Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

virus : win32:delf-hti

 

BJ22 LOGICIELS : willyplaisir
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

virus : win32:delf-hti

Prévenir les modérateurs en cas d'abus 
cvso
cvso
  1. Posté le 19/01/2008 à 09:31:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
avast m'identifie un cheval de troie mais n'arrive a rien faire avec, j'ai beau le supprimer ou le mettre en quarantaine il revient.

 voici le nom du virus : win32:delf-hti
 et il se trouve dans le chemin suivant : system32/ndtz.sys

 merci de m'indiquer la démarche a suivre pour le supprimer.

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 19/01/2008 à 12:24:29  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour,

 Télécharge ComboFix (créé par sUBs) sur ton Bureau

 Démarre en mode sans échec : http://forum.telecharger.01net [...] ges-1.html


 
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • ComboFix redémarrera ton PC
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

 NOTE : Le rapport se trouve également ici : C:\Combofix.txt

 :hello:


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
(Publicité)
caillou_x
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 21/01/2008 à 12:44:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour ! Je souffre du meme trojan ! Qui refuse de partir ! Je demande a avast de le supprimer quand il me le demande mais il reste tous de meme et avast revien pour me le dire assez souvent ! J'ai éssayer le programme Trojan Remover mais le résultat était le meme ! Voici le résultat du scan de combo fix :

 ComboFix 08-01-20.1 - espacesimo 2008-01-21 12:19:35.1 - NTFSx86 MINIMAL
 Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.273 [GMT 1:00]
 Running from: C:\Documents and Settings\espacesimo\Bureau\Com​boFix.exe

 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 C:\WINDOWS\msnimport.exe

 .
 (((((((((((((((((((((((((((((   Fichiers créés 2007-12-21 to 2008-01-21  ))))))))))))))))))))))))))))))​))))))
 .

