Sujet Précédent Sujet Suivant

Analyse d'un log Hijackthis..AÌDE

Résolu/Fermé
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012 - 8 août 2009 à 04:30
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012 - 9 août 2009 à 19:28
Bonjour,
quelqu'un pourrait analyser ce log pour moi et me dire quoi cocher? SVP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:26, on 07/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\hij.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_CA&Sys=DTP&M=GM5410H
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_CA&Sys=DTP&M=GM5410H
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_CA&Sys=DTP&M=GM5410H
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\inf\Other.exe
F3 - REG:win.ini: run=C:\Windows\system32\config\Win.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [dc2k5] C:\Windows\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\Windows\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\Windows\dc.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2267936125-1490591233-2162038121-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?AuthParam=1228086550_de177597d61053b19f3819d10c31724d&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab&File=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
8 août 2009 à 04:35
Bonjour,

Ton PC est infecté.

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 2 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
8 août 2009 à 05:19
voici le hijackthis et le info.txt

p.s juste pour ton information...je fais le tout via un laptop parce que les virus bloque l'accès a internet!

Logfile of random's system information tool 1.06 (written by random/random)
Run by costco at 2009-08-07 23:16:06
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 308 GB (83%) free of 372 GB
Total RAM: 2021 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:11, on 07/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Users\costco\Desktop\RSIT.exe
C:\Windows\system32\werfault.exe
C:\Users\costco\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\costco.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_CA&Sys=DTP&M=GM5410H
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_CA&Sys=DTP&M=GM5410H
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_CA&Sys=DTP&M=GM5410H
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\inf\Other.exe
F3 - REG:win.ini: run=C:\Windows\system32\config\Win.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [dc2k5] C:\Windows\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\Windows\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\Windows\dc.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2267936125-1490591233-2162038121-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?AuthParam=1228086550_de177597d61053b19f3819d10c31724d&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab&File=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 3 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
8 août 2009 à 21:16
quoi faire après destrio5?
0
Réponse 4 / 22
Alpha
8 août 2009 à 21:34
Tu es infecter par nasty il sert à quoi ton kapersky ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
8 août 2009 à 21:45
--> Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
Réponse 6 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
8 août 2009 à 23:30
Déjà une chose de faite, Internet et Kaspersky on recommencer a fonctionner, sauf que kaspersky ne peut telecharger les mise a jour...Bref voici le rapport ComboFix

Quoi faire après cela?

ComboFix 09-08-07.09 - costco 08/08/2009 17:10.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2021.1107 [GMT -4:00]
Lancé depuis: c:\users\costco\Desktop\CF.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2267936125-1490591233-2162038121-500
C:\install.exe
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
c:\windows\system32\drivers\ESQULqesixvsktlxnmotpokfbrfnvfpiyyvrs.sys
c:\windows\system32\ESQULcopqvxqvdietpupusvpwjxwqtuoycxox.dll
c:\windows\system32\ESQULoymugbximwlpxchxpomsembtkxnidjjy.dll
c:\windows\system32\ESQULzcounter
D:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-07-08 au 2009-08-08 ))))))))))))))))))))))))))))))))))))
.

