Virus dans mon ordi

laura1454 -  
 ronde02 -
Bonjour,

voila j ai ca comme virus:
c:windows/winsyn32.dll,decouvert:cheval de troie'trojan.win32.inject.afk' dans localhost...
mon anti virus avast le detecte mais po myen de le supprimer j ai aussi essayer vec kaespersky mais rien a faire...
quelqu un peut il m'aider?
merci d avance
Configuration: windoxs xp

3 réponses

  1. fantomasdu10 Messages postés 95 Statut Membre 19
     
    suprime le manuellement
    0
    1. laura1454
       
      et comment je fais?merci
      0
  2. fantomasdu10 Messages postés 95 Statut Membre 19
     
    tu va dans ton disque dur qui est dans ton poste de travail (C:) pui apré tu va dans le dossier windows puis tu cherche winsyn32.dll
    0
  3. ronde02
     
    bonjour voila après avoir fait combofix voila ce ke cela me donne
    omboFix 08-04-02.1 - chris 2008-04-03 12:06:08.3 - NTFSx86
    Endroit: D:\Documents and Settings\chris\Bureau\ComboFix.exe
    Command switches used :: D:\Documents and Settings\chris\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    D:\WINDOWS\system32\hgjlm.bak1
    D:\WINDOWS\system32\llkkj.bak1
    D:\WINDOWS\system32\llkkj.bak2
    D:\WINDOWS\system32\oqtwa.bak2
    D:\WINDOWS\system32\oqtwa.ini2
    D:\WINDOWS\system32\orutv.bak1
    D:\WINDOWS\system32\orutv.bak2
    D:\WINDOWS\system32\orutv.ini2
    D:\WINDOWS\system32\qtstv.bak1
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\WINDOWS\system32\hgjlm.bak1
    D:\WINDOWS\system32\llkkj.bak1
    D:\WINDOWS\system32\llkkj.bak2
    D:\WINDOWS\system32\oqtwa.bak2
    D:\WINDOWS\system32\oqtwa.ini2
    D:\WINDOWS\system32\orutv.bak1
    D:\WINDOWS\system32\orutv.bak2
    D:\WINDOWS\system32\orutv.ini2
    D:\WINDOWS\system32\qtstv.bak1
    .
    ---- Previous Run -------
    .
    D:\Documents and Settings\All Users\Application Data\salesmonitor

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-03 00:53 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
    2008-04-03 00:31 . 2008-04-03 12:04 <REP> d-------- D:\ComboFix[1]
    2008-04-02 22:20 . 2008-04-03 00:53 <REP> d-------- D:\Program Files\Navilog1
    2008-04-02 19:00 . 2008-04-02 19:00 <REP> d-------- D:\VundoFix Backups
    2008-04-02 18:01 . 2008-04-02 18:43 <REP> d-------- D:\Lop SD
    2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- D:\Program Files\Trend Micro
    2008-03-31 19:04 . 2008-03-31 19:04 <REP> d-------- D:\Program Files\Avira
    2008-03-31 17:43 . 2008-03-31 17:43 45,768 --a------ D:\WINDOWS\system32\drivers\MiniIcpt.sys
    2008-03-31 17:38 . 2008-03-31 18:54 <REP> d-------- D:\Program Files\Fichiers communs\G DATA
    2008-03-31 12:50 . 2008-03-31 13:09 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-30 20:55 . 2008-03-31 19:04 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
    2008-03-30 17:16 . 2008-03-30 17:16 0 --a------ D:\WINDOWS\system32\real.MSNFix
    2008-03-30 16:09 . 2008-03-30 16:09 40 --a------ D:\WINDOWS\TSC.INI
    2008-03-30 16:08 . 2008-03-30 16:08 507,904 --a------ D:\WINDOWS\TMUPDATE.DLL
    2008-03-30 16:08 . 2008-03-30 16:08 286,720 --a------ D:\WINDOWS\PATCH.EXE
    2008-03-30 16:08 . 2008-03-30 16:08 69,689 --a------ D:\WINDOWS\UNZIP.DLL
    2008-03-30 16:02 . 2008-03-29 21:24 <REP> d-------- D:\SDFix
    2008-03-28 00:34 . 2008-04-01 22:00 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
    2008-03-26 15:10 . 2008-03-26 15:10 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-03-26 11:41 . 2008-03-26 11:41 <REP> d-------- D:\Program Files\Messenger Plus! Live
    2008-03-26 01:01 . 2008-03-26 01:01 <REP> d-------- D:\Program Files\Windows Live Favorites
    2008-03-26 00:40 . 2008-03-27 10:54 <REP> d-------- D:\Program Files\Windows Live

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-03 08:58 --------- d-----w D:\Program Files\Wanadoo
    2008-03-31 15:37 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2008-03-30 23:45 --------- d-----w D:\Program Files\Fichiers communs\Nettordinateur
    2008-03-30 23:42 --------- d-----w D:\Program Files\Fichiers communs\DefenseDuDisque
    2008-03-25 23:02 --------- d-----w D:\Program Files\Windows Live Toolbar
    2008-03-25 22:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-24 22:04 --------- d-----w D:\Program Files\eMule
    2008-03-17 08:35 --------- d-----w D:\Program Files\Java
    2008-03-13 00:52 --------- d-----w D:\Program Files\TuneUp Utilities 2007
    2008-02-01 10:17 587,264 ----a-w D:\WINDOWS\WLXPGSS.SCR
    2007-10-25 19:05 14 ----a-w D:\Documents and Settings\chris\getfile.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="D:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "msnmsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2004-11-15 19:20 77824 D:\WINDOWS\soundman.exe]
    "C-Media Mixer"="Mixer.exe" [2001-11-15 20:08 1216512 D:\WINDOWS\mixer.exe]
    "WOOWATCH"="D:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="D:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "Salestart(1)"="D:\Program Files\Fichiers communs\Nettordinateur\mc.exe" [ ]
    "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "My Web Search Bar Search Scope Monitor"="D:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
    "avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-31 19:09 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll]
    D:\WINDOWS\system32\jkkll.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll] [HKEY_LOCAL_MACHINE]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
    D:\WINDOWS\system32\mljgh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstq]
    D:\WINDOWS\system32\vtstq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo]
    D:\WINDOWS\system32\vturo.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "updateMgr"=D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NeroFilterCheck"=D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    "b0535df4"=rundll32.exe "D:\WINDOWS\system32\mvjlvanr.dll",b

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 kbfilter;Keyboard Filter Driver;D:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 15:48]
    R1 moufiltr;Mouse Filter Driver;D:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 16:28]
    R1 MUsbFltr;WayTechUSBFilterDriver;D:\WINDOWS\system32\drivers\MUsbFltr.sys [2005-12-21 22:32]
    R1 UsbFltr;WayTechUSBFilterDriver;D:\WINDOWS\system32\drivers\UsbFltr.sys [2005-12-21 22:31]
    R3 PAC207;PC Camera;D:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
    S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;D:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-02-15 15:14]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4860a1-93c9-11dc-be49-0011090900fd}]
    \Shell\AutoRun\command - K:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-28 17:07:00 D:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-04-03 09:16:00 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-03 12:09:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-03 12:11:00
    ComboFix-quarantined-files.txt 2008-04-03 10:10:45
    Pre-Run: 41,580,417,024 octets libres
    Post-Run: 41,571,893,248 octets libres
    .
    2008-04-01 12:12:01 --- E O F ---

    j ai ensuite fait une hijackthis et voila ce ke cela donne
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:13:50, on 03/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\Mixer.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    D:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    D:\MagicKey.exe
    D:\PROGRA~1\Wanadoo\ComComp.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\System32\FTRTSVC.exe
    D:\WINDOWS\system32\svchost.exe
    D:\PROGRA~1\Wanadoo\Watch.exe
    D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\system32\notepad.exe
    D:\WINDOWS\system32\taskmgr.exe
    D:\WINDOWS\system32\taskmgr.exe
    D:\WINDOWS\system32\taskmgr.exe
    D:\WINDOWS\system32\taskmgr.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Salestart(1)] "D:\Program Files\Fichiers communs\Nettordinateur\mc.exe" dm=http://nettordinateur.com; ad=http://nettordinateur.com
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "D:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WOOKIT] D:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = D:\MulMouse.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ
    O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Alice ADSL - {0BAA696E-E991-4680-B01C-2779B761972D} - https://portail.free.fr/ (file missing) (HKCU)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=https://portail.free.fr/
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: jkkll - D:\WINDOWS\system32\jkkll.dll (file missing)
    O20 - Winlogon Notify: jkkll] [HKEY_LOCAL_MACHINE - D:\WINDOWS\
    O20 - Winlogon Notify: mljgh - D:\WINDOWS\system32\mljgh.dll (file missing)
    O20 - Winlogon Notify: vtstq - D:\WINDOWS\system32\vtstq.dll (file missing)
    O20 - Winlogon Notify: vturo - D:\WINDOWS\system32\vturo.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    0