W32/virut.w C'EST GRAVE ? aidez moi SVP !!!
Utilisateur anonyme
-
Valuu Messages postés 2258 Statut Contributeur -
Valuu Messages postés 2258 Statut Contributeur -
Bonjour a tous,
Aujourd'hui, mon antivirus (Avira) me signale qu'il a trouvé un virus dans mon pc.... jusque la, pas de probleme et je clique sur "supprimer", Avira exécute sauf que quelque secondes plus tard le meme message reapparait et il me faut a chaque fois resupprimer le virus...ce qui, pour tout dire, ne sert a rien du tout...
donc moi je n'y comprend plus rien... pourquoi m'annonce t'il un virus toute les dix secondes alors qu'il ne le trouve pas lors d'un scan complet ?
mon ordi fonctionne (encore) parfaitement bien mais ca me fait flipper quand meme a chaque fois que le "BLIPBLIPBLIP" typique retentit...
Voici ce qui est ecrit :
dans le registre C:/Windows/System32/config/Reg Back/SOFTWARE a été trouvé un virus ou un programme non souhaité.
w32/virut.w
je m'en remet donc a vous pour essayer de me rassurer et remettre mon pc en bon état.
merci d'avance. :)
Aujourd'hui, mon antivirus (Avira) me signale qu'il a trouvé un virus dans mon pc.... jusque la, pas de probleme et je clique sur "supprimer", Avira exécute sauf que quelque secondes plus tard le meme message reapparait et il me faut a chaque fois resupprimer le virus...ce qui, pour tout dire, ne sert a rien du tout...
donc moi je n'y comprend plus rien... pourquoi m'annonce t'il un virus toute les dix secondes alors qu'il ne le trouve pas lors d'un scan complet ?
mon ordi fonctionne (encore) parfaitement bien mais ca me fait flipper quand meme a chaque fois que le "BLIPBLIPBLIP" typique retentit...
Voici ce qui est ecrit :
dans le registre C:/Windows/System32/config/Reg Back/SOFTWARE a été trouvé un virus ou un programme non souhaité.
w32/virut.w
je m'en remet donc a vous pour essayer de me rassurer et remettre mon pc en bon état.
merci d'avance. :)
A voir également:
- W32/virut.w C'EST GRAVE ? aidez moi SVP !!!
- Mas grave - Accueil - Windows
- W32.trojan.gen - Forum Virus
- U accent grave clavier ✓ - Forum Logiciels
- Accent grave sur le clavier ✓ - Forum Windows
- Sims 3 une erreur grave est survenue lors du chargement ✓ - Forum Jeux PC
32 réponses
Yop,
Okay pour MBAM, Ad-Remover avait du nettoyer.
Le rapport Ad-R qu'il me faudrait est celui ci : C:\Ad-Report-CLEAN[1].txt
Okay pour MBAM, Ad-Remover avait du nettoyer.
Le rapport Ad-R qu'il me faudrait est celui ci : C:\Ad-Report-CLEAN[1].txt
je pense que ca doit etre le bon maintenant....
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 22:56:46 on 11/06/2011, Normal boot
Microsoft® Windows Vista(TM) Home Premium Service Pack 2 (X86)
jean gamin@MONZOB (Hewlett-Packard Compaq Presario CQ60 Notebook PC)
============== ACTION(S) ==============
Folder deleted: C:\Users\jean gamin\AppData\Roaming\CrazyLoader
(!) -- Temporary files deleted.
============== ADDITIONNAL SCAN ==============
-- C:\Users\jean gamin\AppData\Roaming\Mozilla\FireFox\Profiles\vxbxnz2e.default --
Extensions\cacaoweb@cacaoweb.org (cacaoweb)
Extensions\foxyproxy@eric.h.jung (FoxyProxy Standard)
Extensions\nasanightlaunch@example.com (NASA Night Launch)
Extensions\piclens@cooliris(26).com (Cooliris)
Extensions\piclens@cooliris.com (Cooliris)
Extensions\yetanothersmoothscrolling@kataho (Yet Another Smooth Scrolling)
Extensions\{239c61a8-e55f-11db-8314-0800200c9a66} (BlackX)
Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} (<!--SmoothWheel (mozdev.org)-->)
Searchplugins\Schnell Sucher.xml (hxxp://www.schnellsucher.com/)
Prefs.js - browser.download.dir, C:\\Users\\jean gamin\\Downloads
Prefs.js - browser.search.defaultenginename, iMesh Web Search
Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
Prefs.js - browser.search.selectedEngine, iMesh Web Search
Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.3
Prefs.js - keyword.URL, hxxp://search.imesh.com/webResults.html?src=ffb&q=
Prefs.js - privacy.popups.showBrowserMessage, false
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Yahoo
Prefs.js - keyword.URL, hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
========================================
**** Google Chrome Version [12.0.742.91] ****
Extension\fnjbmmemklcjgepojigaapkoodmkgbae (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx) (?)
Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx) (x)
Extension\nneajnkjbffgblleaoojgaacokifdkhm (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx) (?)
-- C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://home.sweetim.com/?barid={3F4AE75B-3A90-11E0-967F-001F167692B5}
Preferences - homepage_is_newtabpage: true
Plugin - Interest Recognizer for Crazyloader (Enabled: true) (C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll) (x)
Plugin - "Interest Recognizer for Crazyloader" (Enabled: true)
Plugin - "DivX Player" (Enabled: true)
Plugin - "DivX Player Netscape Plugin" (Enabled: true)
Plugin - "Picasa" (Enabled: true)
========================================
**** Internet Explorer Version [8.0.6001.19048] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - "Schnell Sucher" (hxxp://www.schnellsucher.com/?t=Q0908171928&s=b&keywords={searchTerms})
HKCU_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x)
HKLM_Toolbar|{9421DD08-935F-4701-A9CA-22DF90AC4EA6} (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)
HKLM_ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\WidgiHelper.exe (x)
HKLM_ElevationPolicy\{2A9467B4-C085-11DD-BC92-869555D89593} - C:\Program Files\iMeshMediabarTb\uninstall.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A2C4A926-ABA8-4983-817F-4EB832F995DA} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} - C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe (x)
HKLM_Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "?" (?)
HKLM_Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} - "?" (?)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - "Easy Photo Print" (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 5 File(s)
C:\Program Files\Ad-Remover\Backup: 15 File(s)
C:\Ad-Report-CLEAN[1].txt - 11/06/2011 22:57:31 (6458 Byte(s))
End at: 22:58:26, 11/06/2011
============== E.O.F ==============
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 22:56:46 on 11/06/2011, Normal boot
Microsoft® Windows Vista(TM) Home Premium Service Pack 2 (X86)
jean gamin@MONZOB (Hewlett-Packard Compaq Presario CQ60 Notebook PC)
============== ACTION(S) ==============
Folder deleted: C:\Users\jean gamin\AppData\Roaming\CrazyLoader
(!) -- Temporary files deleted.
============== ADDITIONNAL SCAN ==============
-- C:\Users\jean gamin\AppData\Roaming\Mozilla\FireFox\Profiles\vxbxnz2e.default --
Extensions\cacaoweb@cacaoweb.org (cacaoweb)
Extensions\foxyproxy@eric.h.jung (FoxyProxy Standard)
Extensions\nasanightlaunch@example.com (NASA Night Launch)
Extensions\piclens@cooliris(26).com (Cooliris)
Extensions\piclens@cooliris.com (Cooliris)
Extensions\yetanothersmoothscrolling@kataho (Yet Another Smooth Scrolling)
Extensions\{239c61a8-e55f-11db-8314-0800200c9a66} (BlackX)
Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} (<!--SmoothWheel (mozdev.org)-->)
Searchplugins\Schnell Sucher.xml (hxxp://www.schnellsucher.com/)
Prefs.js - browser.download.dir, C:\\Users\\jean gamin\\Downloads
Prefs.js - browser.search.defaultenginename, iMesh Web Search
Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
Prefs.js - browser.search.selectedEngine, iMesh Web Search
Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.3
Prefs.js - keyword.URL, hxxp://search.imesh.com/webResults.html?src=ffb&q=
Prefs.js - privacy.popups.showBrowserMessage, false
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Yahoo
Prefs.js - keyword.URL, hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
========================================
**** Google Chrome Version [12.0.742.91] ****
Extension\fnjbmmemklcjgepojigaapkoodmkgbae (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx) (?)
Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx) (x)
Extension\nneajnkjbffgblleaoojgaacokifdkhm (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx) (?)
-- C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://home.sweetim.com/?barid={3F4AE75B-3A90-11E0-967F-001F167692B5}
Preferences - homepage_is_newtabpage: true
Plugin - Interest Recognizer for Crazyloader (Enabled: true) (C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll) (x)
Plugin - "Interest Recognizer for Crazyloader" (Enabled: true)
Plugin - "DivX Player" (Enabled: true)
Plugin - "DivX Player Netscape Plugin" (Enabled: true)
Plugin - "Picasa" (Enabled: true)
========================================
**** Internet Explorer Version [8.0.6001.19048] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - "Schnell Sucher" (hxxp://www.schnellsucher.com/?t=Q0908171928&s=b&keywords={searchTerms})
HKCU_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x)
HKLM_Toolbar|{9421DD08-935F-4701-A9CA-22DF90AC4EA6} (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)
HKLM_ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\WidgiHelper.exe (x)
HKLM_ElevationPolicy\{2A9467B4-C085-11DD-BC92-869555D89593} - C:\Program Files\iMeshMediabarTb\uninstall.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A2C4A926-ABA8-4983-817F-4EB832F995DA} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} - C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe (x)
HKLM_Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "?" (?)
