Virus dans mon ordi
laura1454
-
ronde02 -
ronde02 -
Bonjour,
voila j ai ca comme virus:
c:windows/winsyn32.dll,decouvert:cheval de troie'trojan.win32.inject.afk' dans localhost...
mon anti virus avast le detecte mais po myen de le supprimer j ai aussi essayer vec kaespersky mais rien a faire...
quelqu un peut il m'aider?
merci d avance
voila j ai ca comme virus:
c:windows/winsyn32.dll,decouvert:cheval de troie'trojan.win32.inject.afk' dans localhost...
mon anti virus avast le detecte mais po myen de le supprimer j ai aussi essayer vec kaespersky mais rien a faire...
quelqu un peut il m'aider?
merci d avance
A voir également:
- Virus dans mon ordi
- Ordi qui rame - Guide
- Comment reinitialiser un ordi - Guide
- Virus mcafee - Accueil - Piratage
- Mon ordi ne reconnait pas ma clé usb - Guide
- Plus de son sur mon ordi - Guide
3 réponses
tu va dans ton disque dur qui est dans ton poste de travail (C:) pui apré tu va dans le dossier windows puis tu cherche winsyn32.dll
bonjour voila après avoir fait combofix voila ce ke cela me donne
omboFix 08-04-02.1 - chris 2008-04-03 12:06:08.3 - NTFSx86
Endroit: D:\Documents and Settings\chris\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\chris\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
D:\WINDOWS\system32\hgjlm.bak1
D:\WINDOWS\system32\llkkj.bak1
D:\WINDOWS\system32\llkkj.bak2
D:\WINDOWS\system32\oqtwa.bak2
D:\WINDOWS\system32\oqtwa.ini2
D:\WINDOWS\system32\orutv.bak1
D:\WINDOWS\system32\orutv.bak2
D:\WINDOWS\system32\orutv.ini2
D:\WINDOWS\system32\qtstv.bak1
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\hgjlm.bak1
D:\WINDOWS\system32\llkkj.bak1
D:\WINDOWS\system32\llkkj.bak2
D:\WINDOWS\system32\oqtwa.bak2
D:\WINDOWS\system32\oqtwa.ini2
D:\WINDOWS\system32\orutv.bak1
D:\WINDOWS\system32\orutv.bak2
D:\WINDOWS\system32\orutv.ini2
D:\WINDOWS\system32\qtstv.bak1
.
---- Previous Run -------
.
D:\Documents and Settings\All Users\Application Data\salesmonitor
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.
2008-04-03 00:53 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-04-03 00:31 . 2008-04-03 12:04 <REP> d-------- D:\ComboFix[1]
2008-04-02 22:20 . 2008-04-03 00:53 <REP> d-------- D:\Program Files\Navilog1
2008-04-02 19:00 . 2008-04-02 19:00 <REP> d-------- D:\VundoFix Backups
2008-04-02 18:01 . 2008-04-02 18:43 <REP> d-------- D:\Lop SD
2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- D:\Program Files\Trend Micro
2008-03-31 19:04 . 2008-03-31 19:04 <REP> d-------- D:\Program Files\Avira
2008-03-31 17:43 . 2008-03-31 17:43 45,768 --a------ D:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-03-31 17:38 . 2008-03-31 18:54 <REP> d-------- D:\Program Files\Fichiers communs\G DATA
2008-03-31 12:50 . 2008-03-31 13:09 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 20:55 . 2008-03-31 19:04 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-03-30 17:16 . 2008-03-30 17:16 0 --a------ D:\WINDOWS\system32\real.MSNFix
2008-03-30 16:09 . 2008-03-30 16:09 40 --a------ D:\WINDOWS\TSC.INI
2008-03-30 16:08 . 2008-03-30 16:08 507,904 --a------ D:\WINDOWS\TMUPDATE.DLL
2008-03-30 16:08 . 2008-03-30 16:08 286,720 --a------ D:\WINDOWS\PATCH.EXE
2008-03-30 16:08 . 2008-03-30 16:08 69,689 --a------ D:\WINDOWS\UNZIP.DLL
2008-03-30 16:02 . 2008-03-29 21:24 <REP> d-------- D:\SDFix
2008-03-28 00:34 . 2008-04-01 22:00 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-03-26 15:10 . 2008-03-26 15:10 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-26 11:41 . 2008-03-26 11:41 <REP> d-------- D:\Program Files\Messenger Plus! Live
2008-03-26 01:01 . 2008-03-26 01:01 <REP> d-------- D:\Program Files\Windows Live Favorites
2008-03-26 00:40 . 2008-03-27 10:54 <REP> d-------- D:\Program Files\Windows Live
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 08:58 --------- d-----w D:\Program Files\Wanadoo
2008-03-31 15:37 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-03-30 23:45 --------- d-----w D:\Program Files\Fichiers communs\Nettordinateur
2008-03-30 23:42 --------- d-----w D:\Program Files\Fichiers communs\DefenseDuDisque
2008-03-25 23:02 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-03-25 22:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-24 22:04 --------- d-----w D:\Program Files\eMule
2008-03-17 08:35 --------- d-----w D:\Program Files\Java
2008-03-13 00:52 --------- d-----w D:\Program Files\TuneUp Utilities 2007
2008-02-01 10:17 587,264 ----a-w D:\WINDOWS\WLXPGSS.SCR
2007-10-25 19:05 14 ----a-w D:\Documents and Settings\chris\getfile.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="D:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 19:20 77824 D:\WINDOWS\soundman.exe]
"C-Media Mixer"="Mixer.exe" [2001-11-15 20:08 1216512 D:\WINDOWS\mixer.exe]
"WOOWATCH"="D:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="D:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"Salestart(1)"="D:\Program Files\Fichiers communs\Nettordinateur\mc.exe" [ ]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"My Web Search Bar Search Scope Monitor"="D:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-31 19:09 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll]
D:\WINDOWS\system32\jkkll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll] [HKEY_LOCAL_MACHINE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
D:\WINDOWS\system32\mljgh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstq]
D:\WINDOWS\system32\vtstq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo]
D:\WINDOWS\system32\vturo.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"b0535df4"=rundll32.exe "D:\WINDOWS\system32\mvjlvanr.dll",b
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 kbfilter;Keyboard Filter Driver;D:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 15:48]
R1 moufiltr;Mouse Filter Driver;D:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 16:28]
R1 MUsbFltr;WayTechUSBFilterDriver;D:\WINDOWS\system32\drivers\MUsbFltr.sys [2005-12-21 22:32]
R1 UsbFltr;WayTechUSBFilterDriver;D:\WINDOWS\system32\drivers\UsbFltr.sys [2005-12-21 22:31]
R3 PAC207;PC Camera;D:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;D:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-02-15 15:14]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4860a1-93c9-11dc-be49-0011090900fd}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-28 17:07:00 D:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-03 09:16:00 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 12:09:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-03 12:11:00
ComboFix-quarantined-files.txt 2008-04-03 10:10:45
Pre-Run: 41,580,417,024 octets libres
Post-Run: 41,571,893,248 octets libres
.
2008-04-01 12:12:01 --- E O F ---
j ai ensuite fait une hijackthis et voila ce ke cela donne
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:50, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\MagicKey.exe
D:\PROGRA~1\Wanadoo\ComComp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\Wanadoo\Watch.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Salestart(1)] "D:\Program Files\Fichiers communs\Nettordinateur\mc.exe" dm=http://nettordinateur.com; ad=http://nettordinateur.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "D:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] D:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = D:\MulMouse.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Alice ADSL - {0BAA696E-E991-4680-B01C-2779B761972D} - https://portail.free.fr/ (file missing) (HKCU)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://portail.free.fr/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: jkkll - D:\WINDOWS\system32\jkkll.dll (file missing)
O20 - Winlogon Notify: jkkll] [HKEY_LOCAL_MACHINE - D:\WINDOWS\
O20 - Winlogon Notify: mljgh - D:\WINDOWS\system32\mljgh.dll (file missing)
O20 - Winlogon Notify: vtstq - D:\WINDOWS\system32\vtstq.dll (file missing)
O20 - Winlogon Notify: vturo - D:\WINDOWS\system32\vturo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
omboFix 08-04-02.1 - chris 2008-04-03 12:06:08.3 - NTFSx86
Endroit: D:\Documents and Settings\chris\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\chris\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
D:\WINDOWS\system32\hgjlm.bak1
D:\WINDOWS\system32\llkkj.bak1
D:\WINDOWS\system32\llkkj.bak2
D:\WINDOWS\system32\oqtwa.bak2
D:\WINDOWS\system32\oqtwa.ini2
D:\WINDOWS\system32\orutv.bak1
D:\WINDOWS\system32\orutv.bak2
D:\WINDOWS\system32\orutv.ini2
D:\WINDOWS\system32\qtstv.bak1
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\hgjlm.bak1
D:\WINDOWS\system32\llkkj.bak1
D:\WINDOWS\system32\llkkj.bak2
D:\WINDOWS\system32\oqtwa.bak2
D:\WINDOWS\system32\oqtwa.ini2
D:\WINDOWS\system32\orutv.bak1
D:\WINDOWS\system32\orutv.bak2
D:\WINDOWS\system32\orutv.ini2
D:\WINDOWS\system32\qtstv.bak1
.
---- Previous Run -------
.
D:\Documents and Settings\All Users\Application Data\salesmonitor
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.
2008-04-03 00:53 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-04-03 00:31 . 2008-04-03 12:04 <REP> d-------- D:\ComboFix[1]
2008-04-02 22:20 . 2008-04-03 00:53 <REP> d-------- D:\Program Files\Navilog1
2008-04-02 19:00 . 2008-04-02 19:00 <REP> d-------- D:\VundoFix Backups
2008-04-02 18:01 . 2008-04-02 18:43 <REP> d-------- D:\Lop SD
2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- D:\Program Files\Trend Micro
2008-03-31 19:04 . 2008-03-31 19:04 <REP> d-------- D:\Program Files\Avira
2008-03-31 17:43 . 2008-03-31 17:43 45,768 --a------ D:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-03-31 17:38 . 2008-03-31 18:54 <REP> d-------- D:\Program Files\Fichiers communs\G DATA
2008-03-31 12:50 . 2008-03-31 13:09 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 20:55 . 2008-03-31 19:04 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-03-30 17:16 . 2008-03-30 17:16 0 --a------ D:\WINDOWS\system32\real.MSNFix
2008-03-30 16:09 . 2008-03-30 16:09 40 --a------ D:\WINDOWS\TSC.INI
2008-03-30 16:08 . 2008-03-30 16:08 507,904 --a------ D:\WINDOWS\TMUPDATE.DLL
2008-03-30 16:08 . 2008-03-30 16:08 286,720 --a------ D:\WINDOWS\PATCH.EXE
2008-03-30 16:08 . 2008-03-30 16:08 69,689 --a------ D:\WINDOWS\UNZIP.DLL
2008-03-30 16:02 . 2008-03-29 21:24 <REP> d-------- D:\SDFix
2008-03-28 00:34 . 2008-04-01 22:00 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-03-26 15:10 . 2008-03-26 15:10 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-26 11:41 . 2008-03-26 11:41 <REP> d-------- D:\Program Files\Messenger Plus! Live
2008-03-26 01:01 . 2008-03-26 01:01 <REP> d-------- D:\Program Files\Windows Live Favorites
2008-03-26 00:40 . 2008-03-27 10:54 <REP> d-------- D:\Program Files\Windows Live
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 08:58 --------- d-----w D:\Program Files\Wanadoo
2008-03-31 15:37 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-03-30 23:45 --------- d-----w D:\Program Files\Fichiers communs\Nettordinateur
2008-03-30 23:42 --------- d-----w D:\Program Files\Fichiers communs\DefenseDuDisque
2008-03-25 23:02 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-03-25 22:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-24 22:04 --------- d-----w D:\Program Files\eMule
2008-03-17 08:35 --------- d-----w D:\Program Files\Java
2008-03-13 00:52 --------- d-----w D:\Program Files\TuneUp Utilities 2007
2008-02-01 10:17 587,264 ----a-w D:\WINDOWS\WLXPGSS.SCR
2007-10-25 19:05 14 ----a-w D:\Documents and Settings\chris\getfile.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="D:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 19:20 77824 D:\WINDOWS\soundman.exe]
"C-Media Mixer"="Mixer.exe" [2001-11-15 20:08 1216512 D:\WINDOWS\mixer.exe]
"WOOWATCH"="D:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="D:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"Salestart(1)"="D:\Program Files\Fichiers communs\Nettordinateur\mc.exe" [ ]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"My Web Search Bar Search Scope Monitor"="D:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-31 19:09 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll]
D:\WINDOWS\system32\jkkll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll] [HKEY_LOCAL_MACHINE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
D:\WINDOWS\system32\mljgh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstq]
D:\WINDOWS\system32\vtstq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo]
D:\WINDOWS\system32\vturo.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"b0535df4"=rundll32.exe "D:\WINDOWS\system32\mvjlvanr.dll",b
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 kbfilter;Keyboard Filter Driver;D:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 15:48]
R1 moufiltr;Mouse Filter Driver;D:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 16:28]
R1 MUsbFltr;WayTechUSBFilterDriver;D:\WINDOWS\system32\drivers\MUsbFltr.sys [2005-12-21 22:32]
R1 UsbFltr;WayTechUSBFilterDriver;D:\WINDOWS\system32\drivers\UsbFltr.sys [2005-12-21 22:31]
R3 PAC207;PC Camera;D:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;D:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-02-15 15:14]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4860a1-93c9-11dc-be49-0011090900fd}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-28 17:07:00 D:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-03 09:16:00 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 12:09:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-03 12:11:00
ComboFix-quarantined-files.txt 2008-04-03 10:10:45
Pre-Run: 41,580,417,024 octets libres
Post-Run: 41,571,893,248 octets libres
.
2008-04-01 12:12:01 --- E O F ---
j ai ensuite fait une hijackthis et voila ce ke cela donne
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:50, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\MagicKey.exe
D:\PROGRA~1\Wanadoo\ComComp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\Wanadoo\Watch.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Salestart(1)] "D:\Program Files\Fichiers communs\Nettordinateur\mc.exe" dm=http://nettordinateur.com; ad=http://nettordinateur.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "D:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] D:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = D:\MulMouse.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Alice ADSL - {0BAA696E-E991-4680-B01C-2779B761972D} - https://portail.free.fr/ (file missing) (HKCU)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://portail.free.fr/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: jkkll - D:\WINDOWS\system32\jkkll.dll (file missing)
O20 - Winlogon Notify: jkkll] [HKEY_LOCAL_MACHINE - D:\WINDOWS\
O20 - Winlogon Notify: mljgh - D:\WINDOWS\system32\mljgh.dll (file missing)
O20 - Winlogon Notify: vtstq - D:\WINDOWS\system32\vtstq.dll (file missing)
O20 - Winlogon Notify: vturo - D:\WINDOWS\system32\vturo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
