Trojan de tuype Qhosts

Salut,

Régis TOUSSAINT:

Host est clean..

'Hosts'

Tu peux publier ici un rapport de l'utilitaire HijackThis. La
cause de tout ceci sera forcément visible.

Toutes les infos dont tu as besoin sont
compilées ici: http://joke0.free.fr/ht.html

--
joke0

Voici mes logs :
qu'est-ce que je flingue ? Merci

"joke0" <joke0_NOSWEN@tiscali.fr> a écrit dans le message de news:
XnF95B5B22584DDCjoke0@127.0.0.1...

Salut,

Régis TOUSSAINT:

Host est clean..

'Hosts'

Tu peux publier ici un rapport de l'utilitaire HijackThis. La
cause de tout ceci sera forcément visible.

Toutes les infos dont tu as besoin sont
compilées ici: http://joke0.free.fr/ht.html

--
joke0

Salut,

Régis TOUSSAINT:

Voici mes logs :

Logfile of HijackThis v1.98.2
Scan saved at 17:22:14, on 05/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAnyplacePCanyplacepc.exe
C:WINDOWSSystem32basfipm.exe
C:Program FilesNavNTdefwatch.exe
C:WINDOWSsystem32cbapds.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNavNTrtvscan.exe
C:WINDOWSSystem32snmp.exe
C:WINDOWSSYSTEM32ZoneLabsvsmon.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSsystem32cbaxfr.exe
C:WINDOWSsystem32MsgSys.EXE
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesApointApoint.exe
C:Program FilesJavaj2re1.4.2_03binjusched.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesDellQuickSetquickset.exe
C:WINDOWSSystem32DSentry.exe
C:Program FilesElaborate BytesCloneCDCloneCDTray.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesICQLiteICQLite.exe
C:Program FilesApointApntex.exe
C:Program FilesNavNTvptray.exe
C:Program FilesPESTPA~1PPControl.exe
C:PROGRA~1PESTPA~1CookiePatrol.exe
C:PROGRA~1PESTPA~1PPMemCheck.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesVodafoneVodafone Connect Meautoupdate_srv.exe
C:Program FilesMicrosoft OfficeOffice10OUTLOOK.EXE
C:Program FilesMicrosoft OfficeOffice10WINWORD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:WINDOWSmsagentAgentSvr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesAdobeAcrobat 6.0AcrobatAcrobat.exe
C:Documents and SettingsDellDesktopHijackThis.zl9.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page http://private.best.eu.org/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.
yahoo.com/ext/search/search.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext http://www.pandasoftware.com/activescan/com/activescan_principal.htm
O1 - Hosts: 66.102.11.99 www.google.fr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}
- C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} -
C:PROGRA~1STARDO~1SDIEInt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O4 - HKLM..Run: [Apoint] C:Program FilesApointApoint.exe
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.4.2_03binjusched.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control
Panelatiptaxx.exe
O4 - HKLM..Run: [Dell QuickSet] C:Program
FilesDellQuickSetquickset.exe
O4 - HKLM..Run: [bascstray] BascsTray.exe
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [CloneCDElbyCDFL] "C:Program FilesElaborate
BytesCloneCDElbyCheck.exe" /L ElbyCDFL
O4 - HKLM..Run: [CloneCDTray] "C:Program FilesElaborate
BytesCloneCDCloneCDTray.exe"
O4 - HKLM..Run: [StorageGuard] "C:Program FilesVERITAS SoftwareUpdate
Managersgtray.exe" /r
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [ICQ Lite] C:Program FilesICQLiteICQLite.exe -minimize
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [vptray] C:Program FilesNavNTvptray.exe
O4 - HKLM..Run: [PestPatrol Control Center] C:Program
FilesPESTPA~1PPControl.exe
O4 - HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone
LabsZoneAlarmzlclient.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..RunOnce: [ICQ Lite] C:Program FilesICQLiteICQLite.exe
-trayboot
O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat
6.0Distillracrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O4 - Global Startup: Vodafone Connect Me Update Agent.lnk = C:Program
FilesVodafoneVodafone Connect Meautoupdate_srv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no
file)
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:Program
FilesICQLiteICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/house
call/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete..cab
O17 -
HKLMSystemCCSServicesTcpip..{63E5261D-1F1B-4604-8B36-3006743E1CF1}:
NameServer = 172.27.0.1

