Probleme de déconnection

pitchsoso Messages postés 43 Statut Membre -
pitchsoso Messages postés 43 Statut Membre - 16 déc. 2009 à 20:55

Bonjour,
Bonjour,
ma connection internet se bloque au bout d'un certain temps j'essaye de diagnostiquer les probleme de connection avant ça fonctionnait mai main tenant je suis obligé de redémarer mon ordi ci-joint mon rapport hijaLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:53, on 12/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:51, on 14/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\jacky\local settings\application data\nudaaho.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Blingee Toolbar - {D1121FE0-0145-44C9-AA35-72071AC20A9B} - C:\Program Files\Blingee Plus\blingeetb.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nudaaho] "c:\documents and settings\jacky\local settings\application data\nudaaho.exe" nudaaho
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1228736727609
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1121FE0-0145-44C9-AA35-72071AC20A9B} (Blingee Toolbar) - http://downloads.blingee.com/toolbar/blingeeplus_setup_a_1.0.0.5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553526000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4450F113-8487-4083-8D1F-7908C3A310BB}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvussrp - wvussrp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate1c9debd8b5e1e9a) (gupdate1c9debd8b5e1e9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O24 - Desktop Component 0: (no name) - https://www.public.fr/Pop-Culture + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '

Afficher la suite

A voir également:

Probleme de déconnection
Comment se déconnecter de vinted ✓ - Forum Twitter
Comment se deconnecter de vinted - Guide
Vinted Comment supprimer mon compte Facebook ? - Forum Réseaux sociaux
Switch se déconnecte de la tv ✓ - Forum Box et Streaming vidéo
Pourquoi mon ordi se deconnecte de la wifi - Guide

33 réponses

Réponse 21 / 33

pitchsoso Messages postés 43 Statut Membre

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 14.12.2009 à 21:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:59:24, 14/12/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: PC | Utilisateur actuel: Jacky
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\Program Files\Fast Browser Search
C:\Program Files\Iminent
C:\Documents and Settings\Jacky\Local Settings\Application Data\Kiwee Toolbar
C:\Program Files\Search Guard Plus
C:\Program Files\Search Guard PlusU
C:\Program Files\SGPSA
.
HKCU\software\FBSearch
HKCU\software\FunWebProducts
HKCU\software\GamesBar
HKCU\software\Iminent
HKCU\software\microsoft\internet explorer\searchscopes\{27FD3115-5A13-41F7-8D94-3FAC9B1ABFFF}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\software\SGPUpdater
HKCU\software\SweetIM
HKLM\Software\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
HKLM\Software\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
HKLM\Software\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKLM\Software\Classes\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\Software\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKLM\Software\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
HKLM\software\classes\URLSearchHook.ToolbarURLSearchHook
HKLM\software\classes\URLSearchHook.ToolbarURLSearchHook.1
HKLM\software\Iminent
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BD6C662-485C-45ba-9745-59BABDF7E5F9}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{615DA831-572A-4825-8AA9-854802C77B5F}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3D25F01-AC45-4366-AAFD-A0FF73DAB0ED}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5F409FF-DCC5-4057-BDFC-D9D1B4F1846C}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C65154D5-6DB7-4a9f-9C5E-35C3B8434297}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA6010FB-C69F-4bbf-BB85-7058572D3589}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKLM\software\microsoft\windows\currentversion\uninstall\Search Guard Plus
HKLM\software\microsoft\windows\currentversion\uninstall\Search Guard Plus Updater
HKLM\software\SweetIM
HKU\s-1-5-21-583907252-1482476501-1417001333-1003\software\FBSearch
HKU\s-1-5-21-583907252-1482476501-1417001333-1003\software\FunWebProducts
HKU\s-1-5-21-583907252-1482476501-1417001333-1003\software\GamesBar
HKU\s-1-5-21-583907252-1482476501-1417001333-1003\software\Iminent
HKU\s-1-5-21-583907252-1482476501-1417001333-1003\software\SGPUpdater
HKU\s-1-5-21-583907252-1482476501-1417001333-1003\software\SweetIM
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version [Impossible d'obtenir la version] *
.
Nom du profil: gnk8745w.default (Jacky)
.
(Jacky, prefs.js) Browser.startup.homepage, hxxp://search.iminent.com/?appId=2c3755bd-801e-4ec9-96a9-19b0c3d7d864&lcid=1036&ref=homepage
(Jacky, prefs.js) Browser.search.selectedEngine, Live Search
(Jacky, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(Jacky, prefs.js) Browser.search.selectedEngine, Live Search
(Jacky, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(Jacky, prefs.js) Browser.search.selectedEngine, Live Search
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Search Page: hxxp://www.google.com
SearchAssistant:
Start Page: hxxp://google.fr/
Enable Browser Extensions: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: fe92848a7bebc901
Start Page Redirect Cache AcceptLangs: fr
Use Search Asst:
Search Bar: hxxp://www.google.com/ie
Default_Search_URL: hxxp://www.google.com/ie
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5891 Octet(s) - C:\Ad-Report-SCAN[1].log
.
51 Fichier(s) - C:\DOCUME~1\Jacky\LOCALS~1\Temp
7 Fichier(s) - C:\WINDOWS\Temp
60 Fichier(s) - C:\WINDOWS\Prefetch
.
2 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 22:12:08 | 14/12/2009 - SCAN[1]
.
============== E.O.F ==============
.

