High-Tech Santé Médecine Droit-Finances

Grippe A

Que dois-je faire ?

Rechercher : dans
Par :

Impossible de lancer certain exe

Dernière réponse le 24 mai 2009 à 16:39:33 dannydan, le 30 avr 2009 à 18:56:47 
 Signaler ce message aux modérateurs

Bonjour,
Je viens vers car je suis un peu paumer la !

Je ne comprend pas trop mon probleme .
J'ai fait un scan avec malwarebyte , spybot en mode sans echec .
apparament je n'ai pas d'exe suspect qui tourne dans le "taskmanager" !
En mode normal il m'est toujours impossible de lancer :
- regedit
- HijackThis.exe
- antivir
et peut etre d'autre . . .
pour antivir c la derniere version que je viend de DL suite a mon probleme .
En attandant une reponse (SVP) je vais redemarrer en mode sans echec et tenter
de lancer entivir .
Par avance merci de votre reponse .

Configuration: Windows XP Internet Explorer 7.0

Meilleures réponses pour « Impossible de lancer certain exe » dans :
[Windows] Ne trouve pas fichier .exe VoirSi lors de l'ouverture d'un fichier ou de l'ouverture d'une extension particulière Windows n'arrive pas à lancer l'application associée, la cause peut être une des suivantes : 1. L'association de fichiers est erronée Si l'erreur provient de...
Mysqld.exe a rencontré une erreur et doit fermer VoirIl peut arriver suite à une mise à jour logicielle ou matérielle (ou sans raison apparente ?!) que le service mysqld.exe crashe à chaque lancement. Une solution pour y remédier est : Fermer l'application qui éxécute mysqld (par ex : wampserver,...
Télécharger Audio/Video To Exe VoirSi vous ne savez pas comment faire pour lancer automatiquement la lecture de vos fichiers audio ou vidéos dès l'insertion du CD dans un lecteur ou si vous souhaitez tout simplement protéger votre vidéo: utilisez cet outil. Audio/Vidéo To Exe est une...
Télécharger Bat to exe converter Voir
Cmd - cmd.exe Voircmd - cmd.exe Le processus cmd.exe (cmd signifiant Windows Command Prompt) est un processus générique de Windows NT/2000/XP ouvrant une console en mode texte permettant de lancer des applications à l'aide de commandes. Le fichier correspondant...
Taskmgr - taskmgr.exe Voirtaskmgr - taskmgr.exe Le processus taskmgr.exe (taskmgr signifiant task Manager) est le gestionnaire des tâches de Windows lui-même. Il est donc systématiquement lancé à chaque fois que vous souhaitez voir les processus d'arrière-plan ! Le...
Dmadmin - dmadmin.exe Voirdmadmin - dmadmin.exe Le processus dmadmin.exe (dmadmin signifiant Direct Memory Administration) est un processus générique de Windows NT/2000/XP servant à gérer les disques durs et les volumes. Ce service n'est lancé qu'au moment de la...
Posez votre question Répondre

1

Amigafreeze, le 30 avr 2009 à 19:00:09

Salut,

tu as tu te faire véroler par le virus BEAGLE.
cherche sur ce site en tapant : pas une application win32 valide.

J'ai eu le même soucis et tout est rentré dans l'ordre.

   
Répondre à Amigafreeze

2

dannydan, le 30 avr 2009 à 19:59:38

Merci de ta reponse .
Mais je ne pense pas que ce soit le probleme .
car en fait je n'ai pas de message d'erreur quand je veut lancer une appli .
elle se lance pas c tout .
Et je rappele que c juste certaine appli qui ce lance pas !
spybot se lance lui !
Qaund je veut lancer Avira le processus apparait dans le task manager
mais rien ne se passe !!
SVP . Si vous pouviez m'aider . . .

   
Répondre à dannydan

3

dannydan, le 30 avr 2009 à 19:59:38

Merci de ta reponse .
Mais je ne pense pas que ce soit le probleme .
car en fait je n'ai pas de message d'erreur quand je veut lancer une appli .
elle se lance pas c tout .
Et je rappele que c juste certaine appli qui ce lance pas !
spybot se lance lui !
Qaund je veut lancer Avira le processus apparait dans le task manager
mais rien ne se passe !!
SVP . Si vous pouviez m'aider . . .

   
Répondre à dannydan

4

Chiquitine29, le 30 avr 2009 à 20:00:49

Salut ,

● Télécharge DDS de sUBs sur le bureau:

(.scr) http://download.bleepingcomputer.com/sUBs/dds.scr
(.pif) http://www.forospyware.com/sUBs/dds/
(.com) http://www.techsupportforum.com/sectools/sUBs/dds/

(!) L'outil ne nécessite pas d'installation.

Lances-le en cliquant sur l'icône.

Cette fenêtre DOS va apparaitre : http://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg

Le scan ne doit pas dépasser trois minutes.
Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
Il te sera demandé si tu veux faire le scan optionnel.
Accepte par Oui

Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
Tu ne le fourniras que si nécessaire.
Poste moi le rapport DDS.txt. @+

   
Répondre à Chiquitine29

5

dannydan, le 30 avr 2009 à 20:29:34

Ok je fait ça de suite !
j'ai telecharger le fichier , je lance le scan .
Et je poste le rapport .
Merci .

