Zone alarm n'aime pas aurora et mnpol

bigbang -  
 Utilisateur anonyme -
Bonjour tout le monde !

Je viens ici car j'ai installer zone alarm il y a environ 3 semaine et j'ai souvent une fenetre qui s'ouvre pour me dire que Aurora ou mnpol.exe veulent acceder a internet. Au début, j'accepter mais j'ai trouvé leur nom bizarre donc maintenant, je les refuse. Ca change absolument rien donc je me demande ce que c'est.

Voici quelques infos tiré de zone alarm

Aurora :

Nom du produit Buddy Window
Nom du fichier C:\WINDOWS\vkaaaqltxu.exe
Dernière mise à jour de la stratégie Aucune
Version 1.0.2.8
Date de dernière modification 04/08/2004 18:04:48
Taille du fichier 77 KB

Mnpol.exe :

Nom du produit
Nom du fichier C:\WINDOWS\system32\mnpol.exe
Dernière mise à jour de la stratégie Aucune
Version 3, 0, 0, 23
Date de dernière modification 22/07/2005 13:53:56
Taille du fichier 89 KB

En regardant le control des programme de mon cher firewall, j'ai aussi remarquer quelques trucs avec un nom bizarre. Est-ce que "jdcweiq.exe" ou bien "jikzsj" vous dit quelque chose ? Vousaurez compris que les noms imprononcable ou les programme qui veulent tout le temps acceder a internet m'inquiète un peu...

Je precise que je lance regulierement des analyses ad-aware, spybot et a². Mon antivirus est norton 2005.

Merci de votre aide ^^
Configuration: Windows XP SP2
Athlon XP 2400+

18 réponses

  1. Utilisateur anonyme
     
    salut
    alors surrement spywares; trojans...

    On verifie pour nettoyer?

    télécharge HijackThis ici:
    http://www.hijackthis.de/downloads/hijackthis_199.zip

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (merci à balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
  2. bigbang
     
    Ce que je craingnais ! J'aime pas hijack, c'est trop compliqué ^^.

    En tout cas, merci de t'interresser a mon problème !

    Je sais pas si c'esr normal mais j'ai un message d'erreur quand je lance hijack :
    HijackThis appears to have been started from a temporary folder. Since temp folder tend to be be emptied regulary it's wise to copy Hijackthis.exe to a folder of its own, for instance c:\Program files\HijackThis.
    This way any backups that will be made of fixed items won't be lost.
    Please quit HijackThis and copy it to a separate folder before fixing any item.

    Il me demande de le mettre dans program files d'après ce que j'ai compris.

    Voici le log !

    Logfile of HijackThis v1.99.1
    Scan saved at 00:01:11, on 25/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\system32\jikzsj.exe
    C:\PROGRA~1\Chic does bat\error cake.exe
    C:\windows\system32\mnpol.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\HDD Temperature\HDDTSvc.exe
    C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    C:\Program Files\Windows ControlAd\WinCtlAd.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HDD Temperature\HDDTemperature.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\advmon32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    F3 - REG:win.ini: run=c:\windows\system32\advmon32.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: TChkBHO Class - {90519EBE-C004-4226-B146-DCF595375AD5} - C:\WINDOWS\system32\thblkm.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BibBurn] C:\PROGRA~1\Chic does bat\error cake.exe
    O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [bedksmr] C:\WINDOWS\system32\jikzsj.exe r
    O4 - HKLM\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
    O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443FR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
    O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1028_XP.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.tf1.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.tf1.fr/activex/zylomloader.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?325
    O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{464160B6-D397-48A0-A218-A38ED7FE6FA1}: NameServer = 212.151.137.166 130.244.127.161
    O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    J'éspère que c'est pas trop grave !
    0
  3. bigbang13 Messages postés 109 Statut Membre 65
     
    Ouch !

    Je viens de faire une analyse kapersky en ligne et j'ai 37 virus et 232 objets inféctés !

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Sunday, September 25, 2005 10:21:12
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 25/09/2005
    Kaspersky Anti-Virus database records: 141987
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 95384
    Number of viruses found: 37
    Number of infected objects: 232
    Number of suspicious objects: 13
    Duration of the scan process: 7053 sec

