Administrateur on 2008-12-15 at 20:38

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\Program Files\Microsoft Common\svchost.exe - Deleted
    C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk - Deleted
    C:\WINDOWS\system32\svschost.exe - Deleted
    C:\WINDOWS\system32\TDSSfpmp.dll - Deleted
    C:\WINDOWS\system32\TDSSosvd.dat - Deleted
    C:\WINDOWS\system32\TDSSrhym.log - Deleted
    C:\WINDOWS\system32\TDSStkdv.log - Deleted

    Could Not Remove C:\WINDOWS\system32\TDSSoexh.dll
    Could Not Remove C:\WINDOWS\system32\TDSSnrsr.dll
    Could Not Remove C:\WINDOWS\system32\TDSSriqp.dll
    Could Not Remove C:\WINDOWS\system32\TDSScfub.dll

    Folder C:\Program Files\Microsoft Common - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 21:03:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    disk error: C:\WINDOWS\system32\config\system, 0
    scanning hidden registry entries ...

    disk error: C:\WINDOWS\system32\config\software, 0
    disk error: C:\Documents and Settings\Administrateur\ntuser.dat, 0
    scanning hidden files ...

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP"
    "C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
    "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Disabled:HP Software Update Client"
    "C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Documents and Settings\\Administrateur\\Mes documents\\Skating\\ISUScoreFS.exe"="C:\\Documents and Settings\\Administrateur\\Mes documents\\Skating\\ISUScoreFS.exe:*:Enabled:ISUScoreFS"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Connecteur Wi-Fi USB Nintendo"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [b]Remaining Files [/b]:

    C:\WINDOWS\system32\TDSSoexh.dll Found
    C:\WINDOWS\system32\TDSSnrsr.dll Found
    C:\WINDOWS\system32\TDSSriqp.dll Found
    C:\WINDOWS\system32\TDSScfub.dll Found

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Thu 19 May 2005 80 ..SHR --- "C:\WINDOWS\system32\CF54F25835.dll"
    Fri 5 Mar 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 5 Mar 2004 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
    Thu 7 Aug 2008 25,088 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0001.tmp"
    Thu 6 Jan 2005 66,048 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0002.tmp"
    Tue 29 Apr 2008 64,000 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0004.tmp"
    Fri 8 Aug 2008 25,600 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0005.tmp"
    Wed 30 Apr 2008 62,976 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0111.tmp"
    Wed 30 Apr 2008 63,488 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0193.tmp"
    Wed 30 Apr 2008 62,976 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0298.tmp"
    Fri 8 Aug 2008 28,160 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0334.tmp"
    Thu 6 Jan 2005 67,584 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0434.tmp"
    Fri 8 Aug 2008 27,648 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0469.tmp"
    Tue 9 Nov 2004 19,456 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0864.tmp"
    Wed 30 Apr 2008 63,488 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0876.tmp"
    Fri 8 Aug 2008 26,112 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL0898.tmp"
    Wed 30 Apr 2008 63,488 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL1232.tmp"
    Wed 30 Apr 2008 62,976 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL1348.tmp"
    Thu 6 Jan 2005 68,096 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL1865.tmp"
    Fri 8 Aug 2008 27,648 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL2175.tmp"
    Fri 8 Aug 2008 26,112 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL3248.tmp"
    Fri 8 Aug 2008 29,184 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL3355.tmp"
    Wed 30 Apr 2008 63,488 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL3757.tmp"
    Wed 30 Apr 2008 63,488 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL3846.tmp"
    Fri 8 Aug 2008 25,088 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\UQ·M\~WRL3923.tmp"
    Sun 27 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Mon 27 Oct 2008 74,752 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\Cegep-Etienne\Maisonneuve\102\~WRL0005.tmp"
    Wed 19 Sep 2007 46,592 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\Skating\CANSKATE\2007-2008\Tuesday\~WRL0002.tmp"

    [b]Finished![/b]
    0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    C'est le rootkit TDSSServ.

    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Je te conseille vivement d'installer la Console de récupération.

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\Combofix.txt

    Tutoriel officiel :
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  12. Etienne
     
    Eh bien, y a du progrès ! J'ai pu télécharger ce fichier directement.

