w32/virut.w C'EST GRAVE ? aidez moi SVP !!!

Question

Bonjour a tous, 

Aujourd'hui, mon antivirus (Avira) me signale qu'il a trouvé un virus dans mon pc.... jusque la, pas de probleme et je clique sur "supprimer", Avira exécute sauf que quelque secondes plus tard le meme message reapparait et il me faut a chaque fois resupprimer le virus...ce qui, pour tout dire, ne sert a rien du tout...


donc moi je n'y comprend plus rien... pourquoi m'annonce t'il un virus toute les dix secondes alors qu'il ne le trouve pas lors d'un scan complet ?

mon ordi fonctionne (encore) parfaitement bien mais ca me fait  flipper quand meme a chaque fois que le "BLIPBLIPBLIP" typique retentit...

Voici ce qui est ecrit :

dans le registre C:/Windows/System32/config/Reg Back/SOFTWARE a été trouvé un virus ou un programme non souhaité.

w32/virut.w


je m'en remet donc a vous pour essayer de me rassurer et remettre mon pc en bon état.

merci d'avance. :)











Configuration: il m'est aussi arrivé d'en faire oui...

Valuu · Answer

Hello,

Si c'est Virut c'est pas cool. C'est pas forcément possible de désinfecter, suivant comment l'infection s'ets propagée dans ton système. Je t'expliquerais quoi sauvegarder et comment, si tel est le cas.

--------------------------------------------------------------------------------------
Utilise ce logiciel de diagnostic : 

    * Télécharge ZHPDiag (de Nicolas Coolman) 
    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin. 
    * Sous Vista/Seven, si ça ne se lance pas --> Clic droit/Exécuter en tant qu'administrateur
    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic ») 
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette 
    * Héberge le rapport ZHPDiag.txt sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

Utilisateur anonyme · Answer

Salut Valuu, Merci d'avoir été si rapide a me répondre : )

voila, j'espere que c'est ca :



Rapport de ZHPScan v1.27 par Nicolas Coolman, Update du 10/06/2011
Run by jean gamin at 11.06.2011 17:37:52
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\ Clés de Registre trouvées (Registry Keys found)
[HKLM\Software\Classes\AppID\WMHelper.DLL]   =>Toolbar.BearShare
[HKLM\Software\Classes\imside1egate.application.1]   =>Adware.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]   =>Adware.AskTBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]   =>PUP.iMesh
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]   =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}]   =>Toolbar.Facemood
[HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}]   =>PUP.Eorezo
[HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}]   =>Toolbar.SweetIM
[HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}]   =>PUP.Eorezo
[HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}]   =>PUP.iMesh
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}]   =>Toolbar.Facemood
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}]   =>Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}]   =>Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]   =>Adware.AskBar
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}]   =>Toolbar.Facemood
[HKCU\Software\cacaoweb]   =>PUP.CacaoWeb
[HKLM\Software\CrazyLoader]   =>Adware.SPointer
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB]   =>PUP.iMesh

---\ Valeurs de clé de Registre trouvées (Registry Values found)

---\ Dossiers trouvés (Directories found)
C:\Users\jean gamin\AppData\Roaming\cacaoweb   =>PUP.CacaoWeb
C:\Users\jean gamin\AppData\Roaming\Crazyloader   =>Adware.SPointer
C:\Users\jean gamin\Appdata\Local\Crazyloader Air   =>Adware.SPointer

---\ Fichiers Firefox trouvés (Files found)
*** None ***

---\ Fichiers trouvés (Files found)
*** None ***

---\ Bilan de la recherche (Scan Result)
Database Version : 8334 - (10/06/2011)
Clés trouvées (Keys found) : 18
Valeurs de clé trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 0

End of the scan in 00mn 09s

Utilisateur anonyme · Answer

Bonjour
Lorsqu'il y a suspicion de virut, il faut éviter de faire lancer des exécutables, car
on réveille la bête qui se propage encore plus, une recherche avec Dr Web s'impose
Bonne suite

Valuu · Answer

Okay, Si tu as un deuxième ordinateur, il serait bien de l'utiliser pour télécharger les logiciel, afin d'éviter de te connecter au net pendant la présence de l'infection.
Si tu n'en a pas d'autre, fais avec mais ne te connectes pas sur des sites "confidentiels" (banque par exemple)

Sur la machine infectée, vous devez éviter toutes connexions au Net, mais si vous n'avez qu'un PC, vous n'aurez pas le choix.

    Téléchargez Dr.Web CureIt! sur votre Bureau.
    Double-cliquez sur drweb-cureit.exe et cliquez sur Commencer le scan.
    Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, cliquez sur le bouton Oui pour Tout à l'invite.
    Lorsque le scan rapide est terminé, cliquez sur Options > Changer la configuration.
    Choisissez l'onglet Scanner, et décochez Analyse heuristique.
    De retour à la fenêtre principale : choisissez Analyse complète.
    Cliquez la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, fermez-la.
    Cliquez Oui pour Tout si un fichier est détecté.
    A la fin du scan, si des infections sont trouvées, cliquez sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, cliquez sur Quarantaine.
    Au menu principal de l'outil, en haut à gauche, cliquez sur le menu Fichier et choisissez Enregistrer le rapport.
    Sauvegardez le rapport sur votre Bureau. Ce dernier se nommera DrWeb.csv.
    Fermez Dr.Web CureIt!
    Redémarrez votre ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
    Suite au redémarrage, postez (Copiez/Collez) le contenu du rapport de l'outil Dr.Web dans votre prochaine réponse.

Utilisateur anonyme · Answer

Resalut,

apres un scan rapide d'1h30 ;) me revoila...

dr Web a trouvé un truc bizarre qui s'appelait : antistress .exe que je me suis empréssé d'effacer. Avira a l'air de s'etre calmé, pas de message d'alerte au redémarrage. dois-je maintenant faire un scan complet (qui doit durer 1 an minimum... ) juste pour le fun ? ;)

par contre, je ne sais pas ou trouver le rapport demandé...j'ai du faire une fausse manip'.

Valuu · Answer

Il aurait fallu le lancer en mode complet oui... ça aurait été plus long mais plus complet.

Mais avant de faire ça on va vérifier un truc...

--------------------------------------------------------------------------------------
* Rends-toi sur VirusTotal
* Clique sur Parcourir, et va chercher le(s) fichier(s) en gras ci dessous :

C:\Windows\explorer.exe 

*Si tu ne le trouves pas, affiche les fichiers cachés
* Clique sur Send File, si cela t'es demandé, clique sur Reanalyse.
* Colle-moi l'adresse internet dans ta prochaine réponse

Fais de même pour :
C:\Windows\system32\winlogon.exe

Utilisateur anonyme · Answer

J'ai un petit probleme a trouvé les fichiers demandé...  

j'ai suivi les instructions de ton lien, j'ai coché "afficher les fichiers cachés" dans le menu prévu a cet effet mais lorsque je vais sur virus total il m'est impossible a partir de l'option "organiser" d'y accéder... 

j'ai oublié de préciser que je suis une vraie bille ou noob, comme vous voudrez, en informatique... ; )

Valuu · Answer

A partir de l'option "Organiser" ? o_O

Tu vas sur : https://www.virustotal.com/gui/
Tu clique sur "Parcourir"
Tu vas jusqu'au fichier que tu souhaites analyser.
Tu fais Ok, puis Send File.

Utilisateur anonyme · Answer

je suis vraiment pas sur que c'est ce que tu voulais...

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5:	d07d4c3038f3578ffce1c0237f2a1253
Date first seen:	2009-05-24 18:27:11 (UTC)
Date last seen:	2011-06-11 14:02:07 (UTC)
Detection ratio:	0/42
What do you wish to do?




File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5:	898e7c06a350d4a1a64a9ea264d55452
Date first seen:	2009-05-19 22:29:40 (UTC)
Date last seen:	2011-06-11 15:25:41 (UTC)
Detection ratio:	1/42
What do you wish to do?

Valuu · Answer

Apparemment c'est clean... 
Ça doit pas être notre cher Virut alors. 

On va reprendre au début alors. 
Le rapport de ZHPDiag que tu m'as posté n'étais pas le bon. 
Il faut lancer le diagnostique en cliquant sur la loupe en haut à gauche. 
Le rapport se trouvera sur ton bureau et s'appellera ZHPDaig.txt 
Héberge le sur http://pjjoint.malekal.com/ et poste moi le lien ensuite.

Utilisateur anonyme · Answer

voila, je pense que tu sauras déchiffrer tout ca, moi je n'y comprend rien...