HKLM_Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} - "?" (?)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - "Easy Photo Print" (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 5 File(s)
C:\Program Files\Ad-Remover\Backup: 15 File(s)
C:\Ad-Report-CLEAN[1].txt - 11/06/2011 22:57:31 (6458 Byte(s))
End at: 22:58:26, 11/06/2011
============== E.O.F ==============
https://pjjoint.malekal.com/files.php?id=da67f18ed161514
Voici un lien Malekal car CCM refuse d'afficher mon rapport complet...
Voici un lien Malekal car CCM refuse d'afficher mon rapport complet...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Valuu ? est ce que tu suis encore ? suite au rapport que je t'ai envoyé je ne sais pas si mon pc est "réparé" maintenant...
je pense que oui mais j'aimerai bien avoir confirmation de ta part.
si tu pouvais m'expliquer aussi en 2 mots ce qui n'allait pas, ca me taraude un peu quand meme...
merci d'avance : )
je pense que oui mais j'aimerai bien avoir confirmation de ta part.
si tu pouvais m'expliquer aussi en 2 mots ce qui n'allait pas, ca me taraude un peu quand meme...
merci d'avance : )
Yop,
Pas grave, j'ai supprimé la tartine.
Je regarde ton rapport tout de suite ;)
Je t'expliquerais tes problèmes après :)
Pas grave, j'ai supprimé la tartine.
Je regarde ton rapport tout de suite ;)
Je t'expliquerais tes problèmes après :)
--------------------------------------------------------------------------------------
* Lance ZHPFix (si tu es sous Windows Vista ou Windows 7, lance le par un clic-droit dessus --> exécuter en temps qu'administrateur).
* Copie les lignes suivantes :
---------------------------------------------------
EmptyTemp
EmptyFlash
FirewallRAZ
SysRestore
M3 - MFPP: Plugins - [jean gamin] -- C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\searchplugins\Schnell Sucher.xml
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Unknown owner - No comment.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll (.not file.)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.13 (.http://www.cacaoweb.org/
G0 - GCSP: Preference [User Data\Default][HomePage] http://home.sweetim.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Orphean Key
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\jean gamin\AppData\Roaming\cacaoweb\cacaoweb.exe
[MD5.00000000000000000000000000000000] [APT] [PCConfidential] (.Unknown owner.) -- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task for VeohWebPlayer] (.Unknown owner.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [SmartDefrag] (.Unknown owner.) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (.not file.)
[HKCU\Software\AppDataLow\Software\imeshmediabartb]
[HKCU\Software\cacaoweb]
[HKLM\Software\CrazyLoader]
O43 - CFD: 08.05.2011 - 20:48:30 - [93154154] ----D- C:\Users\jean gamin\AppData\Roaming\cacaoweb
O43 - CFD: 05.01.2011 - 18:01:34 - [88619] ----D- C:\Users\jean gamin\Appdata\Local\crazyloader Air
O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.9.2 Codec" . (.Unknown owner - No comment.) -- (.not file.)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O69 - SBI: SearchScopes [HKCU] {0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - (Schnell Sucher) - http://www.schnellsucher.com
O69 - SBI: SearchScopes [HKCU] {A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - (Yahoo Shopping) - http://de.kelkoopartners.net
[HKLM\Software\Classes\AppID\WMHelper.DLL]
[HKLM\Software\Classes\imside1egate.application.1]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}]
[HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}]
[HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}]
[HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}]
[HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}]
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5F65718-341D-4e7d-9842-FCB9CC89527E}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5F65718-341D-4e7d-9842-FCB9CC89527E}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}]
[HKCU\Software\cacaoweb]
[HKLM\Software\CrazyLoader]
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB]
C:\Users\jean gamin\AppData\Roaming\cacaoweb
C:\Users\jean gamin\Appdata\Local\Crazyloader Air
---------------------------------------------------
* Clique sur l'icône représentant la lettre H (« coller les lignes Helper »)
* Les lignes se collent automatiquement dans ZHPFix.
* Clique sur le bouton « GO » pour lancer le nettoyage,
* Colle le contenu du rapport dans ta prochaine réponse.