    Infected Object Name - Virus Name
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz19.zip/polall1r.exe Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz19.zip Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz2.zip/ofnnwr.exe Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz2.zip Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz22.zip/polall1r.exe Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz22.zip Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz25.zip/polall1r.exe Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz25.zip Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz34.zip/ofnnwr.exe Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz34.zip Suspicious: Password-protected-EXE
    C:\Program Files\Chic does bat\error cake.exe Infected: Trojan-Downloader.Win32.Swizzor.ct
    C:\Program Files\eMule\Incoming\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip/All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.ace/All Microsoft Software Keygen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron.non Infected: Backdoor.Win32.Bionet.405
    C:\Program Files\eMule\Incoming\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip/All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.ace Infected: Backdoor.Win32.Bionet.405
    C:\Program Files\eMule\Incoming\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip Infected: Backdoor.Win32.Bionet.405
    C:\Program Files\Norton AntiVirus\Quarantine\063D6089.exe Infected: Backdoor.Win32.SdBot.gen
    C:\Program Files\Norton AntiVirus\Quarantine\0668025B.exe Infected: Backdoor.Win32.SdBot.gen
    C:\Program Files\Norton AntiVirus\Quarantine\06901A71.EXE Infected: IM-Flooder.Win32.Lipun.a
    C:\Program Files\Norton AntiVirus\Quarantine\07EC17DB.htm Suspicious: Exploit.HTML.Mht
    C:\Program Files\Norton AntiVirus\Quarantine\13A35D43.exe Infected: Virus.Win32.Parite.b
    C:\Program Files\Norton AntiVirus\Quarantine\15E1013B.exe Infected: Backdoor.Win32.Blarul.a
    C:\Program Files\Norton AntiVirus\Quarantine\165607F4.dat Infected: P2P-Worm.Win32.SdDrop.c
    C:\Program Files\Norton AntiVirus\Quarantine\18090841.dll Infected: Trojan-Downloader.Win32.Wintrim.ai
    C:\Program Files\Norton AntiVirus\Quarantine\1E293D7E.com Infected: EICAR-Test-File
    C:\Program Files\Norton AntiVirus\Quarantine\1E3A0F6C.txt Infected: EICAR-Test-File
    C:\Program Files\Norton AntiVirus\Quarantine\22BF6AD4.EXE Infected: Email-Flooder.Win32.QuickFyre
    C:\Program Files\Norton AntiVirus\Quarantine\25D27859 Infected: Trojan-Downloader.Win32.Small.en
    C:\Program Files\Norton AntiVirus\Quarantine\283B70CB.EXE Infected: Email-Flooder.Win32.QuickFyre
    C:\Program Files\Norton AntiVirus\Quarantine\289335CB.dat Infected: Virus.Win32.HLLP.Hantaner.a
    C:\Program Files\Norton AntiVirus\Quarantine\28EC4C09 Infected: Email-Flooder.Win32.QuickFyre
    C:\Program Files\Norton AntiVirus\Quarantine\2F1F4525 Infected: Virus.Win9x.CIH.dam
    C:\Program Files\Norton AntiVirus\Quarantine\321A73A8.EXE Infected: Email-Flooder.Win32.QuickFyre
    C:\Program Files\Norton AntiVirus\Quarantine\357869B5.dat Infected: P2P-Worm.Win32.Tanked.14
    C:\Program Files\Norton AntiVirus\Quarantine\362C6EF0.dat Infected: P2P-Worm.Win32.Tanked.11
    C:\Program Files\Norton AntiVirus\Quarantine\41781A78.cab/spike.exe Infected: Trojan.Win32.Agent.cb
    C:\Program Files\Norton AntiVirus\Quarantine\41781A78.cab Infected: Trojan.Win32.Agent.cb
    C:\Program Files\Norton AntiVirus\Quarantine\471D478A.dat Infected: P2P-Worm.Win32.Specx.b
    C:\Program Files\Norton AntiVirus\Quarantine\4D344869 Infected: Trojan.JS.ExitW.b
    C:\Program Files\Norton AntiVirus\Quarantine\4D6C122C Infected: Email-Flooder.Win32.XMas.40
    C:\Program Files\Norton AntiVirus\Quarantine\4FDF0F7A Infected: Email-Flooder.Win32.Aenima.20
    C:\Program Files\Norton AntiVirus\Quarantine\52D84634.HTM Infected: Trojan.JS.ExitW.b
    C:\Program Files\Norton AntiVirus\Quarantine\5A2D726A Infected: Email-Flooder.Win32.QuickFyre
    C:\Program Files\Norton AntiVirus\Quarantine\5B660F71.htm Suspicious: Exploit.HTML.Mht
    C:\Program Files\Norton AntiVirus\Quarantine\5DC65C79.part Infected: P2P-Worm.Win32.Tibick.d
    C:\Program Files\Norton AntiVirus\Quarantine\5EA35981.EXE Infected: Email-Flooder.Win32.QuickFyre
    C:\Program Files\Norton AntiVirus\Quarantine\62616873.dll Infected: Trojan-Downloader.Win32.Wintrim.ai
    C:\Program Files\Norton AntiVirus\Quarantine\662924F1 Infected: Trojan.JS.ExitW.b
    C:\Program Files\Norton AntiVirus\Quarantine\664374D4 Infected: Email-Flooder.Win32.XMas.40
    C:\Program Files\Norton AntiVirus\Quarantine\6EBA53D1.htm Suspicious: Exploit.HTML.Mht
    C:\Program Files\Norton AntiVirus\Quarantine\72AA2AFD.dat Infected: P2P-Worm.Win32.SdDrop.c
    C:\Program Files\Norton AntiVirus\Quarantine\73D960C7.dat Infected: Email-Worm.Win32.Kindal
    C:\Program Files\Norton AntiVirus\Quarantine\75AC6F85.exe Infected: Backdoor.Win32.Blarul.a
    C:\Program Files\Norton AntiVirus\Quarantine\77B50AD3.dat Infected: P2P-Worm.Win32.Tanked.14
    C:\Program Files\Norton AntiVirus\Quarantine\78F7300E.dat Infected: Virus.Win32.HLLP.Hantaner.a
    C:\Program Files\Norton AntiVirus\Quarantine\796D178C.dat Infected: Virus.Win32.HLLP.Hantaner.a
    C:\Program Files\Norton AntiVirus\Quarantine\7BA81741.cab/alchem.exe Infected: Trojan-Downloader.Win32.Alchemic
    C:\Program Files\Norton AntiVirus\Quarantine\7BA81741.cab Infected: Trojan-Downloader.Win32.Alchemic
    C:\Program Files\Norton AntiVirus\Quarantine\7BAE6B3A.dll Infected: Trojan.Win32.P2E.l
    C:\Program Files\Norton AntiVirus\Quarantine\7BB21537.exe Infected: Trojan-Downloader.Win32.Stubby.d
    C:\Program Files\Norton AntiVirus\Quarantine\7C244265.dll Infected: Trojan-Downloader.Win32.Dyfuca.cu
    C:\Program Files\Norton AntiVirus\Quarantine\7C2A165E.exe Infected: Trojan-Downloader.Win32.Stubby.d
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP656\A0192523.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP656\A0193521.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP660\A0193784.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP663\A0194839.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP666\A0195263.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP667\A0196403.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP667\A0196404.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP669\A0203447.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP671\A0203537.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP674\A0203995.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP674\A0204010.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP675\A0205038.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP677\A0205164.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP679\A0205586.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP681\A0206733.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP684\A0206839.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP685\A0206881.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP685\A0206882.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP687\A0206951.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP690\A0207143.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP694\A0208708.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP695\A0208746.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP700\A0208976.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP700\A0209007.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP701\A0209018.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP702\A0209100.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP704\A0209274.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP706\A0209318.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP707\A0209399.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP708\A0209524.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP710\A0209641.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP714\A0209881.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP715\A0209935.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP716\A0209963.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP718\A0210088.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP720\A0210146.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP722\A0210241.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP722\A0210242.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0211606.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214603.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214612.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214621.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214622.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214631.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214632.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP724\A0215095.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP724\A0215101.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP725\A0215109.