Rapport de ZHPDiag v1.27.2291 par Nicolas Coolman, Update du 10/06/2011
Run by jean gamin at 11.06.2011 21:38:04
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\ Web Browser
MSIE: Internet Explorer v8.0.6001.19048
GCIE: Google Chrome v12.0.742.91 (Defaut)

---\ System Information
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Processor: x86 Family 17 Model 3 Stepping 1, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2813 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 154 GB (69%) free of 222 GB

---\ Logged in mode
Computer Name: MONZOB
User Name: jean gamin
All Users Names: jean gamin, Gast, Administrator, 
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\ Environnement Variables
%AppData%=C:\Users\jean gamin\AppData\Roaming
%LocalAppData%=C:\Users\jean gamin\AppData\Local
%StartMenu%=C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu

---\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 154 Go of 222 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
E:\ CD-ROM drive (Free 0 Go of 1 Go)



---\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK



---\ Search Generic System Files
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows-Explorer.) (.11.04.2009 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows-Startanwendung.) (.21.01.2008 03:23:42.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.047CDEFF94B63F0A4791372B47427B60] - (.Microsoft Corporation - Interneterweiterungen für Win32.) (.22.02.2011 07:21:28.) -- C:\Windows\system32\wininet.dll [916480]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Windows-Anmeldeanwendung.) (.11.04.2009 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11.04.2009 07:32:26.) -- C:\Windows\system32\drivers\atapi.sys [19944]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - NT-Dateisystemtreiber.) (.11.04.2009 07:32:49.) -- C:\Windows\system32\drivers
tfs.sys [1083880]



---\ Running Processes
[MD5.794EBD358FDF1F4978A81A30E43F5E70] - (.IObit - Advanced SystemCare Performance Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe   [803728]
[MD5.AE567D261D281B51BE55E53A786E8574] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe   [1049896]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe   [1008184]
[MD5.F7CF218E5CAA6FC0BB55791AD31E2B3F] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe   [202032]
[MD5.8CB896C573FD15AE8B13180DA53E93D2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe   [488752]
[MD5.61941D4566C3B09F377E0E1A97BD0D9A] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe   [281768]
[MD5.F80FFD4517C0B8025ECC54FBB30F88C4] - (.SEIKO EPSON CORPORATION - FAX Status Monitor.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe   [847872]
[MD5.813F9EA38AEB2AD4D9BD689388DDD93A] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe   [253952]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [249064]
[MD5.4A9295C9BE22739D030AB072E9A0B169] - (.Hewlett-Packard Company - No comment.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe   [2363392]
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files\RocketDock\RocketDock.exe   [495616]
[MD5.280D379414BA2EEF6AAA28136D10641A] - (.Conexant - SmartAudio.) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe   [2685496]
[MD5.AAAACBE10F58E92C0C3432BC901B2844] - (.IObit - Advanced SystemCare 4 Tray.) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe   [412560]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe   [125952]
[MD5.569E547273C25B019054A12A40400ECE] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe   [11318784]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe   [37376]
[MD5.4B723F33D7331F20E06F3A2FD76EC1D5] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin   [11312128]
[MD5.B1AC0A6D303871BD2CD2332AE932F75F] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\jean gamin\AppData\Roaming\T-Mobile Internet Manager\ouc.exe   [110592]
[MD5.8D07F0687318214A3CEF62EA1048D101] - (.Hewlett-Packard Development Company, L.P. - Module to process WiFi messages..) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE   [316720]
[MD5.1EDC4865C8003A0251956835273904B1] - (.Unknown owner - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe   [685360]
[MD5.A8AD97956A0F4408CB3AA03EDD2B8BC1] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe   [103720]
[MD5.9AFF7539C716A9B24BCD03C8C0922013] - (.Google Inc. - Google Chrome.) -- C:\Users\jean gamin\AppData\Local\Google\Chrome\Application\chrome.exe   [1011768]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53472]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- C:\Windows\system32undll32.exe   [44544]
[MD5.84CA41DCCC78870E086CD2BF157367D6] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [658944]



---\ Mozilla Firefox, Plugins,Startseite,Seiten of search,Ausdehnung (P2,M0,M1,M2,M3)
C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\prefs.js
M3 - MFPP: Plugins - [jean gamin] -- C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\searchplugins\bing.xml
M3 - MFPP: Plugins - [jean gamin] -- C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\searchplugins\Schnell Sucher.xml
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\Windows\system32\Adobe\Director
p32dsw.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX, LLC - DivX Web Player version 2.1.1.94.) -- C:\Program Files\DivX\DivX Plus Web Player
pdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.Unknown owner - No comment.) -- C:\Program Files\DivX\DivX Player
pDivxPlayerPlugin.dll (.not file.)
P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (.DivX, LLC. - DivX VOD Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper
povshelper.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin
ew_plugin
pjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60310.0
pctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Unknown owner - No comment.) -- C:\Program Files\Microsoft\Office Live
pOLW.dll (.not file.)
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57
pGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57
pGoogleUpdate3.dll
P2 - FPN: [HKLM] [@zylom.com/ZylomGamesPlayer] - (.Zylom - Zylom Plugin.) -- C:\ProgramData\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\jean gamin\AppData\Local\Google\Update\1.3.21.57
pGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\jean gamin\AppData\Local\Google\Update\1.3.21.57
pGoogleUpdate3.dll
M0 - MFSP: prefs.js [jean gamin - vxbxnz2e.default] https://start.mozilla.org/fr/
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.13 (.http://www.cacaoweb.org/
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\foxyproxy@eric.h.jung] [] FoxyProxy Basic v1.8.1 (.LeahScape, Inc..)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default
asanightlaunch@example.com] [] NASA Night Launch v0.6.20101009 (.The Night Launch Team.)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\piclens@cooliris(26).com] [] Cooliris v1.11 (.Cooliris Inc..)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\piclens@cooliris.com] [] Cooliris v1.12.0.36949 (.Cooliris Inc..)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\searchrecs@veoh.com] [] Veoh Video Compass v1.5.1 (.Veoh Networks, Inc..)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\yetanothersmoothscrolling@kataho] [] Yet Another Smooth Scrolling v3.0.15 (.kataho.)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{239c61a8-e55f-11db-8314-0800200c9a66}] [] BlackX v2.1.4 (.xXSonyBoy4lfeXx / Andrew Shay.)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}] [] SmoothWheel (AMO) v0.45.6.20100202.1 (.Avi Halachmi.)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.1.1.20091029021655 (.Yahoo!.)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus v1.3.1 (.Wladimir Palant.)



---\ Google Chrome, Startseite,Seiten of search,Ausdehnung, (G0,G1,G2)
C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] https://home.sweetim.com/
G2 - GCE: Preference [User Data\Default] [bfbmjmiodbnnpllbbbfblcplfjjepjdn] Turn Off the Lights v.2.0.0.7 (Activé)
G2 - GCE: Preference [User Data\Default] [cccpiddacjljmfbbgeimpelpndgpoknn] SmoothScroll v.1.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [chiikmhgllekggjhdfjhajkfdkcngplp] Scroll To Top Button v.6.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [dbpojpfdiliekbbiplijcphappgcgjfn] Ultimate Chrome Flag v.0.3.7 (Activé)
G2 - GCE: Preference [User Data\Default] [dckheglehcdhpjkdmmmghbgkcdebhhae] SiteAdvisor for Chrome v.1.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [fnjbmmemklcjgepojigaapkoodmkgbae] DivX HiQ v.2.1.1.94 (Activé)
G2 - GCE: Preference [User Data\Default] [lambangeielkjcnmioccboaphdfcffib] Chrome TV v.2.0.5 (Activé)
G2 - GCE: Preference [User Data\Default] [mihcahmgecmbnbcchbopgniflfhgnkff] Vérificateur de messages Google v.3.1 (Activé)
G2 - GCE: Preference [User Data\Default] [noocneohefmdhonidldnlhaainpiomkp] Cooliris v.1.12.0.34194 (Désactivé)
G2 - GCE: Preference [User Data\Default] [oekemfmehiakocmomemagciajlikigkl] Fade to White Aero Skin (by Skarv) v.0.7.8 (Activé)



---\ Internet Explorer, Startseite,Seiten of search,Ausdehnung (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll



---\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\ ---\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\ Browser Helper Objects (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} . (.DivX, LLC - DivX Web Player version 2.1.1.94.) -- C:\Program Files\DivX\DivX Plus Web Player
pdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} . (.DivX, LLC - DivX Web Player version 2.1.1.94.) -- C:\Program Files\DivX\DivX Plus Web
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Orphean Key



---\ Internet Explorer toolbars (O3)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll



---\ ---\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe 
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe 
O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 
O4 - HKLM\..\Run: [FUFAXSTM] . (.SEIKO EPSON CORPORATION - FAX Status Monitor.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe 
O4 - HKLM\..\Run: [DataCardMonitor] . (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe 
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No comment.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files\RocketDock\RocketDock.exe 
O4 - HKCU\..\Run: [SmAudio] . (.Conexant - SmartAudio.) -- C:\Program Files\Conexant\SmartAudio\SmAudio.exe 
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\jean gamin\AppData\Local\Google\Update\GoogleUpdate.exe 
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe 
O4 - HKCU\..\Run: [Advanced SystemCare 4] . (.IObit - Advanced SystemCare 4 Tray.) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe 
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe 
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\jean gamin\AppData\Roaming\cacaoweb\cacaoweb.exe 
O4 - HKCU\..\Run: [Mobile Partner] . (...) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe 
O4 - HKCU\..\Run: [T3Desk] . (.Tehnif Software SRL - T3Desk Application.) -- C:\Program Files\T3Desk\T3Desk.exe 
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]  oobefldr.dll 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter]  oobefldr.dll 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No comment.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [RocketDock] . (...) -- C:\Program Files\RocketDock\RocketDock.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [SmAudio] . (.Conexant - SmartAudio.) -- C:\Program Files\Conexant\SmartAudio\SmAudio.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\jean gamin\AppData\Local\Google\Update\GoogleUpdate.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [Advanced SystemCare 4] . (.IObit - Advanced SystemCare 4 Tray.) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [cacaoweb] . (...) -- C:\Users\jean gamin\AppData\Roaming\cacaoweb\cacaoweb.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [Mobile Partner] . (...) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [T3Desk] . (.Tehnif Software SRL - T3Desk Application.) -- C:\Program Files\T3Desk\T3Desk.exe 
O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk . (...)  -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe



---\ ---\ Other User Links (O4)
O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk . (.IObit.)  -- C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk . (.Microsoft Corporation.)  -- C:\Windows\System32\SnippingTool.exe



---\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - (.not file.) - C:\PROGRA~1\MICROS~3\Office12\EXCEL.exe



---\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {925DAB62-F9AC-4221-806A-057BFB1014AA} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll



---\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-Mail-Namenshimanbieter.) -- C:\Windows\system32
apinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP-Namespaceanbieter.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP-Namespaceanbieter.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0-Dienstanbieter.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll



---\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpDomain = Speedport_W_503V_Typ_C
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpDomain = Speedport_W_503V_Typ_C
O17 - HKLM\System\CS2\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpDomain = Speedport_W_503V_Typ_C
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1



---\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Websiteüberwachung.) -- C:\Windows\System32\webcheck.dll



---\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shellbrowser-UI-Bibliothek.) -- C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} . (.Microsoft Corporation - Shellbrowser-UI-Bibliothek.) -- C:\Windows\system32\browseui.dll



---\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service:  (AdvancedSystemCareService) . (.IObit - Advanced SystemCare Service.) - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service:  (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service:  (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service:  (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service:  (gupdate1c9e6d2a267862a) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service:  (gupdatem) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service:  (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service:  (hpqwmiex) . (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service:  (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service:  (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service:  (lxce_device) . (.Unknown owner - Printer Communication System.) - C:\Windows\system32\lxcecoms.exe
O23 - Service:  (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service:  (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 186.4.) - C:\Windows\system32
vvsvc.exe
O23 - Service:  (Recovery Service for Windows) . (.Unknown owner -  STServices.) - C:\Program Files\SMINST\BLService.exe
O23 - Service:  (VideoAcceleratorService) . (.Speedbit Ltd. - VideoAcceleratorEngine.) - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service:  (XAudioService) . (.Conexant Systems, Inc. - Modem Audio Service.) - C:\Windows\system32\DRIVERS\xaudio.exe



---\ Windows Active Desktop Components  & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)



---\ Einträge in Windows' Aufgabenplaner(039)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755147125-4231826600-4257628715-1000Core.job
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755147125-4231826600-4257628715-1000UA.job
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\HPCeeScheduleForjean gamin.job
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\PCConfidential.job
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\SmartDefrag.job
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\User_Feed_Synchronization-{77F86249-D5C9-41DE-A694-354D9A1847BD}.job
[MD5.794EBD358FDF1F4978A81A30E43F5E70] [APT] [ASC4_PerformanceMonitor] (.IObit.) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskUserS-1-5-21-1755147125-4231826600-4257628715-1000Core] (.Google Inc..) -- C:\Users\jean gamin\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskUserS-1-5-21-1755147125-4231826600-4257628715-1000UA] (.Google Inc..) -- C:\Users\jean gamin\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.AE37F6508716D2DD6122744C46686BEC] [APT] [HP Health Check] (.Hewlett-Packard.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[MD5.E7E91EBF735D68C4BA1B8367D3121E0C] [APT] [HPCeeScheduleForjean gamin] (.Hewlett-Packard.) -- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
[MD5.00000000000000000000000000000000] [APT] [PCConfidential] (.Unknown owner.) -- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task for VeohWebPlayer] (.Unknown owner.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [SmartDefrag] (.Unknown owner.) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (.not file.)
[MD5.973567B98CDFC147DF4E60471D9DF072] [APT] [{8FC0307F-B99E-4E5A-BF0F-7F1DF7FA2DEE}] (.Unknown owner.) -- C:\PROGRA~1\SPEEDB~1\UNWISE.exe



---\ Automatisch gestartete Treiber und Dienste (O41)
O41 - Driver:  (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver:  (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver:  (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver:  (i8042prt) . (.Microsoft Corporation - i8042-Anschlusstreiber.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver:  (kbdclass) . (.Microsoft Corporation - Tastaturklassentreiber.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver:  (kbdhid) . (.Microsoft Corporation - HID-Tastaturfiltertreiber.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver:  (mouclass) . (.Microsoft Corporation - Mausklassentreiber.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS
etbios.sys
O41 - Driver:  (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS
etbt.sys
O41 - Driver:  (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers
siproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - QoS-Paketplaner.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver:  (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERSasacd.sys
O41 - Driver:  (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERSdbss.sys
O41 - Driver:  (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver:  (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\driversdpencdd.sys
O41 - Driver: C:\Windows\system32	cpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver:  (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
O41 - Driver: C:\Windows\system32	cpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS	dx.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS	ermdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver:  (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys



---\ Installierte Programme (O42)
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Adobe Reader X (10.0.1) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA0000000001}
O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- {AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
O42 - Logiciel: Advanced SystemCare 4 - (.IObit.) [HKLM] -- Advanced SystemCare 4_is1
O42 - Logiciel: Atheros Driver Installation Program - (.Atheros.) [HKLM] -- {C3A32068-8AB1-4327-BB16-BED9C6219DC7}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Conexant HD Audio - (.Conexant.) [HKLM] -- CNXT_AUDIO_HDA
O42 - Logiciel: DivX-Setup - (.DivX, LLC.) [HKLM] -- DivX Setup.divx.com
O42 - Logiciel: EPSON BX305 Series Printer Uninstall - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON BX305 Series
O42 - Logiciel: EPSON Scan - (.Seiko Epson Corporation.) [HKLM] -- EPSON Scanner
O42 - Logiciel: ESU for Microsoft Vista - (.Hewlett-Packard.) [HKLM] -- {3877C901-7B90-4727-A639-B6ED2DD59D43}
O42 - Logiciel: Epson Easy Photo Print 2 - (.SEIKO EPSON CORPORATION.) [HKLM] -- {39F58DDB-B2B8-4B86-AF20-4706A80EB30D}
O42 - Logiciel: Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) - (.SEIKO EPSON CORPORATION.) [HKLM] -- {B2D55EB8-32C5-4B43-9006-9E97DECBA178}
O42 - Logiciel: Epson FAX Utility - (.SEIKO EPSON CORPORATION.) [HKLM] -- {0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}
O42 - Logiciel: Epson PC-FAX Driver - (.Unknown owner.) [HKLM] -- EPSON PC-FAX Driver 2
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {B131E59D-202C-43C6-84C9-68F0C37541F1}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HDAUDIO Soft Data Fax Modem with SmartCP - (.Unknown owner.) [HKLM] -- CNXT_MODEM_HDAUDIO_HERMOSA_HSF
O42 - Logiciel: HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {57A5AEC1-97FC-474D-92C4-908FCC2253D4}
O42 - Logiciel: HP DVD Play 3.7 - (.Hewlett-Packard.) [HKLM] -- {45D707E9-F3C4-11D9-A373-0050BAE317E1}
O42 - Logiciel: HP Doc Viewer - (.Hewlett-Packard.) [HKLM] -- {082702D5-5DD8-4600-BCE5-48B15174687F}
O42 - Logiciel: HP Help and Support - (.Hewlett-Packard Company.) [HKLM] -- {0054A0F6-00C9-4498-B821-B5C9578F433E}
O42 - Logiciel: HP Quick Launch Buttons 6.40 H2 - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: HP Total Care Advisor - (.Hewlett-Packard.) [HKLM] -- {154A4184-1A3D-4BF9-A5AE-4FA1660445F3}
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
O42 - Logiciel: HP User Guides 0118 - (.Hewlett-Packard.) [HKLM] -- {B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: HPNetworkAssistant - (.Hewlett-Packard..) [HKLM] -- {228C6B46-64E2-404E-898A-EF0830603EF4}
O42 - Logiciel: HPTCSSetup - (.Hewlett-Packard Company.) [HKLM] -- {846DDADA-0239-4B67-A6B1-33658863793B}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: IObit Toolbar v4.1 - (.Spigot, Inc..) [HKLM] -- {7B8BA496-E201-4246-9A8B-687B49145F53}
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 24 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {E2DFE069-083E-4631-9B6C-43C48E991DE5}
O42 - Logiciel: LightScribe System Software  1.14.17.1 - (.LightScribe.) [HKLM] -- {0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - DEU - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - deu
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - deu - (.Microsoft Corporation.) [HKLM] -- {052FDD78-A6EA-3187-8386-C82F4CA3A929}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile DEU Language Pack - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile DEU Language Pack
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile DEU Language Pack - (.Microsoft Corporation.) [HKLM] -- {F750C986-5310-3A5A-95F8-4EC71C8AC01C}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (German) - (.Microsoft Corporation.) [HKLM] -- {95120000-00AF-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] -- {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - KB2467175 - (.Microsoft Corporation.) [HKLM] -- {a0fe116e-9a8a-466f-aee0-625cb7c207e3}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {39D0E034-1042-4905-BECB-5502909FCB7C}
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: NVIDIA PhysX v8.04.25 - (.NVIDIA Corporation.) [HKLM] -- {74224F8D-4A17-4816-9EDB-7BB854DE532C}
O42 - Logiciel: Next Generation Visualisations - (. Microsoft.) [HKLM] -- {2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
O42 - Logiciel: OpenOffice.org 3.2 - (.OpenOffice.org.) [HKLM] -- {266517E6-D866-439D-919C-B8B1A52E6080}
O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A}
O42 - Logiciel: PixiePack Codec Pack - (.None.) [HKLM] -- {9C450606-ED24-4958-92BA-B8940C99D441}
O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {DC24971E-1946-445D-8A82-CE685433FA7D}
O42 - Logiciel: RocketDock 1.3.5 - (.Punk Software.) [HKLM] -- RocketDock_is1
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: T-Mobile Internet Manager - (.T-Mobile D.) [HKLM] -- T-Mobile Internet Manager
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM] -- {5EE7D259-D137-4438-9A5F-42F432EC0421}
O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: WhiteCap - (.SoundSpectrum.) [HKLM] -- WhiteCap
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Contrôle parental - (.Microsoft Corporation.) [HKLM] -- {D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {53B20C18-D8D4-4588-8737-9BBFE303C354}
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- {F7D27C70-90F5-49B9-B188-0A133C0CE353}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Zylom Games Player Plugin - (.Zylom Games.) [HKLM] -- Zylom Games Player Plugin
O42 - Logiciel: eMule - (.Unknown owner.) [HKLM] -- eMule

---\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\DivX]
[HKCU\Software\AppDataLow\Software\IObit]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\imeshmediabartb]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Audacity]
[HKCU\Software\Avira]
[HKCU\Software\Borland]
[HKCU\Software\Bugsplat]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CodeGear]
[HKCU\Software\Conexant]
[HKCU\Software\CyberLink]
[HKCU\Software\Dexclock]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\EPSON]
[HKCU\Software\EarthClock]
[HKCU\Software\EasyBits]
[HKCU\Software\Enkord]
[HKCU\Software\GNU]
[HKCU\Software\Google]
[HKCU\Software\Headlight]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IDAVLab]
[HKCU\Software\IM Providers]
[HKCU\Software\IObit]
[HKCU\Software\JavaSoft]
[HKCU\Software\LightScribe]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MainConcept (Muvee)]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MimarSinan]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Policies]
[HKCU\Software\RapidSolution]
[HKCU\Software\Reality Pump]
[HKCU\Software\RocketDock]
[HKCU\Software\Speed-Downloading]
[HKCU\Software\SpeedBit]
[HKCU\Software\Stardock]
[HKCU\Software\Symantec]
[HKCU\Software\Synaptics]
[HKCU\Software\Tehnif Software]
[HKCU\Software\Trolltech]
[HKCU\Software\Veoh]
[HKCU\Software\WebToGo]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Zylom]
[HKCU\Software\cacaoweb]
[HKCU\Software\cooliris]
[HKCU\Software\eMule]
[HKCU\Software\keyhole.com]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\Atheros]
[HKLM\Software\Avira]
[HKLM\Software\Bytemobile]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conexant Systems Inc  ]
[HKLM\Software\Conexant]
[HKLM\Software\CrazyLoader]
[HKLM\Software\Cyberlink]
[HKLM\Software\Debug]
[HKLM\Software\DivXNetworks]
[HKLM\Software\DivX]
[HKLM\Software\EPSON]
[HKLM\Software\EasyBits]
[HKLM\Software\Elf_1.13]
[HKLM\Software\Google]
[HKLM\Software\HPQ]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard Company]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDAVLab]
[HKLM\Software\IObit]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\LexmarkInkjet]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\MusicNet]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Policies]
[HKLM\Software\RapidSolution]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek USB 2.0 Card Reader]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SEIKO EPSON CORPORATION]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Sonic]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Speed-Downloading]
[HKLM\Software\SpeedBit]
[HKLM\Software\Stardock]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\T-Mobile]
[HKLM\Software\UBISOFT]
[HKLM\Software\Uniblue]
[HKLM\Software\VideoLAN]
[HKLM\Software\W3i]
[HKLM\Software\WOW6432Node]
[HKLM\Software\WebToGo]
[HKLM\Software\WildTangent]
[HKLM\Software\Windows]
[HKLM\Software\Winferno]
[HKLM\Software\X-AVCSD]
[HKLM\Software\mozilla.org]