--
joke0

Salut,

joke0:

O17 -
HKLMSystemCCSServicesTcpip..{63E5261D-1F1B-4604-8B36-30067
43E1CF1}: NameServer = 172.27.0.1

Je ne vois rien d'autre que ça. C'est une adresse de réseau
privée (172.27.0.1). je suppose que les requêtes DNC passent par
là, donc s'il y a un problème...

--
joke0

Je remédie sur cette clef et je te tiens au courant, merci...

"joke0" <joke0_NOSWEN@tiscali.fr> a écrit dans le message de news:
XnF95B6D0C77198Djoke0@127.0.0.1...

Salut,

joke0:

O17 -
HKLMSystemCCSServicesTcpip..{63E5261D-1F1B-4604-8B36-30067
43E1CF1}: NameServer = 172.27.0.1

Je ne vois rien d'autre que ça. C'est une adresse de réseau
privée (172.27.0.1). je suppose que les requêtes DNC passent par
là, donc s'il y a un problème...

--
joke0

Salut,

joke0:

les requêtes DNC

DNS bien sûr. Si tu n'est pas sur un réseau local, normalement
c'est une IP que ton FAI t'as communiqué qui doit y être. Cf.
Les réglages du protocole TCP/IP.

--
joke0

Oui bien sûr, cela n'a pas réglé le problème. Je vu également la clef :
O1 - Hosts: 66.102.11.99 www.google.fr qui est un redirecteur, je vais voir
en la supprimant.
C'est un peu compliquer car il s'agit d'une machine distante (Londres, moi à
Paris) et que je n'ai pas la main dessus comme je veux.

Je te tiens au courant, et te remerci, A+, Régis

"joke0" <joke0_NOSWEN@tiscali.fr> a écrit dans le message de news:
XnF95B6D1E663B23joke0@127.0.0.1...

Salut,

joke0:

les requêtes DNC

DNS bien sûr. Si tu n'est pas sur un réseau local, normalement
c'est une IP que ton FAI t'as communiqué qui doit y être. Cf.
Les réglages du protocole TCP/IP.

--
joke0

Je viens de régler le problème voici mes logs :

Un très grand merci pour ton aide et soutien, très bonne journée à toi
joke0:


Logfile of HijackThis v1.98.2
Scan saved at 08:23:10, on 06/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAnyplacePCanyplacepc.exe
C:WINDOWSSystem32basfipm.exe
C:Program FilesNavNTdefwatch.exe
C:WINDOWSsystem32cbapds.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNavNTrtvscan.exe
C:WINDOWSSystem32snmp.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSsystem32cbaxfr.exe
C:WINDOWSsystem32MsgSys.EXE
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesApointApoint.exe
C:Program FilesJavaj2re1.4.2_03binjusched.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesDellQuickSetquickset.exe
C:WINDOWSSystem32DSentry.exe
C:Program FilesApointApntex.exe
C:Program FilesElaborate BytesCloneCDCloneCDTray.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesICQLiteICQLite.exe
C:Program FilesNavNTvptray.exe
C:Program FilesPESTPA~1PPControl.exe
C:PROGRA~1PESTPA~1CookiePatrol.exe
C:PROGRA~1PESTPA~1PPMemCheck.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesVodafoneVodafone Connect Meautoupdate_srv.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32RDSHOST.exe
C:WINDOWSsystem32sessmgr.exe
C:Documents and SettingsDellDesktopHijackThis.zl9.exe
C:Program FilesInternet Exploreriexplore.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext =
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class -
{AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat
6.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O4 - HKLM..Run: [Apoint] C:Program FilesApointApoint.exe
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.4.2_03binjusched.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control
Panelatiptaxx.exe
O4 - HKLM..Run: [Dell QuickSet] C:Program
FilesDellQuickSetquickset.exe
O4 - HKLM..Run: [bascstray] BascsTray.exe
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [CloneCDElbyCDFL] "C:Program FilesElaborate
BytesCloneCDElbyCheck.exe" /L ElbyCDFL
O4 - HKLM..Run: [CloneCDTray] "C:Program FilesElaborate
BytesCloneCDCloneCDTray.exe"
O4 - HKLM..Run: [StorageGuard] "C:Program FilesVERITAS SoftwareUpdate
Managersgtray.exe" /r
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [ICQ Lite] C:Program FilesICQLiteICQLite.exe -minimize
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [vptray] C:Program FilesNavNTvptray.exe
O4 - HKLM..Run: [PestPatrol Control Center] C:Program
FilesPESTPA~1PPControl.exe
O4 - HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone
LabsZoneAlarmzlclient.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..RunOnce: [ICQ Lite] C:Program
FilesICQLiteICQLite.exe -trayboot
O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat
6.0Distillracrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O4 - Global Startup: Vodafone Connect Me Update Agent.lnk = C:Program
FilesVodafoneVodafone Connect Meautoupdate_srv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:Program
FilesICQLiteICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