    Voilà le log :

    ComboFix 08-12-15.04 - Administrateur 2008-12-15 21:56:18.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.767.462 [GMT -5:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Internet Explorer\fxavx.ini
    c:\windows\system32\drivers\TDSSpaxt.sys
    c:\windows\system32\TDSScfub.dll
    c:\windows\system32\TDSSfpmp.dll
    c:\windows\system32\TDSSnmxh.log
    c:\windows\system32\TDSSnrsr.dll
    c:\windows\system32\TDSSoexh.dll
    c:\windows\system32\TDSSosvd.dat
    c:\windows\system32\TDSSrhym.log
    c:\windows\system32\TDSSriqp.dll
    c:\windows\system32\TDSSsbhc.dll
    c:\windows\system32\TDSStkdv.log
    C:\xcrashdump.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSSERV.SYS
    -------\Legacy_TDSSSERV.SYS

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-15 20:21 . 2008-12-15 20:22 <REP> d-------- c:\windows\ERUNT
    2008-12-15 20:16 . 2008-12-15 21:03 <REP> d-------- C:\SDFix
    2008-12-15 19:13 . 2008-12-15 19:13 <REP> d-------- C:\rsit
    2008-12-15 08:28 . 2008-12-15 08:28 93,696 --a------ c:\windows\system32\svñshost.exe
    2008-12-14 08:10 . 2008-12-14 08:09 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-16 02:54 --------- d-----w c:\documents and settings\Administrateur\Application Data\WTablet
    2008-12-16 02:53 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
    2008-12-15 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-12-14 13:09 --------- d-----w c:\program files\Java
    2008-12-11 15:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\Canon
    2008-12-08 04:48 --------- d-----w c:\documents and settings\Administrateur\Application Data\FileZilla
    2008-12-03 16:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
    2008-11-06 20:47 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
    2008-11-06 20:46 --------- d-----w c:\program files\Lavasoft
    2008-11-06 20:46 --------- d-----w c:\documents and settings\Administrateur\Application Data\Lavasoft
    2008-11-06 20:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2008-11-03 14:04 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-11-03 14:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\AdobeUM
    2008-10-31 22:54 --------- d-----w c:\program files\MSECache
    2008-10-30 14:17 --------- d-----w c:\program files\LimeWire
    2008-10-27 23:42 --------- d-----w c:\program files\Snapshot Viewer
    1996-03-25 02:15 8,579 -c--a-w c:\program files\DYNAMIX.NFO
    1995-08-02 06:19 294,520 -c--a-w c:\program files\_INST32I.EX_
    1995-07-31 22:25 30,778 -c--a-w c:\program files\_SETUP.LIB
    1995-06-12 06:07 9,728 -c--a-w c:\program files\_SETUP.DLL
    2008-11-21 17:43 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-11-21 17:43 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-11-21 17:43 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-11-21 17:43 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-11-21 17:43 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2005-05-19 22:00 80 -csh--r c:\windows\system32\CF54F25835.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2005-04-01 86016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
    "CD Anywhere Launcher"="c:\program files\CDAnywhere_Free\insdrive.exe" [2006-11-09 45056]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-04-01 5562368]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
    "AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-14 655360]
    "nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-03 113664]
    D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Lancer l'utilitaire d'enregistrement.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-06-07 1073152]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i263_32.drv
    "vidc.iv41"= ir41_32.dll
    "VIDC.I263"= i263_32.drv
    "msacm.ac3filter"= ac3filter.acm
    "vidc.hfyu"= huffyuv.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-23 97928]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-23 231704]
    S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows\system32\DRIVERS\WebSTAR.sys [2001-12-17 15417]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{113e3366-5bf5-11dd-ad3b-001311bc4f3c}]
    \Shell\AutoRun\command - H:\Autorun.exe /run
    \Shell\Shell00\Command - H:\Autorun.exe /run
    \Shell\Shell01\Command - H:\Autorun.exe /action
    \Shell\Shell02\Command - H:\Autorun.exe /uninstall

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-PicoZip - c:\program files\PicoZip\PicoZipTray.exe
    HKCU-Run-svschost.exe - c:\windows\system32\svschost.exe
    HKCU-Run-09523894237974157637522255400082 - c:\program files\A360\av360.exe
    HKLM-Run-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
    HKLM-Run-RegistryMechanic - (no file)

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.com
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    mStart Page = hxxp://www.google.com

    - c:\windows\Downloaded Program Files\smsx.inf
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\hrizb4hn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 22:00:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
    "imagepath"="\systemroot\system32\drivers\TDSSpaxt.sys"
    .
    Heure de fin: 2008-12-15 22:03:42
    ComboFix-quarantined-files.txt 2008-12-16 03:02:36

    Avant-CF: 551,981,056 octets libres
    Après-CF: 571,449,344 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

    171 --- E O F --- 2008-01-26 01:41:47
    0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    --> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    --> Lance l'installation avec les paramètres par défaut.