   
Répondre à dannydan

6

dannydan, le 30 avr 2009 à 20:33:46

Voila : 


DDS (Ver_09-03-16.01) - NTFSx86  
Run by sally at 18:30:31,51 on 30/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.766.365 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
svchost.exe "C:\WINDOWS\system32\adsntn.exe"
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sally\Bureau\hijackthis_199\DDS\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/webhp?hl=fr
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [HomePlayer] c:\program files\homeplayer\HomePlayer.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {46759F2E-4DE3-4D2D-BF04-5039B6EC3B7A} = 212.27.40.240,212.27.40.241
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sally\applic~1\mozilla\firefox\profiles\7f0ixceu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-30 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-4-30 108289]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-30 55640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-10-19 825600]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-10-19 7040]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-30 185089]
S2 BrowserSchedule;Explorateur d'ordinateur BrowserSchedule;c:\windows\system32\adsntn.exe srv --> c:\windows\system32\adsntn.exe srv [?]
S3 SPC610NC;Philips SPC500NC Webcam;c:\windows\system32\drivers\spc610nc.sys --> c:\windows\system32\drivers\SPC610NC.SYS [?]
S4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

=============== Created Last 30 ================

2009-04-30 17:37	<DIR>	--d-----	C:\OEMCUST
2009-04-30 17:37	<DIR>	--d-----	C:\CABS
2009-04-30 17:27	<DIR>	--d-----	c:\program files\Spybot - Search & Destroy
2009-04-30 17:27	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-30 15:39	<DIR>	--d-----	C:\DIVTOOLS
2009-04-25 16:32	<DIR>	--d-----	c:\documents and settings\sally\.housecall6.6
2009-04-18 22:05	<DIR>	--d-----	c:\docume~1\sally\applic~1\Artisteer
2009-04-18 22:02	<DIR>	--d-----	c:\program files\Artisteer 2
2009-04-18 21:58	22,921,269	a-------	c:\windows\LPT$VPN.973
2009-04-17 15:31	22,921,269	a-------	c:\windows\VPTNFILE.973
2009-04-16 18:58	327,168	a-------	c:\windows\IsUn040c.exe
2009-04-16 17:55	526,184	a-------	c:\windows\system32\XceedCry.dll
2009-04-16 17:55	279,392	a-------	c:\windows\system32\XceedFtp.dll
2009-04-16 17:54	<DIR>	--d-----	c:\program files\LMSOFT Web Creator Pro 4
2009-04-16 15:55	32	a--s----	c:\windows\system32\673096776.dat
2009-04-16 15:55	53,248	---shr--	c:\windows\system32\adsntn.exe
2009-04-16 12:04	<DIR>	--d-----	c:\program files\Free Download Manager
2009-04-16 11:10	<DIR>	--d-----	c:\documents and settings\sally\dwhelper
2009-04-15 10:01	227,840	--------	c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 10:00	473,600	--------	c:\windows\system32\dllcache\fastprox.dll
2009-04-15 10:00	401,408	--------	c:\windows\system32\dllcache\rpcss.dll
2009-04-15 10:00	286,720	--------	c:\windows\system32\dllcache\pdh.dll
2009-04-15 10:00	111,104	--------	c:\windows\system32\dllcache\services.exe
2009-04-15 10:00	35,328	--------	c:\windows\system32\dllcache\sc.exe
2009-04-15 10:00	739,840	--------	c:\windows\system32\dllcache\ntdll.dll
2009-04-15 10:00	735,744	--------	c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 10:00	685,568	--------	c:\windows\system32\dllcache\advapi32.dll
2009-04-15 10:00	453,120	--------	c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 09:59	354,304	--------	c:\windows\system32\dllcache\winhttp.dll
2009-04-15 09:59	1,203,922	--------	c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 09:59	219,136	--------	c:\windows\system32\dllcache\wordpad.exe
2009-04-15 01:05	<DIR>	--d-----	c:\documents and settings\sally\Tracing
2009-04-15 00:47	<DIR>	--d-----	c:\program files\Microsoft
2009-04-15 00:47	<DIR>	--d-----	c:\program files\Windows Live SkyDrive
2009-04-15 00:39	<DIR>	--d-----	c:\program files\fichiers communs\Windows Live
2009-04-13 20:54	<DIR>	--d-----	c:\docume~1\sally\applic~1\Nvu
2009-04-13 20:47	<DIR>	--d-----	c:\program files\Nvu
2009-04-13 19:23	<DIR>	--d-----	c:\program files\Intuisphere

==================== Find3M  ====================

2009-04-21 01:26	510,736	a-------	c:\windows\system32\perfh00C.dat
2009-04-21 01:26	84,818	a-------	c:\windows\system32\perfc00C.dat
2009-04-18 22:52	3,933	a-------	c:\windows\mozver.dat
2009-04-18 21:56	1,213,784	a-------	c:\windows\vsapi32.dll
2009-04-18 21:56	91,744	a-------	c:\windows\BPMNT.dll
2009-03-24 16:07	55,640	a-------	c:\windows\system32\drivers\avgntflt.sys
2009-03-21 16:07	1,054,720	--------	c:\windows\system32\dllcache\kernel32.dll
2009-03-06 17:05	81,984	a-------	c:\windows\system32\bdod.bin
2009-03-06 16:20	286,720	a-------	c:\windows\system32\pdh.dll
2009-03-06 00:59	1,900,544	a-------	c:\windows\system32\usbaaplrc.dll
2009-03-06 00:59	36,864	a-------	c:\windows\system32\drivers\usbaapl.sys
2009-03-03 02:13	826,368	a-------	c:\windows\system32\wininet.dll
2009-03-03 02:13	826,368	a-------	c:\windows\system32\dllcache\wininet.dll
2009-02-28 06:54	636,072	--------	c:\windows\system32\dllcache\iexplore.exe
2009-02-20 12:20	70,656	--------	c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 12:20	13,824	--------	c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 07:14	161,792	--------	c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:06	2,068,096	--------	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 16:05	1,846,912	a-------	c:\windows\system32\win32k.sys
2009-02-09 16:05	1,846,912	--------	c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:24	2,191,104	--------	c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 13:23	2,025,984	a-------	c:\windows\system32\ntkrnlpa.exe
2009-02-09 13:23	2,025,984	--------	c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 13:23	2,147,328	a-------	c:\windows\system32\ntoskrnl.exe
2009-02-09 13:23	2,147,328	--------	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 13:23	111,104	a-------	c:\windows\system32\services.exe
2009-02-09 12:53	735,744	a-------	c:\windows\system32\lsasrv.dll
2009-02-09 12:53	739,840	a-------	c:\windows\system32\ntdll.dll
2009-02-09 12:53	685,568	a-------	c:\windows\system32\advapi32.dll
2009-02-09 12:53	401,408	a-------	c:\windows\system32\rpcss.dll
2009-02-06 19:39	308,600	a-------	c:\windows\WLXPGSS.SCR
2009-02-06 18:52	49,504	a-------	c:\windows\system32\sirenacm.dll
2009-02-06 12:39	35,328	a-------	c:\windows\system32\sc.exe
2009-02-03 21:58	56,832	a-------	c:\windows\system32\secur32.dll
2009-02-03 21:58	56,832	--------	c:\windows\system32\dllcache\secur32.dll
2007-07-23 15:42	92,064	a-------	c:\documents and settings\sally\mqdmmdm.sys
2007-07-23 15:42	79,328	a-------	c:\documents and settings\sally\mqdmserd.sys
2007-07-23 15:42	66,656	a-------	c:\documents and settings\sally\mqdmbus.sys
2007-07-23 15:42	9,232	a-------	c:\documents and settings\sally\mqdmmdfl.sys
2007-07-23 15:42	6,208	a-------	c:\documents and settings\sally\mqdmcmnt.sys
2007-07-23 15:42	5,936	a-------	c:\documents and settings\sally\mqdmwhnt.sys
2007-07-23 15:42	4,048	a-------	c:\documents and settings\sally\mqdmcr.sys
2007-07-23 15:42	25,600	a-------	c:\documents and settings\sally\usbsermptxp.sys
2007-07-23 15:42	22,768	a-------	c:\documents and settings\sally\usbsermpt.sys
2007-03-26 10:20	901	a-------	c:\program files\INSTALL.LOG
2008-10-27 18:40	32,768	a--sh---	c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008102720081028\index.dat

============= FINISH: 18:31:10,23 ===============

   
Répondre à dannydan

7

Chiquitine29, le 30 avr 2009 à 20:38:02

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau


-> Double clique sur killbagle.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.


Une fois fait, sur ton bureau double-clic sur killbagle.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)


-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. @+

   
Répondre à Chiquitine29

32

 djack et les virus, le 24 mai 2009 à 16:39:33

Alors là... MERCI, MERCI, et MERCI !!
On vient de passer... 8h sur un PC : avast ne se lançait pas (erreur RPC 1053), regedit non plus, bref... on savait qu'un cheval de Troie s'était baladé par là...
après 12 redémarrages, 10 ccleaner, 5 spybot, on a suivi ton post (trouvé après 57 recherches Google !!) et on a lancé ComboFix.
Suspense Suspense... (bin oui, ça fout un peu les choquottes !!) et hop, avast se relance, et la base de registre a été parfaitement nettoyée !
Alors... MERCI, MERCI et MERCI !!!
Si c'est pas du post efficace ça (je parle du tien !)

   
Répondre à djack et les virus

8

dannydan, le 30 avr 2009 à 20:54:43

Je ne veut presumer de rien , mais il me semble que ça a fonctionner
car antivir c'est lancer au redemarage et je peut lancer regedit !
voila le rapport : 


ComboFix 09-04-29.07 - sally 30/04/2009 18:41.2 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.766.383 [GMT 2:00]
Lancé depuis: c:\documents and settings\sally\Bureau\hijackthis_199\killbagle.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated)
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\patch.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\adsntn.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BROWSERSCHEDULE
-------\Service_BrowserSchedule


(((((((((((((((((((((((((((((   Fichiers créés du 2009-05-28 au 2009-4-30  ))))))))))))))))))))))))))))))))))))
.

2009-04-30 17:55 . 2009-04-30 17:55	--------	d-----w	c:\program files\InCode Solutions
2009-04-30 16:45 . 2009-03-24 14:07	55640	----a-w	c:\windows\system32\drivers\avgntflt.sys­
2009-04-30 16:45 . 2009-04-30 16:45	--------	d-----w	c:\program files\Avira
2009-04-30 16:45 . 2009-04-30 16:45	--------	d-----w	c:\documents and settings\All Users\Application Data\Avira
2009-04-30 16:32 . 2009-04-30 16:32	--------	d-----w	c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-30 15:37 . 2009-04-30 15:37	--------	d-----w	C:\OEMCUST
2009-04-30 15:37 . 2009-04-30 15:37	--------	d-----w	C:\CABS
2009-04-30 15:27 . 2009-04-30 15:30	--------	d-----w	c:\program files\Spybot - Search & Destroy
2009-04-30 15:27 . 2009-04-30 16:09	--------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-30 13:39 . 2009-04-30 13:39	--------	d-----w	C:\DIVTOOLS
2009-04-25 14:32 . 2009-04-25 14:48	--------	d-----w	c:\documents and settings\sally\.housecall6.6
2009-04-18 20:05 . 2009-04-18 20:05	--------	d-----w	c:\documents and settings\sally\Application Data\Artisteer
2009-04-18 20:02 . 2009-04-18 20:02	--------	d-----w	c:\program files\Artisteer 2
2009-04-17 14:30 . 2009-04-17 14:30	--------	d-----w	c:\windows\system32\config\systemprofile\Tracing
2009-04-16 16:58 . 1998-10-07 11:08	327168	----a-w	c:\windows\IsUn040c.exe
2009-04-16 15:55 . 2006-08-23 09:24	526184	----a-w	c:\windows\system32\XceedCry.dll
2009-04-16 15:55 . 2003-12-15 09:23	279392	----a-w	c:\windows\system32\XceedFtp.dll
2009-04-16 15:54 . 2009-04-30 15:43	--------	d-----w	c:\program files\LMSOFT Web Creator Pro 4
2009-04-16 13:55 . 2009-04-30 14:21	32	--s-a-w	c:\windows\system32\673096776.dat
2009-04-16 10:04 . 2009-04-16 10:52	--------	d-----w	c:\program files\Free Download Manager
2009-04-16 09:10 . 2009-04-30 12:55	--------	d-----w	c:\documents and settings\sally\dwhelper
2009-04-15 08:01 . 2009-02-06 10:10	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:00 . 2009-03-06 14:20	286720	------w	c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:00 . 2009-02-09 11:23	111104	------w	c:\windows\system32\dllcache\services.exe
2009-04-15 08:00 . 2009-02-09 10:53	401408	------w	c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:00 . 2009-02-09 10:53	473600	------w	c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:00 . 2009-02-06 10:39	35328	------w	c:\windows\system32\dllcache\sc.exe
2009-04-15 08:00 . 2009-02-09 10:53	685568	------w	c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:00 . 2009-02-09 10:53	735744	------w	c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:00 . 2009-02-09 10:53	453120	------w	c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:00 . 2009-02-09 10:53	739840	------w	c:\windows\system32\dllcache\ntdll.dll
2009-04-15 07:59 . 2008-12-16 12:31	354304	------w	c:\windows\system32\dllcache\winhttp.dll
2009-04-15 07:59 . 2008-04-21 21:15	219136	------w	c:\windows\system32\dllcache\wordpad.exe
2009-04-14 23:05 . 2009-04-22 21:59	--------	d-----w	c:\documents and settings\sally\Tracing
2009-04-14 23:04 . 2009-04-14 23:04	--------	d-----w	c:\program files\Microsoft Sync Framework
2009-04-14 22:47 . 2009-04-14 22:47	--------	d-----w	c:\program files\Microsoft
2009-04-14 22:47 . 2009-04-14 22:47	--------	d-----w	c:\program files\Windows Live SkyDrive
2009-04-14 22:39 . 2009-04-14 22:39	--------	d-----w	c:\program files\Fichiers communs\Windows Live
2009-04-13 18:54 . 2009-04-13 18:54	--------	d-----w	c:\documents and settings\sally\Application Data\Nvu
2009-04-13 18:47 . 2009-04-18 20:52	--------	d-----w	c:\program files\Nvu
2009-04-13 17:23 . 2009-04-13 17:23	--------	d-----w	c:\program files\Intuisphere