Réponse 22 / 33

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

1)
Même outil (Ad Remover)

En mode sans échec
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

Option L Lancer le nettoyage

2) refaire un nouveau RSIT stp

Réponse 23 / 33

pitchsoso Messages postés 43 Statut Membre

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jacky at 2009-12-14 23:16:54
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 21 GB (55%) free of 38 GB
Total RAM: 384 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:20, on 14/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Documents and Settings\Jacky\Local Settings\Temporary Internet Files\Content.IE5\M710Q8PJ\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Jacky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Blingee Toolbar - {D1121FE0-0145-44C9-AA35-72071AC20A9B} - C:\Program Files\Blingee Plus\blingeetb.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1228736727609
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1121FE0-0145-44C9-AA35-72071AC20A9B} (Blingee Toolbar) - http://downloads.blingee.com/toolbar/blingeeplus_setup_a_1.0.0.5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553526000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4450F113-8487-4083-8D1F-7908C3A310BB}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvussrp - wvussrp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate1c9debd8b5e1e9a) (gupdate1c9debd8b5e1e9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O24 - Desktop Component 0: (no name) - https://www.public.fr/Pop-Culture + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '

Réponse 24 / 33

pitchsoso Messages postés 43 Statut Membre

.
======= LOGFILE OF AD-REMOVER 1.1.4.6_F | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 14.12.2009 at 21:50
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 22:53:28, 14/12/2009 | Safe Mode | Option: SCAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Computer Name: PC | Current user: Administrateur
.
============== FOUND ELEMENT(S) ==============
.