    --> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

    --> Double-clique sur le raccourci UsbFix sur ton Bureau.

    --> Choisis l'option 1 (Nettoyage).

    --> Le PC va redémarrer.

    --> Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
    0
  14. Etienne
     
    Alors voilà... Ça m'a donné deux messages d'erreur durant le scan, j'ai simplement fait "continuer" sur les deux ("réessayer" me retournait le même message d'erreur).

    -------------- UsbFix V2.413.4 ---------------

    * User : Administrateur - OUALAWOUZOU
    * Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
    * Recherche effectuée à 22:20:42 le 2008-12-15
    * Windows Xp - Internet Explorer 7.0.5730.13

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp\b2e.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    D: - Lecteur de CD-ROM

    E: - Lecteur de CD-ROM

    G: - Lecteur fixe

    +- Contenu de l'autorun : D:\autorun.inf

    [autorun]
    open=autorun.exe
    icon=autoplay.ico

    [CONFIG]
    BITMAP=L2.bmp ; bitmap you wish to show in the autoplay dialog box
    EXENAME=Lords2.exe ; executable you wish to invoke from the play button
    INSTKEY=Lords2 ; section name that autorun will check to see if app has already
    ; been installed.

    +- Contenu de l'autorun : E:\autorun.inf

    [autorun]
    OPEN=SETUP.EXE
    ICON=WAR2BNE.ICO

    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe

    +- Listing des fichiers présents :

    [2004-03-01 17:05][--a------] C:\AUTOEXEC.BAT
    [2004-03-01 17:05][--a------] C:\WINDOWSdun.bat
    [2004-10-03 09:21][-rahs----] C:\NTDETECT.COM
    [2005-10-31 10:56][--a------] C:\StubInstaller.exe
    [2008-12-15 21:50][-rahs----] C:\boot.ini
    [2008-12-15 22:03][--a------] C:\ComboFix.txt
    [2008-12-15 22:03][--a------] C:\smitfiles.txt
    [2008-12-15 22:03][--a------] C:\UsbFix.txt
    [2004-03-01 17:05][--a------] C:\CONFIG.SYS
    [2004-03-01 17:05][--a------] C:\hiberfil.sys
    [2004-03-01 17:05][--a------] C:\IO.SYS
    [2004-03-01 17:05][--a------] C:\MSDOS.SYS
    [2004-03-01 17:05][--a------] C:\pagefile.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur de CD-ROM

    +- Listing des fichiers présents :

    [1996-11-07 06:13][-r-------] D:\INSTALL.BAT
    [1998-05-27 06:08][-r-------] D:\autorun.exe
    [1998-05-27 06:08][-r-------] D:\SETUP.EXE
    [1998-05-27 06:08][-r-------] D:\_ISDEL.EXE
    [1998-11-04 07:18][-r-------] D:\SETUP.INI
    [1998-08-03 12:57][-r-------] D:\autorun.inf
    [1998-08-03 12:57][-r-------] D:\LANGUAGE.INF
    [1998-08-03 12:57][-r-------] D:\lords2.inf
    [1998-08-03 12:57][-r-------] D:\sierra.inf
    [1999-02-12 06:45][-r-------] D:\readme.txt

    --------------- [ Lecteur E ] ----------------

    E: - Lecteur de CD-ROM

    +- Listing des fichiers présents :

    [2000-01-20 11:14][-r-------] E:\INSTALL.EXE
    [2000-01-20 11:14][-r-------] E:\SETUP.EXE
    [1999-09-23 17:38][-r-------] E:\AUTORUN.INF

    --------------- [ Lecteur G ] ----------------

    G: - Lecteur fixe

    +- Listing des fichiers présents :