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP725\A0215116.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP725\A0215536.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215581.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215597.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215603.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215720.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215724.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216102.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216123.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216128.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216136.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP730\A0216209.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP730\A0216210.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP731\A0216254.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP731\A0216260.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP732\A0216279.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP732\A0216280.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP732\A0216309.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216339.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216357.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216358.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216374.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP734\A0216430.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP734\A0216436.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0216532.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217202.exe Infected: Trojan.Win32.Stervis.f
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217203.dll Infected: Trojan.Win32.Agent.db
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217220.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217307.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217346.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217347.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217356.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217357.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217368.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217584.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217593.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP738\A0217615.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP738\A0217621.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP738\A0217636.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP739\A0218636.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP741\A0219025.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP742\A0219125.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP742\A0219136.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP743\A0219168.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP744\A0219185.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP745\A0219211.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP746\A0219225.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP746\A0220225.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP746\A0220239.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP747\A0220250.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP748\A0220366.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220379.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220388.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220432.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220446.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220447.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220466.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP750\A0220476.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP750\A0220482.exe Infected: Trojan.Win32.Agent.ay
    C:\WINDOWS\svcproc.exe Infected: Trojan.Win32.Stervis.g
    C:\WINDOWS\system32\advmon32.exe Infected: Trojan-Downloader.Win32.Crypt
    C:\WINDOWS\system32\bbtogrcz.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\bhpzwqpq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\bojduxyg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\bsadlbca.exe Infected: Trojan-Downloader.Win32.Dluca.ag
    C:\WINDOWS\system32\ccrvcglj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\ctcursyf.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\cwktfyon.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\depvzgb.exe Infected: Trojan.Win32.Agent.ay
    C:\WINDOWS\system32\dhwpehoh.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\dkktzfpy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\dlotjfac.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\dondehdq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\DrPMon.dll Infected: Trojan.Win32.Agent.ic
    C:\WINDOWS\system32\dsjzngni.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\ehbkthek.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\fogcbgay.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\fzlouclo.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\fzqicwdz.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\gktffmhb.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\hdjuqueb.exe Infected: Trojan-Downloader.Win32.Dluca.ae
    C:\WINDOWS\system32\hgjlurfg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\imrxeegd.exe Infected: Trojan-Downloader.Win32.Dluca.ag
    C:\WINDOWS\system32\inkamknt.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\iwgkvlev.exe Infected: Trojan-Downloader.Win32.Dluca.ag
    C:\WINDOWS\system32\jdvmddiy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\jekrdygl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\jznehxfn.exe Infected: Trojan-Downloader.Win32.Dluca.ag
    C:\WINDOWS\system32\kcxpmjou.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\kvocozoc.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\lcizhlgs.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\lgbjibrs.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\lktafwvj.exe Infected: Trojan-Downloader.Win32.Dluca.ag
    C:\WINDOWS\system32\lzjekiqf.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\lzysltbx.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\momyzolp.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\ngljgatd.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\nhhmyxgz.exe Infected: Trojan-Downloader.Win32.Dluca.ag
    C:\WINDOWS\system32\npegzosr.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\nzphchvc.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\pbvtyxuk.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\pkrrxbdx.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\pmiwdwmq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\pqovywqg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\ptehjxhj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\pvcxrefu.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\pyhvcelr.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\qbxggmyj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\qmazpyoe.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\qxxeoudj.exe Infected: Trojan-Downloader.Win32.Dluca.ae
    C:\WINDOWS\system32\rvkubvjg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\rwcerkzd.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\shufkjsa.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\sleytchc.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\ssphjntw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\sufefrrk.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\syazwcdd.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\txxaccov.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\uaofgjvw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\uuifrqer.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\uyutsxag.exe Infected: Trojan-Downloader.Win32.Dluca.ag
    C:\WINDOWS\system32\wjpqucwa.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\wpmveakg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\wsxklfyy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\xechjgts.exe Infected: Trojan-Downloader.Win32.Dluca.ae
    C:\WINDOWS\system32\xhtdfgkl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\xzfpjpxw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\yggaoflo.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\ymrjfvvm.exe Infected: Trojan-Downloader.Win32.Dluca.ae
    C:\WINDOWS\system32\yqmumutv.exe Infected: Trojan-Downloader.Win32.Dluca.ag
    C:\WINDOWS\system32\yvlpvinj.exe Infected: Trojan-Downloader.Win32.Dluca.ag
    C:\WINDOWS\system32\yzvzyyqi.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\zcrphsjy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\zlhnsegi.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\zmyhwhdj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\zrslyxxo.exe Infected: Trojan-Downloader.Win32.Dluca.gen
    C:\WINDOWS\system32\zsdxybyl.exe Infected: Trojan-Downloader.Win32.Dluca.gen