C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\Program Files\Fast Browser Search
C:\Program Files\Iminent
C:\Program Files\Search Guard Plus
C:\Program Files\Search Guard PlusU
C:\Program Files\SGPSA
.
HKLM\Software\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
HKLM\Software\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
HKLM\Software\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKLM\Software\Classes\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\Software\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKLM\Software\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
HKLM\software\classes\URLSearchHook.ToolbarURLSearchHook
HKLM\software\classes\URLSearchHook.ToolbarURLSearchHook.1
HKLM\software\Iminent
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BD6C662-485C-45ba-9745-59BABDF7E5F9}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{615DA831-572A-4825-8AA9-854802C77B5F}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3D25F01-AC45-4366-AAFD-A0FF73DAB0ED}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5F409FF-DCC5-4057-BDFC-D9D1B4F1846C}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C65154D5-6DB7-4a9f-9C5E-35C3B8434297}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA6010FB-C69F-4bbf-BB85-7058572D3589}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKLM\software\microsoft\windows\currentversion\uninstall\Search Guard Plus
HKLM\software\microsoft\windows\currentversion\uninstall\Search Guard Plus Updater
HKLM\software\SweetIM
.
============== Added scan ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6254 Byte(s) - C:\Ad-Report-SCAN[1].log
3725 Byte(s) - C:\Ad-Report-SCAN[2].log
.
1 File(s) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
5 File(s) - C:\WINDOWS\Temp
60 File(s) - C:\WINDOWS\Prefetch
.
3 File(s) - C:\Program Files\Ad-Remover\BACKUP
0 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 23:02:04 | 14/12/2009 - SCAN[2]
.
============== E.O.F ==============
.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 33

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

le rsit a bien été fait apres le scan Ad Remover ?

Réponse 26 / 33

pitchsoso Messages postés 43 Statut Membre

oui g juste inversé les logs

Réponse 27 / 33

pitchsoso Messages postés 43 Statut Membre

oui g juste inversé

Réponse 28 / 33

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

ok

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

à la fin du scan la fenêtre se referme seule.

ouvre C:\List'em.txt

▶colle le contenu dans ta prochaine réponse

Réponse 29 / 33

pitchsoso Messages postés 43 Statut Membre

List'em by g3n-h@ckm@n 1.1.5.2

Thx to Chiquitine29.....& CCM team

User : Jacky (Administrateurs) # PC
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 14:59:15 | 15/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Celeron(TM) CPU 1300MHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 091215-0] 4.8.1368 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 37,26 Go (20,63 Go free) | NTFS
D:\ -> Disque fixe local | 6 Go (4,43 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 916
C:\WINDOWS\system32\csrss.exe 1076
C:\WINDOWS\system32\winlogon.exe 1116
C:\WINDOWS\system32\services.exe 1192
C:\WINDOWS\system32\lsass.exe 1204
C:\WINDOWS\system32\svchost.exe 1396
C:\WINDOWS\system32\svchost.exe 1456
C:\WINDOWS\System32\svchost.exe 1552
C:\WINDOWS\System32\svchost.exe 1624
C:\WINDOWS\System32\svchost.exe 1712
C:\Program Files\Avast4\aswUpdSv.exe 172
C:\Program Files\Avast4\ashServ.exe 228
C:\WINDOWS\system32\spoolsv.exe 764
C:\WINDOWS\Explorer.EXE 1792
C:\Program Files\Java\jre6\bin\jqs.exe 288
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 520
C:\WINDOWS\system32\nvsvc32.exe 556
C:\WINDOWS\system32\pctspk.exe 780
C:\WINDOWS\System32\svchost.exe 900
C:\WINDOWS\System32\TUProgSt.exe 960
C:\WINDOWS\system32\wuauclt.exe 1208
C:\PROGRA~1\Avast4\ashDisp.exe 2828
C:\WINDOWS\system32\ctfmon.exe 3572
C:\WINDOWS\System32\alg.exe 3908
C:\Program Files\IncrediMail\bin\IMApp.exe 2104
C:\Program Files\IncrediMail\bin\IncMail.exe 2168
C:\WINDOWS\system32\wscntfy.exe 1052
C:\Program Files\ESTsoft\ALZip\ALZip.exe 2820
C:\Documents and Settings\Jacky\Local Settings\Temporary Internet Files\Content.IE5\FHZ09CY9\List_Killem[1]\List_Kill'em.exe 2700
C:\WINDOWS\system32\cmd.exe 2624
C:\WINDOWS\system32\wbem\wmiprvse.exe 908
C:\Documents and Settings\Jacky\Local Settings\Temp\7.tmp\pv.exe 3900