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
    HPHUPD08=C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    CD Anywhere Launcher="C:\Program Files\CDAnywhere_Free\insdrive.exe"
    NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz=nwiz.exe /install
    NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
    AdaptecDirectCD="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{113e3366-5bf5-11dd-ad3b-001311bc4f3c}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Echec de la supression !! - [1998-08-03 12:57] D:\autorun.inf
    Echec de la supression !! - [1998-05-27 06:08] D:\autorun.exe
    Echec de la supression !! - [1998-08-03 12:57] D:\autorun.inf
    Echec de la supression !! - [1998-08-03 12:57] D:\autorun.inf
    Echec de la supression !! - [1999-09-23 17:38] E:\autorun.inf
    Echec de la supression !! - [2000-01-20 11:14] E:\install.exe
    Echec de la supression !! - [1999-09-23 17:38] E:\autorun.inf
    Echec de la supression !! - [1999-09-23 17:38] E:\autorun.inf

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre interprété par un spécialiste /!\

    [2004-03-01 17:05][--a------] C:\AUTOEXEC.BAT
    [2004-03-01 17:05][--a------] C:\WINDOWSdun.bat
    [2004-10-03 09:21][-rahs----] C:\NTDETECT.COM
    [2005-10-31 10:56][--a------] C:\StubInstaller.exe
    [2008-12-15 21:50][-rahs----] C:\boot.ini
    [1996-11-07 06:13][-r-------] D:\INSTALL.BAT
    [1998-05-27 06:08][-r-------] D:\autorun.exe
    [1998-05-27 06:08][-r-------] D:\SETUP.EXE
    [1998-05-27 06:08][-r-------] D:\_ISDEL.EXE
    [1998-11-04 07:18][-r-------] D:\SETUP.INI
    [1998-08-03 12:57][-r-------] D:\autorun.inf
    [1998-08-03 12:57][-r-------] D:\LANGUAGE.INF
    [1998-08-03 12:57][-r-------] D:\lords2.inf
    [1998-08-03 12:57][-r-------] D:\sierra.inf
    [2000-01-20 11:14][-r-------] E:\INSTALL.EXE
    [2000-01-20 11:14][-r-------] E:\SETUP.EXE
    [1999-09-23 17:38][-r-------] E:\AUTORUN.INF

    --------------- ! Fin du rapport ! ----------------
    0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    1/

    ---> Désinstalle UsbFix.

    2/

    /!\ Seul Etienne peut suivre cette procédure /!\

    1/

    ---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

    ---> Copie le texte ci-dessous par sélection puis Ctrl+C :

    KillAll::

    File::
    c:\windows\system32\svñshost.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]

    ---> Colle la sélection dans le bloc-notes

    ---> Enregistre ce fichier sur le bureau (Impératif)

    ---> Nom du fichier : CFScript
    ---> Type du fichier : tous les fichiers
    ---> Clique sur Enregistrer
    ---> Quitte le bloc-notes

    3/

    ---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
    http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

    [*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

    [*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.

