Virus qui bloque spybot skype et autres Fermé

Question

Bonjour, 


Depuis hier j'ai un gros problème sur mon pc, ça a commencé par skype qui ne se lancait plus, je double clic ça charge et au bout de 4 sec message Skype has stopped working.

Aujourd'hui j'ai voulu lancer spybot et ça plante également, le sablier est là et au bout de quelques secondes le processus disparait et donc le programme ne se lance pas ( aucun message d'erreur par contre). Autre point bizarre mais je ne sais pas si c'est lié je ne peux plus faire d'accent circonflexe sur Firefox ça le fait crasher.

J'ai fais tourner Ad-aware, Malwarebytes, CCleaner et aussi un scan en ligne de Bitdefender mais rien n'y fait.

Quelqu'un aurait une idée ? 

Merci

Fish66 · Answer

Salut, 

Commence à désinstaller Spybot et Ad-aware, ils ne servent à rien! 

Nous allons effectuer un diagnostic de ton PC:  
*Télécharge ZHPDiag sur ton bureau :  

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html  
ou :  
http://www.premiumorange.com/zeb-help-process/zhpdiag.html  

* Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"  

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »  

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)  
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette  
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :  
http://pjjoint.malekal.com/  

Si indisponible:  

http://ww38.toofiles.com/fr/documents-upload.html  

ou :  

https://www.casimages.com/ 

* Tuto zhpdiag :  
http://www.premiumorange.com/zeb-help-process/zhpdiag.html  


Hébergement de rapport sur pjjoint.malekal.com  

* Rends toi sur http://pjjoint.malekal.com/  
* Clique sur le bouton Parcourir  
* Sélectionne le fichier que tu veux heberger et clique sur Ouvrir  
*Clique sur le bouton Envoyer  
* Un message de confirmation s'affiche, copie le lien dans ta prochaine réponse. 

_  _ _ Fish66_ _ _ I''"""""I_ _ membre _ _I''"""""I_ _ contributeur _ _ _  
 ¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤

Tytyes · Answer

Et voilà 

http://pjjoint.malekal.com/files.php?id=ZHPDiag_r8p5m10i6g12j6c6c11g7c13x11w8t5d5m15x10j5r95b5


Je précise que le problème de l'accent circonflexe se produit sur tout les programmes, firefox, discussions en ligne etc.

Merci

Fish66 · Answer

Re,
1/
System drive C: has 162 GB (25%) free of 630 GB 


Tu as installé plusieurs logiciels inutiles qui provoquent le ralentissement 

de ton PC 

Comme je t'ai dit je te conseille de désinstaller Spybot et Ad-aware car ils ne servent à rien! 

2/
Télécharge AdwCleaner (merci à Xplode) 
Ou  ADWCleaner ici
Lance AdwCleaner
Clique sur le bouton [ Suppression ] 
Patiente... 
Poste le rapport qui apparait en fin de recherche. 
Il se trouve également à C:\AdwCleaner[SX] (où X est un chiffre)

Tytyes · Answer

Oui j'ai déinstallé spybot avant de lancer zhpdiag.

voilà le rapport:

# AdwCleaner v1.301 - Rapport créé le 01/09/2011 à 18:14:28
# Mis à jour le 28/08/11 à 21h par Xplode
# Système d'exploitation : Windows 7 Home Premium  (64 bits)
# Nom d'utilisateur : Tytyes - TYTYES-PC (Administrateur)
# Exécuté depuis : C:\Users\Tytyes\Downloads\adwcleaner0.exe
# Option [Suppression]


***** [KillNav] *****

# firefox.exe [PID:6740] -> Tué

***** [Processus] *****


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Registre (64 bits)] *****


***** [Navigateurs] *****

-\ Internet Explorer v8.0.7600.16385

[OK] Le registre ne contient aucune entrée illégitime.

-\ Mozilla Firefox v6.0.1 (fr)

Profil : hzr0j2fa.default
Fichier : C:\Users\Tytyes\AppData\Roaming\Mozilla\Firefox\Profiles\hzr0j2fa.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\Tytyes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [1110 octets] - [01/09/2011 18:14:28]

########## EOF - C:\AdwCleaner[S1].txt - [1238 octets] ##########

Fish66 · Answer

Re,

Ad-Aware est encore présent..

* Télécharge de AD-Remover sur ton Bureau. 
http://www.teamxscript.org/adremoverTelechargement.html 

/!\ Ferme toutes applications en cours /!\ 

- Double  sur l'icône Ad-remover située sur ton Bureau. 
-Pour vista/Seven : clique avec le bouton droit de la souris  et choisis « exécuter en tant qu'administrateur » 
- Sur la page, clique sur le bouton « chercher » 
- Confirme lancement du scan 
- Laisse travailler l'outil. 
- Poste le rapport qui apparaît à la fin. 

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt) 

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c

Tytyes · Answer

Je ne sais pas pourquoi mais je ne peux pas tout coller d'un coup, il me demande un titre de message:

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Launched at 18:37:50 on 01/09/2011, Normal boot

Microsoft Windows 7 Home Premium   (X64) 
Tytyes@TYTYES-PC (Alienware Aurora) 
 
============== SEARCH ==============



Key found: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}

Tytyes · Answer

Bon bah je sais pas pourquoi je ne peux pas coller le reste :s

en tout cas tout semble régler skype marche, les accents ^^ aussi

un conseil sur les AV à utiliser si ad-aware et spybot ne sont pas biens ? :)

Fish66 · Answer

Re,

On n'a pas terminé :

1/

* inscris  toi sur le forum afin de rendre tes liens lisibles 

* ICI >> Forum comment ca marche

2/
/!\ Ferme toutes applications en cours /!\

- Double sur l'icône Ad-remover située sur ton Bureau.
-Pour vista/Seven : clique avec le bouton droit de la souris et choisis « exécuter en tant qu'administrateur »
- Sur la page, clique sur le bouton « cleaner»
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c 

3/
Un peu de lecture : Logiciels-de-securite-recommandes

@+

Tytyes · Answer

Et voilà:

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 19:44:25 on 01/09/2011, Normal boot

Microsoft Windows 7 Home Premium   (X64) 
Tytyes@TYTYES-PC (Alienware Aurora) 
 
============== ACTION(S) ==============



(!) -- Temporary files deleted.