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avast! REG_SZ C:\PROGRA~1\Avast4\ashDisp.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
undockwithoutlogon REG_DWORD 1 (0x1)
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ShutdownWithoutLogon REG_DWORD 1 (0x1)
NoDispCPL REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
RunStartupScriptSync REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoCDBurning REG_DWORD 0 (0x0)
ClearRecentDocsOnExit REG_DWORD 0 (0x0)
HideClock REG_DWORD 0 (0x0)
NoTrayItemsDisplay REG_DWORD 0 (0x0)
NoSMBalloonTip REG_DWORD 1 (0x1)
NoDesktopCleanupWizard REG_DWORD 0 (0x0)
NoLowDiskSpaceChecks REG_DWORD 0 (0x0)
MaxRecentDocs REG_DWORD 16 (0x10)
NoDriveAutoRun REG_DWORD 145 (0x91)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoResolveTrack REG_DWORD 1 (0x1)
NoPropertiesMyComputer REG_DWORD 0 (0x0)
NoFileAssociate REG_DWORD 0 (0x0)
StartMenuLogoff REG_DWORD 0 (0x0)
NoSMHelp REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 145 (0x91)
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvussrp]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImApp.exe REG_SZ C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\bfgclient\bfgclient.exe REG_SZ C:\Program Files\bfgclient\bfgclient.exe:*:Enabled:Jouer à Mes jeux
C:\Program Files\IncrediMail\bin\ImLc.exe REG_SZ C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail
C:\Program Files\Internet Explorer\iexplore.exe REG_SZ C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Freeplayer\vlc\vlc.exe REG_SZ C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player
D:\emule\emule.exe REG_SZ D:\emule\emule.exe:*:Enabled:eMule
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe REG_SZ C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
37,26 Go total, 20,64 Go libre (55%), 3% fragment‚ (fragmentation du fichier 7%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Program Files\Search Guard PlusU
C:\Program Files\SGPSA
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\WINDOWS\System32\hjjlm.bak1
C:\WINDOWS\System32\hjjlm.bak2
C:\WINDOWS\System32\hjjlm.ini2
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\Documents and Settings\Jacky\Local Settings\Application Data\ejqfubid.exe
C:\Documents and Settings\Jacky\Local Settings\Application Data\iuauk.exe
C:\Documents and Settings\Jacky\Local Settings\Application Data\mmisc.exe
C:\Documents and Settings\Jacky\Local Settings\Application Data\Kiwee Toolbar

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"
HKCR\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467}
HKCU\SOFTWARE\FunWebProducts
HKCU\software\Iminent
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
HKLM\software\Iminent
HKLM\SOFTWARE\SweetIM
HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_NDISRD
HKLM\SYSTEM\ControlSet004\Enum\Root\Legacy_NDISRD
HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_NDISRD