    [*] Une fois le scan achevé, un rapport va s'afficher : poste-le

    [*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
    0
  16. Etienne
     
    ComboFix 08-12-15.04 - Administrateur 2008-12-15 22:49:35.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.767.417 [GMT -5:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-15 22:13 . 2008-12-15 22:46 <REP> d-------- C:\Program Files\UsbFix
    2008-12-15 20:21 . 2008-12-15 20:22 <REP> d-------- C:\WINDOWS\ERUNT
    2008-12-15 20:16 . 2008-12-15 21:03 <REP> d-------- C:\SDFix
    2008-12-15 19:13 . 2008-12-15 19:13 <REP> d-------- C:\rsit
    2008-12-15 08:28 . 2008-12-15 08:28 93,696 --a------ C:\WINDOWS\system32\svñshost.exe
    2008-12-14 08:10 . 2008-12-14 08:09 410,984 --a------ C:\WINDOWS\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-16 03:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\WTablet
    2008-12-16 02:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
    2008-12-15 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-12-14 13:09 --------- d-----w C:\Program Files\Java
    2008-12-11 15:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon
    2008-12-08 04:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FileZilla
    2008-12-03 16:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-11-06 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-11-06 20:46 --------- d-----w C:\Program Files\Lavasoft
    2008-11-06 20:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Lavasoft
    2008-11-06 20:43 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-11-03 14:04 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-11-03 14:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM
    2008-10-31 22:54 --------- d-----w C:\Program Files\MSECache
    2008-10-30 14:17 --------- d-----w C:\Program Files\LimeWire
    2008-10-27 23:42 --------- d-----w C:\Program Files\Snapshot Viewer
    1996-03-25 02:15 8,579 -c--a-w C:\Program Files\DYNAMIX.NFO
    1995-08-02 06:19 294,520 -c--a-w C:\Program Files\_INST32I.EX_
    1995-07-31 22:25 30,778 -c--a-w C:\Program Files\_SETUP.LIB
    1995-06-12 06:07 9,728 -c--a-w C:\Program Files\_SETUP.DLL
    2008-11-21 17:43 67,696 ----a-w C:\Program Files\mozilla firefox\components\jar50.dll
    2008-11-21 17:43 54,376 ----a-w C:\Program Files\mozilla firefox\components\jsd3250.dll
    2008-11-21 17:43 34,952 ----a-w C:\Program Files\mozilla firefox\components\myspell.dll
    2008-11-21 17:43 46,720 ----a-w C:\Program Files\mozilla firefox\components\spellchk.dll
    2008-11-21 17:43 172,144 ----a-w C:\Program Files\mozilla firefox\components\xpinstal.dll
    2005-05-19 22:00 80 -csh--r C:\WINDOWS\system32\CF54F25835.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-15_22.01.19.66 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-12-16 03:20:07 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_330.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2005-04-01 16:16 86016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
    "HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 11:35 49152]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-14 08:09 136600]
    "CD Anywhere Launcher"="C:\Program Files\CDAnywhere_Free\insdrive.exe" [2006-11-09 00:10 45056]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16 5562368]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-27 10:29 1261336]
    "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-14 11:34 655360]
    "nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 18:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-03 21:49:40 113664]
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
    Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-06-07 22:51:22 1073152]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i263_32.drv
    "vidc.iv41"= ir41_32.dll
    "VIDC.I263"= i263_32.drv
    "msacm.ac3filter"= ac3filter.acm
    "vidc.hfyu"= huffyuv.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-23 10:19:12 97928]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-23 10:18:43 231704]
    S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys [2001-12-17 10:25:58 15417]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-06-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    - C:\WINDOWS\Downloaded Program Files\smsx.inf
    FF - ProfilePath - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\hrizb4hn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    .
    0
  17. Etienne
     
    Ah non ? Bon, je recommence.

    Nouveau log :

    ComboFix 08-12-15.04 - Administrateur 2008-12-15 23:09:00.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.767.451 [GMT -5:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\svñshost.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\svñshost.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-15 22:13 . 2008-12-15 22:46 <REP> d-------- C:\Program Files\UsbFix
    2008-12-15 20:21 . 2008-12-15 20:22 <REP> d-------- C:\WINDOWS\ERUNT
    2008-12-15 20:16 . 2008-12-15 21:03 <REP> d-------- C:\SDFix
    2008-12-15 19:13 . 2008-12-15 19:13 <REP> d-------- C:\rsit
    2008-12-14 08:10 . 2008-12-14 08:09 410,984 --a------ C:\WINDOWS\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-16 04:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\WTablet
    2008-12-16 02:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
    2008-12-15 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-12-14 13:09 --------- d-----w C:\Program Files\Java
    2008-12-11 15:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon
    2008-12-08 04:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FileZilla
    2008-12-03 16:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-11-06 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-11-06 20:46 --------- d-----w C:\Program Files\Lavasoft
    2008-11-06 20:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Lavasoft
    2008-11-06 20:43 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-11-03 14:04 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-11-03 14:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM
    2008-10-31 22:54 --------- d-----w C:\Program Files\MSECache
    2008-10-30 14:17 --------- d-----w C:\Program Files\LimeWire
    2008-10-27 23:42 --------- d-----w C:\Program Files\Snapshot Viewer
    1996-03-25 02:15 8,579 -c--a-w C:\Program Files\DYNAMIX.NFO
    1995-08-02 06:19 294,520 -c--a-w C:\Program Files\_INST32I.EX_
    1995-07-31 22:25 30,778 -c--a-w C:\Program Files\_SETUP.LIB
    1995-06-12 06:07 9,728 -c--a-w C:\Program Files\_SETUP.DLL
    2008-11-21 17:43 67,696 ----a-w C:\Program Files\mozilla firefox\components\jar50.dll
    2008-11-21 17:43 54,376 ----a-w C:\Program Files\mozilla firefox\components\jsd3250.dll
    2008-11-21 17:43 34,952 ----a-w C:\Program Files\mozilla firefox\components\myspell.dll
    2008-11-21 17:43 46,720 ----a-w C:\Program Files\mozilla firefox\components\spellchk.dll
    2008-11-21 17:43 172,144 ----a-w C:\Program Files\mozilla firefox\components\xpinstal.dll
    2005-05-19 22:00 80 -csh--r C:\WINDOWS\system32\CF54F25835.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-15_22.01.19.66 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-12-16 04:15:54 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_294.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2005-04-01 16:16 86016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
    "HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 11:35 49152]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-14 08:09 136600]
    "CD Anywhere Launcher"="C:\Program Files\CDAnywhere_Free\insdrive.exe" [2006-11-09 00:10 45056]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16 5562368]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-27 10:29 1261336]
    "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-14 11:34 655360]
    "nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 18:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-03 21:49:40 113664]
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
    Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-06-07 22:51:22 1073152]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i263_32.drv
    "vidc.iv41"= ir41_32.dll
    "VIDC.I263"= i263_32.drv
    "msacm.ac3filter"= ac3filter.acm
    "vidc.hfyu"= huffyuv.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-23 10:19:12 97928]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-23 10:18:43 231704]
    S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys [2001-12-17 10:25:58 15417]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-06-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    - C:\WINDOWS\Downloaded Program Files\smsx.inf
    FF - ProfilePath - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\hrizb4hn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    .
    0
  18. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bien ;)