--------------------------------------------------------------------------------------
* Télécharge la dernière version de Java : https://www.java.com/fr/download/
* Installe là
*Puis télécharge JavaRa.zip
* Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
* Double-clique sur le répertoire JavaRa obtenu.
* Si tu es sous Vista/Seven, Exécute le avec un clic droit / Exécuter en tant qu'administrateur
* Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
* Clique sur Remove Older Versions.
* Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
* Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse. (Note : le rapport se trouve aussi là : ( C:\JavaRa.log ))
--------------------------------------------------------------------------------------
* Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau. Si ton antivirus affiche une alerte, ignore le et désactive le temporairement.
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau, l'installation se fera automatiquement
* Clique sur "Recherche"
* Laisse travailler l'outil
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
Aide en images : Tutoriel "Recherche"
* Lance ZHPFix (si tu es sous Windows Vista ou Windows 7, lance le par un clic-droit dessus --> exécuter en temps qu'administrateur).
* Copie les lignes suivantes :
---------------------------------------------------
EmptyTemp
EmptyFlash
FirewallRAZ
SysRestore
M3 - MFPP: Plugins - [jean gamin] -- C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\searchplugins\Schnell Sucher.xml
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Unknown owner - No comment.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll (.not file.)
M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.13 (.http://www.cacaoweb.org/
G0 - GCSP: Preference [User Data\Default][HomePage] http://home.sweetim.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Orphean Key
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\jean gamin\AppData\Roaming\cacaoweb\cacaoweb.exe
[MD5.00000000000000000000000000000000] [APT] [PCConfidential] (.Unknown owner.) -- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task for VeohWebPlayer] (.Unknown owner.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [SmartDefrag] (.Unknown owner.) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (.not file.)
[HKCU\Software\AppDataLow\Software\imeshmediabartb]
[HKCU\Software\cacaoweb]
[HKLM\Software\CrazyLoader]
O43 - CFD: 08.05.2011 - 20:48:30 - [93154154] ----D- C:\Users\jean gamin\AppData\Roaming\cacaoweb
O43 - CFD: 05.01.2011 - 18:01:34 - [88619] ----D- C:\Users\jean gamin\Appdata\Local\crazyloader Air
O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.9.2 Codec" . (.Unknown owner - No comment.) -- (.not file.)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O69 - SBI: SearchScopes [HKCU] {0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - (Schnell Sucher) - http://www.schnellsucher.com
O69 - SBI: SearchScopes [HKCU] {A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - (Yahoo Shopping) - http://de.kelkoopartners.net
[HKLM\Software\Classes\AppID\WMHelper.DLL]
[HKLM\Software\Classes\imside1egate.application.1]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}]
[HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}]
[HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}]
[HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}]
[HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}]
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5F65718-341D-4e7d-9842-FCB9CC89527E}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5F65718-341D-4e7d-9842-FCB9CC89527E}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}]
[HKCU\Software\cacaoweb]
[HKLM\Software\CrazyLoader]
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB]
C:\Users\jean gamin\AppData\Roaming\cacaoweb
C:\Users\jean gamin\Appdata\Local\Crazyloader Air
---------------------------------------------------
* Clique sur l'icône représentant la lettre H (« coller les lignes Helper »)
* Les lignes se collent automatiquement dans ZHPFix.
* Clique sur le bouton « GO » pour lancer le nettoyage,
* Colle le contenu du rapport dans ta prochaine réponse.
--------------------------------------------------------------------------------------
* Télécharge la dernière version de Java : https://www.java.com/fr/download/
* Installe là
*Puis télécharge JavaRa.zip
* Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
* Double-clique sur le répertoire JavaRa obtenu.
* Si tu es sous Vista/Seven, Exécute le avec un clic droit / Exécuter en tant qu'administrateur
* Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
* Clique sur Remove Older Versions.
* Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
* Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse. (Note : le rapport se trouve aussi là : ( C:\JavaRa.log ))
--------------------------------------------------------------------------------------
* Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau. Si ton antivirus affiche une alerte, ignore le et désactive le temporairement.