Salut,

Régis TOUSSAINT:

Je viens de régler le problème voici mes logs :

Je ne vois rien de particulier.

--
joke0

Problème résolu voici les logs :

J'ai un peu pataugé, une grand merci pour ton aide joke0 et ton site, bonne
journée.

Logfile of HijackThis v1.98.2
Scan saved at 08:23:10, on 06/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAnyplacePCanyplacepc.exe
C:WINDOWSSystem32basfipm.exe
C:Program FilesNavNTdefwatch.exe
C:WINDOWSsystem32cbapds.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNavNTrtvscan.exe
C:WINDOWSSystem32snmp.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSsystem32cbaxfr.exe
C:WINDOWSsystem32MsgSys.EXE
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesApointApoint.exe
C:Program FilesJavaj2re1.4.2_03binjusched.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesDellQuickSetquickset.exe
C:WINDOWSSystem32DSentry.exe
C:Program FilesApointApntex.exe
C:Program FilesElaborate BytesCloneCDCloneCDTray.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesICQLiteICQLite.exe
C:Program FilesNavNTvptray.exe
C:Program FilesPESTPA~1PPControl.exe
C:PROGRA~1PESTPA~1CookiePatrol.exe
C:PROGRA~1PESTPA~1PPMemCheck.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesVodafoneVodafone Connect Meautoupdate_srv.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32RDSHOST.exe
C:WINDOWSsystem32sessmgr.exe
C:Documents and SettingsDellDesktopHijackThis.zl9.exe
C:Program FilesInternet Exploreriexplore.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext =
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class -
{AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat
6.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O4 - HKLM..Run: [Apoint] C:Program FilesApointApoint.exe
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.4.2_03binjusched.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control
Panelatiptaxx.exe
O4 - HKLM..Run: [Dell QuickSet] C:Program
FilesDellQuickSetquickset.exe
O4 - HKLM..Run: [bascstray] BascsTray.exe
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [CloneCDElbyCDFL] "C:Program FilesElaborate
BytesCloneCDElbyCheck.exe" /L ElbyCDFL
O4 - HKLM..Run: [CloneCDTray] "C:Program FilesElaborate
BytesCloneCDCloneCDTray.exe"
O4 - HKLM..Run: [StorageGuard] "C:Program FilesVERITAS SoftwareUpdate
Managersgtray.exe" /r
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [ICQ Lite] C:Program FilesICQLiteICQLite.exe -minimize
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [vptray] C:Program FilesNavNTvptray.exe
O4 - HKLM..Run: [PestPatrol Control Center] C:Program
FilesPESTPA~1PPControl.exe
O4 - HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone
LabsZoneAlarmzlclient.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..RunOnce: [ICQ Lite] C:Program
FilesICQLiteICQLite.exe -trayboot
O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat
6.0Distillracrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O4 - Global Startup: Vodafone Connect Me Update Agent.lnk = C:Program
FilesVodafoneVodafone Connect Meautoupdate_srv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:Program
FilesICQLiteICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab