Infection virus TratBHO[Trj]

le 14 mai 2008

Bonjour,

Mon ordianteur est infecté par ce virus.

J'ai réalisé les manipulations suivantes :

Passage Hijackthis, ci-joint rapport :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:14:03, on 02/05/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\msmsgs.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\rundll32.exe

C:\Program Files\AOL 8.0j\aoltray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\HTV6100\IRMONITOR.EXE

C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe

C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe

C:\Program Files\OLITEC\MOH\LtMoh.exe

C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr10.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [imInstaller_IncrediMail] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe

O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe

O4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe" 1014021

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'Default user')

O4 - Startup: MOH.lnk = C:\Program Files\OLITEC\MOH\LtMoh.exe

O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0j\aoltray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HTV6100 Remote Controller Service.lnk = ?

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe

O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://parici.sopragroup.com/postauthI/epi.cab

O20 - Winlogon Notify: mLeCSiGY - mLeCSiGY.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 9138 bytes

Ensuite passage Combofix (je ne sais pas si j'ai bien fait!!!)

Ci-joint rapport :

ComboFix 08-05-01.1 - Propriétaire 2008-05-02 15:25:33.1 - NTFSx86

Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Florent\Menu Démarrer\crazy girls.lnk

C:\Documents and Settings\Nathalie\Menu Démarrer\crazy girls.lnk

C:\Program Files\mailskinner

C:\Program Files\mailskinner\anim_0.gif

C:\Program Files\mailskinner\anim_help.gif

C:\Program Files\mailskinner\banner.jpg

C:\Program Files\mailskinner\emo.bmp

C:\Program Files\mailskinner\icon1.ico

C:\Program Files\mailskinner\MailSkinner.exe

C:\Program Files\mailskinner\OESkinner.dll

C:\Program Files\mailskinner\OLSkinner.dll

C:\Program Files\mailskinner\SOFTWARE LICENSE.rtf

C:\Program Files\mailskinner\Thumbs.db

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\msskinner

C:\WINDOWS\msskinner\msbackup.dat

C:\WINDOWS\pack.epk

C:\WINDOWS\rundll32.exe

C:\WINDOWS\system32\.exe

C:\WINDOWS\system32\a.exe

C:\WINDOWS\system32\ftpupd.exe

C:\WINDOWS\system32\msmsgs.exe

C:\WINDOWS\tmlpcert2007

.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))

.

2008-04-26 13:58 . 2008-05-01 15:52 44,696 ---hs---- C:\lox.exe

2008-04-21 22:33 . 2008-04-21 22:33 <REP> d-------- C:\Documents and Settings\morgan.LACASSAGNE\Application Data\vlc

2008-04-16 10:50 . 2006-06-07 17:55 2,410,076 -ra------ C:\WINDOWS\system32\drivers\AGRSM.sys

2008-04-16 10:50 . 2006-06-07 17:55 88,365 --------- C:\WINDOWS\AGRSMMSG.exe

2008-04-16 10:50 . 2006-06-07 17:55 68,096 --------- C:\WINDOWS\system32\agrsmdel.exe

2008-04-16 10:50 . 2006-06-07 17:55 68,096 -ra------ C:\WINDOWS\agrsmdel.exe

2008-04-16 10:46 . 2008-04-16 10:46 <REP> d-------- C:\WINDOWS\Options

2008-04-16 10:46 . 2008-04-16 10:46 <REP> d-------- C:\Program Files\OLITEC

2008-04-14 21:55 . 2008-04-14 21:55 <REP> d-------- C:\Documents and Settings\tintin\Application Data\Samsung

2008-04-14 21:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-04-14 21:45 . 2008-04-14 21:45 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-04-14 21:45 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys

2008-04-14 21:45 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys

2008-04-14 21:45 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys

2008-04-14 21:45 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys

2008-04-14 21:45 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys

2008-04-14 21:45 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys

2008-04-14 21:45 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys

2008-04-14 21:45 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-04-14 21:44 . 2008-04-14 21:44 <REP> d-------- C:\Program Files\Samsung

2008-04-14 21:44 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-04-05 22:19 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-04-05 22:19 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-04-05 22:19 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-04-05 22:19 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-04-05 19:59 . 2008-05-02 15:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-05 19:59 . 2008-04-05 19:59 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-02 18:31 . 2008-04-02 18:31 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4

2008-04-02 18:30 . 2008-04-02 18:30 <REP> d-------- C:\Program Files\Fichiers communs\Autodata Limited Shared

2008-04-02 18:30 . 2008-04-02 19:09 <REP> d-------- C:\ADCDA2

2008-04-02 18:29 . 2008-04-02 18:29 <REP> d-------- C:\ADCDTEMP

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 12:43 --------- d-----w C:\Program Files\AOL 8.0j

2008-05-02 12:02 --------- d-----w C:\Program Files\Telecatalog

2008-04-15 17:24 5,704 ----a-w C:\Documents and Settings\tintin\Application Data\wklnhst.dat

2008-04-14 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-09 06:46 9,294 ----a-w C:\Documents and Settings\Propriétaire\Application Data\wklnhst.dat

2008-03-09 16:12 --------- d-----w C:\Program Files\KONAMI

2007-03-17 09:54 3,656 ----a-w C:\Documents and Settings\morgan.LACASSAGNE\Application Data\wklnhst.dat

2006-12-31 10:39 59,352 ----a-w C:\Documents and Settings\morgan.LACASSAGNE\Application Data\GDIPFONTCACHEV1.DAT

2006-06-08 15:55 160 ----a-w C:\Documents and Settings\fly\Application Data\wklnhst.dat

2006-04-15 09:54 1,058 ----a-w C:\Documents and Settings\Florent\Application Data\wklnhst.dat

2006-04-10 20:20 164 ----a-w C:\Documents and Settings\Nathalie\Application Data\wklnhst.dat

2006-04-09 15:46 3,334 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\wklnhst.dat

2006-04-09 15:12 62,752 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT

2006-04-09 15:12 62,752 ----a-w C:\Documents and Settings\tintin\Application Data\GDIPFONTCACHEV1.DAT

2006-04-09 15:12 62,752 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT

2006-03-20 21:05 152 ----a-w C:\Documents and Settings\Morgan\Application Data\wklnhst.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]

"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00 204800]

"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 22:25 24576]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]

"Microsoft Windows Driver"="C:\WINDOWS\rundll32.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SWHelper"="C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe" [2007-11-03 14:49 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07 114688]

"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23 90112]

"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]

"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:56 483328]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]

"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]

"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]

"VTTimer"="VTTimer.exe" []

"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-05-26 21:28 26112]

"AGRSMMSG"="AGRSMMSG.exe" [2006-06-07 17:55 88365 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Oftice"="C:\WINDOWS\System32\msmsgs.exe" [ ]

C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\

MOH.lnk - C:\Program Files\OLITEC\MOH\LtMoh.exe [2006-06-07 17:55:12 188416]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

AOL 8.0 Ic“ne AOL.lnk - C:\Program Files\AOL 8.0j\aoltray.exe [2005-12-11 19:35:46 36937]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 09:20:40 233472]

HTV6100 Remote Controller Service.lnk - C:\WINDOWS\HTV6100\IRMONITOR.EXE [2006-09-14 17:54:20 245760]

KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 16432]

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2006-08-30 21:14:18 270336]

Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-01 03:57:40 176128]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2006-09-14 17:55:11 241664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}"= C:\WINDOWS\System32\mLeCSiGY.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mLeCSiGY]

mLeCSiGY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.avrn"= G:\ACEMEG~1\SystemS\AVIDAV~1.DLL

"vidc.advj"= G:\ACEMEG~1\SystemS\AVIDAV~1.DLL

"vidc.mszh"= G:\ACEMEG~1\SystemS\avimszh.dll

"vidc.zlib"= G:\ACEMEG~1\SystemS\avizlib.dll

"vidc.cscd"= G:\ACEMEG~1\SystemS\camcodec.dll

"vidc.cvid"= G:\ACEMEG~1\SystemS\iccvid.dll

"msacm.trspch"= G:\ACEMEG~1\SystemS\tssoft32.acm

"vidc.em2v"= G:\ACEMEG~1\SystemS\etxcodec.dll

"vidc.mkvc"= G:\ACEMEG~1\SystemS\kmvidc32.dll

"vidc.hfyu"= G:\ACEMEG~1\SystemS\huffyuv.dll

"msacm.lameacm"= G:\ACEMEG~1\SystemS\lameacm.acm

"msacm.lhacm"= G:\ACEMEG~1\SystemS\lhacm.acm

"msacm.l3acm"= G:\ACEMEG~1\SystemS\l3codecp.acm

"vidc.sjpg"= G:\ACEMEG~1\SystemS\pmjpeg32.dll

"vidc.dmb2"= G:\ACEMEG~1\SystemS\pmjpeg32.dll

"vidc.gepj"= G:\ACEMEG~1\SystemS\pmjpeg32.dll

"vidc.qpeg"= G:\ACEMEG~1\SystemS\Qpeg32.dll

"vidc.q1.0"= G:\ACEMEG~1\SystemS\Qpeg32.dll

"msacm.sl_anet"= G:\ACEMEG~1\SystemS\sl_anet.acm

"vidc.tscc"= G:\ACEMEG~1\SystemS\tsccvid.dll

"vidc.vifp"= G:\ACEMEG~1\SystemS\vfcodec.dll

"vidc.wrpr"= G:\ACEMEG~1\SystemS\aviwrap.dll

"vidc.wnv1"= G:\ACEMEG~1\SystemS\wnvplay1.dll

"vidc.3ivx"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.3iv0"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.3iv1"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.3iv2"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.3ivd"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.advs"= G:\ACEMEG~1\SystemS\Adaptec\Dvc.dll