2009-08-08 21:17 . 2009-08-08 21:21 -------- d-----w- c:\users\costco\AppData\Local\temp
2009-08-08 21:17 . 2009-08-08 21:17 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-08-08 21:17 . 2009-08-08 21:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-08-08 21:17 . 2009-08-08 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-08 03:56 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-08 03:13 . 2009-08-08 03:13 -------- d-----w- C:\rsit
2009-08-05 22:00 . 2009-08-05 22:01 -------- d-----w- c:\progra~2\NortonInstaller
2009-08-04 19:23 . 2008-01-02 21:37 184320 ----a-w- c:\windows\system32\igfxres.dll
2009-07-17 05:46 . 2009-07-17 05:46 48989 ----a-w- c:\program files\Uninstall.exe
2009-07-15 16:45 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 16:45 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 16:45 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 16:45 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 21:24 . 2009-02-09 01:30 -------- d-----w- c:\progra~2\Kaspersky Lab
2009-08-08 21:18 . 2009-02-09 01:30 5881376 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-08 21:18 . 2009-02-09 01:30 5628 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-08 21:18 . 2009-02-09 01:30 48076 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-08 21:18 . 2009-02-09 01:30 1024032 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-08 04:07 . 2007-04-04 12:13 70176 ----a-w- c:\users\costco\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-08 04:04 . 2008-10-17 22:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-08 04:00 . 2007-01-30 22:38 -------- d-----w- c:\progra~2\Microsoft Help
2009-08-08 03:59 . 2007-01-30 22:39 -------- d-----w- c:\program files\Microsoft Works
2009-08-07 22:02 . 2008-06-08 22:07 -------- d-----w- c:\progra~2\Symantec
2009-08-07 22:00 . 2009-08-07 22:00 -------- d-----w- c:\progra~2\Norton
2009-08-07 22:00 . 2007-12-15 19:13 -------- d-----w- c:\program files\Norton Security Scan
2009-08-07 22:00 . 2009-08-05 22:00 -------- d-----w- c:\program files\NortonInstaller
2009-08-07 19:21 . 2009-08-07 19:21 -------- d-----w- c:\users\costco\AppData\Roaming\Malwarebytes
2009-08-07 19:07 . 2009-08-07 19:07 -------- d-----w- c:\program files\Trend Micro
2009-08-06 22:16 . 2009-08-06 22:16 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2009-08-06 22:16 . 2009-08-06 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 21:56 . 2009-08-06 21:56 -------- d-----w- c:\progra~2\Malwarebytes
2009-08-06 21:52 . 2009-08-06 21:52 -------- d-----w- c:\program files\CCleaner
2009-08-04 19:03 . 2009-03-16 00:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 17:36 . 2009-08-06 21:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-08-06 21:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 07:05 . 2009-04-08 20:54 -------- d-----w- c:\users\Guest\AppData\Roaming\FrostWire
2009-07-21 21:52 . 2009-08-08 03:57 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-08 03:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-08 03:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:24 . 2009-07-01 04:21 680 ----a-w- c:\users\Guest\AppData\Local\d3d9caps.dat
2009-07-21 20:13 . 2009-08-08 03:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-10 00:24 . 2008-02-06 22:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-20 13:24 . 2009-02-09 01:31 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-20 13:24 . 2009-02-09 01:31 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-04-14 23:50 . 2008-05-13 22:39 88 --sh--r- c:\windows\System32\9231FA4B73.sys
2009-04-14 23:50 . 2008-05-13 22:39 4388 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 02:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-16 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-09 1838592]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-17 2348584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-09 206088]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" - c:\windows\ModPS2Key.exe [2006-11-07 53248]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-11-02 303104]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\costco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2267936125-1490591233-2162038121-1001]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2267936125-1490591233-2162038121-500]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2267936125-1490591233-2162038121-501]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85EE58D0-B501-49BF-BA88-3581CE0FECC8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{2C78ED56-42F9-4817-8035-72525DC71B27}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F39EF9E1-D57A-47A1-8856-FA4CD485DF67}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A5692CE7-2A03-41C4-BA4A-31F5F3A29348}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{6336E122-659E-436D-8CA0-AF3BE54702EB}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{3E4B5671-4EAF-45C2-93C2-98B56E85EECF}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{50264040-E06E-4CD1-8022-DCBFF56A5A3F}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{630AFACB-CA0B-4152-841F-18AC6E15658D}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{EA73A5B5-2E1B-4F9C-80E4-E69C1B792347}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3C59140C-3D01-4D90-B623-F98CA8677D72}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1A50E244-15F7-4838-9933-DED5C9A784F7}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{C0899167-63AD-428A-8FA5-EC36E770F99C}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A140B602-2EFE-410B-BF25-593B937E0C7F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E9CCC4DE-3544-47CB-8833-43B625BBA0A2}"= UDP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{504E99BB-A3CB-48A0-8053-F466D2ED194E}"= TCP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{C2996D6E-D01C-4A13-AC53-7B5A2CC12BBD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C0949D4C-121C-45B7-A66A-4700068676CB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C4D519DE-2FB5-4592-80AB-E5CFE4A6D59E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B4ADCE46-7537-41BA-83D4-7C2D878D4B9E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{36C4F84D-3BCE-473D-8154-2FE8CB4299BD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EFDEE487-2111-4107-82AA-5442BABB0724}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F39138EC-FD80-495A-A889-D1CD3CAED302}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{56C3101F-6A6D-490C-816D-B4458733A7BB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DFE1A4EA-BB2F-4067-9D4B-13D58656AB14}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5561F411-D04F-403D-BDC5-D28C1BB7CCC3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{449A5F3C-4A3A-48B7-A91A-69C62FDA4505}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{618BE58F-5034-4C9D-AD0C-74DA1CA2632B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6B6BF596-918B-4E65-9231-274F7B32DA27}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{00609742-3C15-457D-89DC-D92A2E85E473}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A45C6FD8-CC53-4E12-A067-909D9DC5B063}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9E593DB5-252C-454C-9B96-02C82DD2859E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7542FDF9-FAF7-41F7-9D96-7ADB8A257C33}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{499EDA74-8771-4ABC-A356-EBD53DCFCF52}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CCA01BB9-E87C-4A60-9952-41B39E1EF98D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6A45745-9227-426E-8802-FB780C6076D0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F4D4BC1C-2DBB-4B51-BAE0-DC7D8E4006B0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2B545E53-2DCB-4758-8DDA-158241DFB660}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C558993A-F66A-4780-BC23-4E444D60CBC9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{916EAF41-BA08-417C-A6AF-109BAE205033}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C207126B-959E-4C96-82B8-8B50F6C47B82}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7BFA7A75-B3BD-4157-A585-AC42E581A18A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC58F7B7-8127-48FC-982A-4742159B04DC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CA4B6418-324C-4EE0-9BC2-51DC42720559}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{357D854D-43B8-4EF7-BA84-C62565E97D61}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{57E12AFE-6C9D-4403-AEE5-321F43958607}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E1012E07-D3FD-4B27-A9A1-CDAC10C3BB78}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A1C24E73-8CBC-45E9-87EB-CBAAB3783BF8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2E782E91-F05D-4BCF-A2EB-B733E34BA306}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F8D5E346-290F-49B3-BCCF-AD6E19D0E1F4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B4564C30-B0EA-4605-AA64-92CB931DC1D7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{53AB0CFD-2540-49C7-9F34-212DA22BD882}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C170F716-645F-46D4-9F86-6CD01C330B30}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2E5D5A58-2B82-435C-BB0E-86A6BAD327F4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{67D51B60-8ABE-410D-93B8-9BB785E86551}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CCD5C806-F92B-4812-9E7C-00CF015671AD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86D355F8-FBAE-4C38-AE46-4110F7C19EA6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C105496C-7EBA-4558-88C6-75ACF48B5689}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{673418EA-931C-4A31-93D5-9F46237D33AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9416B30F-3732-4CD8-BAD9-BD5B40D0EA0B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9AA8236B-C6D2-486F-91EC-B92C5B93EA36}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D8D2D76B-9256-425D-A042-F25E62BCDC31}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F25EB973-1B5E-4079-BCFE-FDF0A9912754}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2190A3A9-B24F-4887-91E6-2B0