 2008-01-21 12:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
 2008-01-21 01:47 . 2008-01-21 01:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
 2008-01-21 01:47 . 2008-01-21 01:47 1,409 --a------ C:\WINDOWS\QTFont.for
 2008-01-20 21:53 . 2008-01-20 23:11 <REP> d-------- C:\Program Files\eMule
 2008-01-20 21:31 . 2008-01-21 10:42 <REP> d-------- C:\Program Files\Trojan Remover
 2008-01-20 21:31 . 2008-01-20 21:31 <REP> d-------- C:\Documents and Settings\espacesimo\Applicatio​n Data\Simply Super Software
 2008-01-20 21:31 . 2008-01-20 21:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
 2008-01-20 21:31 . 2008-01-20 21:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
 2008-01-20 21:31 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36​.dll
 2008-01-20 21:31 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
 2008-01-20 21:31 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26​.dll
 2008-01-20 21:31 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dl​l
 2008-01-20 21:31 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet​.dll
 2008-01-20 19:29 . 2008-01-20 19:29 <REP> d-------- C:\Program Files\Sunbelt Software
 2008-01-20 19:22 . 2007-10-12 02:55 1,279,000 --a------ C:\WINDOWS\system32\drivers\LV​302V32.SYS
 2008-01-20 19:21 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.d​ll
 2008-01-20 18:43 . 2008-01-20 18:43 <REP> d-------- C:\Program Files\9 Telecom
 2008-01-16 21:18 . 2008-01-16 21:18 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-88​76480SL.exe
 2008-01-16 21:16 . 2008-01-20 19:18 <REP> d-------- C:\Program Files\Logitech
 2008-01-16 21:16 . 2008-01-20 19:20 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
 2008-01-16 21:16 . 2008-01-16 21:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
 2008-01-16 11:43 . 2008-01-16 11:43 360,580 --a------ C:\WINDOWS\eSellerateEngine.dl​l
 2008-01-16 11:43 . 2008-01-16 11:43 108,336 --a------ C:\WINDOWS\MSWINSCK.ocx
 2008-01-16 11:42 . 2008-01-16 11:42 <REP> d-------- C:\Program Files\MSN Content Plus Inc
 2008-01-15 23:52 . 2003-04-23 14:59 28,672 --a------ C:\WINDOWS\SetDSL.exe
 2008-01-15 23:52 . 2008-01-15 23:52 19 --a------ C:\WINDOWS\system32\drivers\ad​idsl.cfg
 2008-01-15 23:11 . 2003-07-08 15:34 20,480 --a------ C:\WINDOWS\Setup350.exe
 2008-01-15 23:11 . 2008-01-15 23:11 126 --a------ C:\WINDOWS\Setup350.ini
 2008-01-15 17:30 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
 2008-01-15 11:31 . 2002-01-22 21:01 106,496 --------- C:\WINDOWS\system32\gspnDll.dl​l
 2008-01-15 11:31 . 2002-01-22 21:01 102,400 --------- C:\WINDOWS\system32\instDll.dl​l
 2008-01-14 10:49 . 2008-01-16 00:06 5,728 --a------ C:\WINDOWS\SetDSL.ini
 2008-01-13 09:02 . 2008-01-16 00:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\third lies itch ford
 2008-01-08 21:23 . 2008-01-08 21:37 <REP> d-------- C:\Program Files\Red Storm Entertainment
 2007-12-31 13:58 . 2007-12-31 13:58 671 --a------ C:\Documents and Settings\espacesimo\Applicatio​n Data\waver_2.95.dat
 2007-12-31 13:55 . 2007-12-31 13:55 4 --a------ C:\WINDOWS\system32\qwolt.pdg
 2007-12-26 13:49 . 2007-12-26 13:49 4,096 --a------ C:\WINDOWS\d3dx.dat
 2007-12-26 13:48 . 2007-12-26 13:48 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dl​l
 2007-12-26 13:48 . 2007-12-26 13:48 17,212 --a------ C:\WINDOWS\system32\SIntf32.dl​l
 2007-12-26 13:48 . 2007-12-26 13:48 12,067 --a------ C:\WINDOWS\system32\SIntf16.dl​l
 2007-12-26 13:41 . 2007-12-26 13:49 <REP> d-------- C:\Program Files\Hitchcock
 2007-12-25 23:22 . 2007-12-25 23:22 <REP> d-------- C:\Program Files\JeffProd