Key deleted: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [6.0.1 (fr)] ****

Plugins
pwachk.dll (Nullsoft, Inc.)
HKLM_MozillaPlugins\@nvidia.com/3DVision (x)
HKLM_MozillaPlugins\@nvidia.com/3DVisionStreaming (x)
HKLM_MozillaPlugins\@rayv.com/rayvplugin (x)
Searchplugins\bing.xml (    hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Click to call with Skype)

-- C:\Users\Tytyes\AppData\Roaming\Mozilla\FireFox\Profiles\hzr0j2fa.default --
Extensions\DeviceDetection@logitech.com (???????????? ?? ?????????? Logitech)
Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar)
Prefs.js - browser.download.lastDir, C:\Users\Tytyes\Desktop
Prefs.js - browser.startup.homepage_override.buildID, 20110830092941
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.1

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files (x86)\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files (x86)\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files (x86)\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files (x86)\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files (x86)\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files (x86)\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\{F459C053-BD3B-4e2f-9B15-F6EE9ADD67C8} - C:\Program Files (x86)\RayV\RayV\RayV.exe (RayV)
BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 01/09/2011 19:44:37 (4086 Byte(s)) 
C:\Ad-Report-SCAN[1].txt - 01/09/2011 18:38:01 (3937 Byte(s)) 

End at: 19:45:22, 01/09/2011 
 
============== E.O.F ==============

Fish66 · Answer

Re,
1/
Télécharge le fichier : ZHPFixScript.txt sur ton bureau depuis ce lien : http://www.cijoint.fr/cjlink.php?file=cj201109/cijt9fqCo7.txt
Lance ZHPFix et clique sur le H (coller les lignes helpers) 
Fait un glisser/déposer de ZHPFixScript.txt dans ZHPFix 
Clique sur le bouton GO 
Héberge le rapport et donne le lien

2/
Lance Malwarebytes pour une analyse complète après avoir effectué la mise à jour puis poste le rapport stp

@+

Tytyes · Answer

Voilà le rapport de ZHPfix:

Rapport de ZHPFix 1.12.3360 par Nicolas Coolman, Update du 29/08/2011
Fichier d'export Registre : 
Run by Tytyes at 01/09/2011 23:11:13
Windows 7 Home Premium Edition, 64-bit  (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Software ==========
NOT FOUND Software Key: DAEMON Tools Toolbar

========== Registry Key ==========
DELETED Key: HKLM\Software\Classes\Applications\iMeshV10.exe
DELETED Key: HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
NOT FOUND Key: HKLM\Software\WOW6432Node\Classes\Interface\{db885111-f39f-4d88-9ee5-c88460b6df7b}
NOT FOUND Key: Service: Lavasoft Ad-Aware Service
DELETED Key: Service: MpfService

========== Registry Value ==========
DELETED Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17}
DELETED [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{32099aac-c132-4136-9e9a-4e364a424e17}
NOT FOUND [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17}
DELETED RunValue: PlayNC Launcher
DELETED RunValue: MagXdmbg
NOT FOUND RunValue: PlayNC Launcher
NOT FOUND RunValue: MagXdmbg