BB76008F2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1DB4D571-DE8E-426F-89DE-59DF744CC0EC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1EE5ACB2-6AF0-484D-8F3E-77259A3017A6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0D209CB6-DD40-4A52-AC6B-DDA3B3C04409}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5BD660E0-160D-4EFF-92C6-BE1EEE0254FD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C678A764-92FC-4A41-96B9-D6D20993FFD6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EF6E4222-9588-4C1C-964A-CA96842767C0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C6DE250D-CBFB-4BA0-8DBC-0F12837ACB21}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{807789BE-1215-4C9F-BCFF-2BA570FB7C45}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{321CB9D5-8295-4497-88DA-1B6F66C67BEE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4EC5B09D-0FC1-4496-AC9E-13C243FBDB9D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB06AB0E-6A6C-459E-911E-373E5F141B4F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1D43430C-E199-4CCC-A9A1-0384C52113E9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7F41A5F7-0B54-4001-B8ED-59441AB73D74}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3DB3D7CB-9D53-4138-9C53-0FD7129D04BB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3C429837-C238-4112-80FE-76E692735B62}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2BB5E2DF-0D71-466D-A8F5-2D378B5ECBAA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{404D9C85-0B4A-4EED-B003-10B54506A91E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4F699E68-3A0A-48E2-8E9B-0A89123424E2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3F4465E1-29DB-4393-8FB8-1D8646185549}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BD24B91B-7654-4372-B4FA-C4D721863E40}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F35904D-6CCD-4210-9B49-F697E4B8EF90}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{18522C34-928A-40F5-A048-BF78FBF2B8BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BF9FB7A4-421F-4DA2-B380-C42F6D2DEFAD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3CB5B80C-FEF3-4B90-BA19-E7C960858B16}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29C1F72E-F7FD-4B56-B45A-873D226A6827}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC2289EA-3489-4720-A9EC-545DF5AEC4AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9978F5EB-A82E-4F8C-9151-0AA4EAFC9560}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E6E7ACAA-B602-43DC-B9FF-3E882E9258AD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1CB0C1B3-98B5-4E23-9285-533AF1DDA76A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3826C914-9A0D-4EDF-967E-A43DDF9CBEC1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{33C5C31F-E49B-4E66-8700-6EF6070AF639}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3DE82E68-AB09-4BFE-9D46-0C913EE8394E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8CA1C9DD-620B-42BA-BCFD-D192E68E940F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{67F74348-07D5-4D6E-8293-32BE71297F99}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B7414CE1-4FF1-4083-B45F-87468951BEC1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8842DC4D-BB80-4EE3-8F61-B4B22010FF95}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4C1F11D0-7DF8-4B50-B89A-4D6A68F1768F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E1EDFAB7-91BE-4A14-9672-589443597322}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6FC17E9D-432C-4C3D-9951-0E5985AB7305}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B104E526-1E06-46BB-8529-4CF67119EF99}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9B9C02DB-46FE-41BF-9C75-E8A0F48E3368}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0784069F-5A00-4622-9ED5-BBCB1C572726}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{973AD233-2C38-4AFD-9309-56E7E73A423D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65F1AF57-B46C-458A-9359-134291EB3E96}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B368D041-C68E-443D-82EA-BE2520510DD7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A331557-58E2-4472-96A9-B7DB7B2E82F9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3F3D0ADA-6DE7-4859-B34D-2FCB742BD086}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9BD6EBDF-E306-433D-88AC-0D1F2480137D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0701D270-C956-4FA2-8171-079B83EE7DA4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8A773BC7-FF0D-440D-956A-F9891F6D6638}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{064186F4-A010-440A-81E4-077860DC1707}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{28465268-BC19-45A2-BB8C-1B8617E78B69}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E2232B3C-80B5-49B7-80B1-6C6810CDAA98}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CD586A4C-FD0F-492E-BFF6-F0798EEFB26B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{03D592AA-25F8-4EF0-8D67-AA004DFBA7A1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3493F135-DAA6-4F4E-A027-A66B0EEE3982}