INFECTION PAR win32 BHO KD [trj]
Résolu
TRUFFE INFORMATIK
-
TRUFFE INFORMATIK -
TRUFFE INFORMATIK -
Bonjour,
Je fais partie des truffes qui se rendent compte aprés coup que la sécurité de son PC est primordial. Bref, mon PC rame à mort au démarrage et je ne peux lancer aucun programme sauf en mode sans échec. J'ai donc passé tous lea antivirus possibles pour constater grace à AVAST que la cause est : win32=BHO-KD[trj]. Malheureusement il ne peux être ni supprimés ni mis en quarantaine.
Votre mission, si vous l'acceptez est de péter la tete de cette bestiole
Merci d'avance
Je fais partie des truffes qui se rendent compte aprés coup que la sécurité de son PC est primordial. Bref, mon PC rame à mort au démarrage et je ne peux lancer aucun programme sauf en mode sans échec. J'ai donc passé tous lea antivirus possibles pour constater grace à AVAST que la cause est : win32=BHO-KD[trj]. Malheureusement il ne peux être ni supprimés ni mis en quarantaine.
Votre mission, si vous l'acceptez est de péter la tete de cette bestiole
Merci d'avance
A voir également:
- INFECTION PAR win32 BHO KD [trj]
- Puabundler win32 rostpay ✓ - Forum Antivirus
- Trojan win32 - Forum Virus
- Puadimanager win32/offercore ✓ - Forum Virus
- PUADlManager:Win32/OfferCore ✓ - Forum Virus
- Win64:malwarex-gen [trj] - Forum Virus
3 réponses
Bonjour,
Il y a déja un topic pour t' on problème, faite des recherche avant de poster
http://www.commentcamarche.net/forum/affich 4493035 trojan win32 bho kd
Il y a déja un topic pour t' on problème, faite des recherche avant de poster
http://www.commentcamarche.net/forum/affich 4493035 trojan win32 bho kd
OK merci
je suis novice et pensais qu'à chaque PC, il fallait faire des rapport HJ ou autre pour qu'on puisse m'aider
je suis novice et pensais qu'à chaque PC, il fallait faire des rapport HJ ou autre pour qu'on puisse m'aider
Bonjour,
Malheureusement, cette procédure ne fonctionne pas sur mon pc j'ai beau avoir répéter plusieurs fois l'opération mais ça ne fonctionne pas, de plus le redémarrage en mode normal n'est pas possible mon pc rame à fond et impossible de lancer quelque application que ce soit.
Voici le rapport comboFix suivi de Celui de Hijackthis
Merci de votre aide
ComboFix 08-01-29.3 - DELAPAMPA 2008-02-01 13:24:54.5 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.728 [GMT 1:00]
Endroit: L:\DESINFECTION\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\borlndmmc.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))))))))
.
2008-01-28 19:50 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-28 19:50 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-28 19:50 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-28 19:50 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-28 19:50 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-28 19:50 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-28 19:50 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-28 19:50 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-24 19:27 . 2008-01-24 19:27 <REP> d-------- C:\Documents and Settings\DELAPAMPA\Application Data\Grisoft
2008-01-24 19:27 . 2008-01-24 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-24 19:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-24 12:46 . 2008-01-24 12:46 <REP> d-------- C:\Program Files\Avira
2008-01-24 12:46 . 2008-01-24 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-23 20:22 . 2008-01-23 20:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Conceptworld
2008-01-23 19:54 . 2008-01-23 19:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-01-23 19:48 . 2008-01-23 19:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-01-23 19:47 . 2005-03-07 12:33 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-23 19:47 . 2005-03-07 12:33 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-23 19:47 . 2005-03-08 17:22 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
2008-01-23 19:47 . 2006-03-31 11:51 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-23 19:47 . 2005-03-09 15:43 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-23 19:47 . 2005-03-07 12:33 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-23 19:47 . 2005-03-09 15:12 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-23 19:47 . 2005-03-08 17:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-23 19:47 . 2005-03-08 16:53 <REP> d-------- C:\Documents and Settings\Administrateur\Bluetooth Software
2008-01-23 19:47 . 2005-03-08 17:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
2008-01-19 20:22 . 19,584 C:\WINDOWS\system32\drivers\ekxkfskg.dat
2008-01-19 13:37 . 2008-01-19 13:37 120,576 --a------ C:\WINDOWS\system32\rzsheyro.dat