---\ Inhalte der gemeinsamen Dateien (O43)
O43 - CFD: 26.10.2008 - 16:39:04 - [12683094] ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
O43 - CFD: 13.03.2011 - 19:12:02 - [114154297] ----D- C:\Program Files\Adobe
O43 - CFD: 25.01.2011 - 22:35:58 - [111389942] ----D- C:\Program Files\AGEIA Technologies
O43 - CFD: 05.01.2011 - 14:33:08 - [11287529] ----D- C:\Program Files\Atheros
O43 - CFD: 10.08.2009 - 23:08:02 - [173536180] ----D- C:\Program Files\Avira
O43 - CFD: 26.03.2009 - 09:38:30 - [820736] ----D- C:\Program Files\Cisco
O43 - CFD: 13.03.2011 - 19:12:02 - [584976355] ----D- C:\Program Files\Common Files
O43 - CFD: 04.06.2010 - 09:39:12 - [7451462] ----D- C:\Program Files\CONEXANT
O43 - CFD: 13.03.2011 - 11:41:58 - [425472] ----D- C:\Program Files\Dexclock
O43 - CFD: 07.05.2011 - 01:27:14 - [101671636] ----D- C:\Program Files\DivX
O43 - CFD: 14.06.2010 - 13:34:20 - [13118895] ----D- C:\Program Files\EarthClock
O43 - CFD: 05.01.2011 - 13:29:38 - [10906334] ----D- C:\Program Files\eMule
O43 - CFD: 12.03.2011 - 15:57:28 - [8339922] ----D- C:\Program Files\epson
O43 - CFD: 25.01.2011 - 18:21:26 - [156349283] ----D- C:\Program Files\Epson Software
O43 - CFD: 17.08.2009 - 23:01:40 - [53760] ----D- C:\Program Files\Free Download Manager
O43 - CFD: 24.01.2010 - 04:35:12 - [410112] ----D- C:\Program Files\Free Internet TV Player lite
O43 - CFD: 05.01.2011 - 14:16:22 - [8266] ----D- C:\Program Files\Free Offers from Freeze.com
O43 - CFD: 05.01.2011 - 14:40:24 - [814496] ----D- C:\Program Files\FreeApps
O43 - CFD: 14.02.2011 - 03:00:54 - [421376] ----D- C:\Program Files\fxc
O43 - CFD: 06.06.2009 - 11:48:42 - [0] -SH-D- C:\Program Files\Gemeinsame Dateien
O43 - CFD: 10.06.2011 - 22:58:02 - [6220735] ----D- C:\Program Files\Google
O43 - CFD: 07.05.2011 - 01:27:14 - [324212023] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 26.03.2009 - 10:18:48 - [95002777] ----D- C:\Program Files\HP
O43 - CFD: 25.01.2011 - 18:21:22 - [123251683] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 14.04.2011 - 03:30:56 - [4565795] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 07.05.2011 - 00:12:30 - [74771650] ----D- C:\Program Files\IObit
O43 - CFD: 12.03.2011 - 01:10:32 - [88508087] ----D- C:\Program Files\Java
O43 - CFD: 08.01.2011 - 17:45:06 - [16295712] ----D- C:\Program Files\JRE
O43 - CFD: 08.01.2011 - 17:30:32 - [20299689] ----D- C:\Program Files\Lexmark 4300 Series
O43 - CFD: 11.06.2011 - 09:01:00 - [7580882] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 05.05.2010 - 23:58:10 - [1041880] ----D- C:\Program Files\Microsoft
O43 - CFD: 02.11.2006 - 14:37:36 - [92183479] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 15.06.2010 - 08:23:52 - [30362222] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 24.04.2011 - 08:28:18 - [38388859] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 24.08.2009 - 22:27:50 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 24.08.2009 - 22:30:06 - [2188837] ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 03.01.2011 - 04:07:24 - [139242201] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 27.06.2010 - 14:25:30 - [15715] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 10.09.2010 - 00:19:44 - [99354222] ----D- C:\Program Files\Movie Maker
O43 - CFD: 05.01.2011 - 18:19:56 - [2716] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 02.11.2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 06.06.2009 - 11:51:50 - [18764189] R---D- C:\Program Files\Online Services
O43 - CFD: 08.01.2011 - 17:45:04 - [386500926] ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 19.06.2009 - 01:51:46 - [16979540] ----D- C:\Program Files\PixiePack Codec Pack
O43 - CFD: 02.11.2006 - 14:37:36 - [38643969] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 06.06.2009 - 14:15:10 - [11477544] ----D- C:\Program Files\RocketDock
O43 - CFD: 10.06.2011 - 20:14:58 - [0] ----D- C:\Program Files\S.A.D
O43 - CFD: 07.05.2011 - 01:27:14 - [1224584] ----D- C:\Program Files\Shareaza
O43 - CFD: 04.06.2010 - 09:39:12 - [28344212] ----D- C:\Program Files\SMINST
O43 - CFD: 25.11.2009 - 00:16:18 - [18087465] ----D- C:\Program Files\SoundSpectrum
O43 - CFD: 11.06.2011 - 19:52:42 - [73064567] ----D- C:\Program Files\SpeedBit Video Accelerator
O43 - CFD: 13.03.2011 - 19:05:08 - [1168216] ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 26.03.2009 - 09:42:22 - [10013155] ----D- C:\Program Files\Synaptics
O43 - CFD: 28.02.2011 - 07:40:10 - [63601482] ----D- C:\Program Files\T-Mobile
O43 - CFD: 10.06.2011 - 22:39:36 - [1111040] ----D- C:\Program Files\T3Desk
O43 - CFD: 02.11.2006 - 15:01:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 07.05.2010 - 20:38:50 - [80529230] ----D- C:\Program Files\VideoLAN
O43 - CFD: 17.10.2009 - 19:05:34 - [1012736] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 17.10.2009 - 19:05:32 - [2737152] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 17.10.2009 - 19:05:26 - [4488064] ----D- C:\Program Files\Windows Defender
O43 - CFD: 17.10.2009 - 19:05:32 - [7084664] ----D- C:\Program Files\Windows Journal
O43 - CFD: 07.05.2011 - 00:39:06 - [117886024] ----D- C:\Program Files\Windows Live
O43 - CFD: 24.08.2009 - 22:24:32 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 12.05.2011 - 17:50:46 - [9108152] ----D- C:\Program Files\Windows Mail
O43 - CFD: 17.10.2010 - 03:21:04 - [24834017] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 06.06.2009 - 11:48:42 - [7957544] ----D- C:\Program Files\Windows NT
O43 - CFD: 17.10.2009 - 19:05:30 - [13528226] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 21.11.2009 - 19:01:54 - [134144] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 07.05.2011 - 01:27:14 - [6528423] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 11.06.2011 - 21:38:14 - [4012370] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 15.05.2011 - 13:17:20 - [511520] ----D- C:\Program Files\Zylom Games
O43 - CFD: 13.03.2011 - 19:12:34 - [3515885] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 09.04.2011 - 17:17:16 - [24006656] ----D- C:\Program Files\Common Files\DivX Shared
O43 - CFD: 25.01.2011 - 18:24:52 - [275456] ----D- C:\Program Files\Common Files\EPSON
O43 - CFD: 26.03.2009 - 10:18:44 - [8142896] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 12.03.2011 - 17:27:58 - [1247175] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 26.03.2009 - 10:18:34 - [29201102] ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 07.05.2011 - 01:27:14 - [305846927] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 06.06.2009 - 19:52:02 - [4740928] ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 06.06.2009 - 21:37:40 - [164864] ----D- C:\Program Files\Common Files\Real
O43 - CFD: 11.01.2010 - 11:58:28 - [812296] ----D- C:\Program Files\Common Files\Scanner
O43 - CFD: 02.11.2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 02.11.2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 17.10.2009 - 19:05:30 - [15064962] ----D- C:\Program Files\Common Files\System
O43 - CFD: 24.08.2009 - 21:12:06 - [108107939] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 25.01.2011 - 22:35:38 - [42744832] ----D- C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD: 22.04.2011 - 11:08:12 - [136894119] ----D- C:\ProgramData\Adobe
O43 - CFD: 06.06.2009 - 11:48:42 - [0] -SH-D- C:\ProgramData\Anwendungsdaten
O43 - CFD: 02.11.2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 05.01.2011 - 14:31:22 - [11880] ----D- C:\ProgramData\Atheros
O43 - CFD: 10.08.2009 - 23:08:02 - [4541327] ----D- C:\ProgramData\Avira
O43 - CFD: 25.08.2009 - 12:33:40 - [257585] ----D- C:\ProgramData\AWEM
O43 - CFD: 02.01.2011 - 16:59:32 - [8010] ----D- C:\ProgramData\CyberLink
O43 - CFD: 02.11.2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 09.04.2011 - 17:17:16 - [5849597] ----D- C:\ProgramData\DivX
O43 - CFD: 02.11.2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 06.06.2009 - 11:48:42 - [0] -SH-D- C:\ProgramData\Dokumente
O43 - CFD: 24.11.2009 - 00:27:22 - [197380] ----D- C:\ProgramData\eMule
O43 - CFD: 21.06.2010 - 09:30:28 - [42125] ----D- C:\ProgramData\Enkord
O43 - CFD: 25.01.2011 - 18:24:52 - [8278385] ----D- C:\ProgramData\EPSON
O43 - CFD: 16.06.2009 - 00:20:24 - [11271] ----D- C:\ProgramData\EscapeTheMuseum
O43 - CFD: 06.06.2009 - 11:48:42 - [0] -SH-D- C:\ProgramData\Favoriten

Utilisateur anonyme · Answer

regarde tes mp. tu y trouveras le rapport ; )

Valuu · Answer

Refait mais sans mot de pass x) J'arrive pas à le voir ^^

Valuu · Answer

Voila le lien (pour le gens qui suivent le sujet : https://pjjoint.malekal.com/files.php?read=74e3ad985d14513

En effet tu n'as pas Virut x)

--------------------------------------------------------------------------------------
* Double-clique sur l'icône AD-Remover 
Déconnecte toi et ferme toutes les applications en cours 
* Au menu principal, clique sur Nettoyer 
* Confirme le lancement de l'analyse et laisse l'outil travailler 
* Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )

Utilisateur anonyme · Answer

Euuuh... question de noob professionel : c'est ou l 'icone ad remover ?