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 17:01 . 2008-09-18 17:20	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-04-30 16:34 . 2006-10-26 10:23	--------	d-----w	c:\program files\Fichiers communs\Symantec Shared
2009-04-20 23:26 . 2004-09-23 16:12	84818	----a-w	c:\windows\system32\perfc00C.dat
2009-04-20 23:26 . 2004-09-23 16:12	510736	----a-w	c:\windows\system32\perfh00C.dat
2009-04-18 20:52 . 2008-04-02 17:08	3933	----a-w	c:\windows\mozver.dat
2009-04-18 19:56 . 2008-10-05 10:43	1213784	----a-w	c:\windows\vsapi32.dll
2009-04-18 19:56 . 2008-10-05 10:43	91744	----a-w	c:\windows\BPMNT.dll
2009-04-16 17:02 . 2006-10-26 10:23	--------	d-----w	c:\program files\Fichiers communs\Adobe
2009-04-14 23:04 . 2008-04-11 16:05	--------	d-----w	c:\program files\Windows Live
2009-04-14 23:04 . 2008-04-11 16:14	--------	d-----w	c:\program files\Windows Live Toolbar
2009-04-14 23:00 . 2006-10-19 15:17	70776	----a-w	c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 09:08 . 2007-01-07 00:30	--------	d-----w	c:\program files\Google
2009-03-28 20:02 . 2009-03-28 20:02	--------	d-----w	c:\program files\PiFreePlayer
2009-03-27 17:19 . 2009-03-27 17:18	--------	d-----w	c:\program files\DivX
2009-03-27 17:18 . 2009-03-27 17:18	--------	d-----w	c:\program files\Fichiers communs\DivX Shared
2009-03-27 17:06 . 2009-03-27 17:06	--------	d-----w	c:\program files\PiFreePC
2009-03-20 21:49 . 2009-03-20 21:49	--------	d-----w	c:\program files\Haali
2009-03-20 21:49 . 2009-03-20 21:49	--------	d-----w	c:\program files\ffdshow
2009-03-18 09:57 . 2008-07-30 17:28	--------	d-----w	c:\program files\AVS4YOU
2009-03-17 11:39 . 2006-12-13 22:22	--------	d-----w	c:\program files\XviD
2009-03-17 11:20 . 2009-03-17 11:19	--------	d-----w	c:\program files\iTunes
2009-03-17 11:19 . 2009-03-17 11:19	--------	d-----w	c:\program files\iPod
2009-03-17 11:19 . 2008-07-19 21:54	--------	d-----w	c:\program files\Fichiers communs\Apple
2009-03-17 11:17 . 2006-10-26 10:23	--------	d-----w	c:\program files\QuickTime
2009-03-17 11:05 . 2009-03-17 11:04	--------	d-----w	c:\program files\Safari
2009-03-12 14:57 . 2008-11-01 13:54	280520	----a-w	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-07 16:19 . 2009-03-07 16:18	--------	d-----w	c:\program files\HomePlayer
2009-03-06 22:09 . 2008-02-04 23:51	--------	d-----w	c:\program files\BitDefender
2009-03-06 17:58 . 2009-03-06 17:58	--------	d-----w	c:\program files\FpTest
2009-03-06 17:19 . 2009-03-06 17:19	--------	d-----w	c:\program files\VideoLAN
2009-03-06 15:05 . 2007-03-26 08:29	81984	----a-w	c:\windows\system32\bdod.bin
2009-03-06 14:20 . 2004-09-23 16:11	286720	----a-w	c:\windows\system32\pdh.dll
2009-03-05 22:59 . 2009-03-17 11:14	1900544	----a-w	c:\windows\system32\usbaaplrc.dll
2009-03-05 22:59 . 2008-07-19 21:55	36864	----a-w	c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:13 . 2004-09-23 16:11	826368	----a-w	c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2004-09-23 16:10	78336	----a-w	c:\windows\system32\ieencode.dll
2009-02-09 14:05 . 2004-09-23 16:11	1846912	----a-w	c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-03 22:48	2025984	----a-w	c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:23 . 2004-09-23 16:11	2147328	----a-w	c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2004-09-23 16:11	111104	----a-w	c:\windows\system32\services.exe
2009-02-09 10:53 . 2004-09-23 16:10	735744	----a-w	c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2004-09-23 16:11	401408	----a-w	c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2004-09-23 16:11	739840	----a-w	c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2004-09-23 16:09	685568	----a-w	c:\windows\system32\advapi32.dll
2009-02-06 17:39 . 2009-02-06 17:39	308600	----a-w	c:\windows\WLXPGSS.SCR
2009-02-06 16:52 . 2009-02-06 16:52	49504	----a-w	c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2004-09-23 16:11	35328	----a-w	c:\windows\system32\sc.exe
2009-02-03 19:58 . 2004-09-23 16:11	56832	----a-w	c:\windows\system32\secur32.dll
2009-01-27 01:34 . 2009-01-27 01:34	1044480	----a-w	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34	200704	----a-w	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	'autocheck autochk *'\[u]0/uaswBoot.exe /A:* /L:French /KBD:3

[HKLM\~\startupfolder\C:^Documents and Settings^sally^Menu Démarrer^Programmes^Démarrage^ChkDisk.dll]
path=c:\documents and settings\sally\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll
backup=c:\windows\pss\ChkDisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sally^Menu Démarrer^Programmes^Démarrage^ChkDisk.lnk]
path=c:\documents and settings\sally\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Documents and Settings\\sally\\Bureau\\Convertisseur Video\\utorrent.exe"=
"c:\\Documents and Settings\\sally\\Bureau\\Convertisseur Video\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\sally\\Bureau\\VLCPortable\\App\\vlc\\vlc.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PiFreePC\\PiFreePC.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8081:TCP"= 8081:TCP:home play

R3 SPC610NC;Philips SPC500NC Webcam; [x]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-04-17 825600]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2005-11-28 7040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx	REG_MULTI_SZ   	scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52f7af86-f9b5-11dd-967d-0016e6907866}]
\Shell\AutoRun\command - J:\uxkl0apt.bat
\Shell\open\Command - J:\uxkl0apt.bat
.
Contenu du dossier 'Tâches planifiées'