2008-01-19 13:30 . 2003-01-27 02:45 84,480 --a------ C:\WINDOWS\system32\borlndmmc.dll
2008-01-19 13:29 . 2008-01-23 19:48 <REP> d-------- C:\WINDOWS\system32\AppCert
2008-01-19 13:29 . 2003-05-15 00:32 83,968 --a------ C:\WINDOWS\system32\AdobePDFr.dll
2008-01-10 13:35 . 2008-01-17 14:08 <REP> d-------- C:\Program Files\PokerStars.NET
2008-01-01 17:09 . 2008-01-28 14:03 1,013,060 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-29 12:00 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-01-28 19:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 18:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 18:40 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-24 18:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-23 19:14 --------- d-----w C:\Program Files\Winamp
2008-01-23 19:02 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-23 18:54 --------- d-----w C:\Program Files\IncrediMail
2008-01-19 12:32 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-18 22:41 --------- d-----w C:\Program Files\eMule
2008-01-17 08:21 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-31 13:58 --------- d-----w C:\Program Files\CCleaner
2007-12-24 18:34 --------- d-----w C:\Program Files\Fichiers communs\NSV
2005-08-28 17:22 74,496 ----a-w C:\Documents and Settings\DELAPAMPA\Application Data\GDIPFONTCACHEV1.DAT
2005-06-15 18:57 56 --sh--r C:\WINDOWS\system32\59E0682C5F.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72ED067B-303D-48A2-8211-AFD8D98BE44A}]
2003-01-27 02:45 84480 --a------ c:\windows\system32\borlndmmc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAE07211-9B79-4392-B6D6-59C7800ECD9F}]
2003-05-15 00:32 83968 --a------ C:\WINDOWS\system32\AdobePDFr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 20:45 1211176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 21:10 344064]
"Cmaudio"="cmicnfg.cpl" []
"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2004-02-24 14:05 508416 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-11-09 05:14 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tkrhoghe]
borlndmmc.dll 2003-01-27 02:45 84480 C:\WINDOWS\system32\borlndmmc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll
R0 ikucneqj;ikucneqj;C:\WINDOWS\system32\drivers\ekxkfskg.dat []
R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13]
S2 qgehicwx;USB Serial Converter Helper;C:\WINDOWS\System32\svchost.exe [2004-08-05 13:00]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 23:10]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-29 13:00]
S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]
S3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\FA31XND5.SYS [2002-05-15 03:27]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 00:05]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 00:05]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 PRISM_A00;CREATIX 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 09:31]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qgehicwx
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-29 13:16:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-19 12:25:47 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 13:27:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-01 13:29:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 12:29:28
ComboFix2.txt 2008-01-29 13:17:34
ComboFix3.txt 2008-01-29 13:08:25
.
2008-01-15 19:43:31 --- E O F ---
HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 13:48:11, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
L:\kit désinfection\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop.free.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72ED067B-303D-48A2-8211-AFD8D98BE44A} - c:\windows\system32\borlndmmc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CAE07211-9B79-4392-B6D6-59C7800ECD9F} - C:\WINDOWS\system32\AdobePDFr.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110298965031
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: tkrhoghe - C:\WINDOWS\SYSTEM32\borlndmmc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Malheureusement, cette procédure ne fonctionne pas sur mon pc j'ai beau avoir répéter plusieurs fois l'opération mais ça ne fonctionne pas, de plus le redémarrage en mode normal n'est pas possible mon pc rame à fond et impossible de lancer quelque application que ce soit.
Voici le rapport comboFix suivi de Celui de Hijackthis
Merci de votre aide
ComboFix 08-01-29.3 - DELAPAMPA 2008-02-01 13:24:54.5 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.728 [GMT 1:00]
Endroit: L:\DESINFECTION\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\borlndmmc.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))))))))
.