    ---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
    ---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
    ---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
    ---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
    ---> Sélectionne Exécuter un examen rapide.
    ---> Clique sur Rechercher. L'analyse démarre.

    A la fin de l'analyse, un message s'affiche :

    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    ---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    ---> Ferme tes navigateurs.
    Si des malwares ont été détectés, clique sur Afficher les résultats.
    ---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
    ---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    0
  19. Etienne
     
    MBAM a fait redémarrer mon ordinateur pour compléter le nettoyage des quelques éléments infectés qu'il a trouvé, je suis donc retourné chercher le log en date d'aujourd'hui dans l'onglet du programme. J'espère que c'est bien le texte dont on a besoin.

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1505
    Windows 5.1.2600 Service Pack 2

    2008-12-15 23:57:38
    mbam-log-2008-12-15 (23-57-38).txt

    Type de recherche: Examen rapide
    Eléments examinés: 50264
    Temps écoulé: 11 minute(s), 35 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
    0
  20. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Mets à jour Adobe Reader :
    https://get2.adobe.com/reader/otherversions/

    ---> Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries sur ton Bureau :
    * Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
    * Double-clique sur le répertoire JavaRa.
    * Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
    * Clique sur Search For Updates.
    * Sélectionne Update Using jucheck.exe puis clique sur Search.
    * Autorise le processus à se connecter s'il le demande, clique sur Install et suis les instructions d'installation qui prennent quelques minutes.
    * L'installation est terminée, reviens à l'écran de JavaRa et clique sur Remove Older Versions.
    * Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur Ok, puis une deuxième fois sur Ok.
    * Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
    * Ferme l'application.
    Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
    0
  21. Etienne
     
    Aaaaaaalors, encore un log... Le programme a planté à la fin de mon premier scan, je l'ai donc redémarré, et il n'a rien trouvé la seconde fois.

    JavaRa 1.12 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Dec 16 17:25:42 2008

    Found and removed: C:\Program Files\Java\jre1.5.0_09

    Found and removed: C:\Program Files\Java\jre1.5.0_11

    Found and removed: C:\Program Files\Java\jre1.6.0_01

    Found and removed: C:\Program Files\Java\jre1.6.0_02

    Found and removed: C:\Program Files\Java\jre1.6.0_03

    Found and removed: C:\Program Files\Java\jre1.6.0_05

    Found and removed: C:\Program Files\Java\jre1.6.0_07

    Found and removed: Software\JavaSoft\Java2D\1.5.0_09

    Found and removed: Software\JavaSoft\Java2D\1.5.0_11

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

    Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

    Found and removed: Software\Classes\JavaPlugin.160_01

    Found and removed: Software\Classes\JavaPlugin.160_02

    Found and removed: Software\Classes\JavaPlugin.160_03

    Found and removed: Software\Classes\JavaPlugin.160_05

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

    Found and removed: Software\JavaSoft\Java2D\1.6.0_01

    Found and removed: Software\JavaSoft\Java2D\1.6.0_02

    Found and removed: Software\JavaSoft\Java2D\1.6.0_03

    Found and removed: Software\JavaSoft\Java2D\1.6.0_05

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

    JavaRa 1.12 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Dec 16 17:37:54 2008

    ------------------------------------

    Finished reporting.
    0
  • 1
  • 2