Trojan ? Blackdoor
Résolu
skyalex
Messages postés
95
Statut
Membre
-
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour,
j'ai récemment recu un fichier d'un "amis" sur msn, un .exe, un blackdoor, j'ai tout de suite remarquer, même sans l'avoir executé que mon pc était plus lent, j'ai donc lancé une panoplie d'anti-virus, j'aimerais savoir si maintenant le trojan est partit, car j'ai lu qu'il pouvait lire mes fichiers infos et tout, comment savoir?
j'ai récemment recu un fichier d'un "amis" sur msn, un .exe, un blackdoor, j'ai tout de suite remarquer, même sans l'avoir executé que mon pc était plus lent, j'ai donc lancé une panoplie d'anti-virus, j'aimerais savoir si maintenant le trojan est partit, car j'ai lu qu'il pouvait lire mes fichiers infos et tout, comment savoir?
A voir également:
- Trojan ? Blackdoor
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
3 réponses
hello ;
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Aide en images si besoin
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Aide en images si besoin
Logfile of random's system information tool 1.05 (written by random/random)
Run by Autres at 2009-03-07 19:50:15
Microsoft Windows XP Édition familiale Service Pack 3
System drive K: has 50 GB (26%) free of 191 GB
Total RAM: 511 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50, on 2009-03-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
K:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
K:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
K:\WINDOWS\ATKKBService.exe
K:\Program Files\Bonjour\mDNSResponder.exe
K:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
K:\Program Files\Java\jre6\bin\jqs.exe
K:\WINDOWS\System32\nvsvc32.exe
K:\WINDOWS\system32\PnkBstrA.exe
K:\WINDOWS\system32\PnkBstrB.exe
K:\WINDOWS\System32\svchost.exe
K:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
K:\WINDOWS\Explorer.EXE
K:\WINDOWS\Dit.exe
K:\Program Files\Java\jre6\bin\jusched.exe
K:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
K:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
K:\Program Files\QuickTime\qttask.exe
K:\Program Files\iTunes\iTunesHelper.exe
K:\WINDOWS\system32\LVCOMSX.EXE
K:\Program Files\Logitech\Video\LogiTray.exe
K:\WINDOWS\system32\ctfmon.exe
K:\Program Files\Skype\Phone\Skype.exe
K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
K:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
K:\Program Files\Logitech\SetPoint\KEM.exe
K:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
K:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
K:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
K:\Program Files\iPod\bin\iPodService.exe
K:\Program Files\Logitech\Video\FxSvr2.exe
K:\Program Files\Windows Live\Messenger\msnmsgr.exe
K:\Program Files\Skype\Plugin Manager\skypePM.exe
K:\Program Files\Windows Live\Contacts\wlcomm.exe
K:\Documents and Settings\Autres\Mes documents\Firefox\firefox.exe
K:\Documents and Settings\Autres\Mes documents\TelechargementFF\RSIT.exe
K:\Program Files\Trend Micro\HijackThis\Autres.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - K:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - K:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - K:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] K:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTray] K:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM] "K:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [avgnt] "K:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "K:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] K:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] K:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] K:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC132] cmd.exe /c del "K:\Documents and Settings\Autres\Application Data\MegauploadToolbar\downfile\megauper.zip"
O4 - HKCU\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [IDMan] K:\Documents and Settings\Autres\Mes documents\ragnarok\acceldl\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "K:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "k:\documents and settings\autres\mes documents\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "K:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RocketDock] "K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] K:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] K:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] K:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = K:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PrintKey 2000 Fr.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: RocketDock.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: TransBar.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: UberIcon.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Y'z Shadow.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = K:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: PrintKey 2000 Fr.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: RocketDock.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: TransBar.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Default user')
O4 - .DEFAULT Startup: UberIcon.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe (User 'Default user')
O4 - .DEFAULT Startup: Y'z Shadow.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = K:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: PrintKey 2000 Fr.lnk = ?