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau, l'installation se fera automatiquement
* Clique sur "Recherche"
* Laisse travailler l'outil
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
Aide en images : Tutoriel "Recherche"
Rapport de ZHPFix 1.12.3307 par Nicolas Coolman, Update du 10/06/2011
Fichier d'export Registre : C:\ZHPExportRegistry-13.06.2011-23-08-48.txt
Run by jean gamin at 13.06.2011 23:08:48
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Registernycklar ==========
DELETED Mozilla Plugin: @microsoft.com/OfficeLive,version=1.3
DELETED CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
DELETED CLSID BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
DELETED HKCU\Software\AppDataLow\Software\imeshmediabartb
DELETED HKCU\Software\cacaoweb
DELETED HKLM\Software\CrazyLoader
DELETED SearchScopes :{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher
DELETED SearchScopes :{A24AEAB3-F669-440B-BDEC-A7300C5B0C61}
DELETED HKLM\Software\Classes\AppID\WMHelper.DLL
DELETED HKLM\Software\Classes\imside1egate.application.1
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}
DELETED HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
DELETED HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}
DELETED HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
DELETED HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}
DELETED HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
DELETED HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5F65718-341D-4e7d-9842-FCB9CC89527E}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5F65718-341D-4e7d-9842-FCB9CC89527E}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
DELETED HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
NOT FOUND HKCU\Software\cacaoweb
NOT FOUND HKLM\Software\CrazyLoader
NOT FOUND HKCU\Software\AppDataLow\Software\iMeshMediabarTB
========== Registervärden ==========
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (Public) : {4D949DBB-C8EE-4348-ACBC-DFD8168C30DE}
DELETED FirewallRaz (Public) : {C3F46C1C-91F2-4730-93DF-0DDC204BBE5F}
DELETED FirewallRaz (Public) : TCP Query User{AC6C6094-C758-42B3-ACE1-E9BC40C1B916}C:\program files\mozilla firefox\firefox.exe
DELETED FirewallRaz (Public) : UDP Query User{E4668E55-BD05-4327-B9D6-E74E57B0F40D}C:\program files\mozilla firefox\firefox.exe
DELETED FirewallRaz (Public) : {259932F1-A0C1-4B42-A472-0B40B7C6BF47}
DELETED FirewallRaz (Public) : {5A399E6A-AD70-4511-9C45-2A12A84D6F98}
DELETED FirewallRaz (None) : {016BBD86-1EE4-4EAF-B6C6-47DD4F303D43}
DELETED FirewallRaz (Public) : TCP Query User{FD32E779-C3EC-431E-8094-8928BF6DFE9D}C:\program files\imesh applications\imesh\imesh.exe
DELETED FirewallRaz (Public) : UDP Query User{FF7A966A-B3C1-4BF5-9BA5-256924BC3A88}C:\program files\imesh applications\imesh\imesh.exe
DELETED FirewallRaz (Public) : TCP Query User{42494892-FF99-4B90-B28F-7648D6696DCD}C:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exe
DELETED FirewallRaz (Public) : UDP Query User{53C65072-8D4F-4844-9F1D-1B25E298BB33}C:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exe
DELETED FirewallRaz (Public) : TCP Query User{5B9FA623-1555-434B-B0CB-2DBBE81FAB72}C:\program files\babelgum\babelgum.exe
DELETED FirewallRaz (Public) : UDP Query User{2A76D22E-FDAC-4742-ACDC-F9A69AC42D23}C:\program files\babelgum\babelgum.exe
DELETED FirewallRaz (Public) : TCP Query User{C5480236-133C-4D03-BB1D-734BFEADCCFA}C:\program files\tvuplayer\tvuplayer.exe
DELETED FirewallRaz (Public) : UDP Query User{BCFC8C8A-C0FC-4BA2-8238-A5BF543035AC}C:\program files\tvuplayer\tvuplayer.exe
DELETED FirewallRaz (Private) : TCP Query User{4B3EC3A7-23B7-4ABF-A499-87F44935883A}C:\program files\participatory culture foundation\miro\miro_downloader.exe
DELETED FirewallRaz (Private) : UDP Query User{26C1C849-7C3B-4A4E-9BE8-ECF170897D4A}C:\program files\participatory culture foundation\miro\miro_downloader.exe
DELETED FirewallRaz (Private) : {699BBE38-A628-4884-97D0-C6FF7F8F84FD}
DELETED FirewallRaz (Private) : {B7FEEFF6-BF10-4E5F-9644-B24BD31A9981}