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E4569F30-B74F-438B-A35D-576BBC214984}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0DC9E388-D6A2-4E9A-B718-266F45D2B4A6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D9EDE2BB-BB93-4DB0-ACF4-B1C9CFAC2A76}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8042807F-252A-49E2-9CCB-89E341FFCA80}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F020143E-C23D-4ED6-92C2-31BD987C614A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9BDC1F29-7E1E-42B8-99DD-A3DAA4D95543}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C0DB2EE3-063C-4ECD-8919-BDCF2EAED93D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{231F00DA-98DA-4F32-BD66-09DCAFC4D71D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3F63D8FA-09C4-4689-8B29-24CE538C4C6D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1F8EC479-8A78-4333-BDD5-BF811C7664F1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AA06B32A-4765-4BB5-AE61-C5AD4174894F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{52AE1071-DBAC-497F-B8E4-4190C44B1170}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A916BB75-6C6E-4C40-AAD4-96532D390029}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F3ECFE8C-7A95-405C-B9E4-A1AD1266869B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DA232DB1-A6E7-4BA5-A6B2-6808BC62AC6A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5DF17AA8-1F43-45A0-88D5-9DA081D81305}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3FF74426-6A9B-4FFB-B346-7CDCFD64CFC8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C67A3FC1-AC2A-4D5A-8549-E42F9CF73DD5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9BD1E1CB-05B9-44DA-BE92-76720377F1C7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CAF55E79-395A-493D-8225-3B81E0B48ADB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E520FAEA-8367-4D7F-B767-1E25833207C7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B137717C-E680-4F58-BC9B-5DB68FB747CB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F5CA37A-0038-4D08-8FA8-F2198D1A8BB3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CF1F9AF3-296B-4106-A5A7-9771BE6CCA66}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{47C9DC78-4FD2-4D48-9ADF-92A4AFB86A55}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6CA44AB0-B656-4442-BD5F-8CEB88ED7CCB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CF99DD95-F9FA-4A63-9473-26987E4AEDA4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5A49CC3-F288-484C-A970-BCF396C622FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3F1BBD88-F0D0-4E8A-9823-6C570986CA9E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8EC67878-B57F-4207-9EC0-39B31968F0C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{056D3278-8319-4AF6-8D6E-7B0E382A4B84}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FFFD5741-3712-4477-ACB8-A98F77D9F5F4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D9BD0E96-A44B-46BF-82EC-080B25310512}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A8CCC40E-BBAD-4AFD-9E0A-31D6E5C2FC5C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F0CE1F63-EC72-45DA-A0B3-3B1ECD375E65}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{048FD16A-E750-4A7A-BE85-437C8227B88E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6654C0EF-E100-4D7E-B947-979E011190D9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6F6AE0F0-786A-4A50-9C57-B0331203B01F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{019463B3-9A8F-40C9-B1A9-4A48D4BED3C5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5795F1AE-2514-446F-A817-DD7A86A202A4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D98BFC2C-599D-4E55-BD3C-753ED5347D0D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FEAA770F-D68E-4A55-9D99-C76CF6AEACFE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F68B7515-885A-44B1-95BE-CC2C1AA7AC10}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{45DEC35C-BB73-4D63-A207-D2C615C8FD0B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 18:29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 18:28 20496]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [29/10/2006 13:03 208896]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [27/09/2006 20:37 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [19/10/2006 19:49 7424]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [30/01/2007 18:29 5504]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [18/02/2009 20:50 28672]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [15/08/2007 22:49 552448]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [30/01/2007 19:09 147328]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [06/08/2009 17:56 38160]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [02/11/2006 06:25 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_CA&Sys=DTP&M=GM5410H
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 17:20
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4496)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-08-08 17:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-08-08 21:26

Avant-CF: 321 405 042 688 bytes free
Après-CF: 321 203 433 472 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,21
391 --- E O F --- 2009-08-08 04:01
0
Réponse 7 / 22
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
8 août 2009 à 23:49
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 8 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
9 août 2009 à 00:06
Voici le rapport de Malawarebytes:

Malwarebytes' Anti-Malware 1.40
Database version: 2581
Windows 6.0.6001 Service Pack 1

08/08/2009 18:05:07
mbam-log-2009-08-08 (18-05-07).txt

Scan type: Quick Scan
Objects scanned: 94542
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Uninstall.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
0
Réponse 9 / 22
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
9 août 2009 à 07:54
● Relance MBAM, va dans Quarantaine et supprime tout.

● Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\

● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
● Double-clique sur le raccourci d'Ad-Remover située sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
● Au menu principal, choisis l'option L.
● Poste le rapport généré (C:\Ad-Report-CLEAN.log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
0
Réponse 10 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
9 août 2009 à 18:14
Voici le rapport de Ad-remover

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:21:51, 09/08/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PAUL | Utilisateur actuel: costco
.
Administrateur: Administrator *Desactive*
Administrateur: costco
Administrateur: Guest
N'est pas administrateur: IUSR_NMPR
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Trymedia Systems
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
.
C:\ProgramData\Trymedia\data
C:\ProgramData\Trymedia\licenses
C:\ProgramData\Trymedia\data\{1228F1EA-5263-FECB-18D4-E87BCB0172CE}
C:\ProgramData\Trymedia\data\{B7A7975B-6A5F-29D8-03C9-9DB52EF87421}
C:\ProgramData\Trymedia\data\{BB605FEC-DCAD-9FC7-A513-3485A3E88292}
C:\ProgramData\Trymedia\data\{CDB0F498-5798-89A2-AB5F-3BC243E2EEF7}
C:\ProgramData\Trymedia\data\{D27416EE-7BA9-4D97-B4FE-CC2D5E8131F8}
C:\ProgramData\Trymedia
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 8.0.6001.18813 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
3243 Octet(s) - C:\Ad-Report-CLEAN.log
.
6 Fichier(s) - C:\Users\costco\AppData\Local\Temp
1 Fichier(s) - C:\Windows\Temp
.
19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
7 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 11:32:26 | 09/08/2009
.
============== E.O.F ==============
.
0
Réponse 11 / 22
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
9 août 2009 à 18:17
--> Désinstalle Java SE Runtime Environment et Ad-Remover.

--> Mets à jour Java.

--> Mets à jour Adobe Reader.

--> Refais un scan RSIT et poste le rapport log.
0
Réponse 12 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
9 août 2009 à 18:45
voici le rist

Logfile of random's system information tool 1.06 (written by random/random)
Run by costco at 2009-08-09 12:45:01
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 306 GB (82%) free of 372 GB
Total RAM: 2021 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:26, on 09/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\costco\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\costco.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-21-2267936125-1490591233-2162038121-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-2267936125-1490591233-2162038121-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-2267936125-1490591233-2162038121-501\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Guest')
O4 - S-1-5-21-2267936125-1490591233-2162038121-501 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Guest')
O4 - S-1-5-21-2267936125-1490591233-2162038121-501 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Guest')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 13 / 22
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
9 août 2009 à 18:47
Plus de souci ?
0
Réponse 14 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
9 août 2009 à 18:48
Pour l'instant tout fonctionn comme il le faut!!!

Je te remercie.

Si quelque chose survien encore je reecrirez sur ce post!
0
Réponse 15 / 22
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
9 août 2009 à 18:51
1/

---> Désinstalle HijackThis.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Clique droit sur ToolsCleaner2.exe et choisis Exécuter en tant qu'administrateur.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


==Prévention==

Réactive l'UAC si ce n'est pas déjà fait.

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer.

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


Sois plus vigilant(e) sur Internet ;)
0
Réponse 16 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
9 août 2009 à 19:16
Pour ton information, quand je démare toolscleaner2, ça dit>: le programme ne répond pas ainsi de suite.
0
Réponse 17 / 22
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
9 août 2009 à 19:17
Tu l'exécutes bien en tant qu'administrateur ?
0
Réponse 18 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
9 août 2009 à 19:18
Ouais sans ausun doute, c'est seulement quand je clic sur Recherche qu'il ne repond plus.
0
Réponse 19 / 22
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
9 août 2009 à 19:20
Supprime ce dossier : C:\Qoobox et passe à la suite.
0
Réponse 20 / 22
bilibob78 Messages postés 82 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 15 janvier 2012
9 août 2009 à 19:25
même problème...ne repond toujours pas
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
TI college plus (calculatrice probleme)
help39 -
Whismeril -

3 réponses
Analyse et réparation du lecteur C
Fusco -
Malekal_morte- -

9 réponses
Probleme bogue
Ines -
Pimmer -

1 réponse
échec de l'analyse antivirus
StalkerShadows -
ness -

19 réponses