Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

B.exe

Dernière réponse le 24 nov 2009 à 13:17:43 matko-destanov, le 9 nov 2009 à 18:27:48

Signaler ce message aux modérateurs

Bonjour,

je me retrouve infecté par b.exe, j'ai pu voir les différentes apportées aux autres personnes infectées, ca m'a l'air un poil compliqué. Est ce quelqu'un pourrait m'accorder un peu e son temps pour m'aider a l'éradiquer.

Merci

Configuration: Windows Vista
Firefox 3.5.5

Meilleures réponses pour « B.exe » dans :

Quoi faire avec le b.exe Voir

Supprimer b.exe Voir

B.exe erreur au lancement (Résolu) Voir

B.exe (Résolu) Voir

Problème b.exe Voir

Problèmes avec a.exe et b.exe Voir

Télécharger Remover.exe GData Voir

Ctfmon - ctfmon.exe Voirctfmon - ctfmon.exe Le processus ctfmon.exe (dont le nom complet de processus est Alternative User Input Services) est un processus générique de Windows NT/2000/XP servant à gérer les entrées de saisie texte alternatives telles que les logiciels...

Wuauclt - wuauclt.exe Voirwuauclt - wuauclt.exe Le processus wuauclt.exe (wuauclt signifiant Windows Update client for WindowsME) est un processus générique de Windows Millenium servant à mettre à jour Windows Millenium via Internet. Le fichier correspondant à ce...

Csrss - csrss.exe Voircsrss - csrss.exe Le processus csrss.exe (csrss signifiant Client/Server Runtime Subsystem) est un processus générique de Windows NT/2000/XP servant à gérer les fenêtres et les éléments graphiques de Windows. Le fichier correspondant à ce...

Posez votre question Répondre

Xplode, le 9 nov 2009 à 18:32:57

Salut,

-+-+-+-> USBfix ( Infections USB ) <-+-+-+-

[x] Télécharge USBfix ( de Chiquitine29 )

[x] Un tutoriel est disponible ici

[x] Installe le

/!\ Branche tout tes médias amovibles ( clés USB, DD externe, Cartes SD ) /!\

[x] Lance USBfix en cliquant sur l'icône qui est sur ton bureau ( Clique droit -> Executer en tant qu'administrateur pour vista )

[x] Choisis l'option F ( pour français ) et valide en appuyant sur entrée.

[x] Au menu principal, choisis l'option 2

[x] Laisse l'outil travailler puis poste le rapport dans ton prochain message

Répondre à Xplode

matko-destanov, le 9 nov 2009 à 18:58:15

Merci Xplode

voici le rapport dUsbfix

############################## | UsbFix V6.050 |

User : Home (Administrateurs) # PC-DE-HOME
Update on 09/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 18:36:50 | 09/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Disabled
AV : AVG Anti-Virus plus Firewall 8.0 [ Enabled | Updated ]

C:\ -> Disque fixe local # 144,29 Go (28,99 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 144,04 Go (39,38 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local # 232,88 Go (46,94 Go free) [BUTCH] # NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque amovible
M:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe 468
C:\Windows\system32\csrss.exe 536
C:\Windows\system32\wininit.exe 588
C:\Windows\system32\csrss.exe 600
C:\Program Files\AVG\AVG9\avgchsvx.exe 612
C:\Program Files\AVG\AVG9\avgrsx.exe 620
C:\Windows\system32\services.exe 652
C:\Program Files\AVG\AVG9\avgcsrvx.exe 688
C:\Windows\system32\lsass.exe 696
C:\Windows\system32\lsm.exe 704
C:\Windows\system32\winlogon.exe 1016
C:\Windows\system32\svchost.exe 1036
C:\Windows\system32\svchost.exe 1108
C:\Windows\System32\svchost.exe 1244
C:\Windows\System32\svchost.exe 1272
C:\Windows\system32\svchost.exe 1308
C:\Windows\system32\svchost.exe 1432
C:\Windows\system32\SLsvc.exe 1448
C:\Windows\system32\svchost.exe 1484
C:\Windows\system32\svchost.exe 1648
C:\Windows\System32\spoolsv.exe 1884
C:\Windows\system32\svchost.exe 1916
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 1628
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe 1688
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 524
C:\Program Files\AVG\AVG9\avgwdsvc.exe 700
C:\Program Files\AVG\AVG9\avgfws9.exe 1104
C:\Program Files\Bonjour\mDNSResponder.exe 2000
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 1300
C:\Windows\system32\taskeng.exe 2164
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2288
C:\Windows\system32\PnkBstrA.exe 2360
C:\Windows\system32\PnkBstrB.exe 2380
C:\Windows\system32\svchost.exe 2424
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2456
C:\Windows\system32\svchost.exe 2488
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 2536
C:\Windows\System32\svchost.exe 2580
C:\Windows\system32\SearchIndexer.exe 2628
C:\Program Files\AVG\AVG9\avgemc.exe 2680
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2712
C:\Program Files\AVG\AVG9\avgam.exe 2800
C:\Program Files\AVG\AVG9\avgnsx.exe 2824
C:\Program Files\AVG\AVG9\avgcsrvx.exe 3004
C:\Windows\system32\WUDFHost.exe 3164
C:\Windows\system32\wbem\wmiprvse.exe 3524
C:\Windows\system32\Dwm.exe 3936
C:\Windows\Explorer.EXE 4004
C:\Users\Home\AppData\Local\Temp\b.exe 2416
C:\Windows\system32\taskeng.exe 2336
C:\Program Files\Windows Defender\MSASCui.exe 3744
C:\Windows\RtHDVCpl.exe 3960
C:\Acer\Empowering Technology\SysMonitor.exe 2400
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe 2472
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3564
C:\Windows\System32\rundll32.exe 4064
C:\Program Files\iTunes\iTunesHelper.exe 2404
C:\Program Files\Java\jre6\bin\jusched.exe 1328
C:\Program Files\AVG\AVG9\avgtray.exe 3852
C:\Program Files\Windows Sidebar\sidebar.exe 3896
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 1196
C:\Windows\ehome\ehtray.exe 1776
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3944
C:\Program Files\DAEMON Tools Lite\daemon.exe 1428
C:\Program Files\Windows Media Player\wmpnscfg.exe 1324
C:\Windows\System32\rundll32.exe 4336
C:\Program Files\Windows Media Player\wmpnetwk.exe 4492
C:\Windows\ehome\ehmsas.exe 4644
C:\Windows\system32\wbem\wmiprvse.exe 4760
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4804
C:\Program Files\iPod\bin\iPodService.exe 4856
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4936
C:\Program Files\Windows Sidebar\sidebar.exe 4984
C:\Windows\system32\wbem\unsecapp.exe 5152
C:\Program Files\AVG\AVG9\avgcsrvx.exe 5656
C:\Windows\System32\svchost.exe 2736
C:\Program Files\Mozilla Firefox\firefox.exe 5100
C:\Program Files\Prevx\prevx.exe 4896
C:\Program Files\Prevx\prevx.exe 168
C:\Users\Home\Desktop\RSIT.exe 6072
C:\Windows\system32\taskeng.exe 5752
C:\Windows\system32\conime.exe 2876