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-15 15:03:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:b7,47,53,e4,3c,d7,80,2f,69,13,84,15,59,b7,e6,b9,6b,db,0b,6f,c7,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:fe,32,c1,ac,0a,12,15,66,fe,6d,ad,76,43,e4,bc,09,89,da,8e,fc,5a,..
"a0"=hex:20,01,00,00,c4,8f,b9,32,63,5d,88,f4,ec,39,55,8f,78,95,48,75,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:0d,bc,87,49,9e,49,3b,90,40,50,83,b5,31,5e,e7,b2,98,ec,e4,a8,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:8e,cf,f2,9a,4e,fb,69,d3,cb,5f,2e,5f,c1,e8,37,ef,ed,15,96,d7,69,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:7e,12,41,6e,50,47,e7,45,ea,81,68,87,70,6d,47,b7,b6,19,38,fa,d3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]
"hdf12"=hex:cf,05,f7,fd,d6,c0,1f,17,41,a2,f0,b6,a0,7b,d8,c5,f5,4f,8a,55,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:b7,47,53,e4,3c,d7,80,2f,69,13,84,15,59,b7,e6,b9,6b,db,0b,6f,c7,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:fe,32,c1,ac,0a,12,15,66,fe,6d,ad,76,43,e4,bc,09,89,da,8e,fc,5a,..
"a0"=hex:20,01,00,00,c4,8f,b9,32,63,5d,88,f4,ec,39,55,8f,78,95,48,75,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:0d,bc,87,49,9e,49,3b,90,40,50,83,b5,31,5e,e7,b2,98,ec,e4,a8,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:8e,cf,f2,9a,4e,fb,69,d3,cb,5f,2e,5f,c1,e8,37,ef,ed,15,96,d7,69,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:7e,12,41,6e,50,47,e7,45,ea,81,68,87,70,6d,47,b7,b6,19,38,fa,d3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]
"hdf12"=hex:cf,05,f7,fd,d6,c0,1f,17,41,a2,f0,b6,a0,7b,d8,c5,f5,4f,8a,55,5f,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Ad-Remover
Adobe
AGEIA Technologies
Ahead
AIDA32 - Personal System Information
Avast4
bfgclient
Blingee Plus
Brother
CachemanXP
CCleaner
ComPlus Applications
Copernic Agent
Creative
CyberLink
DAEMON Tools Lite
DOKA Media
EA GAMES
Easy CD-DA Extractor 12
Eltima Software
eMule
Error Repair Professional
ESTsoft
EtiketaGoGo
FACTOURE
Fast Browser Search
Fichiers communs
Free
Freeplayer
Google
Iminent
Incredijeux
IncrediMail
InstallShield Installation Information
InterActual
Internet Explorer
IVT Corporation
Java
Lauyan
Le Mystere de la Momie
Malwarebytes' Anti-Malware
Maxis
Microids
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Picture It! PhotoPub
Microsoft Silverlight
Microsoft SQL Server
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Works
Microsoft Works Suite 2001
Microsoft.NET
MioNet
Movie Maker
MP3 Player Utilities 4.11
MP3 Player Utilities 4.18
MSBuild
MSECache
MSN Games
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
Navilog1
NetMeeting
Notepad++
NRJ
Nuance
Nvidia
Oberon Media
OpenOffice.org 3
orange
Outlook Express
Player Metaboli
Pogo FR
Pogo Jeux
QUAD Utilities
RADVideo
Reference Assemblies
ScanSoft
Search Guard Plus
Search Guard PlusU
Services en ligne
SGPSA
Skype
SLD Codec Pack
TomTom DesktopSuite
TomTom International B.V
Trend Micro
TuneUp Utilities 2009
Ubisoft
Uninstall Information
USB Disk Win98 Driver
VideoLAN
Windows Desktop Search
Windows Live
Windows Live SkyDrive
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
Zylom Games

============
Lecteur C:
============

14a4ee819b2732e025df0a9d9b
50f0f33591dd25cd09
670d855dc6e00c992fd3981b973a3294
Ad-Report-SCAN[1].log
Ad-Report-SCAN[2].log
ATI
AUTOEXEC.BAT
autorun.inf
boot.ini
Bootfont.bin
cleannavi.txt
Config.Msi
CONFIG.SYS
Documents and Settings
EML
Inetpub
IO.SYS
Kill'em
List'em.txt
Metaboli
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
pmw
Program Files
RECYCLER
Remote Programs
rsit
System Volume Information
TB.txt
Temp
TMOTM
ToolBar SD
UsbFix
UsbFix.txt
users
WGASetup.exe
WINDOWS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 30 / 33

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

Suppression :

REDEMARRE EN MODE SANS ECHEC ,

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

▶ colle le contenu de C:\Kill'em.txt dans ta réponse après avoir redémarré en mode normal