O4 - Startup: RocketDock.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Logitech SetPoint.lnk = K:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Download all links with IDM - K:\Documents and Settings\Autres\Mes documents\ragnarok\acceldl\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - K:\Documents and Settings\Autres\Mes documents\ragnarok\acceldl\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - K:\Documents and Settings\Autres\Mes documents\ragnarok\acceldl\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://K:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - K:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - K:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://serverkiller.homeip.net:82/tsweb/msrdp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - K:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - K:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - K:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - K:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - K:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - K:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - K:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - K:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - K:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - K:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - K:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - K:\WINDOWS\system32\PnkBstrB.exe
Run by Autres at 2009-03-07 19:50:15
Microsoft Windows XP Édition familiale Service Pack 3
System drive K: has 50 GB (26%) free of 191 GB
Total RAM: 511 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50, on 2009-03-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
K:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
K:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
K:\WINDOWS\ATKKBService.exe
K:\Program Files\Bonjour\mDNSResponder.exe
K:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
K:\Program Files\Java\jre6\bin\jqs.exe
K:\WINDOWS\System32\nvsvc32.exe
K:\WINDOWS\system32\PnkBstrA.exe
K:\WINDOWS\system32\PnkBstrB.exe
K:\WINDOWS\System32\svchost.exe
K:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
K:\WINDOWS\Explorer.EXE
K:\WINDOWS\Dit.exe
K:\Program Files\Java\jre6\bin\jusched.exe
K:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
K:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
K:\Program Files\QuickTime\qttask.exe
K:\Program Files\iTunes\iTunesHelper.exe
K:\WINDOWS\system32\LVCOMSX.EXE
K:\Program Files\Logitech\Video\LogiTray.exe
K:\WINDOWS\system32\ctfmon.exe
K:\Program Files\Skype\Phone\Skype.exe
K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
K:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
K:\Program Files\Logitech\SetPoint\KEM.exe
K:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
K:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
K:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
K:\Program Files\iPod\bin\iPodService.exe
K:\Program Files\Logitech\Video\FxSvr2.exe
K:\Program Files\Windows Live\Messenger\msnmsgr.exe
K:\Program Files\Skype\Plugin Manager\skypePM.exe
K:\Program Files\Windows Live\Contacts\wlcomm.exe
K:\Documents and Settings\Autres\Mes documents\Firefox\firefox.exe
K:\Documents and Settings\Autres\Mes documents\TelechargementFF\RSIT.exe
K:\Program Files\Trend Micro\HijackThis\Autres.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - K:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - K:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - K:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] K:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTray] K:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM] "K:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [avgnt] "K:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "K:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] K:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] K:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] K:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC132] cmd.exe /c del "K:\Documents and Settings\Autres\Application Data\MegauploadToolbar\downfile\megauper.zip"
O4 - HKCU\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [IDMan] K:\Documents and Settings\Autres\Mes documents\ragnarok\acceldl\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "K:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "k:\documents and settings\autres\mes documents\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "K:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RocketDock] "K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] K:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] K:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] K:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = K:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PrintKey 2000 Fr.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: RocketDock.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: TransBar.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: UberIcon.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Y'z Shadow.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = K:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: PrintKey 2000 Fr.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: RocketDock.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: TransBar.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Default user')
O4 - .DEFAULT Startup: UberIcon.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe (User 'Default user')
O4 - .DEFAULT Startup: Y'z Shadow.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = K:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: PrintKey 2000 Fr.lnk = ?
O4 - Startup: RocketDock.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = K:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Logitech SetPoint.lnk = K:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Download all links with IDM - K:\Documents and Settings\Autres\Mes documents\ragnarok\acceldl\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - K:\Documents and Settings\Autres\Mes documents\ragnarok\acceldl\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - K:\Documents and Settings\Autres\Mes documents\ragnarok\acceldl\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://K:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - K:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - K:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://serverkiller.homeip.net:82/tsweb/msrdp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - K:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - K:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - K:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - K:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - K:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - K:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - K:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - K:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - K:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - K:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - K:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - K:\WINDOWS\system32\PnkBstrB.exe