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\Users\Home\AppData\Local\Temp\b.exe

################## | Registre # Clés Run infectieuses |

Supprimé ! [HKCU\SOFTWARE\XML]

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{15ceee48-b0a7-11dd-8226-001c2555ccda}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4eaf8f58-232b-11dd-bc99-001c2555ccda}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{776afa51-3ae7-11de-9dff-001c2555ccda}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[10/07/2007 22:30|-ra-s----|8192] C:\BOOTSECT.BAK
[28/02/2009 02:32|--a------|3658] C:\cleannavi.txt
[18/09/2006 22:43|--a------|10] C:\config.sys
[28/02/2009 02:21|--a------|3575] C:\fixnavi.txt
[?|?|?] C:\hiberfil.sys
[24/04/2008 20:39|-rahs----|0] C:\IO.SYS
[12/01/2009 22:00|--a------|0] C:\log_lobby.txt
[12/01/2009 22:00|--a------|0] C:\log_lobby_dumper.txt
[29/11/2006 16:35|--a------|512] C:\MDR.iss
[24/04/2008 20:39|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[09/11/2009 18:39|--a------|5959] C:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# J:\autorun.inf -> Dossier créé par UsbFix.

################## | Suspect | http://www.virustotal.com |

################## | Cracks / Keygens / Serials |

"C:\Program Files\Freecorder\crack.exe"
12/07/2004 20:18 |Size 99840 |Crc32 920c0a92 |Md5 c004d917a809affa8cec3fbb2262b77f

"C:\Users\Home\Documents\Programmes Applications\Ableton.Live.v5.0.1 +crack (Latest Update)\Setup.exe"
27/07/2005 20:15 |Size 44513898 |Crc32 93c9acfc |Md5 25fbc28697192c6f39344bad1db45168

"C:\Users\Home\Documents\Programmes Applications\Atomix VirtualDJ 5.0 Professional + Serial\install_virtualdj_v5.0.exe"
24/08/2007 16:04 |Size 10691444 |Crc32 e8d0bc68 |Md5 92e43f7960b04a41e3f868a13fac9605

"C:\Users\Home\Documents\Programmes Applications\Runtime.DiskExplorer.for.NTFS.v3.03.Datecode.010507.Cracked-ARN\Setup.exe"
05/01/2007 18:13 |Size 2850714 |Crc32 c11edbea |Md5 bda9b40fd2442a257d0f904d68e612cd

"C:\Users\Home\Downloads\eMule\Incoming\Holdem Indicator v.1 Poker Odds Software Full Install CRACKED\HoldemIndicatorSetup.exe"
21/07/2009 16:06 |Size 5481154 |Crc32 d72cf85f |Md5 ae31bd7324bc5173568f1afeedc87323

################## | Upload |

Veuillez envoyer le fichier : C:\Users\Home\Desktop\UsbFix_Upload_Me_PC-de-Home.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.050 ! |

Répondre à matko-destanov

Xplode, le 9 nov 2009 à 19:00:49

"C:\Program Files\Freecorder\crack.exe"
12/07/2004 20:18 |Size 99840 |Crc32 920c0a92 |Md5 c004d917a809affa8cec3fbb2262b77f

"C:\Users\Home\Documents\Programmes Applications\Ableton.Live.v5.0.1 +crack (Latest Update)\Setup.exe"
27/07/2005 20:15 |Size 44513898 |Crc32 93c9acfc |Md5 25fbc28697192c6f39344bad1db45168

"C:\Users\Home\Documents\Programmes Applications\Atomix VirtualDJ 5.0 Professional + Serial\install_virtualdj_v5.0.exe"
24/08/2007 16:04 |Size 10691444 |Crc32 e8d0bc68 |Md5 92e43f7960b04a41e3f868a13fac9605

"C:\Users\Home\Documents\Programmes Applications\Runtime.DiskExplorer.for.NTFS.v3.03.Datecode.010507.Cracked-ARN\Setup.exe"
05/01/2007 18:13 |Size 2850714 |Crc32 c11edbea |Md5 bda9b40fd2442a257d0f904d68e612cd

"C:\Users\Home\Downloads\eMule\Incoming\Holdem Indicator v.1 Poker Odds Software Full Install CRACKED\HoldemIndicatorSetup.exe"
21/07/2009 16:06 |Size 5481154 |Crc32 d72cf85f |Md5 ae31bd7324bc5173568f1afeedc87323

----> A supprimer, source d'infections.

Tu peux désinstaller USBfix à l'aide de l'option 5.

====================================================================

-+-+-+-> ZHPDiag <-+-+-+-

[x] Télécharge ZHPDiag ( de Nicolas coolman ).

[x] Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

[x] Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau

[x] Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

[x] Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

[x] Rend toi sur Cjoint

[x] Clique sur " Parcourir " dans la partie " Joindre un fichier[...] "

[x] Séléctionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

[x] Clique ensuite sur " Créer le lien cjoint " et copie/colle le dans ton prochain message

Répondre à Xplode

matko-destanov, le 9 nov 2009 à 19:56:21

Rapport de ZHPDiag v1.24.22 par Nicolas Coolman
Run by Home at 09/11/2009 19:53:00
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Windows Vista (TM) Home Premium (6.0.6002) Service Pack 2
MSIE: Internet Explorer v8.0.6001.18828
MFIE: Mozilla Firefox (3.5.5)

Boot mode: Normal (Normal boot)
Total RAM: 3,7 Gb (58 % free)
System drive C: 144 Go (29 Go free)

---\\
C:\Program Files\Windows Defender\MSASCui.exe [MD5:0D392EDE3B97E0B3131B2F63EF1DB94E]
C:\Acer\Empowering Technology\SysMonitor.exe [MD5:46EAC4B8E96DC32381B39775330DB901]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [MD5:E090EE780714E376062198C6625D5B51]
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [MD5:37728F6DB0A8D31B0A1C49A7228E1D34]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [MD5:BBADDD291165F398BA4F058287175209]
C:\Acer\AcerTour\Reminder.exe [MD5:1ECD388C55B7BD4468395CDFD4488F3D]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [MD5:89D583FC41D48328128A974C25AFAEB7]
C:\Program Files\QuickTime\QTTask.exe [MD5:0AB3C83FCB8EF6F56E4FB22089F0D3B9]
C:\Program Files\iTunes\iTunesHelper.exe [MD5:0CDB6449C0C2BF0B514F9FA0BA2C721E]
C:\Program Files\Java\jre6\bin\jusched.exe [MD5:90E0F7FDCAC66FB50C1CE1A1C7396642]
C:\PROGRA~1\AVG\AVG9\avgtray.exe [MD5:FAD6042ECF5732CD035D09C7732C5928]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [MD5:C5FCC0B761069FABD59E41B7C3280DDF]
C:\Program Files\Windows Sidebar\sidebar.exe [MD5:9E35FF7F943AE0FB89192BFE058B7FD4]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [MD5:A9A5DB6AC3721BE698B996913693D73F]
C:\Windows\ehome\ehTray.exe [MD5:BF08674925F151BD4537B89A493E3E0C]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [MD5:43F3F6D33C793089A7C32B45DA16094B]
C:\Program Files\DAEMON Tools Lite\daemon.exe [MD5:79CC43BE17E1D1AC58844574ABD58941]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [MD5:E616A6A6E91B0A86F2F6217CDE835FFE]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [MD5:35937EAD711207544E219C2A19A78A7D]

---\\
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\\
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

---\\
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

---\\
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\ieframe.dll

---\\
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\\
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: C:\Windows\system32\eDStoolbar.dll - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -

---\\
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU C:\Windows\TEMP\E_S8B5E.tmp /EF HKCU
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TurboNet] C:\Users\Home\AppData\Local\Temp\b.exe
O4 - HKLM\..\policies\Explorer: [BindDirectlyToPropertySetStorage] Data=0
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - Global Startup: Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip\uzqkst.exe

---\\
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

---\\
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO

---\\
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll
O18 - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

---\\
O20 - AppInit_DLLs: avgrsstx.dll

---\\
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll

---\\
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Google Software Updater.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{CD85C47D-3533-4988-A72B-6665B1881CC1}.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

---\\
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
O40 - ASIC: Microsoft VM - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 10.4 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe\Director\swdir.dll
O40 - ASIC: Adobe Shockwave Director 10.4 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Themes Setup - {349CE37F-4280-EDD7-B7F5-426673C19E20} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

Répondre à matko-destanov

matko-destanov, le 9 nov 2009 à 19:57:41

Est ce qu'il te faut la suite ?

Répondre à matko-destanov

matko-destanov, le 9 nov 2009 à 20:36:56

Voila la suite du rapport :