Réponse 31 / 33

pitchsoso Messages postés 43 Statut Membre

Kill'em by g3n-h@ckm@n 1.1.5.2

User : Jacky () # PC
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 16:54:01 | 15/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Celeron(TM) CPU 1300MHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 091215-0] 4.8.1368 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 37,26 Go (20,62 Go free) | NTFS
D:\ -> Disque fixe local | 6 Go (4,43 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 200
C:\WINDOWS\system32\csrss.exe 248
C:\WINDOWS\system32\winlogon.exe 272
C:\WINDOWS\system32\services.exe 316
C:\WINDOWS\system32\lsass.exe 328
C:\WINDOWS\system32\svchost.exe 480
C:\WINDOWS\system32\svchost.exe 540
C:\WINDOWS\system32\svchost.exe 584
C:\WINDOWS\system32\userinit.exe 1372
C:\WINDOWS\Explorer.EXE 1396
C:\Documents and Settings\Jacky\Local Settings\Temporary Internet Files\Content.IE5\FHZ09CY9\List_Killem[1]\List_Kill'em.exe 1508
C:\WINDOWS\system32\cmd.exe 1520
C:\WINDOWS\system32\wbem\wmiprvse.exe 1580
C:\Documents and Settings\Jacky\Local Settings\Temp\1.tmp\pv.exe 1688

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

"C:\Program Files\Search Guard PlusU"
"C:\Program Files\SGPSA"
"C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}"
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini2
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
C:\Documents and Settings\Jacky\Local Settings\Application Data\ejqfubid.exe
C:\Documents and Settings\Jacky\Local Settings\Application Data\iuauk.exe
C:\Documents and Settings\Jacky\Local Settings\Application Data\mmisc.exe
"C:\Documents and Settings\Jacky\Local Settings\Application Data\Kiwee Toolbar"

¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

ejqfubid.exe.Kill'em
hjjlm.bak1.Kill'em
hjjlm.bak2.Kill'em
hjjlm.ini2.Kill'em
hosts.msn.Kill'em
iuauk.exe.Kill'em
Kiwee Toolbar.Kill'em
mmisc.exe.Kill'em
Search Guard PlusU.Kill'em
SGPSA.Kill'em
{E1B94435-241E-4519-B1C3-C4DD9EB352A2}.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Deleted : HKCR\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467}
Deleted : HKCU\SOFTWARE\FunWebProducts
Deleted : HKCU\software\Iminent
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Deleted : HKCU\Software\SweetIM
Deleted : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Deleted : HKLM\software\Iminent
Deleted : HKLM\SOFTWARE\SweetIM

============
Disk Cleaned
============

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 32 / 33

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

fais moi un nouveau RSIT stp

Réponse 33 / 33

pitchsoso Messages postés 43 Statut Membre

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jacky at 2009-12-16 20:52:21
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 21 GB (55%) free of 38 GB
Total RAM: 384 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:47, on 16/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Documents and Settings\Jacky\Local Settings\Temporary Internet Files\Content.IE5\IC71NF1F\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Jacky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Blingee Toolbar - {D1121FE0-0145-44C9-AA35-72071AC20A9B} - C:\Program Files\Blingee Plus\blingeetb.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1121FE0-0145-44C9-AA35-72071AC20A9B} (Blingee Toolbar) - http://downloads.blingee.com/toolbar/blingeeplus_setup_a_1.0.0.5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553526000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4450F113-8487-4083-8D1F-7908C3A310BB}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvussrp - wvussrp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate1c9debd8b5e1e9a) (gupdate1c9debd8b5e1e9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O24 - Desktop Component 0: (no name) - http://musique.ados.fr/Rohff/photos/' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '

Discussions similaires

facebook je ne peux plus me deconnecter

Je n'arrive pas à me déconnecter de facebook

Déconnexion de Facebook impossible!!

impossibilité de déconnexion YouTube

Problème switch sur TV

Probleme de déconnection

33 réponses

Votre réponse

Discussions similaires

Newsletters