DELETED FirewallRaz (Private) : TCP Query User{1CFC9858-D8BA-46AC-B9D8-01D4DA0442DD}C:\users\jean gamin\appdata\local\temp\jdic_0_9_5\ieembed.exe
DELETED FirewallRaz (Private) : UDP Query User{93CD5727-966D-424A-A256-8B9156F460FF}C:\users\jean gamin\appdata\local\temp\jdic_0_9_5\ieembed.exe
DELETED RunValue: cacaoweb
DELETED TDSD Value: DivX.dll
DELETED MWPS Value: FilterAdministratorToken
DELETED MWPS Value: EnableUIADesktopToggle
========== Browser Profiles ==========
FOUND Chrome File: C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Preferences
DELETED Chrome Site: https://home.sweetim.com/
========== Mappar ==========
DELETED Window Temporary: : 114
DELETED Flash Cookies: 353
DELETED C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\extensions\cacaoweb@cacaoweb.org
DELETED C:\Users\jean gamin\AppData\Roaming\cacaoweb
DELETED C:\Users\jean gamin\Appdata\Local\crazyloader Air
========== Filer ==========
DELETED Window Temporary: : 198
DELETED Flash Cookies: 68
DELETED c:\users\jean gamin\appdata\roaming\mozilla\firefox\profiles\vxbxnz2e.default\searchplugins\schnell sucher.xml
NOT FOUND File: c:\program files\microsoft\office live\npolw.dll
DELETED c:\users\jean gamin\appdata\roaming\cacaoweb\cacaoweb.exe
NOT FOUND Folder/File: c:\users\jean gamin\appdata\roaming\cacaoweb
NOT FOUND Folder/File: c:\users\jean gamin\appdata\local\crazyloader air
========== Task ==========
DELETED Task: PCConfidential
DELETED Task: RunAsStdUser Task for VeohWebPlayer
DELETED Task: SmartDefrag
========== Restaurierung ==========
Restore System Point created succefully
========== Zusammenfassend ==========
28 : Registernycklar
27 : Registervärden
5 : Mappar
7 : Filer
2 : Browser Profiles
3 : Task
1 : Restaurierung
End of the scan
Fichier d'export Registre : C:\ZHPExportRegistry-13.06.2011-23-08-48.txt
Run by jean gamin at 13.06.2011 23:08:48
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Registernycklar ==========
DELETED Mozilla Plugin: @microsoft.com/OfficeLive,version=1.3
DELETED CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
DELETED CLSID BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
DELETED HKCU\Software\AppDataLow\Software\imeshmediabartb
DELETED HKCU\Software\cacaoweb
DELETED HKLM\Software\CrazyLoader
DELETED SearchScopes :{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher
DELETED SearchScopes :{A24AEAB3-F669-440B-BDEC-A7300C5B0C61}
DELETED HKLM\Software\Classes\AppID\WMHelper.DLL
DELETED HKLM\Software\Classes\imside1egate.application.1
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}
DELETED HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
DELETED HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}
DELETED HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
DELETED HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}
DELETED HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
DELETED HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5F65718-341D-4e7d-9842-FCB9CC89527E}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5F65718-341D-4e7d-9842-FCB9CC89527E}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}
DELETED HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
DELETED HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
NOT FOUND HKCU\Software\cacaoweb
NOT FOUND HKLM\Software\CrazyLoader
NOT FOUND HKCU\Software\AppDataLow\Software\iMeshMediabarTB
========== Registervärden ==========
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (Public) : {4D949DBB-C8EE-4348-ACBC-DFD8168C30DE}
DELETED FirewallRaz (Public) : {C3F46C1C-91F2-4730-93DF-0DDC204BBE5F}
DELETED FirewallRaz (Public) : TCP Query User{AC6C6094-C758-42B3-ACE1-E9BC40C1B916}C:\program files\mozilla firefox\firefox.exe
DELETED FirewallRaz (Public) : UDP Query User{E4668E55-BD05-4327-B9D6-E74E57B0F40D}C:\program files\mozilla firefox\firefox.exe
DELETED FirewallRaz (Public) : {259932F1-A0C1-4B42-A472-0B40B7C6BF47}
DELETED FirewallRaz (Public) : {5A399E6A-AD70-4511-9C45-2A12A84D6F98}
DELETED FirewallRaz (None) : {016BBD86-1EE4-4EAF-B6C6-47DD4F303D43}
DELETED FirewallRaz (Public) : TCP Query User{FD32E779-C3EC-431E-8094-8928BF6DFE9D}C:\program files\imesh applications\imesh\imesh.exe