O42 - Logiciel: 7-Zip 4.60 beta
O42 - Logiciel: AVG 9.0
O42 - Logiciel: Acer Arcade Live Main Page
O42 - Logiciel: Acer DV Magician
O42 - Logiciel: Acer DVDivine
O42 - Logiciel: Acer Empowering Technology
O42 - Logiciel: Acer HomeMedia
O42 - Logiciel: Acer HomeMedia Connect
O42 - Logiciel: Acer ScreenSaver
O42 - Logiciel: Acer SlideShow DVD
O42 - Logiciel: Acer Tour
O42 - Logiciel: Acer VideoMagician
O42 - Logiciel: Acer eDataSecurity Management
O42 - Logiciel: Acer ePerformance Management
O42 - Logiciel: Activation Assistant for the 2007 Microsoft Office suites
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 7.1.0 - Français
O42 - Logiciel: Adobe Shockwave Player
O42 - Logiciel: Apple Mobile Device Support
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Bonjour
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: CX4300_5500_DX4400 Manuel
O42 - Logiciel: Camera RAW Plug-In for EPSON Creativity Suite
O42 - Logiciel: Crayon Physics Deluxe - release 51
O42 - Logiciel: DiskExplorer for NTFS
O42 - Logiciel: DkZ Studio
O42 - Logiciel: EPSON Attach To Email
O42 - Logiciel: EPSON Copy Utility 3
O42 - Logiciel: EPSON Easy Photo Print
O42 - Logiciel: EPSON File Manager
O42 - Logiciel: EPSON Logiciel imprimante
O42 - Logiciel: EPSON Scan
O42 - Logiciel: EPSON Scan Assistant
O42 - Logiciel: Everest Poker (Remove Only)
O42 - Logiciel: Far Cry 2
O42 - Logiciel: Fleuves et montagnes de France
O42 - Logiciel: Freecorder 2.3 (with Skype Call Recording)
O42 - Logiciel: GetDataBack for NTFS
O42 - Logiciel: Google Update Helper
O42 - Logiciel: Google Earth
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
O42 - Logiciel: Java(TM) 6 Update 15
O42 - Logiciel: Java(TM) 6 Update 6
O42 - Logiciel: Java(TM) 6 Update 7
O42 - Logiciel: Les départements français
O42 - Logiciel: Les pays d'Afrique
O42 - Logiciel: Les pays d'Amérique du Sud
O42 - Logiciel: Les pays d'Asie
O42 - Logiciel: Les pays d'Europe
O42 - Logiciel: Les pays d'Océanie
O42 - Logiciel: Live 5.0.1
O42 - Logiciel: Ludi
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Magic ISO Maker v5.5 (build 0276)
O42 - Logiciel: MagicDisc 2.7.106
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: MasterCook 5 : LGLC
O42 - Logiciel: MaxTV
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Games for Windows - LIVE
O42 - Logiciel: Microsoft Games for Windows - LIVE Redistributable
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Microsoft Works
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra
O42 - Logiciel: Mozilla Firefox (3.5.5)
O42 - Logiciel: NTI Backup NOW! 4.7
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: Omaha Indicator 1.0.0
O42 - Logiciel: PKR
O42 - Logiciel: Pro Evolution Soccer 2009
O42 - Logiciel: Pro Evolution Soccer 2010
O42 - Logiciel: PunkBuster Services
O42 - Logiciel: QuickTime
O42 - Logiciel: RTL Winter Sports 2008
O42 - Logiciel: Radio Fr Solo 2.1
O42 - Logiciel: RealPlayer
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: SCRABBLE® Interactif EDITION 2007 Désinstaller
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: SopCast 3.0.3
O42 - Logiciel: Spybot - Search & Destroy
O42 - Logiciel: Spybot - Search & Destroy 1.5.2.20
O42 - Logiciel: Summer Athletics 2009
O42 - Logiciel: TVAnts 1.0
O42 - Logiciel: Tales of Monkey Island - Launch of the Screaming Narwhal
O42 - Logiciel: The KMPlayer (remove only)
O42 - Logiciel: Tiger Woods PGA TOUR 08
O42 - Logiciel: TomTom HOME 2.6.3.1609
O42 - Logiciel: TomTom HOME Visual Studio Merge Modules
O42 - Logiciel: Torino 2006
O42 - Logiciel: Trivial Pursuit Déjanté
O42 - Logiciel: UltimateZip
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
O42 - Logiciel: VideoLAN VLC media player 0.8.6b
O42 - Logiciel: Virtua Tennis(TM) 2009
O42 - Logiciel: Virtual DJ - Atomix Productions
O42 - Logiciel: Web Media Player 0.64.1
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live installer
O42 - Logiciel: Windows Media Player Firefox Plugin
O42 - Logiciel: Worms 4 Mayhem
O42 - Logiciel: YOU DON'T KNOW JACK®
O42 - Logiciel: Yahoo! Toolbar avec bloqueur de fenêtres pop-up
O42 - Logiciel: dBpoweramp AAC Encoder
O42 - Logiciel: dBpoweramp FLAC Codec
O42 - Logiciel: dBpoweramp Musepack Codec
O42 - Logiciel: dBpoweramp Music Converter
O42 - Logiciel: dBpoweramp Ogg Vorbis Codec
O42 - Logiciel: dBpoweramp WavPack Codec
O42 - Logiciel: dBpoweramp Windows Media Audio 10 Codec
O42 - Logiciel: dBpoweramp m4a Codec
O42 - Logiciel: eMule
O42 - Logiciel: eSobi v2
O42 - Logiciel: iTunes

---\\
O43 - CFD:Common File Directory ----D- C:\Program Files\2K Sports
O43 - CFD:Common File Directory ----D- C:\Program Files\7-Zip
O43 - CFD:Common File Directory ----D- C:\Program Files\Ableton
O43 - CFD:Common File Directory ----D- C:\Program Files\Acer Arcade Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Acer Inc
O43 - CFD:Common File Directory ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\adslTV
O43 - CFD:Common File Directory ----D- C:\Program Files\Alcohol Soft
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Amazon
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\Atari
O43 - CFD:Common File Directory ----D- C:\Program Files\AVG
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Codemasters
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O43 - CFD:Common File Directory ----D- C:\Program Files\Controle Parental
O43 - CFD:Common File Directory ----D- C:\Program Files\Crayon Physics Deluxe
O43 - CFD:Common File Directory ----D- C:\Program Files\CustomPortal
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\DkZ Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\DMV
O43 - CFD:Common File Directory ----D- C:\Program Files\EA GAMES
O43 - CFD:Common File Directory ----D- C:\Program Files\EA Sports
O43 - CFD:Common File Directory ----D- C:\Program Files\Empire of Sports
O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
O43 - CFD:Common File Directory ----D- C:\Program Files\epson
O43 - CFD:Common File Directory ----D- C:\Program Files\eSobi
O43 - CFD:Common File Directory ----D- C:\Program Files\Everest Poker
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Audio Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Freecorder
O43 - CFD:Common File Directory ----D- C:\Program Files\Full Tilt Poker
O43 - CFD:Common File Directory ----D- C:\Program Files\GEOGRAPHIE
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Holdem Indicator
O43 - CFD:Common File Directory ----D- C:\Program Files\Illustrate
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\iPod
O43 - CFD:Common File Directory ----D- C:\Program Files\iTunes
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\JoWooD
O43 - CFD:Common File Directory ----D- C:\Program Files\KONAMI
O43 - CFD:Common File Directory ----D- C:\Program Files\Ludi
O43 - CFD:Common File Directory ----D- C:\Program Files\MagicDisc
O43 - CFD:Common File Directory ----D- C:\Program Files\MagicISO
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games for Windows - LIVE
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\mp3DirectCut
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\NewTech Infosystems
O43 - CFD:Common File Directory ----D- C:\Program Files\Omaha Indicator
O43 - CFD:Common File Directory ----D- C:\Program Files\PKR
O43 - CFD:Common File Directory ----D- C:\Program Files\Poker Indicator
O43 - CFD:Common File Directory ----D- C:\Program Files\Poker Tracker V2
O43 - CFD:Common File Directory ----D- C:\Program Files\PokerStars
O43 - CFD:Common File Directory ----D- C:\Program Files\PostgreSQL
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Radio Fr Solo
O43 - CFD:Common File Directory ----D- C:\Program Files\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Replay Music 2
O43 - CFD:Common File Directory ----D- C:\Program Files\RTL Winter Sports 2008
O43 - CFD:Common File Directory ----D- C:\Program Files\Runtime Software
O43 - CFD:Common File Directory ----D- C:\Program Files\RVG Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Securitoo
O43 - CFD:Common File Directory ----D- C:\Program Files\SEGA
O43 - CFD:Common File Directory ----D- C:\Program Files\Sierra On-Line
O43 - CFD:Common File Directory ----D- C:\Program Files\sina
O43 - CFD:Common File Directory ----D- C:\Program Files\SopCast
O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\Program Files\Summer Athletics 2009
O43 - CFD:Common File Directory ----D- C:\Program Files\Telltale Games
O43 - CFD:Common File Directory ----D- C:\Program Files\The KMPlayer
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom DesktopSuite
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom HOME 2
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V
O43 - CFD:Common File Directory ----D- C:\Program Files\Tournament Indicator
O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
O43 - CFD:Common File Directory ----D- C:\Program Files\TVAnts
O43 - CFD:Common File Directory ----D- C:\Program Files\Ubisoft
O43 - CFD:Common File Directory ----D- C:\Program Files\UltimateZip
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent
O43 - CFD:Common File Directory ----D- C:\Program Files\Vidalia Bundle
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\VirtualDJ
O43 - CFD:Common File Directory ----D- C:\Program Files\Web Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Calendar
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Collaboration
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\WorldOfGoo
O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
O43 - CFD:Common File Directory ----D- C:\Program Files\YDKJWIN
O43 - CFD:Common File Directory ----D- C:\Program Files\Zattoo
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\BOONTY Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\muvee Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\NSV
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nullsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PokerAcademyPro2
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\xing shared

---\\
O44 - LFC:Last File Created 09/11/2009 - 17:53:08 ---A- C:\Windows\PFRO.log
O44 - LFC:Last File Created 09/11/2009 - 18:09:22 ---A- C:\Windows\System32\PxSecure.dll-300489
O44 - LFC:Last File Created 09/11/2009 - 19:10:19 ---A- C:\Windows\Freecorder Toolbar Uninstall Log.txt
O44 - LFC:Last File Created 09/11/2009 - 19:42:59 -S-A- C:\Windows\bootstat.dat
O44 - LFC:Last File Created 09/11/2009 - 19:46:54 ---A- C:\Windows\WindowsUpdate.log
O44 - LFC:Last File Created 09/11/2009 - 19:49:51 ---A- C:\Windows\System32\PerfStringBackup.INI
O44 - LFC:Last File Created 09/11/2009 - 19:49:51 ---A- C:\Windows\System32\perfc009.dat
O44 - LFC:Last File Created 09/11/2009 - 19:49:51 ---A- C:\Windows\System32\perfc00C.dat
O44 - LFC:Last File Created 09/11/2009 - 19:49:51 ---A- C:\Windows\System32\perfh009.dat
O44 - LFC:Last File Created 09/11/2009 - 19:49:51 ---A- C:\Windows\System32\perfh00C.dat
O44 - LFC:Last File Created 20/10/2009 - 00:19:28 ---A- C:\Windows\MaxTV Uninstall Log.txt
O44 - LFC:Last File Created 20/10/2009 - 00:28:59 ---A- C:\Windows\MaxTV Setup Log.txt
O44 - LFC:Last File Created 21/10/2009 - 09:19:16 ---A- C:\Windows\System32\mshtml.tlb
O44 - LFC:Last File Created 21/10/2009 - 11:40:08 ---A- C:\Windows\System32\mshtml.dll
O44 - LFC:Last File Created 22/10/2009 - 12:02:52 ---A- C:\Windows\System32\FNTCACHE.DAT
O44 - LFC:Last File Created 22/10/2009 - 13:39:40 ---A- C:\Windows\setupact.log
O44 - LFC:Last File Created 28/10/2009 - 00:31:10 ---A- C:\Windows\System32\drivers\avgfwd6x.sys
O44 - LFC:Last File Created 28/10/2009 - 00:31:25 ---A- C:\Windows\System32\avgrsstx.dll
O44 - LFC:Last File Created 28/10/2009 - 00:31:25 ---A- C:\Windows\System32\drivers\avgrkx86.sys
O44 - LFC:Last File Created 28/10/2009 - 00:31:39 ---A- C:\Windows\System32\drivers\avgldx86.sys
O44 - LFC:Last File Created 28/10/2009 - 00:31:39 ---A- C:\Windows\System32\drivers\avgmfx86.sys
O44 - LFC:Last File Created 28/10/2009 - 00:31:39 ---A- C:\Windows\System32\drivers\avgtdix.sys

---\\
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.uyvy"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yuy2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yvyu"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iyuv"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.i420"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yvu9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.mkdmp3enc"="C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP60"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP61"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP62"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"wdmaud.drv"="Realtek High Definition Audio"
O52 - TDSD:HKLM\...\drivers.desc\"C:\PROGRA~1\ACERAR~1\ACERDV~1\Kernel\Burner\MKDMP3Enc.ACM"="MP3 PowerEncoder"
O52 - TDSD:HKLM\...\drivers.desc\"C:\PROGRA~1\ACERAR~1\ACERSL~1\Kernel\Burner\MKDMP3Enc.ACM"="MP3 PowerEncoder"
O52 - TDSD:HKLM\...\drivers.desc\"C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM"="MP3 PowerEncoder"
O52 - TDSD:HKLM\...\drivers.desc\"sirenacm.dll"="Messenger Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"vp6vfw.dll"="EA VP6 Codec"

---\\
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

---\\
O56 - MWPE:[HKLM\...\Policies\Explorer] - "BindDirectlyToPropertySetStorage"=0
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveAutoRun"=128
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveTypeAutoRun"=128
O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1

Répondre à matko-destanov

Xplode, le 9 nov 2009 à 20:37:36

Il faut que tu heberges le rapport sur cjoint comme je te l'ai indiqué, et que tu copies/colle le lien

Répondre à Xplode

matko-destanov, le 9 nov 2009 à 20:40:20

Ok

pardon

http://cjoint.com/?ljuNgNGfm0

Répondre à matko-destanov

Xplode, le 9 nov 2009 à 21:00:40

La, tu as joint ZHPDiag.exe , et non pas ZHPDiag.txt

Répondre à Xplode

matko-destanov, le 9 nov 2009 à 21:11:38

Ok je vais finir par y arriver le voila :

http://cjoint.com/?ljvkH2OZ4X

Répondre à matko-destanov

Xplode, le 9 nov 2009 à 21:17:54

-+-+-+-> OTMoveIt <-+-+-+-

[x] Télécharge OTMoveIt (de Old_Timer)

[x] Double-clique sur OTMoveIt.exe.