"vidc.aflc"= G:\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

"vidc.afli"= G:\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

"vidc.aasc"= G:\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

"vidc.aas4"= G:\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

"vidc.asv1"= G:\ACEMEG~1\SystemS\ASUS\asusasv1.dll

"vidc.asv2"= G:\ACEMEG~1\SystemS\ASUS\asusasv2.dll

"vidc.asvx"= G:\ACEMEG~1\SystemS\ASUS\asusasv2.dll

"vidc.vcr1"= G:\ACEMEG~1\SystemS\ATI\ativcr1.dll

"vidc.vcr2"= G:\ACEMEG~1\SystemS\ATI\ativcr2.dll

"vidc.yv12"= G:\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

"vidc.mwv1"= G:\ACEMEG~1\SystemS\Aware\icmw_32.dll

"vidc.bt20"= G:\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

"vidc.y41p"= G:\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

"msacm.pcdv"= G:\ACEMEG~1\SystemS\Canopus\pcdv.acm

"vidc.cdvc"= G:\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL

"vidc.ddvc"= G:\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL

"vidc.png1"= G:\ACEMEG~1\SystemS\Core\COREPN~1.DLL

"msacm.CoreFLAC_ACM"= G:\ACEMEG~1\SystemS\Core\COREFL~1.ACM

"vidc.davc"= G:\ACEMEG~1\SystemS\dicas\davcvfw.dll

"vidc.div3"= G:\ACEMEG~1\SystemS\DivX\DivXc32.dll

"vidc.div5"= G:\ACEMEG~1\SystemS\DivX\DivXc32.dll

"vidc.mpg3"= G:\ACEMEG~1\SystemS\DivX\DivXc32.dll

"vidc.div4"= G:\ACEMEG~1\SystemS\DivX\DivXc32f.dll

"vidc.div6"= G:\ACEMEG~1\SystemS\DivX\DivXc32f.dll

"vidc.ap41"= G:\ACEMEG~1\SystemS\DivX\DivXc32f.dll

"vidc.dvx4"= G:\ACEMEG~1\SystemS\DivX\divx4.dll

"vidc.divx"= G:\ACEMEG~1\SystemS\DivX\DivX511.dll

"msacm.divxa32"= G:\ACEMEG~1\SystemS\DivX\divxa32.acm

"vidc.frwd"= G:\ACEMEG~1\SystemS\Forward\frwd.dll

"vidc.frwt"= G:\ACEMEG~1\SystemS\Forward\frwd.dll

"vidc.frwa"= G:\ACEMEG~1\SystemS\Forward\frwt.dll

"vidc.frwu"= G:\ACEMEG~1\SystemS\Forward\frwu.dll

"vidc.glzw"= G:\ACEMEG~1\SystemS\Gabest\GLZW.dll

"vidc.gpeg"= G:\ACEMEG~1\SystemS\Gabest\GPEG.dll

"vidc.i263"= G:\ACEMEG~1\SystemS\Intel\i263_32.drv

"vidc.iv30"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv31"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv32"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv33"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv34"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv35"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv36"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv37"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv38"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv39"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv40"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv41"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv42"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv43"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv44"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv45"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv46"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv47"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv48"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv49"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv50"= G:\ACEMEG~1\SystemS\Intel\ir50_32.dll

"vidc.ir21"= G:\ACEMEG~1\SystemS\Intel\IR21_R.DLL

"vidc.rt21"= G:\ACEMEG~1\SystemS\Intel\IR21_R.DLL

"msacm.imc"= G:\ACEMEG~1\SystemS\Intel\IMC32.ACM

"vidc.lead"= G:\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL

"vidc.dvsd"= G:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

"vidc.dvc"= G:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

"vidc.dvcs"= G:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

"vidc.dcmj"= G:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

"vidc.avi1"= G:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

"vidc.avi2"= G:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

"vidc.dv25"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.dv50"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.msmc"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mmjp"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mtx1"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mtx2"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mtx3"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mtx4"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mtx5"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mtx6"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mtx7"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mtx8"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mtx9"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"vidc.mmes"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