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2008-01-21 09:42 --------- d-----w C:\Documents and Settings\espacesimo\Applicatio​n Data\OpenOffice.org2
 2008-01-20 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
 2008-01-20 18:22 --------- d-----w C:\Program Files\Fichiers communs\logishrd
 2008-01-20 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
 2008-01-20 17:44 44,500 ----a-w C:\WINDOWS\system32\drivers\rt​bldep4.bnm
 2008-01-20 17:44 44,500 ----a-w C:\WINDOWS\system32\drivers\rt​bld4.bnm
 2008-01-20 17:44 261,962 ----a-w C:\WINDOWS\system32\drivers\rt​bldep3.bnm
 2008-01-20 17:44 261,962 ----a-w C:\WINDOWS\system32\drivers\rt​bld3.bnm
 2008-01-20 17:44 261,956 ----a-w C:\WINDOWS\system32\drivers\rt​bldep0.bnm
 2008-01-20 17:44 261,956 ----a-w C:\WINDOWS\system32\drivers\rt​bld0.bnm
 2008-01-20 17:44 261,896 ----a-w C:\WINDOWS\system32\drivers\rt​bldep2.bnm
 2008-01-20 17:44 261,896 ----a-w C:\WINDOWS\system32\drivers\rt​bld2.bnm
 2008-01-20 17:44 261,894 ----a-w C:\WINDOWS\system32\drivers\rt​bldep1.bnm
 2008-01-20 17:44 261,894 ----a-w C:\WINDOWS\system32\drivers\rt​bld1.bnm
 2008-01-20 17:44 244 ----a-w C:\WINDOWS\system32\drivers\cm​vep.txt
 2008-01-20 17:44 244 ----a-w C:\WINDOWS\system32\drivers\cm​v.txt
 2008-01-20 17:44 122,073 ----a-w C:\WINDOWS\system32\drivers\ad​iusbaw.sys
 2008-01-20 17:43 --------- d-----w C:\Program Files\ADSLUSB_XPUpdate
 2008-01-17 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
 2008-01-16 10:43 --------- d-----w C:\Program Files\MSN Messenger
 2008-01-15 10:24 155,995 ----a-w C:\WINDOWS\java\Packages\AS4WZ​9VT.ZIP
 2008-01-07 13:07 --------- d-----w C:\Documents and Settings\espacesimo\Applicatio​n Data\dvdcss
 2008-01-07 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
 2007-12-18 13:33 --------- d-----w C:\Program Files\DivX
 2007-12-13 11:56 32,768 ----a-w C:\WINDOWS\system32\routing.ex​e
 2007-12-13 11:55 45,056 ----a-w C:\WINDOWS\system32\Indt2.sys
 2007-12-13 11:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
 2007-12-12 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
 2007-12-12 19:37 --------- d-----w C:\Documents and Settings\espacesimo\Applicatio​n Data\Droppix
 2007-12-12 19:25 --------- d-----w C:\Program Files\BitComet
 2007-12-12 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
 2007-12-12 17:56 --------- d-----w C:\Documents and Settings\espacesimo\Applicatio​n Data\Nero
 2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
 2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.d​ll
 2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dl​l
 2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dl​l
 2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.​dll
 2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.​dll
 2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
 2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.​dll
 2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
 2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.d​ll
 2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
 2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.d​ll
 2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
 2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
 2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
 2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
 2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecV​ersionChecker.exe
 2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExt​Type.dll
 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\as​wmon.sys
 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\as​wmon2.sys
 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\as​wRdr.sys
 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\as​wTdi.sys
 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aa​vmker4.sys
 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.ex​e
 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.sc​r
 2007-11-29 16:50 --------- d-----w C:\Program Files\Alwil Software
 2007-11-29 16:42 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
 2005-01-12 03:32 794,624 ----a-w C:\WINDOWS\inf\OTHER\audio3d.d​ll
 .

 ((((((((((((((((((((((((((((((​(((   Point de chargement Reg   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .
 .
 REGEDIT4
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\ctfmon.exe" [2004-08-19 16:09 15360]
 "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
 "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
 "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe" [2008-01-16 21:18 36864]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_03\bin\jus​ched.exe" [2007-09-25 01:11 132496]
 "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.EXE]
 "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.​exe" [2006-05-10 12:12 90112]
 "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe" [2007-07-27 12:32 185784]
 "C-Media Mixer"="Mixer.exe" [2005-01-12 04:32 1216512 C:\WINDOWS\mixer.exe]
 "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-03 10:45 98304]
 "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
 "avast!"="C:\PROGRA~1\ALWILS~1​\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
 "LogitechCommunicationsManager​"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe" [2007-10-25 16:33 563984]
 "LogitechQuickCamRibbon"="C:\P​rogram Files\Logitech\QuickCam\Quickc​am.exe" [2007-10-25 16:37 2178832]
 "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-01-03 17:11 737872]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\RunOnce]
 "nltide_2"="regsvr32 /s /n /i:U shell32" []
 "nltide_3"="advpack.dll" [2007-10-11 00:49 124928 C:\WINDOWS\system32\advpack.dll]
 "WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2007-10-12 03:03 439568]

 C:\Documents and Settings\espacesimo\Menu D‚marrer\Programmes\D‚marrage\
 OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 18:54:56 393216]

 C:\Documents and Settings\espacesimo\Menu D‚marrer\Programmes\D‚marrage\
 OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 18:54:56 393216]

 C:\Documents and Settings\espacesimo\Menu D‚marrer\Programmes\D‚marrage\
 OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 18:54:56 393216]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\system]
 "DisableCAD"= 0 (0x0)

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\windows]
 "AppInit_DLLs"=sockspy.dll