[x] Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

[x] Copie le texte en gras ci dessous et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved

:processes
explorer.exe
b.exe

:services
SISGRKMD

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TurboNet"=-

:files
C:\Users\Home\AppData\Local\Temp\b.exe
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Program Files\YDKJWIN
C:\Windows\MaxTV Uninstall Log.txt
C:\Windows\Freecorder Toolbar Uninstall Log.txt
C:\Windows\System32\PxSecure.dll-300489
C:\Windows\system32\drivers\SISGRKMD.sys

:commands
[emptytemp]
[purity]
[reboot]

[x] Clique sur MoveIt! pour lancer la suppression.

[x] Ton PC redémarrera.

[x] Dans ta future réponse, envoie le rapport de OTMoveIt situé sous C:\_OTMoveIt\MovedFiles

Répondre à Xplode

matko-destanov, le 9 nov 2009 à 21:27:16

Et voila

========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: b.exe
========== SERVICES/DRIVERS ==========
Unable to stop service SISGRKMD .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TurboNet not found.
========== FILES ==========
File/Folder C:\Users\Home\AppData\Local\Temp\b.exe not found.
File move failed. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job scheduled to be moved on reboot.
Folder move failed. C:\Program Files\YDKJWIN\Riviera scheduled to be moved on reboot.
Folder move failed. C:\Program Files\YDKJWIN scheduled to be moved on reboot.
File move failed. C:\Windows\MaxTV Uninstall Log.txt scheduled to be moved on reboot.
File move failed. C:\Windows\Freecorder Toolbar Uninstall Log.txt scheduled to be moved on reboot.
C:\Windows\System32\PxSecure.dll-300489 moved successfully.
File move failed. C:\Windows\system32\drivers\SISGRKMD.sys scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Home\AppData\Local\Temp\etilqs_bVirXBfgioSHwAahRpfy scheduled to be deleted on reboot.
File delete failed. C:\Users\Home\AppData\Local\Temp\MaxTV Application scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\r003ogx9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\r003ogx9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\r003ogx9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\r003ogx9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\r003ogx9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\r003ogx9.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11092009_212126

Répondre à matko-destanov

Xplode, le 9 nov 2009 à 21:28:31

-+-+-+-> AD-Remover <-+-+-+-

[x] Télécharge Ad-remover (de C_XX) sur ton bureau.

[x] Lance l'installation avec les paramètres par défaut..

▶ Déconnecte toi et ferme toutes applications en cours !

[x] Double-clique sur le raccourci Ad-Remover sur ton Bureau. (Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista))

[x] Séléctionne l'option F pour français

[x] A la fenêtre qui s'affiche clique sur " oui "

[x] Séléctionne l'option L

[x] Laisse l'outil travailler.

[x] Une fois le scan fini, appuie sur une touche, le rapport s'ouvre

[x] Copie/colle le dans ton prochain post

Répondre à Xplode

matko-destanov, le 9 nov 2009 à 21:50:41

Voici le resultat du scan d'Ad remover :

======= RAPPORT D'AD-REMOVER 1.1.4.6_B | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 08.11.2009 à 14:49
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:36:06, 09/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: "C:\Program Files\Ad-Remover\"
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-HOME | Utilisateur actuel: Home
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\Grand Virtual
HKCU\Software\PartyGaming
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKU\S-1-5-21-1942739150-3024437067-2572189820-1000\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
.
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Everest Poker
C:\Users\Home\AppData\LocalLow\Kiwee Toolbar
C:\Program Files\Everest Poker
C:\log_lobby.txt
C:\log_lobby_dumper.txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: r003ogx9.default (Home)
.
(Home, prefs.js) Browser.download.dir, C:\Users\Home\Downloads
(Home, prefs.js) Browser.download.lastDir, C:\Users\Home\Desktop
(Home, prefs.js) Browser.search.defaultenginename, Yahoo! Search
(Home, prefs.js) Browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
(Home, prefs.js) Browser.search.selectedEngine, Yahoo! Search
(Home, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
.
(Home, prefs.js) EFFAC+ - Weboftrust.search.ask.display, Ask.com Web Search
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
SEARCH PAGE: hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://fr.yahoo.com
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\Home\Downloads\Virtua_Tennis_Patch_1.1.zip
C:\Users\Home\Downloads\eMule\Incoming\HOLDEM INDICATOR PRO V1.7.7 serial.zip
C:\Users\Home\Downloads\eMule\Incoming\Holdem.Indicator.v.1.7.6.Poker.Odds.Software.Full.Install.CRACKED.zip
.
===================================
.
3637 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
1 Fichier(s) - C:\Users\Home\AppData\Local\Temp
68 Fichier(s) - C:\Windows\Temp
.
22 Fichier(s) - "C:\Program Files\Ad-Remover\BACKUP"
123 Fichier(s) - "C:\Program Files\Ad-Remover\QUARANTINE"
.
Fin à: 21:42:37 | 09/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.

Répondre à matko-destanov

Xplode, le 10 nov 2009 à 13:05:50

Bien, refais un log ZHPDiag maintenant

Répondre à Xplode

matko-destanov, le 10 nov 2009 à 14:35:09

Salut Xplode et merci encore voici le lien de ZHPDiag http://cjoint.com/?lkoEYff4zH
Il n'y a plus de traces de Be.exe sur mon pc depuis le passage d'AD Remover meme apres plusieurs redémarrages

Répondre à matko-destanov

Xplode, le 10 nov 2009 à 16:40:15

-+-+-+-> List&kill'em <-+-+-+-

[x] Télécharge List&kill'em ( de Gen-Hackman ) sur ton bureau.

/!\ Désactive toutes tes protections résidentes ( Antivirus, Antispyware, Pare-feu ) /!\

[x] Lance le en double cliquant dessus ( Clic droit -> "Executer en tant qu'administrateur" sous vista )

[x] Choisis l'option F ( pour français ) puis l'option 1 ( Recherche )

[x] Laisse le scan s'opérer.

[x] Le rapport s'ouvrira une fois le scan fini, copie/colle son contenu dans ta prochaine réponse.

Répondre à Xplode

matko-destanov, le 10 nov 2009 à 18:00:26

Le scan s'opere mais une fois terminé le programme se ferme tout seul et aucun rapport n'apparait...

Répondre à matko-destanov

matko-destanov, le 10 nov 2009 à 18:31:37

Decidemment je suis pas doué je viens de le retrouver le voici :

List'em by g3n-h@ckm@n 1.0.5.3

Thx to Chiquitine29.....

User : Home (Administrateurs) # PC-DE-HOME
Update on 09/11/2009 by g3n-h@ckm@n ::::: 20.30
Start at: 18:28:42 | 10/11/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Disabled
AV : AVG Anti-Virus plus Firewall 8.0 [ Enabled | Updated ]

C:\ -> Disque fixe local | 144,29 Go (29,96 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 144,04 Go (39,31 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local | 232,88 Go (52,06 Go free) [BUTCH] | NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque amovible
M:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

C:\Windows\System32\smss.exe 472
C:\Windows\system32\csrss.exe 604
C:\Windows\system32\wininit.exe 656
C:\Windows\system32\csrss.exe 668
C:\Program Files\AVG\AVG9\avgchsvx.exe 680
C:\Program Files\AVG\AVG9\avgrsx.exe 688
C:\Program Files\AVG\AVG9\avgcsrvx.exe 732
C:\Windows\system32\services.exe 752
C:\Windows\system32\lsass.exe 768
C:\Windows\system32\lsm.exe 776
C:\Windows\system32\winlogon.exe 928
C:\Windows\system32\svchost.exe 952
C:\Windows\system32\svchost.exe 1016
C:\Windows\System32\svchost.exe 1136
C:\Windows\System32\svchost.exe 1172
C:\Windows\system32\svchost.exe 1184
C:\Windows\system32\svchost.exe 1376
C:\Windows\system32\SLsvc.exe 1396
C:\Windows\system32\svchost.exe 1568
C:\Windows\system32\svchost.exe 1732
C:\Windows\System32\spoolsv.exe 1988
C:\Windows\system32\svchost.exe 2012
C:\Windows\system32\Dwm.exe 1852
C:\Windows\system32\taskeng.exe 2020
C:\Windows\Explorer.EXE 872
C:\Windows\system32\taskeng.exe 2060
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 2364
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe 2380
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2444
C:\Program Files\AVG\AVG9\avgwdsvc.exe 2496
C:\Program Files\AVG\AVG9\avgfws9.exe 2508
C:\Program Files\Bonjour\mDNSResponder.exe 2524
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 2556
C:\Program Files\AVG\AVG9\avgam.exe 2692
C:\Program Files\AVG\AVG9\avgnsx.exe 2712
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3008
C:\Windows\system32\PnkBstrA.exe 3164
C:\Windows\system32\PnkBstrB.exe 3180
C:\Windows\system32\svchost.exe 3196
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 3236
C:\Windows\system32\svchost.exe 3280
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 3304
C:\Windows\System32\svchost.exe 3336
C:\Windows\system32\SearchIndexer.exe 3396
C:\Program Files\AVG\AVG9\avgemc.exe 3412
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 3456
C:\Windows\system32\WUDFHost.exe 3560
C:\Program Files\AVG\AVG9\avgcsrvx.exe 3580
C:\Windows\RtHDVCpl.exe 2236
C:\Acer\Empowering Technology\SysMonitor.exe 2252
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe 1512
C:\Windows\system32\wbem\wmiprvse.exe 2536
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 1056
C:\Windows\System32\rundll32.exe 3988
C:\Program Files\iTunes\iTunesHelper.exe 4080
C:\Program Files\Java\jre6\bin\jusched.exe 2092
C:\Program Files\Windows Sidebar\sidebar.exe 1592
C:\Windows\ehome\ehtray.exe 1536
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1272
C:\Program Files\AVG\AVG9\avgcsrvx.exe 2340
C:\Windows\ehome\ehmsas.exe 4244
C:\Windows\System32\rundll32.exe 4256
C:\Program Files\Windows Media Player\wmpnscfg.exe 4328
C:\Program Files\Windows Media Player\wmpnetwk.exe 4520
C:\Program Files\Windows Sidebar\sidebar.exe 4540
C:\Windows\system32\wbem\wmiprvse.exe 4652
C:\Program Files\iPod\bin\iPodService.exe 4804
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4844
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4912
C:\Windows\system32\wbem\unsecapp.exe 5296
C:\Program Files\Mozilla Firefox\firefox.exe 2328
C:\Windows\system32\conime.exe 1652
C:\Program Files\Windows Media Player\wmplayer.exe 1584
C:\Windows\System32\mobsync.exe 4560
C:\Users\Home\Desktop\List_Killem.exe 3848
C:\Windows\system32\cmd.exe 6120
C:\Users\Home\AppData\Local\Temp\119F.tmp\pv.exe 6072

======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"Acer Tour Reminder"="C:\\Acer\\AcerTour\\Reminder.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_1_0"
"EPSON Stylus DX4400 Series"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATICAE.EXE /FU \"C:\\Windows\\TEMP\\E_S8B5E.tmp\" /EF \"HKCU\""
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"TurboNet"="C:\\Users\\Home\\AppData\\Local\\Temp\\b.exe"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\
00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\
69,00,64,00,65,00,00,00
"RtHDVCpl"="RtHDVCpl.exe"
"Acer Empowering Technology Monitor"="C:\\Acer\\Empowering Technology\\SysMonitor.exe"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"PCMMediaSharing"="C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe"
"Acer Tour"=""
"eRecoveryService"=""
"Apanel"="C:\\ACERSW\\config\\NewSetApanel.cmd"
"WarReg_PopUp"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe"
"Acer Tour Reminder"="C:\\Acer\\AcerTour\\Reminder.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"
"NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"Skytel"="Skytel.exe"
"AVG9_TRAY"="C:\\PROGRA~1\\AVG\\AVG9\\avgtray.exe"
"Malwarebytes Anti-Malware (reboot)"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

===============
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

===============
===============
===============
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

======
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
@="WormRadar.com IESiteBlocker.NavFilter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
@="Ask Toolbar BHO"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

==========================

=========================
Environnement variables :
=========================

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Home\AppData\Roaming
choix=1
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-HOME
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Home
LOCALAPPDATA=C:\Users\Home\AppData\Local
LOGONSERVER=\\PC-DE-HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\C:\Program Files\DMV\MaxTV4\plugins;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Home\AppData\Local\Temp
TMP=C:\Users\Home\AppData\Local\Temp
USERDOMAIN=PC-de-Home
USERNAME=Home
USERPROFILE=C:\Users\Home
windir=C:\Windows

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\ProgramData\.zreglib
C:\Windows\iun6002.exe
C:\Users\Home\LOCAL Settings\Temp\utt938B.tmp.exe

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

"HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1942739150-3024437067-2572189820-1000.db
AgGlUAD_S-1-5-21-1942739150-3024437067-2572189820-1000.db
AgRobust.db
ASKPARTNERCOBRANDINGTOOL.EXE-9A79EEDD.pf
AVGCMGR.EXE-27FF3A49.pf
AVGCMGR.EXE-7F3B658E.pf
AVGCSRVX.EXE-0C19085F.pf
AVGSCANX.EXE-5BD46372.pf
AVGSRMAX.EXE-D4A7AE38.pf
AVGUI.EXE-2D9AB8CF.pf
AVGUPD.EXE-A2A9EA76.pf
CMD.EXE-4A81B364.pf
CONIME.EXE-9781FD5F.pf
CONSENT.EXE-531BD9EA.pf
CONTROL.EXE-817F8F1D.pf
CSCRIPT.EXE-D1EF4768.pf
DLLHOST.EXE-5E46FA0D.pf
DLLHOST.EXE-766398D2.pf
DLLHOST.EXE-7FAA2E4C.pf
DLLHOST.EXE-8EF34503.pf
DLLHOST.EXE-B2EB1806.pf
DLLHOST.EXE-FDE983AF.pf
EAPLAUNCHER.EXE-13C674DB.pf
EXPLORER.EXE-A80E4F97.pf
FIREFOX.EXE-A606B53C.pf
FIXCFG.EXE-DEF5F496.pf
GETPOPUPINFO.EXE-29F941BC.pf
GOOGLEEARTH.EXE-8471DF9D.pf
GOOGLEUPDATE.EXE-FE771DDA.pf
GOOGLEUPDATER.EXE-39628337.pf
GOOGLEUPDATERSERVICE.EXE-09540BCD.pf
IELOWUTIL.EXE-3885C25E.pf
IEXPLORE.EXE-908C99F8.pf
IPODSERVICE.EXE-37C43D64.pf
JAVA.EXE-E27B75C2.pf
KMPLAYER.EXE-5C3C4305.pf
LADS.EXE-3D3801BD.pf
Layout.ini
LIST_KILLEM.EXE-EFA85689.pf
LOGONUI.EXE-09140401.pf
MFPMP.EXE-26F35380.pf
MOBSYNC.EXE-C5E2284F.pf
MODE.COM-DB34C082.pf
MSFEEDSSYNC.EXE-6E6FBDF4.pf
MSI27AB.TMP-E93D1A50.pf
MSIA1BF.TMP-29B16EC6.pf
MSICEAD.TMP-5ED45D7D.pf
MSIEXEC.EXE-A2D55CB6.pf
NEW1C2A.TMP.EXE-D142541E.pf
NEW956E.TMP.EXE-C8694E68.pf
NEWC3ED.TMP.EXE-A907258E.pf
NOTEPAD.EXE-D8414F97.pf
NTOSBOOT-B00DFAAD.pf
OMAHAINDICATOR.EXE-950D8A2C.pf
PfSvPerfStats.bin
PING.EXE-7E94E73E.pf
PKR.EXE-DB7E5BC8.pf
POKERAPP.EXE-4A74C8C9.pf
PPEXEC.EXE-1F850016.pf
PROCESSOR64BIT.EXE-B5E62222.pf
PV.EXE-329BA6A8.pf
PV.EXE-3533435D.pf
PV.EXE-A625FDCA.pf
PV.EXE-D244D687.pf
PV.EXE-E785DCF7.pf
ReadyBoot
REALPLAY.EXE-A09C7945.pf
REG.EXE-E7E8BD26.pf
SEARCHFILTERHOST.EXE-77482212.pf
SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
SNDVOL.EXE-5D4CC7D6.pf
SUBINACL.EXE-7FBD134E.pf
SVCHOST.EXE-7CFEDEA3.pf
TASKENG.EXE-48D4E289.pf
TASKMGR.EXE-5F5F473D.pf
TASKSCHEDULER.EXE-E5982EBC.pf
TRUSTEDINSTALLER.EXE-3CC531E5.pf
UTORRENT.EXE-1070971C.pf
UTORRENT.EXE-5F9AB773.pf
UTT1A75.TMP.EXE-7D7C1300.pf
UTT938B.TMP.EXE-31422B80.pf
UTTC277.TMP.EXE-CDC7B779.pf
VERCLSID.EXE-7C52E31C.pf
VSSVC.EXE-B8AFC319.pf
WERCON.EXE-E36BD04E.pf
WERFAULT.EXE-E69F695A.pf
WERMGR.EXE-0F2AC88C.pf
WMIADAP.EXE-F8DFDFA2.pf
WMIPRVSE.EXE-1628051C.pf
WMPLAYER.EXE-BAD6BD53.pf
WMPNETWK.EXE-D9F2A96F.pf
WMPNSCFG.EXE-FC0D39BF.pf
ZHPDIAG 1.24.22.EXE-6CBF8DD2.pf
ZHPDIAG 1.24.22.TMP-7A8545FF.pf
ZHPDIAG.EXE-5F50D22C.pf
ZHPFIX.EXE-85222C4E.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Répondre à matko-destanov

86 réponses 12 3 4 5 Suivant

Posez votre question Répondre