========== Repertory ==========
DELETED Folder: c:\users	ytyes\appdataoaming\mozilla\firefox\profiles\hzr0j2fa.default\extensions\dttoolbar@toolbarnet.com
DELETED Folder: C:\Program Files (x86)\DAEMON Tools Toolbar
DELETED Folder: C:\ProgramData\Spybot - Search & Destroy
NOT FOUND C:\ProgramData\{52AC600B-5800-407E-99FF-83CD0669760B}
DELETED Folder: C:\Users\Tytyes\AppData\Local\._Revolution_
DELETE on Reboot Folder**: C:\Users\Tytyes\AppData\Local\etolsmus
DELETED Folder: C:\Users\Tytyes\AppData\Local\New folder
DELETED Folder: C:\Users\Tytyes\AppData\Local\{032CD1E9-686D-40FD-8A78-A0717230A2D0}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{03389DC4-C311-42EB-8A03-AC2941026F0C}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{03FA6DD6-505C-4D49-A950-79B0CD98EDDC}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{04BDD028-7832-4A3C-9183-CAC605E159F4}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{06992093-13EE-4F88-AFEA-AEDF1C4CD59C}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{0699504A-2F52-4F99-99AC-6EDDE8085725}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{07CDFE97-01BA-4D3B-A1FB-E754E598C0F0}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{0B086CF5-BC76-482F-8A26-865919442391}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{0BDEA114-81D0-4C7D-AA40-9EE3BE49D05F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{0DA57397-B425-492D-89DB-FC04BB8B9D24}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{0FAD52EE-0713-406D-891D-55201C420125}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{1208C70E-F54E-499A-ACDE-5A18C743610A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{120BF09A-AA11-4065-8A61-521AE5330BAE}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{145A1CD4-307C-4626-9CFB-9BCC952E67FC}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{146155A7-1200-4936-8C4B-6710D94C6B54}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{1525EBB8-84EE-4D5A-94A6-D6B74F5B646A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{1555418E-25C8-4CF0-831F-4D5FAD1E5BEE}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{17D86DE3-10E6-4C6E-983F-F34671DD4F29}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{18400110-AE24-4061-A3E6-DEDC2B35C5FF}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{192FE077-2B79-4CC8-ACAB-2D8D4F24890A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{1F3BF659-3265-4743-9AB9-F339C0D89B33}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{21088204-D503-43DC-BC17-215FA73304AB}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{22897B1B-E1DA-4B9D-A4EA-4F0B23C7F8AE}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{24798CE2-C991-4E1C-B16F-5BB4F33EB8CA}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{26DFDE00-0C18-4C86-BEBA-BE804D25C1A5}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{2705F44B-5518-4F26-AE24-E6E6FE270C52}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{27EEE142-DD41-4551-ABBA-327F2B35A916}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{2ACCD025-0DD4-4F55-9BDB-544CEB0A02B3}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{2D6D3B0D-A5B0-4481-8E23-19E18E5D50C0}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{2FB05461-B64A-4D6D-8C5C-BE6518ACEDD6}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{304627BC-58E5-41BD-945F-A75A6047415F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{31F86489-DDA3-43C8-8925-4DB469DE185B}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{32C784D7-BEA2-4878-AA56-D206CFF1792D}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{32E94D7B-B8E1-43E4-874D-E100CAC7816C}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{33235687-A497-4AD8-8273-4EF3676DC22B}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{33E6B047-0937-4C98-904B-6E63E842B6D0}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{342E977A-77EB-4A97-A266-765852CCFCF3}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{355B9424-632A-445F-B924-0EB34198F51F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{359D13B1-0352-4129-94FF-DF8E8CAE94EC}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{35DD35B2-9F68-48F0-A35C-2ACEF59D9C3E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{35E6A89A-6005-46AE-BBDE-C1FB394BFCFA}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{3644696D-4070-4C3B-92B5-B4A33EC1B452}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{365AD353-E1D6-4435-BDA4-B31A8802A8A4}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{36D96248-DFD7-4B07-A5B7-58992D811B0A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{36F307B6-2176-4A6A-BFDA-DF87CC31A833}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{38C180EF-CDFA-47B4-B396-52832C53DC00}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{39285D82-CEE9-4694-AF15-8E5FA2BFEF05}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{398A75A0-D88E-4A32-B3E7-A2EAD5C7CCB7}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{3ABBFA1C-B393-480D-9F05-E21A9205B3BE}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{3D26967B-D28A-42DF-9C96-A978CDB29474}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{3E2D6FDC-9F53-44F5-83C7-368A8B5FEC70}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{3FA2DFFA-CA23-4EEA-9A6D-D96E10DEF0E6}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{4104B1A7-ED5D-449A-B7D0-3365F4480CA7}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{4155FC8D-5FF1-4DE7-89F9-4E72F631C3A3}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{41ADA936-F75B-40A0-9DB6-BC69A573F2D7}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{42C50AE6-D9BC-466B-99D2-C0F6841D7EFC}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{439E778A-2C3E-4C1B-A932-F136E2C23286}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{4565EEB3-8470-4BF0-BA56-0C2928F30D09}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{461FEEAF-4896-4AA0-91D2-FC1E39F0DC2B}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{4644A136-1BF6-443D-8ABE-6A1B8A9EF497}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{4714131D-DA2F-4E6F-BECD-3DB553449A2E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{47BCEE6B-0A61-467A-A121-0EEBE7FC266E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{4945E8B3-7A40-418B-86AD-0F172210F94F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{4B76B5E3-ACA8-4DCD-97A1-16967CE541D7}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{4F327213-DACF-417A-9284-B664E3115999}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{4F69A778-F820-4557-A225-D95A9DE66E5D}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{521BBD0D-FA82-4213-ACA1-85B40352B1EF}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{52A866EF-BE69-413C-9972-90DF302B4554}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{52E0A310-A8C3-46AA-9FBA-A08200B0C4B6}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{53916A34-4A63-4F7B-B7EC-F6977A7ED94E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{54981E3F-8600-46CC-91C8-D47522B5BB5E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{553978E1-F4C6-4892-888F-F823F003F03A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{55D1DF28-1439-4358-8A3D-A6F731569814}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{5628994A-B1B1-410B-BC1F-8D8FF8539B77}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{567FA716-5AA3-4BF4-9FCF-274407521B48}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{58AF01E2-DF26-48DD-AE09-758656773ED4}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{596B151A-88CC-4FA6-AA85-6745264CC320}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{5CEA141B-6267-445D-9094-99E55CCFD87A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{5E67AB81-59F2-474E-8108-40609965EEA5}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{6002827B-A2CF-45A3-B2B7-CCD7A84DDCFA}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{612FE575-1EA4-4C85-B08B-BDC145FC6795}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{622FD2F8-CCDB-4ACA-BA86-D7999E1DFEDF}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{62785A41-8060-4A1E-A260-3867565AC600}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{64002FC2-4C8C-49BD-A126-A9946F3BFE85}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{677BEA56-ED2E-4473-AC4F-CA5C4DF8F9D3}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{687DC729-6A0E-4645-B8F8-4D5F7724BCB8}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{68E8D76C-FF2E-427A-94E7-10AC59534AF7}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{69B5FEE1-FA8C-41D7-BD73-60223011C161}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{6A0A8369-B6FE-4C3C-BEC0-6732451918FB}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{6DB081FE-1C70-44E0-95D1-D318A354273A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{6EC99668-C533-4C2A-8B32-ADBAC041D602}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{6F129F18-5909-41E3-8761-533CF71A5134}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{7534BCBF-6FDC-4970-AFF7-66395B215E35}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{75EC8A12-C9E4-4591-9B4F-53417D038D04}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{762BCFBE-54CE-47DF-8560-4AF84672206F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{76D0F28F-D6F1-4643-9842-694495533B47}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{77D06F22-9B52-4648-9D9D-B175CF2F607A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{77F26E61-4B10-4A85-B825-27CB5E972E30}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{7B79F2C1-1992-486D-8D6A-B577D21BC0E1}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{7C3F129E-F70C-4807-A3CE-4E671407585E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{7C79A898-D502-461C-A1D4-CF2230984886}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{7E249D4E-F15A-4224-BF6E-19C682108037}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{7E508DAD-7A62-4126-AFC2-B573A0AFA2C9}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{7F41C57A-2964-4334-9500-9F95FBD51227}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{808E21B5-5E7C-4FD1-B5CA-819B3B8F76D3}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{8181BBBE-6EF8-4AB7-B7E3-0830E6AE020C}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{831CBAE8-8A6C-4D1F-BE17-A58EE0DF65A4}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{84B73333-6E9A-4408-BB89-B773DF99AF8F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{873F5934-5226-48F9-823C-CF07221EE5AF}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{89B6FD9F-6C1A-47F3-B407-B4481BE4D848}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{8A555742-8F59-4581-8A0E-5ADC4DA549DF}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{8B52F059-D3C0-443C-A9DB-5BEB981C8332}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{8BB87B2E-80C9-44A2-8E4B-4790038F325A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{8CAD33B7-C40E-43EA-9518-DFBA8547938F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{8D8FCC18-CE9B-4006-84A9-F6D638A8856C}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{8DF24F18-071A-4CD3-BD33-7F852EB183CB}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{90A07D7A-5B5B-4749-879E-240546197BFA}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{9232C0E5-A1B7-4860-9E19-1FCA35AD436E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{92AC0915-A559-4A09-9155-F64E943A0AEB}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{92AFF9DE-E09D-4C29-A1C4-2E0538A9615A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{941329C8-4D10-4A86-8C1A-0148155EC838}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{949A6429-8F51-41F9-90C1-3990AFD6FFF1}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{96AAC5ED-6521-4C44-B1DE-BCCCD1C59499}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{980468DE-A49C-49A0-8DF3-F660B1A9DD9F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{9D2CB738-53C5-4EA9-A1A6-93CBC9B25F6A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{9DAC5CFA-E414-4CB2-A371-1047A1B641FC}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{A12954FF-58D6-48FD-820E-76C581898DD3}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{A5616DDA-52F2-4F8A-8219-0861776BAB12}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{A5F5F09D-E83F-4126-96D2-7EF3920C77B4}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{A67BC2C7-9FD9-4F9E-BAF1-FFC74DAB5F90}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{A7982095-A5F5-4D5C-A63A-30418671B21E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{A84477F5-46E4-4645-A7DA-150BE39DAAC9}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{A8E7A806-C569-49C6-9D2C-12DAFC1AC0F6}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{AB4EE513-7916-420D-887C-20BC11882CBF}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{ADA1B4FE-26E2-4153-862A-18B2D84CAE04}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{ADECA191-46C1-4399-B73C-58E09D48CD33}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{AF260A7B-0DA1-4C3B-B2B4-5E7AF1F26E10}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{B04F7676-02EF-4BB1-95AF-1626C169283C}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{B179119D-534D-4958-847F-9A99174FE171}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{B381DC04-83E9-4DF3-919F-8F8267F1851B}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{B6A25CBD-C328-450D-936F-E91B675BFB82}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{B6CFF9DB-1DC5-420D-AFFA-5D46F6E1FC41}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{BA727503-359A-4C27-9CD4-B79FFBA13A34}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{BB486FB1-23A4-4B08-8E66-900CDB7B25B9}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{BC68CF8C-F7D3-4DD4-8057-BCF73D78CF8D}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{BD58A12F-347C-4EC2-AD71-E4E0441ECE45}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{BDBB88DE-6478-4EC7-B3B5-3EB2E768B48E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{BE70B090-EAEB-42CB-8D42-135AD97BEDE7}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{C29CB29E-E82A-4CC1-8DD6-EA2C92297B22}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{C2B8E495-75DA-4C4B-8F94-63B32025DA02}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{C2DA9970-5C3F-4EDA-B603-F349B0FD254D}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{C2EC2F28-3B77-4F4A-A7EF-C04323EFB6B9}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{C4D5DC50-286F-4384-A8EE-BEB34188486A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{C511D30E-6DEC-4F12-AB93-F5C8202D5882}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{C58B55EB-F926-4DF2-974F-63DEBDC11AB0}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{C83E1AEF-BBE7-4F73-B4D6-5C03E9611DF9}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{C9083B69-B151-4FF4-BC13-43A7FCCE399B}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{CB41F89A-1FE9-454E-ADF1-09807E344E9E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{CB4DB63A-5E4C-4A07-9A73-47F3F6AA618A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{CB726522-19C6-4FE4-A3DC-98B6D03CD89F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{CCFDE666-27C5-4184-8B82-C95C44DD5CD3}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D0402DF9-A943-4953-925E-78ECA6440908}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D09B83AF-4C85-4841-A9F1-A6715B36AE01}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D1507439-5C51-45DE-93B4-E53658BB4382}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D29F6332-4B94-4E86-B9BD-75293E9DD613}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D364720D-1563-42B0-A767-9030E18AD7BD}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D3D3553D-50E0-4DAF-B927-AC5BA64C8550}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D40B754F-8C7D-4703-843A-C236AFD85592}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D6B51B2F-6D4F-417E-AF0F-78F2641CE979}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D71616FF-5E6E-4F7B-ABE8-4ACAC3CA3A55}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D76F8F9A-39AB-45E2-9A0B-4FB7FDFEBC80}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D906E2BF-0EAD-4EC0-9449-D932F6A286B0}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{D9A58D3E-809F-46B5-8EE9-A40CD2E32FE7}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{DB438E52-BD8B-4153-96CE-C59AEE7DB2B2}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{DC426FB8-1AA3-4497-993F-4E0141F9E99B}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{DD5ADA1B-7D8A-48A9-8EE1-0B5D098134C0}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{E08199B8-8F16-4670-8B76-C2EB5E51A388}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{E15C407B-6AE6-4375-A924-709E39378AA0}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{E2C05C5F-8A35-424E-8F03-69FEDFD8E110}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{E3A61CD9-2196-432E-BE9A-862F81A15AAF}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{E49523FC-2C1C-4327-A136-F46F90AAEE10}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{E4D9DC0D-69FF-4A65-96FE-BE35E330675D}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{E52AB16F-2717-4CB8-927F-78586D767EFA}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{E5D4C2D0-12ED-4CC3-BA65-B63A2A8E7DE9}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{E7F4355C-B07C-4242-B5F4-DABA9A7A4692}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{EB3A53FB-F0FE-475D-B337-C143665EC19B}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{EFA4D38A-169E-48FC-88C1-71BA6E7ADEE2}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{F36E1B0D-6F35-49C5-9B60-5CEADD78B83D}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{F749D246-11C5-4FDD-8619-C60C39960D3E}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{F981F0EB-B8E6-4888-9A10-26183D5B6226}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{FB3FE6AF-E04D-404E-A2B8-C196CC0A44FE}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{FB4A9B59-AD4A-406F-BBD3-125775298BB2}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{FDFE08DF-1814-459D-8ABB-E69439892382}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{FED71B8E-9552-4807-A3F2-51BF54E6FDDC}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{FF4270AA-B261-47E5-9C98-705DA7E84053}
DELETED Folder: C:\Program Files (x86)\Spybot - Search & Destroy

========== File ==========
DELETED File: c:\program files (x86)\daemon tools toolbar\dttoolbar64.dll
NOT FOUND Folder/File: c:\program files (x86)\daemon tools toolbar
NOT FOUND Folder/File: c:\users	ytyes\appdataoaming\mozilla\firefox\profiles\hzr0j2fa.default\user.js (.not file.)
NOT FOUND File: c:\users	ytyes\appdata\local\etolsmus\magxdmbg.exe
DELETED File: c:\users	ytyes\desktop\age of empires online.lnk
NOT FOUND File: c:\users\all users\desktop\ad-aware.lnk
NOT FOUND File: c:\program files (x86)\lavasoft\ad-aware\ad-aware.exe
NOT FOUND File: c:\users	ytyes\appdataoaming\microsoft\internet explorer\quick launch\ad-aware.lnk

========== Task ==========
DELETED Task: iMeshNAG
DELETED Task: Ad-Aware Update (Weekly)


========== Summary ==========
5 : Registry Key
7 : Registry Value
203 : Repertory
8 : File
1 : Software
2 : Task


End of the scan in 00mn 28s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 01/09/2011 23:11:13 [19463]

Fish66 · Answer

Bonjour,

Lance ZHPDiag depuis ton Bureau et prépare stp un nouveau rapport

 ZHPDiag (à héberger)

@+

Tytyes · Answer

Bonjour, 

Voilà le lien du rapport, j'ai passé un grand coup d'antivir pour retirer tout ce qu'il trouve, mais hélas aujourd'hui en relancant le PC le problème ( skype et accent ) était revenu. :( 

https://pjjoint.malekal.com/files.php?id=ZHPDiag_p10w15i14k12i13z10g14b15i8y7p11g14x8m9d9j7m15c8m510

Edit: rectification les accents marchents ^^, mais Skype ne fonctionne plus de nouveau.

Fish66 · Answer

Re,

Avant d'utiliser ComboFix : 

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement : 

si tu as ce genre de d'outils sur ton pc Utilise Defogger pour les désactiver temporairement : sinon passe directement à combofix 

. Télécharge Defogger (de jpshortstuff) sur ton Bureau 

. Lance le 

Une fenêtre apparait : clique sur "Disable" 

. Fais redémarrer l'ordinateur si l'outil te le demande 

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"  

Attention, avant de commencer, lit attentivement la procédure 

/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\ 

? Fais un clic droit sur ce lien, enregistre le dans ton bureau 

Voici Aide combofix 


* /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\ 
 

*Double-clique sur ComboFix.exe (ou exécuter en tant qu'administrateur pour vista et seven) 

Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter 

** SURTOUT INSTALLES LA CONSOLE DE RECUPERATION 
(si il te propose de l'installer remets internet) 

? Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC 

 *En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

** /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

*Note : Le rapport se trouve également là : C:\ComboFix.txt  

@+

Tytyes · Answer

ComboFix 11-09-01.03 - Tytyes 02/09/2011  17:36:52.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.353.1033.18.9207.6889 [GMT 2:00]
Running from: c:\users\Tytyes\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Tytyes\AppData\Roaming\EurekaLog
c:\users\Tytyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magxdmbg.exe
c:\windows\system32\jusched.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-08-02 to 2011-09-02  )))))))))))))))))))))))))))))))
.
.
2011-09-02 15:49 . 2011-09-02 15:49	--------	d-----w-	c:\users\Default\AppData\Local	emp
2011-09-02 15:26 . 2008-07-12 06:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2011-09-02 15:26 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2011-09-02 15:26 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2011-09-02 15:22 . 2011-09-02 15:22	--------	d-----w-	C:\Riot Games
2011-09-02 14:54 . 2011-09-02 15:49	--------	d-----w-	c:\users\Tytyes\AppData\Local\PMB Files
2011-09-02 14:54 . 2011-09-02 14:55	--------	d-----w-	c:\programdata\PMB Files
2011-09-02 14:54 . 2011-09-02 14:54	--------	d-----w-	c:\program files (x86)\Pando Networks
2011-09-01 18:05 . 2011-09-01 18:05	--------	d-----w-	c:\users\Tytyes\AppData\Roaming\Avira
2011-09-01 17:48 . 2011-07-20 09:30	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-09-01 17:48 . 2011-07-20 09:30	116568	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-09-01 17:48 . 2011-09-01 17:48	--------	d-----w-	c:\programdata\Avira
2011-09-01 17:48 . 2011-09-01 17:48	--------	d-----w-	c:\program files (x86)\Avira
2011-09-01 16:37 . 2011-09-01 16:37	--------	d-----w-	c:\program files (x86)\Ad-Remover
2011-09-01 15:59 . 2011-09-02 14:54	512	----a-w-	C:\PhysicalDisk0_MBR.bin
2011-09-01 15:52 . 2011-09-02 14:54	--------	d-----w-	C:\ZHP
2011-09-01 15:52 . 2011-09-02 14:54	--------	d-----w-	c:\program files (x86)\ZHPDiag
2011-09-01 15:07 . 2011-09-01 15:07	--------	d-----w-	c:\program files\CCleaner
2011-09-01 14:48 . 2011-09-01 14:48	--------	d-----w-	c:\users\Tytyes\AppData\Roaming\QuickScan
2011-09-01 14:34 . 2011-09-01 14:34	--------	d-----w-	c:\users\Tytyes\AppData\Roaming\Malwarebytes
2011-09-01 14:34 . 2011-09-01 14:34	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-01 14:34 . 2011-07-06 17:52	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-01 14:34 . 2011-09-01 14:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-01 14:34 . 2011-07-06 17:52	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-01 12:43 . 2011-09-01 12:43	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-08-31 18:46 . 2011-09-02 15:31	--------	d-----w-	c:\users\Tytyes\AppData\Local\etolsmus
2011-08-28 15:05 . 2011-09-02 01:00	--------	d-----w-	c:\program files (x86)\LOLReplay
2011-08-25 14:44 . 2011-08-25 14:44	--------	d-----w-	c:\program files\iTunes
2011-08-25 14:44 . 2011-08-25 14:44	--------	d-----w-	c:\program files\iPod
2011-08-25 10:06 . 2011-08-26 11:28	--------	d-----w-	c:\users\Tytyes\AppData\Roaming\Expert PDF 7
2011-08-25 10:06 . 2011-08-25 10:06	--------	d-----w-	c:\programdata\Avanquest Software
2011-08-25 10:06 . 2010-11-25 10:39	23552	----a-w-	c:\windows\system32\vsmon1.dll
2011-08-25 10:06 . 2011-08-25 10:06	--------	d-----w-	c:\program files (x86)\Avanquest
2011-08-25 10:06 . 2011-08-25 10:06	--------	d-----w-	c:\programdata\Expert PDF Jobs
2011-08-25 10:06 . 2011-08-25 10:06	--------	d-----w-	c:\programdata\Expert PDF 7
2011-08-25 10:06 . 2011-08-25 10:06	--------	d-----w-	c:\programdata\Avanquest
2011-08-24 11:13 . 2011-07-09 05:14	2048	----a-w-	c:\windows\system32	zres.dll
2011-08-24 11:13 . 2011-07-09 04:30	2048	----a-w-	c:\windows\SysWow64	zres.dll
2011-08-18 21:01 . 2011-08-18 21:01	51472	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires Onlinemdll\Final\RandomMap.dll
2011-08-18 21:01 . 2011-08-18 21:01	19216	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires Onlinemdll\Final\CLRBinder.dll
2011-08-18 21:01 . 2011-08-18 21:01	13584	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires Onlinemdll\Final\RandomMapBinder.dll
2011-08-18 20:53 . 2011-08-18 20:53	81998	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires Online\RockallDLL.dll
2011-08-18 20:53 . 2011-08-18 20:53	139536	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires Online\eulax.dll
2011-08-18 20:52 . 2011-08-18 20:52	173408	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires Online\pw32b.dll
2011-08-16 05:20 . 2011-08-16 05:20	4892320	------w-	c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-08-10 11:21 . 2011-07-16 05:26	362496	----a-w-	c:\windows\system32\wow64win.dll
2011-08-06 17:11 . 2011-08-06 17:11	--------	d-----w-	c:\users\Tytyes\AppData\Roaming\SGTY
2011-08-06 17:09 . 2011-08-06 17:09	--------	d-----w-	c:\users\Tytyes\AppData\Roaming\Realm of the Titans
2011-08-06 17:04 . 2011-08-06 17:04	--------	d-----w-	C:\AeriaGames
2011-08-06 16:56 . 2011-09-02 15:52	--------	d-----w-	c:\program files (x86)\Common Files\Akamai
2011-08-06 11:34 . 2011-09-02 01:01	--------	d-----w-	c:\program files (x86)\LIMBO
2011-08-05 16:42 . 2011-08-25 14:44	--------	d-----w-	c:\program files (x86)\iTunes
2011-08-05 16:41 . 2011-08-05 16:41	--------	d-----w-	c:\program files\Bonjour
2011-08-05 16:41 . 2011-08-05 16:41	--------	d-----w-	c:\program files (x86)\Bonjour
2011-08-05 16:40 . 2011-09-02 14:42	--------	d-----w-	c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 08:48 . 2011-05-13 12:41	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 04:32 . 2011-08-10 11:21	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-07-12 09:34 . 2011-07-12 09:34	96104	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:34 . 2011-07-12 09:34	85864	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:34 . 2011-07-12 09:34	212840	----a-w-	c:\windows\system32\dnssdX.dll
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\SysWow64\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20	178536	----a-w-	c:\windows\SysWow64\dnssdX.dll
2011-07-05 16:37 . 2011-07-05 16:37	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2011-06-11 02:56 . 2011-07-13 12:18	3134464	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Steam"="c:\steam\steam.exe" [2011-08-02 1242448]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-06-28 2561320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-02 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-29 75048]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-13 37888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"CardDetectorHUAWEI1752_1552"="c:\program files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe" [2009-08-25 282624]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files (x86)\Orange\IEWInternet\SessionManager\SessionManager.exe" [2009-08-25 140016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"vspdfprsrv.exe"="c:\program files (x86)\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe" [2011-01-20 4229632]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\users\Tytyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-11-24 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-8-28 372736]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-4-15 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-02-11 15872]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-02-11 358768]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/03/17 20:04];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 22:28 146928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-01-20 14648]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2009-07-09 27096]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
vSCPAPISvr.exe [2011-01-07 378984]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-07-27 30944]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys [x]
S3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 10:50]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 10:50]
.
2009-05-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-03-24 12:22]
.
2009-05-30 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-03-24 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-01-20 61256]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-01-20 167736]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"CamserviceOG"="c:\program files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe" [2010-05-07 3000104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Tytyes\AppData\Roaming\Mozilla\Firefox\Profiles\hzr0j2fa.default\
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MagXdmbg - c:\users\Tytyes\AppData\Local\etolsmus\magxdmbg.exe
Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE} - c:\program files (x86)\InstallShield Installation Information\{72B59E5A-CF45-4528-8227-7EDF5EC772BE}\setup.exe
AddRemove-Utilitaires Sierra - c:\program files (x86)\Sierra On-Line\sutil32.exe
AddRemove-{888F1505-C2B3-4FDE-835D-36353EBD4754} - c:\program files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services
pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1339429009-2538600354-1953010527-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,24,19,b7,ef,a9,82,25,b6,dd,b3,b8,5e,2b,f0,a6,65,41,9c,75,df,
   b1,58,1b,d0,d0,86,f3,1e,04,95,c4,fe,ed,99,4c,ac,80,04,7c,72,e7,10,1c,90,74,\
"rkeysecu"=hex:04,4d,62,45,68,0d,a2,41,7c,f3,c7,8f,98,cb,f9,08
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\system32\Macromed\Flash\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\Windows\SysWow64\Macromed\Flash\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\Windows\SysWow64\Macromed\Flash\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\Windows\SysWow64\Macromed\Flash\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\Windows\SysWow64\Macromed\Flash\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\progra~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\progra~2\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files\Alienware\Command Center\AlienFusionController.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~2\mcafee\VIRUSS~1\mcvsshld.exe
c:\program files (x86)\Common Files\mcafee\mna\mcnasvc.exe
.
**************************************************************************
.
Completion time: 2011-09-02  17:59:09 - machine was rebooted
ComboFix-quarantined-files.txt  2011-09-02 15:59
.
Pre-Run: 168 714 346 496 bytes free
Post-Run: 168 181 465 088 bytes free
.
- - End Of File - - 2781F27C3F99A08D92E6C58D0C4F3F4E

Fish66 · Answer

Re,
1/
Tu as installé deux antivirus Avira et McAfee, quel est ton antivirus ?
Il faut avoir qu'un seul antivirus pour qu'il n'y'aura pas de conflit!

2/
Pour bien vérifier que le  fichier ci-dessous est  infecté rend toi sur ce site

Virus Total

Colle directement le chemin du  fichier  dans l'espace "Parcourir" :


c:\windows\system32\drivers\AWOPFilterDriver.sys 



* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation

actuelle : en cours d'analyse" est affiché.

* Il est possible que le fichier soit mis en file d'attente en raison d'un grand

nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser

la page.

* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine

réponse.

3/
Désinstalle ce logiciel stp: Logiciel: DAEMON Tools Toolbar 


@+

Tytyes · Answer

Mcafee était l'antivirus offert avec l'ordinateur, c'était une version d'essai de 30 jours qui ne fonctionne plus désormais. et J'ai bien désactivé daemon avec ton programme Defogger.

Par contre j'ai beau cherché manuellement ou taper l'adresse il n'y a pas de fichier AWOPFilterDriver.sys

Fish66 · Answer

Bonjour, 
1/ 


McAfee n'est pas désinstallé proprement! 

Télécharge l'utilitaire de désinstallation 
*Désinstalle McAfee en suivant ces procédures pour windows 7
Après désinstallation:
* Exécute le fichier téléchargé en cliquant sur le bouton droit de la souris et en choisissat "exécuter en tant qu'administrateur" puis Redémarres  ton ordinateur après l'affichage du message CleanUp Successful (Nettoyage réussi). 
ton  produit McAfee ne sera pas entièrement supprimé tant que le PC n'est pas redémarré. 

2/ 
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )  


C:\Users\Tytyes\AppData\Roaming\Mozilla\Firefox\Profiles\hzr0j2fa.default\user.js (.not file.) 
O43 - CFD: 02/09/2011 - 13:52:44 - [0] ----D- C:\Users\Tytyes\AppData\Local\{35A4BEB6-AFAF-4861-BDD1-380C6D2B528F} 
O43 - CFD: 01/09/2011 - 19:57:02 - [0] ----D- C:\Users\Tytyes\AppData\Local\{742A3435-1322-4C4A-940F-3D934FE5021A} 
O43 - CFD: 01/09/2011 - 18:36:36 - [0] ----D- C:\Users\Tytyes\AppData\Local\{7794861A-9842-465F-95FA-7A622E913E57} 
O43 - CFD: 01/09/2011 - 18:36:48 - [0] ----D- C:\Users\Tytyes\AppData\Local\{8ED2CB94-A8A4-481A-AE90-4F6A299C89EA} 
O43 - CFD: 02/09/2011 - 13:52:20 - [0] ----D- C:\Users\Tytyes\AppData\Local\{B25D8D8A-A524-416F-B9CE-453B0A3230E7} 
O43 - CFD: 01/09/2011 - 19:57:18 - [0] ----D- C:\Users\Tytyes\AppData\Local\{CE175995-5AFF-42ED-AAE2-D3C8474BF549} 
OPT:O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam.) -- C:\Steam\steam.exe    => Valve/GameSpy Industries®Steam 
OPT:O4 - HKLM\..\Wow6432Node\Run: [vspdfprsrv.exe] . (...) -- C:\Program Files (x86)\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe    => Visagesoft®eXPert PDF 
OPT:O4 - HKUS\S-1-5-21-1339429009-2538600354-1953010527-1000\..\Run: [Steam] . (.Valve Corporation - Steam.) -- C:\Steam\steam.exe    => Valve/GameSpy Industries®Steam 
OPT:O4 - Global Startup: C:\Users\Tytyes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk . (.Nullsoft, Inc..)  -- C:\Program Files (x86)\Winamp\winamp.exe    => Unknown owner®. 
OPT:O4 - Global Startup: C:\Users\Tytyes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk . (.Xfire Inc..)  -- C:\Program Files (x86)\Xfire\Xfire.exe    => Xfire®Xfire 