 R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\dri​vers\RTSTOR.SYS [2007-05-08 23:22]
 S2 perfmons;perfmons Service;C:\WINDOWS\system32\pe​rfs.exe [2001-08-28 12:00]
 S2 Routing;Routing Service;C:\WINDOWS\system32\ro​uting.exe [2007-12-13 12:56]
 S3 C-Dilla;C-Dilla;C:\WINDOWS\sys​tem32\drivers\CDANT.SYS [2003-04-01 09:23]

 *Newly Created Service* - ADILOADER
 .
 Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
 "2007-12-26 15:29:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1185292540.job"
 - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
 "2008-01-18 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
 - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
 .
 ******************************​******************************​**************

 catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-01-21 12:22:55
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************
 .
 Completion time: 2008-01-21 12:23:46
 ComboFix-quarantined-files.txt  2008-01-21 11:23:45
 .
 2008-01-15 16:30:32 --- E O F ---  


 Voila ! Merci de m'indiquer votre avis sur tous ca ! Car moi rien comprendre du tous  :ouch:

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 21/01/2008 à 12:58:09  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour,

 Télécharge HijackThis

 Tuto réalisé par Bruce Lee : http://cybersecurite.xooit.com [...] -2-0-2.htm

 Clique alors sur "Do a system scan and save a logfile"
 Le scan se fait très rapidement, puis un bloc-note apparaît
 (le "logfile" )
 Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
 le texte est alors séléctionné, retourne dans "Edition" toujours
 en laissant le texte séléctionné, et clique sur copier.
 Colle le contenu ici dans ta prochaine réponse !

 :hello:


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
caillou_x
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 21/01/2008 à 13:14:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Merci pour ces indications très précise  :D Mais ca ca va j'arrive a installer un logiciel et faire du copier coller  :jap:  Mais merci ! Voici ce que me donne le résultat HijackThis :

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 13:13, on 2008-01-21
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 C:\WINDOWS\system32\DRIVERS\CD​ANTSRV.EXE
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\WINDOWS\system32\perfs.exe
 C:\WINDOWS\system32\routing.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe
 C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe
 C:\WINDOWS\Mixer.exe
 C:\Program Files\QuickTime\qttask.exe
 C:\Program Files\Winamp\winampa.exe
 C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe
 C:\Program Files\Logitech\QuickCam\Quickc​am.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\DAEMON Tools\daemon.exe
 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 C:\Program Files\9 Telecom\modem ADSL USB Comtrend CT-350\dslmon.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
 C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
 C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIMa​nager.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
 C:\Program Files\MSN Messenger\usnsvc.exe
 C:\Program Files\MSN Messenger\msnmsgr.exe
 C:\Program Files\MSN Messenger\msnmsgr.exe
 C:\Program Files\MSN Messenger\livecall.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.9online.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - (no file)
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79B​FDFEA60} - C:\Program Files\BitComet\tools\BitCometB​HO_1.1.11.30.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d​43a9E8C} - LineAudio.dll (file missing)
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.​exe"
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe"  -osboot
 O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe"
 O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickc​am.exe" /hide
 O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
 O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
 O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'SYSTEM')
 O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'Default user')
 O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
 O4 - Global Startup: DSLMON.lnk = ?
 O4 - Global Startup: hp psc 1000 series.lnk = ?
 O4 - Global Startup: hpoddt01.exe.lnk = ?
 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMC​onf.exe
 O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/Ad​dLink.htm
 O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/Ad​dVideo.htm
 O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/Ad​dAllLink.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3D​C1AF43A} - res://C:\Program Files\BitComet\tools\BitCometB​HO_1.1.11.30.dll/206 (file missing)
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} (Shockwave Flash Object) - http://fpdownload2.macromedia. [...] wflash.cab
 O17 - HKLM\System\CCS\Services\Tcpip​\..\{1BE848E6-4ED5-4A18-A95F-2​9E1FEB89F62}: NameServer = 84.103.237.148 86.64.145.148
 O17 - HKLM\System\CS1\Services\Tcpip​\..\{1BE848E6-4ED5-4A18-A95F-2​9E1FEB89F62}: NameServer = 84.103.237.148 86.64.145.148
 O18 - Protocol: bw+0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw+0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw-0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw-0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw00 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw00s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw10 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw10s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw20 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw20s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw30 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw30s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw40 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw40s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw50 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw50s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw60 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw60s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw70 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw70s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw80 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw80s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw90 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw90s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwa0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwa0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwb0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwb0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwc0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwc0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwd0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwd0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwe0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwe0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwf0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwf0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9​B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPl​ugProtocol-8876480.dll
 O18 - Protocol: bwg0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwg0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwh0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwh0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwi0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwi0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwj0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwj0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwk0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwk0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwl0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwl0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwm0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwm0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwn0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwn0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwo0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwo0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwp0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwp0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwq0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwq0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwr0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwr0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bws0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bws0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwt0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwt0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwu0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwu0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwv0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwv0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bww0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bww0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwx0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwx0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwy0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwy0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwz0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwz0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: offline-8876480 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CD​ANTSRV.EXE
 O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLn​ch.exe
 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e​xe
 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.ex​e