2008-01-28 19:50 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-28 19:50 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-28 19:50 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-28 19:50 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-28 19:50 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-28 19:50 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-28 19:50 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-28 19:50 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-24 19:27 . 2008-01-24 19:27 <REP> d-------- C:\Documents and Settings\DELAPAMPA\Application Data\Grisoft
2008-01-24 19:27 . 2008-01-24 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-24 19:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-24 12:46 . 2008-01-24 12:46 <REP> d-------- C:\Program Files\Avira
2008-01-24 12:46 . 2008-01-24 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-23 20:22 . 2008-01-23 20:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Conceptworld
2008-01-23 19:54 . 2008-01-23 19:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-01-23 19:48 . 2008-01-23 19:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-01-23 19:47 . 2005-03-07 12:33 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-23 19:47 . 2005-03-07 12:33 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-23 19:47 . 2005-03-08 17:22 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
2008-01-23 19:47 . 2006-03-31 11:51 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-23 19:47 . 2005-03-09 15:43 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-23 19:47 . 2005-03-07 12:33 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-23 19:47 . 2005-03-09 15:12 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-23 19:47 . 2005-03-08 17:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-23 19:47 . 2005-03-08 16:53 <REP> d-------- C:\Documents and Settings\Administrateur\Bluetooth Software
2008-01-23 19:47 . 2005-03-08 17:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
2008-01-19 20:22 . 19,584 C:\WINDOWS\system32\drivers\ekxkfskg.dat
2008-01-19 13:37 . 2008-01-19 13:37 120,576 --a------ C:\WINDOWS\system32\rzsheyro.dat
2008-01-19 13:30 . 2003-01-27 02:45 84,480 --a------ C:\WINDOWS\system32\borlndmmc.dll
2008-01-19 13:29 . 2008-01-23 19:48 <REP> d-------- C:\WINDOWS\system32\AppCert
2008-01-19 13:29 . 2003-05-15 00:32 83,968 --a------ C:\WINDOWS\system32\AdobePDFr.dll
2008-01-10 13:35 . 2008-01-17 14:08 <REP> d-------- C:\Program Files\PokerStars.NET
2008-01-01 17:09 . 2008-01-28 14:03 1,013,060 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-29 12:00 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-01-28 19:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 18:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 18:40 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-24 18:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-23 19:14 --------- d-----w C:\Program Files\Winamp
2008-01-23 19:02 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-23 18:54 --------- d-----w C:\Program Files\IncrediMail
2008-01-19 12:32 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-18 22:41 --------- d-----w C:\Program Files\eMule
2008-01-17 08:21 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-31 13:58 --------- d-----w C:\Program Files\CCleaner
2007-12-24 18:34 --------- d-----w C:\Program Files\Fichiers communs\NSV
2005-08-28 17:22 74,496 ----a-w C:\Documents and Settings\DELAPAMPA\Application Data\GDIPFONTCACHEV1.DAT
2005-06-15 18:57 56 --sh--r C:\WINDOWS\system32\59E0682C5F.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72ED067B-303D-48A2-8211-AFD8D98BE44A}]
2003-01-27 02:45 84480 --a------ c:\windows\system32\borlndmmc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAE07211-9B79-4392-B6D6-59C7800ECD9F}]
2003-05-15 00:32 83968 --a------ C:\WINDOWS\system32\AdobePDFr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 20:45 1211176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 21:10 344064]
"Cmaudio"="cmicnfg.cpl" []
"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2004-02-24 14:05 508416 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-11-09 05:14 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tkrhoghe]
borlndmmc.dll 2003-01-27 02:45 84480 C:\WINDOWS\system32\borlndmmc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll
R0 ikucneqj;ikucneqj;C:\WINDOWS\system32\drivers\ekxkfskg.dat []
R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13]
S2 qgehicwx;USB Serial Converter Helper;C:\WINDOWS\System32\svchost.exe [2004-08-05 13:00]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 23:10]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-29 13:00]
S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]
S3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\FA31XND5.SYS [2002-05-15 03:27]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 00:05]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 00:05]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 PRISM_A00;CREATIX 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 09:31]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qgehicwx
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-29 13:16:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-19 12:25:47 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 13:27:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-01 13:29:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 12:29:28
ComboFix2.txt 2008-01-29 13:17:34
ComboFix3.txt 2008-01-29 13:08:25
.
2008-01-15 19:43:31 --- E O F ---
HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 13:48:11, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
L:\kit désinfection\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop.free.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72ED067B-303D-48A2-8211-AFD8D98BE44A} - c:\windows\system32\borlndmmc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CAE07211-9B79-4392-B6D6-59C7800ECD9F} - C:\WINDOWS\system32\AdobePDFr.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110298965031
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: tkrhoghe - C:\WINDOWS\SYSTEM32\borlndmmc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