FirewallRAZ 
EmptyTemp 
EmptyFlash 

 

Puis Lance ZHPFix depuis le raccourci du bureau .  

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .  

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .  

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.  

Clique sur le bouton  GO 

Copie/Colle le rapport à l'écran dans ton prochain message. 

@+ 


_  _ _ Fish66_ _ _ I''"""""I_ _ membre _ _I''"""""I_ _ contributeur _ _ _  
 ¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤

Tytyes · Answer

Bonjour,

Et voilà le rapport:

Rapport de ZHPFix 1.12.3360 par Nicolas Coolman, Update du 29/08/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-03-09-2011-14-18-48.txt
Run by Tytyes at 03/09/2011 14:18:48
Windows 7 Home Premium Edition, 64-bit  (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Registry Value ==========
DELETED RunValue: Steam
DELETED RunValue: vspdfprsrv.exe
NOT FOUND RunValue: Steam
DELETED FirewallRaz (SP) : C:\Program Files (x86)\Orange\IEWInternet\Connectivity\ConnectivityManager.exe
No Value in Domain Profile Register Key FirewallRaz : 
DELETED FirewallRaz (Domain) : {DE87AFF1-76F3-47CC-8DB3-2B7A13C41BDA}
DELETED FirewallRaz (Private) : {34C29C8B-B072-42BE-B7EC-F5ED0C1F3A5D}
DELETED FirewallRaz (Private) : {20CBD313-21B0-4815-B8FE-9F3BAB5D089E}
DELETED FirewallRaz (Private) : {4670687B-60FC-4B6F-9D89-6061283DAC51}
DELETED FirewallRaz (Private) : {6F6561E8-449C-493B-82CA-1675D1BA049A}
DELETED FirewallRaz (Public) : {714211EF-B02D-4781-A823-9627D9008905}
DELETED FirewallRaz (Public) : {8C62F22B-19A9-408B-B02D-C3ED3F650A77}
DELETED FirewallRaz (None) : {BDB8E472-51F8-4879-B6FF-86D678525D77}
DELETED FirewallRaz (Public) : {46FF5EA9-0A35-4029-9B95-8BB3DC911EAB}
DELETED FirewallRaz (Public) : {5D9EDF10-05B5-4EC5-9CE7-3D7BA5D518FA}
DELETED FirewallRaz (Public) : {39EDB73D-2EC9-4AD1-95FB-848B08AE9DCB}
DELETED FirewallRaz (Public) : {4C0103FD-EBC0-49C2-AA22-DCBE33C3DFC8}

========== Repertory ==========
DELETED Folder: C:\Users\Tytyes\AppData\Local\{35A4BEB6-AFAF-4861-BDD1-380C6D2B528F}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{742A3435-1322-4C4A-940F-3D934FE5021A}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{7794861A-9842-465F-95FA-7A622E913E57}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{8ED2CB94-A8A4-481A-AE90-4F6A299C89EA}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{B25D8D8A-A524-416F-B9CE-453B0A3230E7}
DELETED Folder: C:\Users\Tytyes\AppData\Local\{CE175995-5AFF-42ED-AAE2-D3C8474BF549}
DELETED Window Temporary: : 220
DELETED Flash Cookies: 39

========== File ==========
NOT FOUND Folder/File: c:\users	ytyes\appdataoaming\mozilla\firefox\profiles\hzr0j2fa.default\user.js (.not file.)
DELETED File: c:\users	ytyes\appdataoaming\microsoft\internet explorer\quick launch\winamp.lnk
DELETED File: c:\users	ytyes\appdataoaming\microsoft\internet explorer\quick launch\xfire.lnk
DELETED Window Temporary: : 1715
DELETED Flash Cookies: 21


========== Summary ==========
17 : Registry Value
8 : Repertory
5 : File


End of the scan in 00mn 09s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 01/09/2011 22:11:13 [19516]
C:\ZHP\ZHPFix[R2].txt - 03/09/2011 14:18:48 [2628]

Fish66 · Answer

Re,

1/
As tu désinstallé McAfee ?

2/
Est ce que ce fichier : c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys   si oui, analyse le par Virus total

3/
Comment va ton PC ?

Tytyes · Answer

Re,

Oui j'ai désinstallé Mc Afee mais dans le doute j'ai remis un coup de Malware bytes, je ferais le reboot quand il sera terminé.

Le dossier gpotato était vide ( pas de fichier caché), je l'ai supprimé.

Et tout semble allez pour le mieux, tout les programmes marchent, j'avais un petit souci hier soir avec le logiciel Setpoint, mais désinstalle et réinstalle à régler le souci.

Merci beaucoup pour tes conseils :)

Fish66 · Answer

Re,

Une fois l'analyse est terminé poste le rapport de Malwarebytes stp  :-)

Virus qui bloque spybot skype et autres

22 réponses

Discussions similaires