"msacm.msadpcm"= G:\ACEMEG~1\SystemS\MICROS~1\msadp32.acm

"msacm.imaadpcm"= G:\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm

"msacm.msg711"= G:\ACEMEG~1\SystemS\MICROS~1\msg711.acm

"msacm.msg723"= G:\ACEMEG~1\SystemS\MICROS~1\msg723.acm

"msacm.msgsm610"= G:\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm

"vidc.m261"= G:\ACEMEG~1\SystemS\MICROS~1\msh261.drv

"vidc.m263"= G:\ACEMEG~1\SystemS\MICROS~1\msh263.drv

"vidc.mrle"= G:\ACEMEG~1\SystemS\MICROS~1\msrle32.dll

"vidc.msvc"= G:\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

"vidc.cram"= G:\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

"vidc.mpg4"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp41"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp42"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp43"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp4s"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp4v"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.wmv3"= G:\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll

"msacm.msaudio1"= G:\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

"vidc.vixl"= G:\ACEMEG~1\SystemS\Miro\miroxl32.dll

"vidc.mjpg"= G:\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll

"vidc.dmb1"= G:\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll

"vidc.mj2c"= G:\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll

"vidc.tvmj"= G:\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll

"vidc.fljp"= G:\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll

"vidc.nt00"= G:\ACEMEG~1\SystemS\Newtek\ntcodec.dll

"msacm.vorbis"= G:\ACEMEG~1\SystemS\OGG\vorbis.acm

"vidc.vp30"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

"vidc.vp31"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

"vidc.vp60"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

"vidc.vp61"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

"vidc.pdvc"= G:\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

"vidc.ipdv"= G:\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

"vidc.pvw2"= G:\ACEMEG~1\SystemS\Pegasus\pvwv220.dll

"vidc.pimj"= G:\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll

"vidc.mjpx"= G:\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll

"vidc.miro"= G:\ACEMEG~1\SystemS\Pinnacle\MIRODV~2.DLL

"vidc.dcap"= G:\ACEMEG~1\SystemS\Pinnacle\MIRODV~2.DLL

"vidc.mjpa"= G:\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

"vidc.gpjm"= G:\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

"vidc.pim1"= G:\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll

"msacm.qmpeg"= G:\ACEMEG~1\SystemS\QDesign\qmpeg.acm

"vidc.rmp4"= G:\ACEMEG~1\SystemS\REALMA~1\rmp4.dll

"vidc.rud0"= G:\ACEMEG~1\SystemS\Rududu\rududu.dll

"msacm.at3"= G:\ACEMEG~1\SystemS\SONY\atrac3.acm

"vidc.sony"= G:\ACEMEG~1\SystemS\SONY\sonydv.dll

"vidc.dvcp"= G:\ACEMEG~1\SystemS\SONY\sonydv.dll

"vidc.s422"= G:\ACEMEG~1\SystemS\Tekram\tekyuv.dll

"vidc.t420"= G:\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

"vidc.y411"= G:\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

"vidc.vssv"= G:\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll

"msacm.voxacm160"= G:\ACEMEG~1\SystemS\VoxWare\vct3216.acm

"vidc.xvid"= G:\ACEMEG~1\SystemS\XviD\xvidvfw.dll

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]

R1 Odptdi;Odptdi;C:\WINDOWS\System32\drivers\odptdi.sys [2006-08-03 14:53]

R3 axvdkbus;axvdkbus;C:\WINDOWS\System32\DRIVERS\axvdkbus.sys [2003-02-25 21:43]

R3 axvodka;axvodka;C:\WINDOWS\System32\DRIVERS\axvodka.sys [2003-02-27 19:50]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 01:48]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]

S3 HTV6100;DualTV stick;C:\WINDOWS\System32\DRIVERS\HTV6100.SYS [2006-06-09 20:16]

*Newly Created Service* - CATCHME

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2006-05-26 18:59:48 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-02 15:34:18

Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès

Les fichiers cachés: 0

**************************************************************************

.

Temps d'accomplissement: 2008-05-02 15:43:18

ComboFix-quarantined-files.txt 2008-05-02 13:43:13

Pre-Run: 31,864,299,520 octets libres

Post-Run: 33,237,774,336 octets libres

323

et de nouveau Hijackthis,

rapport ci-joint :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:55:49, on 02/05/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\AOL 8.0j\aoltray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\HTV6100\IRMONITOR.EXE

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe

C:\Program Files\OLITEC\MOH\LtMoh.exe

C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896