    Scan process completed.
    0
  4. bigbang13 Messages postés 109 Statut Membre 65
     
    Bon !

    A partir du tutorial de Zebulon, J'ai trouvé :

    Name Status Command description
    MNPol X mnpol.exe Added by the DLUCA.B TROJAN!
    advmon32 X advmon32.exe Added by a variant of the CRYPTER.C TROJAN!
    ctfmon.exe X ctfmon.exe Added by the RAIDYS TROJAN!

    Je ne sais pas si je dois enlever :

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    La majorité des lignes O16 (je les connais pas tous)

    La ligne O17

    Lignes O18 : J'ai 50 fois les mêmes choses !

    La ligne O20 : C'est dans "mes doc" donc je pense qu'il faut supprimer mais je suis pas sur.

    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (norton ne m'a jamais bloqué de script)
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Je ne connais aucune de ces lignes et c'est dans des lieus bizarre avec des noms bizarre.

    J'ai fait ce que j'ai pu mais j'ai jamais fait ca avant donc j'aimerais beaucoup que quelqu'un me dise si il y a des trucs a supprimer ou non dans "je ne sais pas si je dois enlever ou non". En tout cas, j'ai rien sur Aurora mais Mnpol ést bien un trojan.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    salut
    1/vide ta quarantaine de norton
    C:\Program Files\Norton AntiVirus\Quarantine <---ce que se trouve dedans

    2/supprime les quarantaines de spybot
    lance spybot, sauvegarde, et purges tout

    3/¤Désactive ta restauration système (uniquement si tu es sous XP):
    Clic droit sur poste de travail puis,
    propriété, tu cliques sur onglet restauration système
    tu coches la case « désactiver la restauration » et applique

    4/fais ce scan
    http://www.bitdefender.com/scan/licence.php
    Copie/colle le rapport

    a+
    0
  7. bigbang13 Messages postés 109 Statut Membre 65
     
    J'ai viré tous ce qu'il y avait en quarantaine, j'ai desactiver la restauration système et voici mon rapport bitdefender :

    BitDefender Online Scanner

    Rapport d'analyse généré à: Sun, Sep 25, 2005 - 19:28:20

    Voie d'analyse: A:\;C:\;D:\;E:\;F:\;

    Statistiques

    Temps
    00:54:37

    Fichiers
    244821

    Directoires
    6238

    Secteurs de boot
    2

    Archives
    2399

    Paquets programmes
    24687

    Résultats

    Virus identifiés
    13

    Fichiers infectés
    84

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    79

    Info sur les moteurs

    Définition virus
    212772

    Version des moteurs
    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Analyse des plugins
    13

    Archive des plugins
    39

    Unpack des plugins
    4

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
    Détecté avec: Adware.WinAD.F

    C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
    Echec de la désinfection

    C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
    Echec de la suppression

    C:\WINDOWS\aoessbv.exe
    Infecté par: BehavesLike:Win32.ExplorerHijack

    C:\WINDOWS\aoessbv.exe
    Echec de la désinfection

    C:\WINDOWS\aoessbv.exe
    Supprimé

    C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
    Infecté par: Trojan.Downloader.Agent.DE

    C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
    Echec de la désinfection

    C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
    Supprimé

    C:\WINDOWS\svcproc.exe
    Infecté par: Trojan.Stervis.G

    C:\WINDOWS\svcproc.exe
    Supprimé

    C:\WINDOWS\system32\advmon32.exe
    Infecté par: Trojan.Downloader.Crypt

    C:\WINDOWS\system32\advmon32.exe
    Echec de la désinfection

    C:\WINDOWS\system32\advmon32.exe
    Echec de la suppression

    C:\WINDOWS\system32\bbtogrcz.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\bbtogrcz.exe
    Echec de la désinfection

    C:\WINDOWS\system32\bbtogrcz.exe
    Supprimé

    C:\WINDOWS\system32\bhpzwqpq.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\bhpzwqpq.exe
    Echec de la désinfection

    C:\WINDOWS\system32\bhpzwqpq.exe
    Supprimé

    C:\WINDOWS\system32\bojduxyg.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\bojduxyg.exe
    Supprimé

    C:\WINDOWS\system32\bsadlbca.exe
    Infecté par: Trojan.Downloader.Dluca.AG

    C:\WINDOWS\system32\bsadlbca.exe
    Echec de la désinfection

    C:\WINDOWS\system32\bsadlbca.exe
    Supprimé

    C:\WINDOWS\system32\ccrvcglj.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\ccrvcglj.exe
    Echec de la désinfection

    C:\WINDOWS\system32\ccrvcglj.exe
    Supprimé

    C:\WINDOWS\system32\ctcursyf.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\ctcursyf.exe
    Supprimé

    C:\WINDOWS\system32\cwktfyon.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\cwktfyon.exe
    Echec de la désinfection

    C:\WINDOWS\system32\cwktfyon.exe
    Supprimé

    C:\WINDOWS\system32\depvzgb.exe
    Infecté par: GenPack:Trojan.Agent.AY

    C:\WINDOWS\system32\depvzgb.exe
    Echec de la désinfection

    C:\WINDOWS\system32\depvzgb.exe
    Echec de la suppression

    C:\WINDOWS\system32\dhwpehoh.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\dhwpehoh.exe
    Echec de la désinfection

    C:\WINDOWS\system32\dhwpehoh.exe
    Supprimé

    C:\WINDOWS\system32\dkktzfpy.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\dkktzfpy.exe
    Supprimé

    C:\WINDOWS\system32\dlotjfac.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\dlotjfac.exe
    Supprimé

    C:\WINDOWS\system32\dondehdq.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\dondehdq.exe
    Supprimé

    C:\WINDOWS\system32\DrPMon.dll
    Infecté par: Trojan.Agent.IC

    C:\WINDOWS\system32\DrPMon.dll
    Echec de la désinfection

    C:\WINDOWS\system32\DrPMon.dll
    Echec de la suppression

    C:\WINDOWS\system32\dsjzngni.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\dsjzngni.exe
    Echec de la désinfection

    C:\WINDOWS\system32\dsjzngni.exe
    Supprimé

    C:\WINDOWS\system32\ehbkthek.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\ehbkthek.exe
    Echec de la désinfection

    C:\WINDOWS\system32\ehbkthek.exe
    Supprimé

    C:\WINDOWS\system32\f3PSSavr.scr
    Détecté avec: Application.Adware.Funweb.A

    C:\WINDOWS\system32\f3PSSavr.scr
    Echec de la désinfection

    C:\WINDOWS\system32\f3PSSavr.scr
    Supprimé

    C:\WINDOWS\system32\fogcbgay.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\fogcbgay.exe
    Echec de la désinfection

    C:\WINDOWS\system32\fogcbgay.exe
    Supprimé

    C:\WINDOWS\system32\fzlouclo.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\fzlouclo.exe
    Echec de la désinfection

    C:\WINDOWS\system32\fzlouclo.exe
    Supprimé

    C:\WINDOWS\system32\fzqicwdz.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\fzqicwdz.exe
    Echec de la désinfection

    C:\WINDOWS\system32\fzqicwdz.exe
    Supprimé

    C:\WINDOWS\system32\gktffmhb.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\gktffmhb.exe
    Echec de la désinfection

    C:\WINDOWS\system32\gktffmhb.exe
    Supprimé

    C:\WINDOWS\system32\hdjuqueb.exe
    Infecté par: Trojan.Downloader.Dluca.AE

    C:\WINDOWS\system32\hdjuqueb.exe
    Echec de la désinfection

    C:\WINDOWS\system32\hdjuqueb.exe
    Supprimé

    C:\WINDOWS\system32\hgjlurfg.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\hgjlurfg.exe
    Echec de la désinfection

    C:\WINDOWS\system32\hgjlurfg.exe
    Supprimé

    C:\WINDOWS\system32\imrxeegd.exe
    Infecté par: Trojan.Downloader.Dluca.AG

    C:\WINDOWS\system32\imrxeegd.exe
    Echec de la désinfection

    C:\WINDOWS\system32\imrxeegd.exe
    Supprimé

    C:\WINDOWS\system32\inkamknt.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\inkamknt.exe
    Echec de la désinfection

    C:\WINDOWS\system32\inkamknt.exe
    Supprimé

    C:\WINDOWS\system32\iwgkvlev.exe
    Infecté par: Trojan.Downloader.Dluca.AG

    C:\WINDOWS\system32\iwgkvlev.exe
    Echec de la désinfection

    C:\WINDOWS\system32\iwgkvlev.exe
    Supprimé

    C:\WINDOWS\system32\jdvmddiy.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\jdvmddiy.exe
    Echec de la désinfection

    C:\WINDOWS\system32\jdvmddiy.exe
    Supprimé

    C:\WINDOWS\system32\jekrdygl.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\jekrdygl.exe
    Echec de la désinfection

    C:\WINDOWS\system32\jekrdygl.exe
    Supprimé

    C:\WINDOWS\system32\jznehxfn.exe
    Infecté par: Trojan.Downloader.Dluca.AG

    C:\WINDOWS\system32\jznehxfn.exe
    Echec de la désinfection

    C:\WINDOWS\system32\jznehxfn.exe
    Supprimé

    C:\WINDOWS\system32\kcxpmjou.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\kcxpmjou.exe
    Echec de la désinfection

    C:\WINDOWS\system32\kcxpmjou.exe
    Supprimé

    C:\WINDOWS\system32\kvocozoc.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\kvocozoc.exe
    Supprimé

    C:\WINDOWS\system32\lcizhlgs.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\lcizhlgs.exe
    Echec de la désinfection

    C:\WINDOWS\system32\lcizhlgs.exe
    Supprimé

    C:\WINDOWS\system32\lgbjibrs.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\lgbjibrs.exe
    Supprimé

    C:\WINDOWS\system32\lktafwvj.exe
    Infecté par: Trojan.Downloader.Dluca.AG

    C:\WINDOWS\system32\lktafwvj.exe
    Echec de la désinfection

    C:\WINDOWS\system32\lktafwvj.exe
    Supprimé

    C:\WINDOWS\system32\lzjekiqf.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\lzjekiqf.exe
    Echec de la désinfection

    C:\WINDOWS\system32\lzjekiqf.exe
    Supprimé

    C:\WINDOWS\system32\lzysltbx.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\lzysltbx.exe
    Echec de la désinfection

    C:\WINDOWS\system32\lzysltbx.exe
    Supprimé

    C:\WINDOWS\system32\momyzolp.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\momyzolp.exe
    Echec de la désinfection

    C:\WINDOWS\system32\momyzolp.exe
    Supprimé

    C:\WINDOWS\system32\mos.exe=>wise0018
    Détecté avec: Application.WurldMedia.A

    C:\WINDOWS\system32\mos.exe=>wise0018
    Echec de la désinfection

    C:\WINDOWS\system32\mos.exe=>wise0018
    Supprimé

    C:\WINDOWS\system32\mos.exe
    Echec de la mise à jour

    C:\WINDOWS\system32\ngljgatd.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\ngljgatd.exe
    Echec de la désinfection

    C:\WINDOWS\system32\ngljgatd.exe
    Supprimé

    C:\WINDOWS\system32\nhhmyxgz.exe
    Infecté par: Trojan.Downloader.Dluca.AG

    C:\WINDOWS\system32\nhhmyxgz.exe
    Echec de la désinfection

    C:\WINDOWS\system32\nhhmyxgz.exe
    Supprimé

    C:\WINDOWS\system32\npegzosr.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\npegzosr.exe
    Echec de la désinfection

    C:\WINDOWS\system32\npegzosr.exe
    Supprimé

    C:\WINDOWS\system32\nzphchvc.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\nzphchvc.exe
    Supprimé

    C:\WINDOWS\system32\pbvtyxuk.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\pbvtyxuk.exe
    Echec de la désinfection

    C:\WINDOWS\system32\pbvtyxuk.exe
    Supprimé

    C:\WINDOWS\system32\pkrrxbdx.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\pkrrxbdx.exe
    Supprimé

    C:\WINDOWS\system32\pmiwdwmq.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\pmiwdwmq.exe
    Supprimé

    C:\WINDOWS\system32\pqovywqg.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\pqovywqg.exe
    Echec de la désinfection

    C:\WINDOWS\system32\pqovywqg.exe
    Supprimé

    C:\WINDOWS\system32\ptehjxhj.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\ptehjxhj.exe
    Echec de la désinfection

    C:\WINDOWS\system32\ptehjxhj.exe
    Supprimé

    C:\WINDOWS\system32\pvcxrefu.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\pvcxrefu.exe
    Echec de la désinfection

    C:\WINDOWS\system32\pvcxrefu.exe
    Supprimé

    C:\WINDOWS\system32\pyhvcelr.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\pyhvcelr.exe
    Echec de la désinfection

    C:\WINDOWS\system32\pyhvcelr.exe
    Supprimé

    C:\WINDOWS\system32\qbxggmyj.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\qbxggmyj.exe
    Echec de la désinfection

    C:\WINDOWS\system32\qbxggmyj.exe
    Supprimé

    C:\WINDOWS\system32\qmazpyoe.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\qmazpyoe.exe
    Echec de la désinfection

    C:\WINDOWS\system32\qmazpyoe.exe
    Supprimé

    C:\WINDOWS\system32\qxxeoudj.exe
    Infecté par: Trojan.Downloader.Dluca.AE

    C:\WINDOWS\system32\qxxeoudj.exe
    Echec de la désinfection

    C:\WINDOWS\system32\qxxeoudj.exe
    Supprimé

    C:\WINDOWS\system32\rvkubvjg.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\rvkubvjg.exe
    Echec de la désinfection

    C:\WINDOWS\system32\rvkubvjg.exe
    Supprimé

    C:\WINDOWS\system32\rwcerkzd.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\rwcerkzd.exe
    Supprimé

    C:\WINDOWS\system32\shufkjsa.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\shufkjsa.exe
    Echec de la désinfection

    C:\WINDOWS\system32\shufkjsa.exe
    Supprimé

    C:\WINDOWS\system32\sleytchc.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\sleytchc.exe
    Echec de la désinfection

    C:\WINDOWS\system32\sleytchc.exe
    Supprimé

    C:\WINDOWS\system32\ssphjntw.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\ssphjntw.exe
    Echec de la désinfection

    C:\WINDOWS\system32\ssphjntw.exe
    Supprimé

    C:\WINDOWS\system32\sufefrrk.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\sufefrrk.exe
    Echec de la désinfection

    C:\WINDOWS\system32\sufefrrk.exe
    Supprimé

    C:\WINDOWS\system32\syazwcdd.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\syazwcdd.exe
    Supprimé

    C:\WINDOWS\system32\thblkm.dll
    Détecté avec: Application.WurldMedia.A

    C:\WINDOWS\system32\thblkm.dll
    Echec de la désinfection

    C:\WINDOWS\system32\thblkm.dll
    Echec de la suppression

    C:\WINDOWS\system32\txxaccov.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\txxaccov.exe
    Echec de la désinfection

    C:\WINDOWS\system32\txxaccov.exe
    Supprimé

    C:\WINDOWS\system32\uaofgjvw.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\uaofgjvw.exe
    Echec de la désinfection

    C:\WINDOWS\system32\uaofgjvw.exe
    Supprimé

    C:\WINDOWS\system32\uuifrqer.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\uuifrqer.exe
    Supprimé

    C:\WINDOWS\system32\uyutsxag.exe
    Infecté par: Trojan.Downloader.Dluca.AG

    C:\WINDOWS\system32\uyutsxag.exe
    Echec de la désinfection

    C:\WINDOWS\system32\uyutsxag.exe
    Supprimé

    C:\WINDOWS\system32\wjpqucwa.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\wjpqucwa.exe
    Supprimé

    C:\WINDOWS\system32\wpmveakg.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\wpmveakg.exe
    Echec de la désinfection

    C:\WINDOWS\system32\wpmveakg.exe
    Supprimé

    C:\WINDOWS\system32\wsxklfyy.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\wsxklfyy.exe
    Echec de la désinfection

    C:\WINDOWS\system32\wsxklfyy.exe
    Supprimé

    C:\WINDOWS\system32\xechjgts.exe
    Infecté par: Trojan.Downloader.Dluca.AE

    C:\WINDOWS\system32\xechjgts.exe
    Echec de la désinfection

    C:\WINDOWS\system32\xechjgts.exe
    Supprimé

    C:\WINDOWS\system32\xhtdfgkl.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\xhtdfgkl.exe
    Echec de la désinfection

    C:\WINDOWS\system32\xhtdfgkl.exe
    Supprimé

    C:\WINDOWS\system32\xzfpjpxw.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\xzfpjpxw.exe
    Echec de la désinfection

    C:\WINDOWS\system32\xzfpjpxw.exe
    Supprimé

    C:\WINDOWS\system32\yggaoflo.exe
    Infecté par: Trojan.Downloader.Dluca.I

    C:\WINDOWS\system32\yggaoflo.exe
    Echec de la désinfection

    C:\WINDOWS\system32\yggaoflo.exe
    Supprimé

    C:\WINDOWS\system32\ymrjfvvm.exe
    Infecté par: Trojan.Downloader.Dluca.AE

    C:\WINDOWS\system32\ymrjfvvm.exe
    Echec de la désinfection

    C:\WINDOWS\system32\ymrjfvvm.exe
    Supprimé

    C:\WINDOWS\system32\yqmumutv.exe
    Infecté par: Trojan.Downloader.Dluca.AG

    C:\WINDOWS\system32\yqmumutv.exe
    Echec de la désinfection

    C:\WINDOWS\system32\yqmumutv.exe
    Supprimé

    C:\WINDOWS\system32\yvlpvinj.exe
    Infecté par: Trojan.Downloader.Dluca.AG

    C:\WINDOWS\system32\yvlpvinj.exe
    Echec de la désinfection

    C:\WINDOWS\system32\yvlpvinj.exe
    Supprimé

    C:\WINDOWS\system32\yzvzyyqi.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\yzvzyyqi.exe
    Supprimé

    C:\WINDOWS\system32\zcrphsjy.exe
    Infecté par: Trojan.Downloader.Dluca.Q

    C:\WINDOWS\system32\zcrphsjy.exe
    Supprimé

    Voila voila ! Merci encore de m'aider !
    0
  8. bigbang13 Messages postés 109 Statut Membre 65
     
    Ok !

    Logfile of HijackThis v1.99.1
    Scan saved at 19:59:11, on 25/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system32\advmon32.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\system32\depvzgb.exe
    C:\PROGRA~1\Chic does bat\error cake.exe
    C:\windows\system32\mnpol.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\HDD Temperature\HDDTSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    C:\Program Files\Windows ControlAd\WinCtlAd.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\HDD Temperature\HDDTemperature.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fr\msnappau.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    F3 - REG:win.ini: run=c:\windows\system32\advmon32.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: TChkBHO Class - {90519EBE-C004-4226-B146-DCF595375AD5} - C:\WINDOWS\system32\thblkm.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BibBurn] C:\PROGRA~1\Chic does bat\error cake.exe
    O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
    O4 - HKLM\..\Run: [dwcedec] C:\WINDOWS\system32\depvzgb.exe r
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
    O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443FR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
    O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1028_XP.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.tf1.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.tf1.fr/activex/zylomloader.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?325
    O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{464160B6-D397-48A0-A218-A38ED7FE6FA1}: NameServer = 212.151.136.242 130.244.127.169
    O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Ca me met toujours le message d'erreur au début.
    0
  9. Utilisateur anonyme
     
    Bonjour,

    Méthode à suivre dans l'ordre...

    ds ajout/supp de programme desinstalle si tu trouves Chic does bat
    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4 <<nouvelle version.
    http://www.safer-networking.org/fr/index.html

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06 <<nouvelle version.
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf
    ----------------------------------------------------------------------------
    ¤Désactive ta restauration système (uniquement si tu es sous XP):
    Clic droit sur poste de travail puis,
    propriété, tu cliques sur onglet restauration système
    tu coches la case « désactiver la restauration » et applique.
    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et tempory internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    :: Le contenu du dossier prefetch ::

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

    F3 - REG:win.ini: run=c:\windows\system32\advmon32.exe

    O2 - BHO: TChkBHO Class - {90519EBE-C004-4226-B146-DCF595375AD5} - C:\WINDOWS\system32\thblkm.dll

    O4 - HKLM\..\Run: [BibBurn] C:\PROGRA~1\Chic does bat\error cake.exe

    O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm

    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe

    O4 - HKLM\..\Run: [Advmon32] c:\windows\system32\advmon32.exe

    O4 - HKLM\..\Run: [dwcedec] C:\WINDOWS\system32\depvzgb.exe r

    O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443FR

    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab

    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab

    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab

    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab

    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab

    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll

    O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1028_XP.cab

    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.tf1.fr/activex/zylomgamesplayer.cab

    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.tf1.fr/activex/zylomloader.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?325

    O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab

    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab

    O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)

    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    C:\WINDOWS\Nail.exe
    c:\windows\system32\advmon32.exe
    C:\PROGRA~1\Chic does bat
    c:\windows\system32\mnpol.exe /nocomm
    C:\Program Files\Windows ControlAd
    C:\WINDOWS\system32\depvzgb.exe r
    c:\windows\SvcProc.exe

    ----------------------------------------------------------------------------
    ¤Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Service: System Startup Service (SvcProc)

    Règle-le sur "Arrêté" et "Désactivé".
    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
  10. bigbang13 Messages postés 109 Statut Membre 65
     
    Merci de m'aider !

    J'ai pas trouvé :
    O4 - HKLM\..\Run: [dwcedec] C:\WINDOWS\system32\depvzgb.exe r
    c:\windows\system32\advmon32.exe
    C:\WINDOWS\system32\depvzgb.exe r
    c:\windows\SvcProc.exe

    J'ai supprimer tout le reste.
    Ad-Aware m'a trouvé 130 objet dont 79 critique, spybot a trouvé 5 entrées et m'a vacciné de 5790. Je sais pas pourquoi mais j'ai l'impression que c'était utile !

    mon nouveau log :

    Logfile of HijackThis v1.99.1
    Scan saved at 13:33:33, on 26/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ktlvss.exe
    C:\WINDOWS\htpatch.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\HDD Temperature\HDDTSvc.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\HDD Temperature\HDDTemperature.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [lfljqay] C:\WINDOWS\system32\ktlvss.exe r
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Zone alarm vient de me demander pour Aurora. Voici les infos :

    Nom du programme Aurora Programme installé sur votre ordinateur qui a tenté d'envoyer un paquet IP via Internet ou qui attend de recevoir un paquet entrant.

    Nom du fichier vkaaaqltxu.exe Nom du fichier du programme que ZoneAlarm a trouvé sur votre ordinateur.

    Version du programme 1.0.3.1 Version de Aurora installée sur votre ordinateur.

    Taille du programme 84480 Taille (en octets) du fichier exécutable du programme.

    MD5 du programme 36221c7b6a619ef0c58a58bff0dae06e Hachage MD5, ou numéro, qui identifie de façon unique le programme exécutable.

    Smart Checksum 8adee8f8792d9733c4c4c4ffbd1c26b5 Hachage SKIMP, ou numéro, qui identifie de façon unique le programme exécutable.

    Date de modification May-06-2004 09:57:24 AM Date de dernière modification de vkaaaqltxu.exe.

    Type de connexion Accès Cette valeur peut être Accès, qui est une tentative de connexion à Internet de la part de Aurora ou Serveur, qui indique que Aurora attend des connexions entrantes provenant d'Internet.

    Port distant 1135 Port utilisé par Aurora sur l'ordinateur distant.

    Adresse IP distante 127.0.0.1 Adresse IP de l'ordinateur distant qui est à l'origine de l'alerte.

    Au fait, je peux reactiver la restauration système ou c'est une grosse faille de sécurité ?
    0
  11. bigbang13 Messages postés 109 Statut Membre 65
     
    Je viens de voir que dans HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    La clé shell, il y a ça : Explorer.exe C:\WINDOWS\Nail.exe

    Le nail.exe me derange quelque peu !

    Je doit l'enlever ou pas ?
    0
  12. Utilisateur anonyme
     
    Alors pour la suite, imprime ce poste car la manip est longue et il faut beaucoup de rigeur.

    IMPORTANT:

    ne pas laisser redemarrer l'ordi en mode normal entre chaque manip. (au risque de repartir à zéro).

    2) telecharge ceci

    http://www.downloads.subratam.org/l2mfix.exe

    clean up
    http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

    Telecharge: Pocket Killbox ici
    http://www.downloads.subratam.org/KillBox.exe
    regarde la video sur l’utilisation avec le block note, on va s’en servire plus tard:
    http://pageperso.aol.fr/balltrap34/killbox.htm

    nailfix, telecharge le ici:
    http://www.noidea.us/easyfile/file.php?download=20050515010747824

    mais ne fais rien de plus.

    3) désactive ta restauration système

    pour ça tu fais clic droit sur poste de travail
    propriété tu cliques sur onglet restauration système
    tu coches la case désactiver la restauration et applique

    ► assure toi de ceci

    Affiche tous les fichiers et dossiers :
    cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
    Cocher afficher les dossiers cacher

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu
    Puis fais «Ok» pour valider les changements.
    Et appliquer

    ► vide tes fichiers temps et tempory internet file sur tous les utilisateur
    utilise ceci pour le faire
    http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

    4) Lance L2mfix

    decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
    à la fin le prog devrait redémarrer ton système, des le lancement du bios, tapote sur la touche F8 afin de basculer en mode sans échec (attention c’est important)

    5) Killbox
    1- Double-clic sur KillBox.exe
    2- ouvre le bloc notes et copie la liste en gras ci-dessous
    3- Sélectionne "Delete on Reboot"
    4- reviens sur le bloc-notes et surligne toute la liste, puis clic droit dessus et clic sur copier
    5- revient sur killbox, et dans le menu du haut clic sur File, puis sur paste from clipboard
    5- clic sur le rond rouge
    6- une fenêtre va apparaître pour confirmation clic sur OUI
    7- une seconde fenêtre te demande si tu veux redémarrer clic sur OUI

    liste

    C:\WINDOWS\Nail.exe
    C:\WINDOWS\system32\ktlvss.exe r

    quand killbox redémarre le pc, appuie immédiatement sur F8, pour passer en mode sans échec

    6) lance hijackthis et fixe :

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

    O4 - HKLM\..\Run: [lfljqay] C:\WINDOWS\system32\ktlvss.exe r

    7) passe nailfix

    8) repasse l2mfix option 2, laisse redemarrer normalement et refait un log hijack

    bon travail et à toute...
    0
  13. bigbang13 Messages postés 109 Statut Membre 65
     
    Me revoila !

    J'ai fait toutes les manips mais ni killbox, ni HijackThis ne detectait C:\WINDOWS\system32\ktlvss

    Voici le dernier log hijack :

    Logfile of HijackThis v1.99.1
    Scan saved at 19:04:04, on 26/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\HDD Temperature\HDDTSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [tmklrbv] C:\WINDOWS\system32\xvcejdq.exe r
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    J'ai vérifié, la clé shell n'a plus nail.exe

    J'éspère que c'est clean maintenant ! J'aurais jamais pensé que mon ordi était aussi infecté que ca ! Comme quoi, la défense 100% est loin d'existé !

    Et maintenant, je peux reactiver la restauration windows ou pas ?

    Et franchement, un grand bravo et un enorme merci a regis59 parce que t'es un vrai génie !
    0
  14. Utilisateur anonyme
     
    re,
    pas tout a fait clean

    tu relance hijack this et fixe ceci
    O4 - HKLM\..\Run: [tmklrbv] C:\WINDOWS\system32\xvcejdq.exe r

    tu relance killbox comme auparavant et tu trouve ceci
    C:\WINDOWS\system32\xvcejdq.exe r (celui que tu auras fixer ds hijack this)
    Il se peut que tu ne trouve pas celui la mais dans tous les cas dans hijack this, il se nomme en 04 avec lettres alletaires entre [ ] , il est dans le systeme 32 et il se termine comme ceci xxx.exe r

    pas trop confus?

    a+
    0
  15. bigbang13 Messages postés 109 Statut Membre 65
     
    Ouaip c'est bon ! Il me l'a trouvé dans HijackThis et kill box. C'est supprimé !
    0
  16. Utilisateur anonyme
     
    Nickel alors

    Tu peux recacher tes fichiers caches, et reactiver ta restauration systeme

    bon surf

    a+
    0
  17. bigbang13 Messages postés 109 Statut Membre 65
     
    Vraiment merci beaucoup regis ! T'es un boss !

    Avec tout ca, j'ai gagné 6GO d'espace sur mon disque et maintenant, il est tout clean ! Vraiment sympa !
    0
  18. Utilisateur anonyme
     
    De rien, ce fut un plaisir de te rendre service

    Des personnes aussi aimable que toi on aime les depanner

    bon surf maintenant

    A+
    0