Win32:TratBHO [Trj] (Résolu!) (1/1)

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 19:28:47 27/01/2008

Listing files found while scanning....

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 18:02:14 07/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\gebbyvs.dll
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rympxhpd.dll
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\vtsqn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebbyvs.dll
C:\WINDOWS\system32\gebbyvs.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rympxhpd.dll
C:\WINDOWS\system32\rympxhpd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vtsqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebbyvs.dll
C:\WINDOWS\system32\gebbyvs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 18:39:13 07/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\gebbyvs.dll
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pmnnl.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebbyvs.dll
C:\WINDOWS\system32\gebbyvs.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\lnnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnnl.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebbyvs.dll
C:\WINDOWS\system32\gebbyvs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

ComboFix 08-02.05.3 - HP_Administrateur 2008-02-07 19:06:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1494 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\gebbyvs.dll
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\oorddahpuq.dat
C:\WINDOWS\system32\oorddahpuq_nav.dat
C:\WINDOWS\system32\oorddahpuq_navps.dat
D:\Autorun.inf

----- BITS: Possible sites infect‚s -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))))))))
.

2008-02-06 21:55 . 2003-07-20 19:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-06 21:55 . 2005-01-04 10:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-06 21:54 . 2008-02-06 21:54 <REP> d-------- C:\Program Files\Common Files
2008-02-06 21:34 . 2008-02-06 21:34 <REP> d-------- C:\Program Files\Gpotato.eu
2008-02-05 22:05 . 2008-02-05 22:05 101 --a------ C:\WINDOWS\tmp.tmp.tmp
2008-02-01 17:19 . 2008-02-01 17:19 <REP> d-------- C:\Program Files\Lavasoft
2008-02-01 17:18 . 2008-02-01 17:18 0 --a------ C:\WINDOWS\syscheck.INI
2008-01-28 17:34 . 2008-02-07 19:00 54,800 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-01-27 21:43 . 2008-01-27 21:43 <REP> dr-h-c--- C:\Documents and Settings\HP_Administrateur\Application Data\SecuROM
2008-01-27 21:43 . 2008-01-27 21:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-27 21:14 . 2008-01-27 21:14 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-27 21:14 . 2008-02-05 21:09 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-27 21:14 . 2008-01-27 21:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-27 21:14 . 2008-02-05 16:37 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-27 21:14 . 2008-01-27 21:14 22,328 --a--c--- C:\Documents and Settings\HP_Administrateur\Application Data\PnkBstrK.sys
2008-01-27 21:05 . 2008-01-27 21:05 <REP> d-------- C:\Program Files\Electronic Arts
2008-01-27 19:28 . 2008-02-07 18:56 <REP> d----c--- C:\VundoFix Backups
2008-01-24 10:42 . 2008-01-24 10:42 0 --a------ C:\WINDOWS\pcfriend.INI
2008-01-24 10:22 . 2008-01-24 10:23 <REP> d-------- C:\Program Files\PCFriendly
2008-01-23 22:51 . 2008-01-23 22:51 126,976 --a------ C:\WINDOWS\War3Unin.exe
2008-01-23 22:51 . 2008-01-24 18:11 28,737 --a------ C:\WINDOWS\War3Unin.dat
2008-01-23 22:51 . 2008-01-23 22:51 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-01-23 22:49 . 2008-02-06 20:51 <REP> d-------- C:\Program Files\Warcraft III
2008-01-20 20:51 . 2008-02-06 18:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 20:51 . 2008-01-20 20:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-19 21:34 . 2006-11-08 09:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys
2008-01-19 21:34 . 2006-11-08 09:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe
2008-01-16 17:02 . 2008-01-23 22:02 <REP> d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\Hamachi
2008-01-16 17:01 . 2008-01-16 17:02 <REP> d-------- C:\Program Files\Hamachi
2008-01-16 17:01 . 2008-01-16 17:01 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-12 21:52 . 2008-01-12 21:52 <REP> d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\InstallShield Installation Information
2008-01-12 21:40 . 2008-01-12 21:40 <REP> d-------- C:\Program Files\Unreal Tournament 3
2008-01-09 19:21 . 2008-01-09 20:32 214 --a--c--- C:\LevelParTimes.csv
2008-01-08 20:21 . 2008-01-08 20:22 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.17