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-04-30 c:\windows\Tasks\Configurer mon PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 08:03]

2008-10-27 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-09-27 00:01]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/webhp?hl=fr
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {46759F2E-4DE3-4D2D-BF04-5039B6EC3B7A} = 212.27.40.240,212.27.40.241
FF - ProfilePath - c:\documents and settings\sally\Application Data\Mozilla\Firefox\Profiles\7f0ixceu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 18:45
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,d3,d6,2d,1e,92,
   b3,be,ee,c8,28,51,af,b0,29,a3,98,c0,b9,8c,37,ea,65,ea,c4,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,86,c5,65,14,bf,
   93,eb,e3,71,3b,04,66,8b,46,0d,96,a1,a9,e1,da,6f,ce,75,57,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,24,bc,66,56,66,
   36,5c,62,25,da,ec,7e,55,20,c9,26,ca,ba,97,41,9c,17,7c,de,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,49,b0,15,3c,b6,
   fe,28,84,3e,1e,9e,e0,57,5a,93,61,cd,ca,e2,e1,cf,c8,d7,e1,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,5d,02,7e,e9,29,
   47,b5,a6,cd,44,cd,b9,a6,33,6c,cd,10,58,57,0e,6f,b0,ed,45,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,29,e4,65,61,ba,
   e2,39,3d,b0,18,ed,a7,3f,8d,37,a4,a1,98,d6,89,60,5f,21,7f,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,8c,d2,ec,4e,88,
   c6,8c,da,31,77,e1,ba,b1,f8,68,02,09,62,87,2e,53,fa,26,e0,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,66,0b,c3,c4,b2,
   a5,d8,43,83,6c,56,8b,a0,85,96,ab,0e,3a,43,a4,3a,8b,f7,ec,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,f8,a5,29,a6,16,
   96,e5,fc,51,fa,6e,91,28,9e,14,cc,4a,c5,a7,cd,14,29,41,ce,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,60,5f,6c,a3,15,
   03,33,8a,b1,cd,45,5a,a8,c4,f8,b9,18,fd,9e,f0,70,04,f4,b8,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,13,f8,a7,96,85,
   8e,be,ff,e3,0e,66,d5,eb,bc,2f,6b,e8,83,fb,8f,2d,26,da,d3,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,fb,fd,38,d0,9d,
   f5,8c,4a,fa,ea,66,7f,d4,3b,6b,70,76,6a,1f,07,29,8f,f2,ff,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2404)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Fichiers communs\muvee Technologies\MainConcept3(muvee)\muveemp4demux.ax
c:\windows\system32\mcspmpeg.ax
c:\windows\system32\mpegin.dll
c:\windows\system32\mcmpgdec.dll
c:\program files\ffdshow\ffdshow.ax
c:\program files\Haali\MatroskaSplitter\mmfinfo.dll
c:\program files\Haali\MatroskaSplitter\mkunicode.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-04-30 18:50 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-04-30 16:50
ComboFix2.txt  2008-09-18 17:16

Avant-CF: 12 378 009 600 octets libres
Après-CF: 12 480 667 648 octets libres

406	--- E O F ---	2009-04-30 14:26


Peut tu me dire stp comment tu as detecter ce virus /vers ?
Car c la premiere fois que je suis coincer a ce point !
Merci . . .

   
Répondre à dannydan

9

Chiquitine29, le 30 avr 2009 à 21:01:19

▶ Télécharge et install UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Choisis l'option 1 ( Recherche )

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
@+

   
Répondre à Chiquitine29

10

dannydan, le 30 avr 2009 à 21:14:23

Si je comprend ce virus ce propage par les support amovible ?
Quel sont les clef ou executables quil faut reperer pour savoir si on est
infecter ?
Voila le rapport : 



############################## [ UsbFix V3.015 # Scan ]

# User : sally (Administrateurs) # 119745700318
# Update on 30/04/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:09:17 | 30/04/2009

#               Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # 290,28 Go (11,61 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 3,84 Go (2,19 Go free) [4GO] # FAT32
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HomePlayer\HomePlayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [  Registre # Startup ]

HKCU_Main:  "Local Page"="C:\\WINDOWS\\system32\\blank.htm" 
HKCU_Main:  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:  "Start Page"="http://www.google.com/webhp?hl=fr" 
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," 
HKLM_logon: "DefaultUserName"="sally" 
HKLM_logon: "AltDefaultUserName"="sally" 
HKLM_logon: "LegalNoticeCaption"="" 
HKLM_logon: "LegalNoticeText"="" 
HKLM_Run:    HomePlayer=C:\Program Files\HomePlayer\HomePlayer.exe 
HKLM_Run:    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" 
HKLM_Run:    avgnt="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min 

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\tmp.txt  
Found ! E:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe  

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"  
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )  
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"  
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )  

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{52f7af86-f9b5-11dd-967d-0016e6907866}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{52f7af86-f9b5-11dd-967d-0016e6907866}\Shell\open\Command  

################## [ ! Fin du rapport # UsbFix V3.015 ! ]

   
Répondre à dannydan

11

Chiquitine29, le 30 avr 2009 à 21:16:16

Visible sur cette clé : HKEY_CURRENT_USER\software\microsoft\windows\currentversion\­explorer\mountpoints2

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau

• choisis l'option 2 ( Suppression )

• Ton bureau disparaitra et le pc redémarrera .

• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

@+

   
Répondre à Chiquitine29

14

dannydan, le 30 avr 2009 à 22:08:53

Je n'arrive pas a poster le rapport !!

   
Répondre à dannydan

15

dannydan, le 30 avr 2009 à 22:09:29


############################## [ UsbFix V3.015 # Cleaning ]

# User : sally (Administrateurs) # 119745700318
# Update on 30/04/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:41:38 | 30/04/2009

#               Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # 290,28 Go (11,68 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 3,84 Go (2,19 Go free) [4GO] # FAT32
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avwsc.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\tmp.txt    
Deleted ! E:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe    

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"  
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !  
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"  
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !  

################## [ Registre # Mountpoints2 ]

# -> Not Found !  

################## [ Listing des fichiers présent ]

[30/04/2009 16:20|--a------|84618] - C:\avenger.txt
[29/06/2008 23:51|--a------|16384] - C:\bdch.dll.vcd
[05/03/2008 17:05|--a------|569344] - C:\bdguictl.dll.vcd
[02/07/2008 19:51|--a------|212992] - C:\bdsubmit.dll.vcd
[29/06/2008 23:51|--a------|913408] - C:\bdsubwiz.exe.vcd
[31/10/2007 15:31|--a------|77824] - C:\bdutils.dll.vcd
[08/03/2004 20:51|--a------|45056] - C:\boost_thread.dll
[19/10/2006 17:30|-rahs----|208] - C:\BOOT.BAK
[25/04/2009 17:33|--ahs----|290] - C:\BOOT.INI
[10/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[10/03/2004 23:16|--a------|77824] - C:\catgen.exe
[14/12/2006 00:22|--a------|768] - C:\cddbplm.gcf
[14/12/2006 00:22|--a------|768] - C:\cddbplm.idx
[14/12/2006 00:22|--a------|768] - C:\cddbplm.pdb
[10/08/2004 14:00|-rahs----|263488] - C:\cmldr
[30/04/2009 18:50|--a------|26615] - C:\ComboFix.txt
[?|?|?] - C:\hiberfil.sys
[19/10/2006 17:32|-rahs----|0] - C:\IO.SYS
[19/10/2006 17:35|--ah-----|838] - C:\IPH.PH
[08/03/2004 05:09|--a------|147456] - C:\libexpatw.dll
[08/07/2008 12:14|--a------|1155072] - C:\livesrv.exe.vcd
[19/10/2006 17:32|-rahs----|0] - C:\MSDOS.SYS
[10/08/2004 14:00|--a------|47564] - C:\NTDETECT.COM
[27/10/2008 18:26|--a------|252240] - C:\NTLDR
[?|?|?] - C:\pagefile.sys
[23/03/2009 03:01|--ah-----|268] - C:\sqmdata00.sqm
[27/03/2009 02:07|--ah-----|268] - C:\sqmdata01.sqm
[13/04/2009 03:52|--ah-----|268] - C:\sqmdata02.sqm
[14/04/2009 01:19|--ah-----|268] - C:\sqmdata03.sqm
[14/04/2009 23:11|--ah-----|268] - C:\sqmdata04.sqm
[09/02/2009 02:15|--ah-----|268] - C:\sqmdata05.sqm
[09/02/2009 19:14|--ah-----|268] - C:\sqmdata06.sqm
[14/02/2009 00:09|--ah-----|268] - C:\sqmdata07.sqm
[15/02/2009 02:30|--ah-----|268] - C:\sqmdata08.sqm
[20/02/2009 23:58|--ah-----|268] - C:\sqmdata09.sqm
[23/02/2009 01:40|--ah-----|268] - C:\sqmdata10.sqm
[23/02/2009 22:44|--ah-----|268] - C:\sqmdata11.sqm
[25/02/2009 21:29|--ah-----|268] - C:\sqmdata12.sqm
[26/02/2009 23:46|--ah-----|268] - C:\sqmdata13.sqm
[28/02/2009 17:25|--ah-----|268] - C:\sqmdata14.sqm
[01/03/2009 01:15|--ah-----|268] - C:\sqmdata15.sqm
[01/03/2009 21:44|--ah-----|268] - C:\sqmdata16.sqm
[02/03/2009 03:49|--ah-----|268] - C:\sqmdata17.sqm
[06/03/2009 00:22|--ah-----|268] - C:\sqmdata18.sqm
[06/03/2009 12:32|--ah-----|268] - C:\sqmdata19.sqm
[27/03/2009 02:07|--ah-----|244] - C:\sqmnoopt00.sqm
[13/04/2009 03:52|--ah-----|244] - C:\sqmnoopt01.sqm
[14/04/2009 01:19|--ah-----|244] - C:\sqmnoopt02.sqm
[14/04/2009 23:11|--ah-----|244] - C:\sqmnoopt03.sqm
[09/02/2009 02:15|--ah-----|244] - C:\sqmnoopt04.sqm
[09/02/2009 19:14|--ah-----|244] - C:\sqmnoopt05.sqm
[14/02/2009 00:09|--ah-----|244] - C:\sqmnoopt06.sqm
[15/02/2009 02:30|--ah-----|244] - C:\sqmnoopt07.sqm
[20/02/2009 23:58|--ah-----|244] - C:\sqmnoopt08.sqm
[23/02/2009 01:40|--ah-----|244] - C:\sqmnoopt09.sqm
[23/02/2009 22:44|--ah-----|244] - C:\sqmnoopt10.sqm
[25/02/2009 21:29|--ah-----|244] - C:\sqmnoopt11.sqm
[26/02/2009 23:46|--ah-----|244] - C:\sqmnoopt12.sqm
[28/02/2009 17:25|--ah-----|244] - C:\sqmnoopt13.sqm
[01/03/2009 01:15|--ah-----|244] - C:\sqmnoopt14.sqm
[01/03/2009 21:44|--ah-----|244] - C:\sqmnoopt15.sqm
[02/03/2009 03:49|--ah-----|244] - C:\sqmnoopt16.sqm
[06/03/2009 00:22|--ah-----|244] - C:\sqmnoopt17.sqm
[06/03/2009 12:32|--ah-----|244] - C:\sqmnoopt18.sqm
[23/03/2009 03:01|--ah-----|244] - C:\sqmnoopt19.sqm
[17/04/2007 16:30|--a------|90112] - C:\txmlx.dll.vcd
[22/04/2003 00:09|--a------|245408] - C:\unicows.dll
[08/07/2008 12:14|--a------|159744] - C:\upgrepl.exe.vcd
[30/04/2009 19:43|--a------|6017] - C:\UsbFix.txt
[22/10/2007 14:31|--a------|573440] - C:\wslib.dll.vcd
[18/04/2009 21:58|--a------|64003850] - C:\xscan.txt
[29/01/2009 21:31|--a------|192] - E:\url.txt
[27/09/2008 14:23|--a------|46724] - E:\assfr).zip
[27/04/2009 22:19|--a------|28930] - E:\frenchfileopen-realty2.4.1.zip
[27/04/2009 22:26|--a------|8709344] - E:\open-realty2.5.6.zip