Utilisateur anonyme · Answer

j'ai quand meme eu la bonne idée d'aller télécharger ce logiciel sur google... ;)

Voici le rapport :

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 23:04:06 on 11/06/2011, Normal boot

Microsoft® Windows Vista(TM) Home Premium Service Pack 2 (X86)
jean gamin@MONZOB (Hewlett-Packard Compaq Presario CQ60 Notebook PC)

============== SEARCH ==============

============== ADDITIONNAL SCAN ==============

-- C:\Users\jean gamin\AppData\Roaming\Mozilla\FireFox\Profiles\vxbxnz2e.default --
Extensions\cacaoweb@cacaoweb.org (cacaoweb)
Extensions\foxyproxy@eric.h.jung (FoxyProxy Standard)
Extensions\nasanightlaunch@example.com (NASA Night Launch)
Extensions\piclens@cooliris(26).com (Cooliris)
Extensions\piclens@cooliris.com (Cooliris)
Extensions\yetanothersmoothscrolling@kataho (Yet Another Smooth Scrolling)
Extensions\{239c61a8-e55f-11db-8314-0800200c9a66} (BlackX)
Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} ()
Searchplugins\Schnell Sucher.xml (hxxp://www.schnellsucher.com/)
Prefs.js - browser.download.dir, C:\\Users\\jean gamin\\Downloads
Prefs.js - browser.search.defaultenginename, iMesh Web Search
Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
Prefs.js - browser.search.selectedEngine, iMesh Web Search
Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.3
Prefs.js - keyword.URL, hxxp://search.imesh.com/webResults.html?src=ffb&q=
Prefs.js - privacy.popups.showBrowserMessage, false
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Yahoo
Prefs.js - keyword.URL, hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=

========================================

**** Google Chrome Version [12.0.742.91] ****

Extension\fnjbmmemklcjgepojigaapkoodmkgbae (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx) (?)
Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx) (x)
Extension\nneajnkjbffgblleaoojgaacokifdkhm (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx) (?)

-- C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://home.sweetim.com/?barid={3F4AE75B-3A90-11E0-967F-001F167692B5}
Preferences - homepage_is_newtabpage: true
Plugin - Interest Recognizer for Crazyloader (Enabled: true) (C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll) (x)
Plugin - "Interest Recognizer for Crazyloader" (Enabled: true)
Plugin - "DivX Player" (Enabled: true)
Plugin - "DivX Player Netscape Plugin" (Enabled: true)
Plugin - "Picasa" (Enabled: true)

========================================

**** Internet Explorer Version [8.0.6001.19048] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - "Schnell Sucher" (hxxp://www.schnellsucher.com/?t=Q0908171928&s=b&keywords={searchTerms})
HKCU_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x)
HKLM_Toolbar|{9421DD08-935F-4701-A9CA-22DF90AC4EA6} (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)
HKLM_ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\WidgiHelper.exe (x)
HKLM_ElevationPolicy\{2A9467B4-C085-11DD-BC92-869555D89593} - C:\Program Files\iMeshMediabarTb\uninstall.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A2C4A926-ABA8-4983-817F-4EB832F995DA} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} - C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe (x)
HKLM_Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "?" (?)
HKLM_Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} - "?" (?)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - "Easy Photo Print" (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 5 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 11/06/2011 22:57:31 (6597 Byte(s))
C:\Ad-Report-SCAN[1].txt - 11/06/2011 23:04:12 (6417 Byte(s))

End at: 23:04:52, 11/06/2011

============== E.O.F ==============

Valuu · Answer

--------------------------------------------------------------------------------------
MBAM
    * Télécharge Malwarebytes' Anti-Malware
    * Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
    * Lance une analyse complète en cliquant sur "Exécuter un examen complet"
    * Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen"
    * L'analyse peut durer un bon moment.....
    * Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"
    * Vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK"
    * Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Fais le en cliquant sur "oui" à la question posée
   * Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

Utilisateur anonyme · Answer

L'analyse est lancée depuis 45mn et je commence a fatiguer...

je laisse tourner jusqu'a demain et poste le rapport apres.

merci d'avoir fait preuve de patience avec moi ;)

@+

Valuu · Answer

Okay ;) 

Mais de rien, en plus on a perdu du temps car fausse piste... :/

Et au passage, tu pourras poster le rapport Clean1 d'Ad-Remover aussi stp ? Que je vois ce qui a été supprimé ?

Utilisateur anonyme · Answer

Bonjour Valuu et aux autres aussi,

Me revoila, ayant repris quelques forces pour repartir au combat contre cette créature qui, si j'ai bien compris, se fait passer pour une autre...
quel suspens....! : )

Je signale au passage que Avira ne se manifeste plus. le rapport d'ad-remover se trouve deux posts plus haut, a moins que ca ne soit pas ce que tu me demande...

voici celui d'anti- Malware :

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6835

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

12.06.2011 00:55:48
mbam-log-2011-06-12 (00-55-48).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 321773
Temps écoulé: 1 heure(s), 13 minute(s), 57 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Et un rapport obtenu en appuyant sur "clean" dans ad-remover :

====== REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 10:24:05 on 12/06/2011, Normal boot

Microsoft® Windows Vista(TM) Home Premium Service Pack 2 (X86)
jean gamin@MONZOB (Hewlett-Packard Compaq Presario CQ60 Notebook PC)

============== ACTION(S) ==============

(!) -- Temporary files deleted.

============== ADDITIONNAL SCAN ==============

-- C:\Users\jean gamin\AppData\Roaming\Mozilla\FireFox\Profiles\vxbxnz2e.default --
Extensions\cacaoweb@cacaoweb.org (cacaoweb)
Extensions\foxyproxy@eric.h.jung (FoxyProxy Standard)
Extensions\nasanightlaunch@example.com (NASA Night Launch)
Extensions\piclens@cooliris(26).com (Cooliris)
Extensions\piclens@cooliris.com (Cooliris)
Extensions\yetanothersmoothscrolling@kataho (Yet Another Smooth Scrolling)
Extensions\{239c61a8-e55f-11db-8314-0800200c9a66} (BlackX)
Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} ()
Searchplugins\Schnell Sucher.xml (hxxp://www.schnellsucher.com/)
Prefs.js - browser.download.dir, C:\\Users\\jean gamin\\Downloads
Prefs.js - browser.search.defaultenginename, iMesh Web Search
Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
Prefs.js - browser.search.selectedEngine, iMesh Web Search
Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.3
Prefs.js - keyword.URL, hxxp://search.imesh.com/webResults.html?src=ffb&q=
Prefs.js - privacy.popups.showBrowserMessage, false
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Yahoo
Prefs.js - keyword.URL, hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=

========================================

**** Google Chrome Version [12.0.742.91] ****

Extension\fnjbmmemklcjgepojigaapkoodmkgbae (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx) (?)
Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx) (x)
Extension\nneajnkjbffgblleaoojgaacokifdkhm (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx) (?)

-- C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://home.sweetim.com/?barid={3F4AE75B-3A90-11E0-967F-001F167692B5}
Preferences - homepage_is_newtabpage: true
Plugin - Interest Recognizer for Crazyloader (Enabled: true) (C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll) (x)
Plugin - "Interest Recognizer for Crazyloader" (Enabled: true)
Plugin - "DivX Player" (Enabled: true)
Plugin - "DivX Player Netscape Plugin" (Enabled: true)
Plugin - "Picasa" (Enabled: true)

========================================

**** Internet Explorer Version [8.0.6001.19048] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - "Schnell Sucher" (hxxp://www.schnellsucher.com/?t=Q0908171928&s=b&keywords={searchTerms})
HKCU_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x)
HKLM_Toolbar|{9421DD08-935F-4701-A9CA-22DF90AC4EA6} (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)
HKLM_ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\WidgiHelper.exe (x)
HKLM_ElevationPolicy\{2A9467B4-C085-11DD-BC92-869555D89593} - C:\Program Files\iMeshMediabarTb\uninstall.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A2C4A926-ABA8-4983-817F-4EB832F995DA} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} - C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe (x)
HKLM_Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "?" (?)
HKLM_Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} - "?" (?)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - "Easy Photo Print" (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 5 File(s)
C:\Program Files\Ad-Remover\Backup: 30 File(s)

C:\Ad-Report-CLEAN[1].txt - 11/06/2011 22:57:31 (6597 Byte(s))
C:\Ad-Report-CLEAN[2].txt - 12/06/2011 10:24:22 (6458 Byte(s))
C:\Ad-Report-SCAN[1].txt - 11/06/2011 23:04:12 (6555 Byte(s))

End at: 10:25:13, 12/06/2011

============== E.O.F ==============

Valuu · Answer

Yop,

Okay pour MBAM, Ad-Remover avait du nettoyer.

Le rapport Ad-R qu'il me faudrait est celui ci : C:\Ad-Report-CLEAN[1].txt

Utilisateur anonyme · Answer

je pense que ca doit etre le bon maintenant.... ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 22:56:46 on 11/06/2011, Normal boot Microsoft® Windows Vista(TM) Home Premium Service Pack 2 (X86) jean gamin@MONZOB (Hewlett-Packard Compaq Presario CQ60 Notebook PC) ============== ACTION(S) ============== Folder deleted: C:\Users\jean gamin\AppData\Roaming\CrazyLoader (!) -- Temporary files deleted. ============== ADDITIONNAL SCAN ============== -- C:\Users\jean gamin\AppData\Roaming\Mozilla\FireFox\Profiles\vxbxnz2e.default -- Extensions\cacaoweb@cacaoweb.org (cacaoweb) Extensions\foxyproxy@eric.h.jung (FoxyProxy Standard) Extensions asanightlaunch@example.com (NASA Night Launch) Extensions\piclens@cooliris(26).com (Cooliris) Extensions\piclens@cooliris.com (Cooliris) Extensions\yetanothersmoothscrolling@kataho (Yet Another Smooth Scrolling) Extensions\{239c61a8-e55f-11db-8314-0800200c9a66} (BlackX) Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} () Searchplugins\Schnell Sucher.xml (hxxp://www.schnellsucher.com/) Prefs.js - browser.download.dir, C:\Users\jean gamin\Downloads Prefs.js - browser.search.defaultenginename, iMesh Web Search Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q= Prefs.js - browser.search.selectedEngine, iMesh Web Search Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.3 Prefs.js - keyword.URL, hxxp://search.imesh.com/webResults.html?src=ffb&q= Prefs.js - privacy.popups.showBrowserMessage, false Prefs.js - browser.search.defaultenginename, Yahoo Prefs.js - browser.search.selectedEngine, Yahoo Prefs.js - keyword.URL, hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p= ======================================== **** Google Chrome Version [12.0.742.91] **** Extension\fnjbmmemklcjgepojigaapkoodmkgbae (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx) (?) Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx) (x) Extension neajnkjbffgblleaoojgaacokifdkhm (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx) (?) -- C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://home.sweetim.com/?barid={3F4AE75B-3A90-11E0-967F-001F167692B5} Preferences - homepage_is_newtabpage: true Plugin - Interest Recognizer for Crazyloader (Enabled: true) (C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll) (x) Plugin - "Interest Recognizer for Crazyloader" (Enabled: true) Plugin - "DivX Player" (Enabled: true) Plugin - "DivX Player Netscape Plugin" (Enabled: true) Plugin - "Picasa" (Enabled: true) ======================================== **** Internet Explorer Version [8.0.6001.19048] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - "Schnell Sucher" (hxxp://www.schnellsucher.com/?t=Q0908171928&s=b&keywords={searchTerms}) HKCU_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...) HKLM_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...) HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x) HKLM_Toolbar|{9421DD08-935F-4701-A9CA-22DF90AC4EA6} (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll) HKLM_ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\WidgiHelper.exe (x) HKLM_ElevationPolicy\{2A9467B4-C085-11DD-BC92-869555D89593} - C:\Program Files\iMeshMediabarTb\uninstall.exe (x) HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (?) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{A2C4A926-ABA8-4983-817F-4EB832F995DA} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x) HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.) HKLM_ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} - C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe (x) HKLM_Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "?" (?) HKLM_Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} - "?" (?) BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5

Valuu · Answer

C'était bien celui ci :)

Bon refait moi un ZHPDiag, on va finaliser, normalement c'est propre.

Utilisateur anonyme · Answer

https://pjjoint.malekal.com/files.php?id=da67f18ed161514

Voici un lien Malekal car CCM refuse d'afficher mon rapport complet...

Utilisateur anonyme · Answer

Valuu ?  est ce que tu suis encore ?  suite au rapport que je t'ai envoyé je ne sais pas si mon pc est "réparé" maintenant...

je pense que oui mais j'aimerai bien avoir confirmation de ta part.

si tu pouvais m'expliquer aussi en 2 mots ce qui n'allait pas, ca me taraude un peu quand meme...

merci d'avance : )

Valuu · Answer

Yop,

Pas grave, j'ai supprimé la tartine.
Je regarde ton rapport tout de suite ;)
Je t'expliquerais tes problèmes après :)

Valuu · Answer

--------------------------------------------------------------------------------------
* Lance ZHPFix (si tu es sous Windows Vista ou Windows 7, lance le par un clic-droit dessus --> exécuter en temps qu'administrateur).
* Copie les lignes suivantes :

---------------------------------------------------
EmptyTemp
EmptyFlash
FirewallRAZ
SysRestore
M3 - MFPP: Plugins - [jean gamin] -- C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\searchplugins\Schnell Sucher.xml 
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Unknown owner - No comment.) -- C:\Program Files\Microsoft\Office Live
pOLW.dll (.not file.)     
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.13 (.http://www.cacaoweb.org/     
G0 - GCSP: Preference [User Data\Default][HomePage] http://home.sweetim.com 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key     
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Orphean Key     
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\jean gamin\AppData\Roaming\cacaoweb\cacaoweb.exe     
[MD5.00000000000000000000000000000000] [APT] [PCConfidential] (.Unknown owner.) -- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (.not file.)     
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task for VeohWebPlayer] (.Unknown owner.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (.not file.)     
[MD5.00000000000000000000000000000000] [APT] [SmartDefrag] (.Unknown owner.) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (.not file.)     
[HKCU\Software\AppDataLow\Software\imeshmediabartb]     
[HKCU\Software\cacaoweb]     
[HKLM\Software\CrazyLoader]     
O43 - CFD: 08.05.2011 - 20:48:30 - [93154154] ----D- C:\Users\jean gamin\AppData\Roaming\cacaoweb     
O43 - CFD: 05.01.2011 - 18:01:34 - [88619] ----D- C:\Users\jean gamin\Appdata\Local\crazyloader Air     
O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.9.2 Codec" . (.Unknown owner - No comment.) -- (.not file.)     
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0     
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0     
O69 - SBI: SearchScopes [HKCU] {0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - (Schnell Sucher) - http://www.schnellsucher.com 
O69 - SBI: SearchScopes [HKCU] {A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - (Yahoo Shopping) - http://de.kelkoopartners.net 
[HKLM\Software\Classes\AppID\WMHelper.DLL] 
[HKLM\Software\Classes\imside1egate.application.1] 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]     
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]     
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]     
[HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}]     
[HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}]     
[HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}]     
[HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}]     
[HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}]     
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}]     
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5F65718-341D-4e7d-9842-FCB9CC89527E}]     
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5F65718-341D-4e7d-9842-FCB9CC89527E}]     
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}]     
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}]     
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]     
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}]     
[HKCU\Software\cacaoweb]     
[HKLM\Software\CrazyLoader]     
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB]     
C:\Users\jean gamin\AppData\Roaming\cacaoweb     
C:\Users\jean gamin\Appdata\Local\Crazyloader Air     

---------------------------------------------------

* Clique sur l'icône représentant la lettre H (« coller les lignes Helper »)
* Les lignes se collent automatiquement dans ZHPFix.
* Clique sur le bouton « GO » pour lancer le nettoyage,
* Colle le contenu du rapport dans ta prochaine réponse.

--------------------------------------------------------------------------------------
   * Télécharge la dernière version de Java : https://www.java.com/fr/download/
   * Installe là
    *Puis télécharge JavaRa.zip
    * Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    * Double-clique sur le répertoire JavaRa obtenu.
    * Si tu es sous Vista/Seven, Exécute le avec un clic droit / Exécuter en tant qu'administrateur
    * Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    * Clique sur Remove Older Versions.
    * Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    * Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse. (Note : le rapport se trouve aussi là : ( C:\JavaRa.log ))

-------------------------------------------------------------------------------------- 
    * Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau. Si ton antivirus affiche une alerte, ignore le et désactive le temporairement.
    * Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
    * Double clique sur le raccourci UsbFix sur ton Bureau, l'installation se fera automatiquement
    * Clique sur "Recherche"
    * Laisse travailler l'outil
    * A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)

    Aide en images : Tutoriel "Recherche"

Utilisateur anonyme · Answer

Rapport de ZHPFix 1.12.3307 par Nicolas Coolman, Update du 10/06/2011
Fichier d'export Registre : C:\ZHPExportRegistry-13.06.2011-23-08-48.txt
Run by jean gamin at 13.06.2011 23:08:48
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Registernycklar ==========
DELETED Mozilla Plugin: @microsoft.com/OfficeLive,version=1.3
DELETED CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
DELETED CLSID BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
DELETED HKCU\Software\AppDataLow\Software\imeshmediabartb
DELETED HKCU\Software\cacaoweb
DELETED HKLM\Software\CrazyLoader
DELETED SearchScopes :{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher
DELETED SearchScopes :{A24AEAB3-F669-440B-BDEC-A7300C5B0C61}
DELETED HKLM\Software\Classes\AppID\WMHelper.DLL
DELETED HKLM\Software\Classes\imside1egate.application.1
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}
DELETED HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
DELETED HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}
DELETED HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
DELETED HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}
DELETED HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
DELETED HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5F65718-341D-4e7d-9842-FCB9CC89527E}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5F65718-341D-4e7d-9842-FCB9CC89527E}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
DELETED HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
NOT FOUND HKCU\Software\cacaoweb
NOT FOUND HKLM\Software\CrazyLoader
NOT FOUND HKCU\Software\AppDataLow\Software\iMeshMediabarTB