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 18:00 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 1
2008-02-07 17:32 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\uTorrent
2008-02-07 08:56 --------- d-----w C:\Documents and Settings\Michele-Christian\Application Data\StarOffice8
2008-02-06 20:37 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\StarOffice8
2008-02-01 16:19 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Lavasoft
2008-01-27 12:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-23 18:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 20:40 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-12 20:39 --------- d-----w C:\Program Files\AGEIA Technologies
2008-01-03 22:31 --------- d-----w C:\Program Files\CCleaner
2008-01-03 21:04 --------- d-----w C:\Program Files\Yahoo!
2008-01-03 20:53 --------- d-----w C:\Program Files\eMule
2008-01-03 20:51 --------- d-----w C:\Program Files\Bonjour
2008-01-03 20:15 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\Smart PC Solutions
2008-01-03 20:14 --------- d-----w C:\Program Files\Smart PC Solutions
2008-01-01 16:56 --------- d-----w C:\Documents and Settings\Michele-Christian\Application Data\VMNTOOLBAR
2008-01-01 14:40 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\pokerth
2008-01-01 14:38 --------- d-----w C:\Program Files\PokerTH
2007-12-29 09:04 --------- d-----w C:\Program Files\Google
2007-12-28 13:40 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\Leadertech
2007-12-26 19:46 --------- d-----w C:\Program Files\Visicom Media
2007-12-25 17:51 --------- d-----w C:\Program Files\uTorrent
2007-12-23 12:21 --------- d-----w C:\Documents and Settings\Michele-Christian\Application Data\U3
2007-12-20 16:36 --------- d-----w C:\Program Files\MSN Messenger
2007-12-20 16:36 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 01:14 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
2007-09-09 08:54 1,590 -c--a-w C:\Documents and Settings\Michele-Christian\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C573D2F-6A7E-4FD9-8A00-7B30EA385A50}]
C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB409D1E-A71C-4289-AE75-0976C3933993}]
C:\WINDOWS\system32\pmnnl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 18:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-20 19:06 7622656]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 01:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 14:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 14:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 22:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-26 20:44 185632]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 16:48 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 16:58 1060376]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57 81408]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"gfxtray"="ctccw32.dll" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"DNS7reminder"="C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" [2004-11-15 01:20 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 11:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 11:02]
R2 Apache2.2;Apache2.2;"C:\xampplite\apache\bin\apache.exe" [2007-03-05 11:23]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 04:36]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 18:44]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 19:14:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\xampplite\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-07 19:20:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 18:19:55
.
2008-01-09 09:07:19 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:43, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\xampplite\apache\bin\apache.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\xampplite\apache\bin\apache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\xampplite\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrateur\Bureau\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C573D2F-6A7E-4FD9-8A00-7B30EA385A50} - C:\WINDOWS\system32\awtqr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DB409D1E-A71C-4289-AE75-0976C3933993} - C:\WINDOWS\system32\pmnnl.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampplite\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mysql - Unknown owner - C:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11423 bytes

Win32:TratBHO [Trj]

Participer! →

Sw25 →

Le 7 février à 17:17 #

land3 →

Le 7 février à 17:48 #

Sw25 →

Le 7 février à 18:04 #

land3 →

Le 8 février à 11:18 #

Sw25 →

Le 8 février à 16:31 #

land3 →

Le 8 février à 17:18 #

Sw25 →

Le 8 février à 17:25 #

land3 →

Le 8 février à 17:32 #

Sw25 →

Le 8 février à 17:36 #

Participer! →

Sujets Connexes

Arakien & WéWé

Du nouveau ?

Forums

Navigation

Publicité

Connectés

Recherche

Concours

Partenaires

	Win32:TratBHO [Trj]
	» Liste des Forums » Virus, troyens, etc... » Discussion