 --
 End of file - 20918 bytes

(Publicité)
  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 21/01/2008 à 16:33:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
 Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php

 Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
 
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
Déroule la liste des instructions ci-dessous :
 
  • Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier  SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
N.B.:
 - Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
 - Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

 :hello:


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
caillou_x
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 23/01/2008 à 12:09:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 SDFix: Version 1.130

 Run by espacesimo on 2008-01-23 at 11:53

 Microsoft Windows XP [version 5.1.2600]

 Running From: C:\SDFix

 Safe Mode:
 Checking Services:


 Restoring Windows Registry Values
 Restoring Windows Default Hosts File

 Rebooting...


 Normal Mode:
 Checking Files:

 Trojan Files Found:

 C:\WINDOWS\system32\comsa32.sy​s  - Deleted
 C:\WINDOWS\system32\perfs.txt  - Deleted





 Removing Temp Files...

 ADS Check:

 C:\WINDOWS
 No streams found.

 C:\WINDOWS\system32
 No streams found.

 C:\WINDOWS\system32\svchost.ex​e
 No streams found.
 
 C:\WINDOWS\system32\ntoskrnl.e​xe
 No streams found.

Final Check:

 catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-01-23 11:59:56
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden processes ...

 scanning hidden services & system hive ...

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\sptd\Cf​g]
 "s1"=dword:2df9c43f
 "s2"=dword:110480d0
 "h0"=dword:00000002

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\sptd\Cf​g\0D79C293C1ED61418462E24595C9​0D04]
 "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
 "h0"=dword:00000001
 "ujdew"=hex:43,04,ec,68,e4,c5,​98,a6,ce,f3,2e,cc,4f,a6,f6,b1,​d6,f1,c8,d2,68,..

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\sptd\Cf​g\19659239224E364682FA4BAF72C5​3EA4]
 "p0"="C:\Program Files\DAEMON Tools\"
 "h0"=dword:00000000
 "khjeh"=hex:23,3f,a2,49,0e,49,​ae,7b,f1,47,fa,17,49,3b,4f,9d,​f2,ab,34,02,7b,..

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\sptd\Cf​g\19659239224E364682FA4BAF72C5​3EA4\00000001]
 "a0"=hex:20,01,00,00,95,21,40,​1c,e2,c4,9d,17,1d,7b,04,9a,33,​7e,21,77,6b,..
 "khjeh"=hex:54,be,a0,2a,8f,22,​ff,8c,24,c5,74,b8,14,3d,84,af,​58,de,2f,78,8e,..

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\sptd\Cf​g\19659239224E364682FA4BAF72C5​3EA4\00000001\0Jf40]
 "khjeh"=hex:bf,f5,30,ba,d8,00,​a0,08,14,a5,64,06,1c,3c,55,08,​9c,2d,5f,01,92,..
 [HKEY_LOCAL_MACHINE\SYSTEM\Cont​rolSet002\Services\sptd\Cfg\0D​79C293C1ED61418462E24595C90D04​]
 "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
 "h0"=dword:00000001
 "ujdew"=hex:43,04,ec,68,e4,c5,​98,a6,ce,f3,2e,cc,4f,a6,f6,b1,​d6,f1,c8,d2,68,..
 [HKEY_LOCAL_MACHINE\SYSTEM\Cont​rolSet002\Services\sptd\Cfg\19​659239224E364682FA4BAF72C53EA4​]
 "p0"="C:\Program Files\DAEMON Tools\"
 "h0"=dword:00000000
 "khjeh"=hex:23,3f,a2,49,0e,49,​ae,7b,f1,47,fa,17,49,3b,4f,9d,​f2,ab,34,02,7b,..

 [HKEY_LOCAL_MACHINE\SYSTEM\Cont​rolSet002\Services\sptd\Cfg\19​659239224E364682FA4BAF72C53EA4​\00000001]
 "a0"=hex:20,01,00,00,95,21,40,​1c,e2,c4,9d,17,1d,7b,04,9a,33,​7e,21,77,6b,..
 "khjeh"=hex:54,be,a0,2a,8f,22,​ff,8c,24,c5,74,b8,14,3d,84,af,​58,de,2f,78,8e,..

 [HKEY_LOCAL_MACHINE\SYSTEM\Cont​rolSet002\Services\sptd\Cfg\19​659239224E364682FA4BAF72C53EA4​\00000001\0Jf40]
 "khjeh"=hex:bf,f5,30,ba,d8,00,​a0,08,14,a5,64,06,1c,3c,55,08,​9c,2d,5f,01,92,..

 scanning hidden registry entries ...

 scanning hidden files ...


 scan completed successfully
 hidden processes: 0
 hidden services: 0
 hidden files: 1


 Remaining Services:
 ------------------



 Authorized Application Key Export:

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\standardprofile\authorizedap​plications\list]
 "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\L​ogitechDesktopMessenger.exe"="​C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\L​ogitechDesktopMessenger.exe:*:​Enabled:Logitech Desktop Messenger"
 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\P​rogram Files\\MSN Messenger\\msnmsgr.exe:*:Enabl​ed:Messenger"
 "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\​Program Files\\MSN Messenger\\livecall.exe:*:Enab​led:Windows Live Call"
 "C:\\Program Files\\BitComet\\BitComet.exe"​="C:\\Program Files\\BitComet\\BitComet.exe:​*:Enabled:BitComet - a BitTorrent Client"
 "C:\\Program Files\\eMule\\emule.exe"="C:\\​Program Files\\eMule\\emule.exe:*:Enab​led:eMule"

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\domainprofile\authorizedappl​ications\list]

 Remaining Files:
 ---------------

 File Backups: - C:\SDFix\backups\backups.zip

 Files with Hidden Attributes:

 Tue 23 Oct 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
 Thu 13 Dec 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 Finished!


 Merci de t'occuper de moi !

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 23/01/2008 à 13:28:05  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour, post un nouveau rapport hijackthis ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
(Publicité)
caillou_x
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 23/01/2008 à 15:19:53  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 15:19, on 2008-01-23
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 C:\WINDOWS\system32\DRIVERS\CD​ANTSRV.EXE
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\WINDOWS\system32\perfs.exe
 C:\WINDOWS\system32\routing.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe
 C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe
 C:\WINDOWS\Mixer.exe
 C:\Program Files\QuickTime\qttask.exe
 C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe
 C:\Program Files\Logitech\QuickCam\Quickc​am.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\DAEMON Tools\daemon.exe
 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 C:\Program Files\9 Telecom\modem ADSL USB Comtrend CT-350\dslmon.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
 C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
 C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
 C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIMa​nager.exe
 C:\Program Files\MSN Messenger\msnmsgr.exe
 C:\Program Files\MSN Messenger\usnsvc.exe
 C:\Program Files\MSN Messenger\msnmsgr.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.9online.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - (no file)
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79B​FDFEA60} - C:\Program Files\BitComet\tools\BitCometB​HO_1.1.11.30.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d​43a9E8C} - LineAudio.dll (file missing)
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.​exe"
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsch​ed.exe"  -osboot
 O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe"
 O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickc​am.exe" /hide
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
 O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
 O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'SYSTEM')
 O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'Default user')
 O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
 O4 - Global Startup: DSLMON.lnk = ?
 O4 - Global Startup: hp psc 1000 series.lnk = ?
 O4 - Global Startup: hpoddt01.exe.lnk = ?
 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMC​onf.exe
 O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/Ad​dLink.htm
 O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/Ad​dVideo.htm
 O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/Ad​dAllLink.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3D​C1AF43A} - res://C:\Program Files\BitComet\tools\BitCometB​HO_1.1.11.30.dll/206 (file missing)
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} (Shockwave Flash Object) - http://fpdownload2.macromedia. [...] wflash.cab
 O17 - HKLM\System\CCS\Services\Tcpip​\..\{1BE848E6-4ED5-4A18-A95F-2​9E1FEB89F62}: NameServer = 86.64.145.146 84.103.237.146
 O17 - HKLM\System\CS1\Services\Tcpip​\..\{1BE848E6-4ED5-4A18-A95F-2​9E1FEB89F62}: NameServer = 86.64.145.146 84.103.237.146
 O18 - Protocol: bw+0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw+0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw-0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw-0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw00 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw00s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw10 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw10s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw20 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw20s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw30 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw30s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw40 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw40s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw50 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw50s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw60 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw60s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw70 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw70s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw80 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw80s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw90 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bw90s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwa0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwa0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwb0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwb0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwc0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwc0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwd0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwd0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwe0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwe0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwf0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwf0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9​B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPl​ugProtocol-8876480.dll
 O18 - Protocol: bwg0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwg0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwh0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwh0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwi0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwi0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwj0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwj0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwk0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwk0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwl0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwl0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwm0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwm0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwn0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwn0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwo0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwo0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwp0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwp0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwq0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwq0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwr0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwr0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bws0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bws0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwt0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwt0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwu0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwu0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwv0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwv0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bww0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bww0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwx0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwx0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwy0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwy0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwz0 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: bwz0s - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O18 - Protocol: offline-8876480 - {75BF245D-965E-4FE4-82AE-E9889​C418BCC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPl​ugProtocol-8876480.dll
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CD​ANTSRV.EXE
 O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLn​ch.exe
 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e​xe
 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.ex​e

 --
 End of file - 20686 bytes

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 23/01/2008 à 16:32:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re, :)

 1/ télécharge Caillou_X.bat sur ton bureau

 lance le en double cliquant dessus puis ferme la fenetre noire quand cela t'est demandé !

 2/ Télécharge ComboFix (créé par sUBs) sur ton Bureau

 Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

 



File::
 C:\WINDOWS\system32\perfs.exe
 C:\WINDOWS\system32\routing.ex​e





 -Enregistre ce fichier dans: Bureau
 -Nom du fichier : CFScript
 -Type du fichier : tous les fichiers
 -clique sur Enregistrer
 -quitte le Bloc Notes


 

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 http://img.photobucket.com/alb​ums/v666/sUBs/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.

* Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 bonne fin d'aprèm :hello:


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
 Page :
1

Aller à :
 

Sujets relatifs
virus num Contamination au Virus msn
Aide virus : Troj/zlob-ut et Mal/Iframe-F [resolu] Win32 Small ikz besoin d'aide svp [resolu]
le virus "tu es nue" encore le virus msn
virus de pub et msn virus
pc virus une solution? virus par msn
Plus de sujets relatifs à : virus : win32:delf-hti

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
virus num 3
page internet qui s ouvre toute seul 3
Contamination au Virus msn 1
Aide virus : Troj/zlob-ut et Mal/Iframe-F 29
Aide Infection VBS: Malware-gen [résolu] 22