========== Registervärden ==========
No Value in Standard Profile Register Key FirewallRaz : 
No Value in Domain Profile Register Key FirewallRaz : 
DELETED FirewallRaz (Public) : {4D949DBB-C8EE-4348-ACBC-DFD8168C30DE}
DELETED FirewallRaz (Public) : {C3F46C1C-91F2-4730-93DF-0DDC204BBE5F}
DELETED FirewallRaz (Public) : TCP Query User{AC6C6094-C758-42B3-ACE1-E9BC40C1B916}C:\program files\mozilla firefox\firefox.exe
DELETED FirewallRaz (Public) : UDP Query User{E4668E55-BD05-4327-B9D6-E74E57B0F40D}C:\program files\mozilla firefox\firefox.exe
DELETED FirewallRaz (Public) : {259932F1-A0C1-4B42-A472-0B40B7C6BF47}
DELETED FirewallRaz (Public) : {5A399E6A-AD70-4511-9C45-2A12A84D6F98}
DELETED FirewallRaz (None) : {016BBD86-1EE4-4EAF-B6C6-47DD4F303D43}
DELETED FirewallRaz (Public) : TCP Query User{FD32E779-C3EC-431E-8094-8928BF6DFE9D}C:\program files\imesh applications\imesh\imesh.exe
DELETED FirewallRaz (Public) : UDP Query User{FF7A966A-B3C1-4BF5-9BA5-256924BC3A88}C:\program files\imesh applications\imesh\imesh.exe
DELETED FirewallRaz (Public) : TCP Query User{42494892-FF99-4B90-B28F-7648D6696DCD}C:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exe
DELETED FirewallRaz (Public) : UDP Query User{53C65072-8D4F-4844-9F1D-1B25E298BB33}C:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exe
DELETED FirewallRaz (Public) : TCP Query User{5B9FA623-1555-434B-B0CB-2DBBE81FAB72}C:\program files\babelgum\babelgum.exe
DELETED FirewallRaz (Public) : UDP Query User{2A76D22E-FDAC-4742-ACDC-F9A69AC42D23}C:\program files\babelgum\babelgum.exe
DELETED FirewallRaz (Public) : TCP Query User{C5480236-133C-4D03-BB1D-734BFEADCCFA}C:\program files	vuplayer	vuplayer.exe
DELETED FirewallRaz (Public) : UDP Query User{BCFC8C8A-C0FC-4BA2-8238-A5BF543035AC}C:\program files	vuplayer	vuplayer.exe
DELETED FirewallRaz (Private) : TCP Query User{4B3EC3A7-23B7-4ABF-A499-87F44935883A}C:\program files\participatory culture foundation\miro\miro_downloader.exe
DELETED FirewallRaz (Private) : UDP Query User{26C1C849-7C3B-4A4E-9BE8-ECF170897D4A}C:\program files\participatory culture foundation\miro\miro_downloader.exe
DELETED FirewallRaz (Private) : {699BBE38-A628-4884-97D0-C6FF7F8F84FD}
DELETED FirewallRaz (Private) : {B7FEEFF6-BF10-4E5F-9644-B24BD31A9981}
DELETED FirewallRaz (Private) : TCP Query User{1CFC9858-D8BA-46AC-B9D8-01D4DA0442DD}C:\users\jean gamin\appdata\local	emp\jdic_0_9_5\ieembed.exe
DELETED FirewallRaz (Private) : UDP Query User{93CD5727-966D-424A-A256-8B9156F460FF}C:\users\jean gamin\appdata\local	emp\jdic_0_9_5\ieembed.exe
DELETED RunValue: cacaoweb
DELETED TDSD Value: DivX.dll
DELETED MWPS Value: FilterAdministratorToken
DELETED MWPS Value: EnableUIADesktopToggle

========== Browser Profiles ==========
FOUND Chrome File: C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Preferences
DELETED Chrome Site: https://home.sweetim.com/

========== Mappar ==========
DELETED Window Temporary: : 114
DELETED Flash Cookies: 353
DELETED C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\extensions\cacaoweb@cacaoweb.org
DELETED C:\Users\jean gamin\AppData\Roaming\cacaoweb
DELETED C:\Users\jean gamin\Appdata\Local\crazyloader Air

========== Filer ==========
DELETED Window Temporary: : 198
DELETED Flash Cookies: 68
DELETED c:\users\jean gamin\appdataoaming\mozilla\firefox\profiles\vxbxnz2e.default\searchplugins\schnell sucher.xml
NOT FOUND File: c:\program files\microsoft\office live
polw.dll
DELETED c:\users\jean gamin\appdataoaming\cacaoweb\cacaoweb.exe
NOT FOUND Folder/File: c:\users\jean gamin\appdataoaming\cacaoweb 
NOT FOUND Folder/File: c:\users\jean gamin\appdata\local\crazyloader air 

========== Task ==========
DELETED Task: PCConfidential
DELETED Task: RunAsStdUser Task for VeohWebPlayer
DELETED Task: SmartDefrag

========== Restaurierung ==========
Restore System Point created succefully


========== Zusammenfassend ==========
28 : Registernycklar
27 : Registervärden
5 : Mappar
7 : Filer
2 : Browser Profiles
3 : Task
1 : Restaurierung


End of the scan

Utilisateur anonyme · Answer

avaRa 1.15 Removal Log. 

Report follows after line. 

voici les rapports demandés, je suis obligé d'en faire encore des tonnes mais c'est plus facile pour moi de faire du copier/coller que de passer par le site malekal.... peur de la fausse manip'... 

------------------------------------ 

The JavaRa removal process was started on Mon Jun 13 23:18:36 2011 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} 

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} 

------------------------------------ 

Finished reporting.

Utilisateur anonyme · Answer

############################## | UsbFix 7.048 | [Research]

User: jean gamin (Administrator) # MONZOB [Hewlett-Packard Compaq Presario CQ60 Notebook PC]
Updated 11/06/2011 by TeamXscript
Started at 23:24:14 | 13/06/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: AMD Athlon Dual-Core QL-64
CPU 2: AMD Athlon Dual-Core QL-64
Microsoft® Windows Vista(TM) Home Premium  (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.19048

Windows Firewall: Enabled
RAM -> 2814 Mb 
C:\ (%systemdrive%) -> Fixed drive # 222 Gb (156 Mb free - 70%) [] # NTFS
D:\ -> Fixed drive # 11 Gb (2 Mb free - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM

################## | Files # Infected Folders |

Found ! E:\Autorun.inf

################## | Registry |

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoClose

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\F
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{293ab022-5276-11de-b952-806e6f6e6963}
Shell\AutoRun\Command = E:\zdata\cobi.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{5cf43f67-8fdc-11df-8df4-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{64edb757-6bdd-11df-965b-861a539e18dd}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{7c11f566-4df6-11e0-9833-806e6f6e6963}
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{8db5fd3d-52c3-11de-a2d1-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{8db5fd61-52c3-11de-a2d1-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{9abf5a49-a68e-11de-9ade-806e6f6e6963}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d0024460-42fc-11e0-b399-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe


################## | Vaccin |

E:\Autorun.inf -> Vaccine created by Panda USB Vaccine

################## | E.O.F |

Utilisateur anonyme · Answer

Salut Valuu,

J'espere qu'il ne t'est rien arrivé de grave vu que tu ne te manifeste plus...

en tout cas merci beaucoup pour ton coup de main, mon pc fonctionne parfaitement maintenant. je constate meme un mieux dans le temps de réaction.

ben, a la prochaine alors... : )

Valuu · Answer

Yop ! Désolé, un peu overbooké ces temps ci :/ 

On continue :) 

-------------------------------------------------------------------------------------- 
    * Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir 
    * Double clique sur le raccourci UsbFix sur ton Bureau 
    * Clique sur "Suppression" 
    * Laisse travailler l'outil 
    * Ton Bureau va disparaitre puis l'ordinateur va redémarrer : c'est normal 
    * A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur) 

    :!: UsbFix te proposera d'envoyer un dossier compressé à cette adresse. Ce dossier a été créé par UsbFix sur ton Bureau. Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches. Une fois sur le site, il faut sélectionner "UsbFix" dans le menu déroulant. Merci d'avance pour ta contribution ! 

    Aide en images : Tutoriel "Nettoyage" 

Puis reposte moi un ZHPDiag à jour (en hébergeant bien ce rapport là, sinon il ne passera pas ici) (via la flèche verte en haut à droite pour la MAJ)

W32/virut.w C'EST GRAVE ? aidez moi SVP !!!

32 réponses

Votre réponse

Discussions similaires

Newsletters