DELETED FirewallRaz (Public) : UDP Query User{FF7A966A-B3C1-4BF5-9BA5-256924BC3A88}C:\program files\imesh applications\imesh\imesh.exe
DELETED FirewallRaz (Public) : TCP Query User{42494892-FF99-4B90-B28F-7648D6696DCD}C:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exe
DELETED FirewallRaz (Public) : UDP Query User{53C65072-8D4F-4844-9F1D-1B25E298BB33}C:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exe
DELETED FirewallRaz (Public) : TCP Query User{5B9FA623-1555-434B-B0CB-2DBBE81FAB72}C:\program files\babelgum\babelgum.exe
DELETED FirewallRaz (Public) : UDP Query User{2A76D22E-FDAC-4742-ACDC-F9A69AC42D23}C:\program files\babelgum\babelgum.exe
DELETED FirewallRaz (Public) : TCP Query User{C5480236-133C-4D03-BB1D-734BFEADCCFA}C:\program files\tvuplayer\tvuplayer.exe
DELETED FirewallRaz (Public) : UDP Query User{BCFC8C8A-C0FC-4BA2-8238-A5BF543035AC}C:\program files\tvuplayer\tvuplayer.exe
DELETED FirewallRaz (Private) : TCP Query User{4B3EC3A7-23B7-4ABF-A499-87F44935883A}C:\program files\participatory culture foundation\miro\miro_downloader.exe
DELETED FirewallRaz (Private) : UDP Query User{26C1C849-7C3B-4A4E-9BE8-ECF170897D4A}C:\program files\participatory culture foundation\miro\miro_downloader.exe
DELETED FirewallRaz (Private) : {699BBE38-A628-4884-97D0-C6FF7F8F84FD}
DELETED FirewallRaz (Private) : {B7FEEFF6-BF10-4E5F-9644-B24BD31A9981}
DELETED FirewallRaz (Private) : TCP Query User{1CFC9858-D8BA-46AC-B9D8-01D4DA0442DD}C:\users\jean gamin\appdata\local\temp\jdic_0_9_5\ieembed.exe
DELETED FirewallRaz (Private) : UDP Query User{93CD5727-966D-424A-A256-8B9156F460FF}C:\users\jean gamin\appdata\local\temp\jdic_0_9_5\ieembed.exe
DELETED RunValue: cacaoweb
DELETED TDSD Value: DivX.dll
DELETED MWPS Value: FilterAdministratorToken
DELETED MWPS Value: EnableUIADesktopToggle
========== Browser Profiles ==========
FOUND Chrome File: C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Preferences
DELETED Chrome Site: https://home.sweetim.com/
========== Mappar ==========
DELETED Window Temporary: : 114
DELETED Flash Cookies: 353
DELETED C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\extensions\cacaoweb@cacaoweb.org
DELETED C:\Users\jean gamin\AppData\Roaming\cacaoweb
DELETED C:\Users\jean gamin\Appdata\Local\crazyloader Air
========== Filer ==========
DELETED Window Temporary: : 198
DELETED Flash Cookies: 68
DELETED c:\users\jean gamin\appdata\roaming\mozilla\firefox\profiles\vxbxnz2e.default\searchplugins\schnell sucher.xml
NOT FOUND File: c:\program files\microsoft\office live\npolw.dll
DELETED c:\users\jean gamin\appdata\roaming\cacaoweb\cacaoweb.exe
NOT FOUND Folder/File: c:\users\jean gamin\appdata\roaming\cacaoweb
NOT FOUND Folder/File: c:\users\jean gamin\appdata\local\crazyloader air
========== Task ==========
DELETED Task: PCConfidential
DELETED Task: RunAsStdUser Task for VeohWebPlayer
DELETED Task: SmartDefrag
========== Restaurierung ==========
Restore System Point created succefully
========== Zusammenfassend ==========
28 : Registernycklar
27 : Registervärden
5 : Mappar
7 : Filer
2 : Browser Profiles
3 : Task
1 : Restaurierung
End of the scan
avaRa 1.15 Removal Log.
Report follows after line.
voici les rapports demandés, je suis obligé d'en faire encore des tonnes mais c'est plus facile pour moi de faire du copier/coller que de passer par le site malekal.... peur de la fausse manip'...
------------------------------------
The JavaRa removal process was started on Mon Jun 13 23:18:36 2011
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
------------------------------------
Finished reporting.
Report follows after line.
voici les rapports demandés, je suis obligé d'en faire encore des tonnes mais c'est plus facile pour moi de faire du copier/coller que de passer par le site malekal.... peur de la fausse manip'...
------------------------------------
The JavaRa removal process was started on Mon Jun 13 23:18:36 2011
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
------------------------------------
Finished reporting.
############################## | UsbFix 7.048 | [Research]
User: jean gamin (Administrator) # MONZOB [Hewlett-Packard Compaq Presario CQ60 Notebook PC]
Updated 11/06/2011 by TeamXscript
Started at 23:24:14 | 13/06/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: AMD Athlon Dual-Core QL-64
CPU 2: AMD Athlon Dual-Core QL-64
Microsoft® Windows Vista(TM) Home Premium (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.19048
Windows Firewall: Enabled
RAM -> 2814 Mb
C:\ (%systemdrive%) -> Fixed drive # 222 Gb (156 Mb free - 70%) [] # NTFS
D:\ -> Fixed drive # 11 Gb (2 Mb free - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
################## | Files # Infected Folders |
Found ! E:\Autorun.inf
################## | Registry |
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoClose
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\F
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{293ab022-5276-11de-b952-806e6f6e6963}
Shell\AutoRun\Command = E:\zdata\cobi.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{5cf43f67-8fdc-11df-8df4-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{64edb757-6bdd-11df-965b-861a539e18dd}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{7c11f566-4df6-11e0-9833-806e6f6e6963}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{8db5fd3d-52c3-11de-a2d1-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{8db5fd61-52c3-11de-a2d1-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{9abf5a49-a68e-11de-9ade-806e6f6e6963}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d0024460-42fc-11e0-b399-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe
################## | Vaccin |
E:\Autorun.inf -> Vaccine created by Panda USB Vaccine
################## | E.O.F |
User: jean gamin (Administrator) # MONZOB [Hewlett-Packard Compaq Presario CQ60 Notebook PC]
Updated 11/06/2011 by TeamXscript
Started at 23:24:14 | 13/06/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: AMD Athlon Dual-Core QL-64
CPU 2: AMD Athlon Dual-Core QL-64
Microsoft® Windows Vista(TM) Home Premium (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.19048
Windows Firewall: Enabled
RAM -> 2814 Mb
C:\ (%systemdrive%) -> Fixed drive # 222 Gb (156 Mb free - 70%) [] # NTFS
D:\ -> Fixed drive # 11 Gb (2 Mb free - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
################## | Files # Infected Folders |
Found ! E:\Autorun.inf
################## | Registry |
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoClose
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\F
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{293ab022-5276-11de-b952-806e6f6e6963}
Shell\AutoRun\Command = E:\zdata\cobi.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{5cf43f67-8fdc-11df-8df4-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{64edb757-6bdd-11df-965b-861a539e18dd}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{7c11f566-4df6-11e0-9833-806e6f6e6963}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{8db5fd3d-52c3-11de-a2d1-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{8db5fd61-52c3-11de-a2d1-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{9abf5a49-a68e-11de-9ade-806e6f6e6963}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d0024460-42fc-11e0-b399-001f167692b5}
Shell\AutoRun\Command = F:\AutoRun.exe
################## | Vaccin |
E:\Autorun.inf -> Vaccine created by Panda USB Vaccine
################## | E.O.F |
Salut Valuu,
J'espere qu'il ne t'est rien arrivé de grave vu que tu ne te manifeste plus...
en tout cas merci beaucoup pour ton coup de main, mon pc fonctionne parfaitement maintenant. je constate meme un mieux dans le temps de réaction.
ben, a la prochaine alors... : )
J'espere qu'il ne t'est rien arrivé de grave vu que tu ne te manifeste plus...
en tout cas merci beaucoup pour ton coup de main, mon pc fonctionne parfaitement maintenant. je constate meme un mieux dans le temps de réaction.
ben, a la prochaine alors... : )
Yop ! Désolé, un peu overbooké ces temps ci :/
On continue :)
--------------------------------------------------------------------------------------
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau
* Clique sur "Suppression"
* Laisse travailler l'outil
* Ton Bureau va disparaitre puis l'ordinateur va redémarrer : c'est normal
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
:!: UsbFix te proposera d'envoyer un dossier compressé à cette adresse. Ce dossier a été créé par UsbFix sur ton Bureau. Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches. Une fois sur le site, il faut sélectionner "UsbFix" dans le menu déroulant. Merci d'avance pour ta contribution !
Aide en images : Tutoriel "Nettoyage"
Puis reposte moi un ZHPDiag à jour (en hébergeant bien ce rapport là, sinon il ne passera pas ici) (via la flèche verte en haut à droite pour la MAJ)
On continue :)
--------------------------------------------------------------------------------------
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau
* Clique sur "Suppression"
* Laisse travailler l'outil
* Ton Bureau va disparaitre puis l'ordinateur va redémarrer : c'est normal
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
:!: UsbFix te proposera d'envoyer un dossier compressé à cette adresse. Ce dossier a été créé par UsbFix sur ton Bureau. Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches. Une fois sur le site, il faut sélectionner "UsbFix" dans le menu déroulant. Merci d'avance pour ta contribution !
Aide en images : Tutoriel "Nettoyage"
Puis reposte moi un ZHPDiag à jour (en hébergeant bien ce rapport là, sinon il ne passera pas ici) (via la flèche verte en haut à droite pour la MAJ)