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.  
# E:\autorun.inf -> Folder created by UsbFix.  

################## [ Cracks / Keygens / Serials ]

C:\Documents and Settings\sally\.housecall6.6\patch.exe  
C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\Lauyan TOweb 1.0.3 + Keygen -FR.zip  
C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\Lauyan ToWeb V2 Crack Keygen Fr (dc_ lic perso ok).rar  
C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\LMSOFT.Web.Creator.Pro.v4.0.0.5.Multilangages.Incl-Crack.[emule1.com].rar  
C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\LMSOFT.Web.Creator.Pro.v4.0.0.5.With.Crack.[sharethefiles.com].rar  
C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\TOWeb 2.02 (Patch).zip  
C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\Adobe.Photoshop.7.Fr.Serie\Clone CD 4\CloneCD.v4.0.0.1.Keygen.Only-TMG\Clonecd4.0.0.1kg.exe  
C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\LMSOFT Web Creator Pro v4.0.0.4.1\keygen.exe  
C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\LMSOFT.Web.Creator.Pro.v4.0.0.5.Multilangages.Incl-Crack.[emule1.com]\Crack\WebCreatorPro4.exe  
C:\Documents and Settings\sally\Mes documents\Downloads\Pinnacle Hollywood FX PRO V5.2 + serial\hfx5full.exe  
C:\Documents and Settings\sally\Mes documents\Downloads\Pinnacle Hollywood FX PRO V5.2 + serial\Pinnacle Hollywood FX PRO V5.2 + serial\hfx5full.exe  
C:\Documents and Settings\sally\Mes documents\OFFICE One Zip\hijackthis_199\Bureau\Keygen-Nero.exe  

################## [ ! Fin du rapport # UsbFix V3.015 ! ]

   
Répondre à dannydan

16

Chiquitine29, le 30 avr 2009 à 22:30:59

Telecharge malwarebytes
http://www.malwarebytes.org/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
@+

   
Répondre à Chiquitine29

17

dannydan, le 30 avr 2009 à 23:03:52

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2062
Windows 5.1.2600 Service Pack 3

30/06/2009 22:49:15
mbam-log-2009-06-30 (22-49-15).txt

Type de recherche: Examen rapide
Eléments examinés: 83334
Temps écoulé: 4 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 43
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

   
Répondre à dannydan

18

Chiquitine29, le 30 avr 2009 à 23:08:43

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.


ensuite :


Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt @+

   
Répondre à Chiquitine29

19

dannydan, le 1 mai 2009 à 00:06:28

Voici le rapport de JAVARA : 

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jul 01 00:03:20 2009

Found and removed: C:\Program Files\Java\jre1.5.0_04

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA­}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA­}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B­0D510004

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B­0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B­0D510004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B­0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7­000B0D510004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7­000B0D511000

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData­\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData­\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData­\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData­\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A­8-6813-11D6-A77B-00B0D0150040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A­8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA­}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB­}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC­}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B­0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B­0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7­000B0D610003

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeC­odes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData­\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData­\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A­8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA­}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB­}

------------------------------------

Finished reporting.


Le suivant arrive . . . .

   
Répondre à dannydan
32 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide