Sujet Précédent Sujet Suivant

[WIN FIXER 2005]

distingo07 Messages postés 7 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
tout nouveau sur ce forum.
A la recherche d'aide pour une désinfection de "Win Fixer 2005",
j'ai trouvé le site et je me suis inscrit.
Depuis une dizaine de jours dès que j'ouvre internet, un message me dit que mon ordinateur est infesté et qu'il faudrait télécharger Win Fixer 2005. A la suite l'écran se bloque "about: blank" et tout les programmes sont bloqués. Je ne cesse de faire des analyses avec Norton antivirus 2004, Ccleaner, Ad-warre, j'ai aussi téléchargé Spy Sweeper, mais rien d'efficace ne se produit.
J'ai téléchargé "HijackThis", mais là c'est vraiment du charabiat pour moi. Quelqu'un pourrait-il m'aider en analysant mon log et me donner des conseils afin d'éradiquer ce ver.

Logfile of HijackThis v1.99.1
Scan saved at 14:12:49, on 09/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FPRE9IE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMT9IE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\a\LOCALS~1\Temp\Rar$EX02.031\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Page%20perso%20exploreur/page-perso.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136398099406
O18 - Protocol: bw+0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Mon éducation informatique est limitée, aussi je fais appel à un sauveur.
Merci pour l'aide que vous voudrez bien m'apporter.

Distingo
A voir également:
  • [WIN FIXER 2005]
  • Money 2005 - Télécharger - Comptabilité & Facturation
  • Win rar - Télécharger - Compression & Décompression
  • Win dir stat - Télécharger - Gestion de fichiers
  • Fix win - Télécharger - Divers Utilitaires
  • Win zip - Télécharger - Compression & Décompression

9 réponses

Réponse 1 / 9
aranjuez31 Messages postés 8069 Statut Contributeur 354
 
bjr

fixe cette ligne pour commencer
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Page%20perso%20exploreur/page-perso.htm
--------
installe ces logs de base et fais les tourner
nettoyer réguliérement avec
Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
a-squared
http://www.emsisoft.net/fr/software/download/
ewido (dowload)
http://www.ewido.net/fr/download/
spycatcher express free
http://www.tenebril.com/downloads/
regcleaner ( nettoyeur de registre)
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
donne résltats
---------
scan online et colle rapport
http://www.bitdefender.fr/bd/site/search.php#

0
Réponse 2 / 9
aranjuez31 Messages postés 8069 Statut Contributeur 354
 
fais ceci aussi
Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
0
Réponse 3 / 9
distingo07 Messages postés 7 Statut Membre
 
Bonsoir,

tout d'abord merci pour la réponse très rapide.
J'ai eu du mal à télécharger (blocage du téléchargement), et aussi j'ai eu du mal a me retrouver dans tout ces logiciels surtout que je ne comprends pas l'anglais.
L'analyse à trouvé 12 espions dont 1 virus "BackWeb"
Ci-joint les rapports d'analyse demandés.

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 18:09:15, 09/01/2006
+ Somme de contrôle: 7891B41A

+ Résultats du scan:

[904] C:\WINDOWS\system32\mlljk.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
[37028] C:\WINDOWS\system32\mlljk.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
[52276] C:\WINDOWS\system32\mlljk.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
C:\Documents and Settings\a\Cookies\a@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\a\Cookies\a@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Téléchargement\fddli_1200_Aq_s_Inst-74.exe -> Adware.Gator : Nettoyer et sauvegarder
C:\Documents and Settings\Téléchargement\fddli_1200_Bo_s_Inst-76.exe -> Adware.Gator : Nettoyer et sauvegarder
C:\Documents and Settings\Téléchargement\fddli_1200_Mw_s_Inst-79.exe -> Adware.Gator : Nettoyer et sauvegarder
C:\Documents and Settings\Téléchargement\fddli_1200_Ss_s_Inst-82.exe -> Adware.Gator : Nettoyer et sauvegarder
C:\Documents and Settings\Téléchargement\GlobalFireworks_s_Inst-83.exe -> Adware.Gator : Nettoyer et sauvegarder
C:\WINDOWS\system32\jkklk.dll -> Downloader.ConHook.w : Nettoyer et sauvegarder
C:\WINDOWS\system32\mlljk.dll -> Adware.Virtumonde : Nettoyer et sauvegarder

::Fin du rapport

SmitFraudFix v2.13

Rapport fait à 16:17:22,75 le 09/01/2006
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\a\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.perenoel.com/noel/fonds-ecran/wallpaper/patou-titoune_1024.gif"
"SubscribedURL"="http://www.perenoel.com/noel/fonds-ecran/wallpaper/patou-titoune_1024.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________

Name: Spyware.Cookie.Estat
Path: C:\Documents and Settings\a\Cookies\a@estat[1].txt
Risk: Medium

Name: Spyware.Cookie.Smartadserver
Path: C:\Documents and Settings\a\Cookies\a@www.smartadserver[1].txt
Risk: Medium

Name: Adware.Virtumonde
Path: [904] C:\WINDOWS\system32\mlljk.dll
Risk: Medium

Name: Adware.Virtumonde
Path: [37028] C:\WINDOWS\system32\mlljk.dll
Risk: Medium

Name: Adware.Gator
Path: C:\Documents and Settings\Téléchargement\fddli_1200_Aq_s_Inst-74.exe
Risk: Medium

Name: Adware.Gator
Path: C:\Documents and Settings\Téléchargement\fddli_1200_Bo_s_Inst-76.exe
Risk: Medium

Name: Adware.Gator
Path: C:\Documents and Settings\Téléchargement\fddli_1200_Mw_s_Inst-79.exe
Risk: Medium

Name: Adware.Gator
Path: C:\Documents and Settings\Téléchargement\fddli_1200_Ss_s_Inst-82.exe
Risk: Medium

Name: Adware.Gator
Path: C:\Documents and Settings\Téléchargement\GlobalFireworks_s_Inst-83.exe
Risk: Medium

Name: Downloader.ConHook.w
Path: C:\WINDOWS\system32\jkklk.dll
Risk: High

Name: Adware.Virtumonde
Path: C:\WINDOWS\system32\mlljk.dll
Risk: Medium

Voici le dernier rapport de HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 19:09:05, on 09/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\a\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136398099406
O18 - Protocol: bw+0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Merci de bien vouloir analyser à nouveau les rapports et m'indiquer les prochaines étapes de la désinfection.
Grand merci

Distingo
0
Réponse 4 / 9
aranjuez31 Messages postés 8069 Statut Contributeur 354
 
bsr
ya encore des saloperies
mais pour demain
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
aranjuez31 Messages postés 8069 Statut Contributeur 354
 
re
on essaiera cet outil
http://home.tele2.fr/gchrispage/index/download/fichiers_&_scripts/winfixer.zip
0
Réponse 6 / 9
distingo07 Messages postés 7 Statut Membre
 
Bonjour,

Tu as travaillé tard!
Voilà, j'ai téléchargé le fichier.ZIP, décompression, mais rien ne se passe. Lorsque je clique sur le fichier "Winfixer.reg",impossible d'importer C:\......winfixer.reg . Autre message, "le fichier spécifié n'est pas un script du registre. Vous pouvez uniquement importer des fichiers du registre binaire à partir de l'éditeur du registre.
".
Peux-tu traduire!
J'ai trouvé le fichier qui cause les problèmes, mais je n'arrive pas à l'éradiquer. C:\Windows\Système32\mlljk.dll >adware.Virtumonde

A+ et grand merci pour ton aide.

Distingo
0
Utilisateur anonyme
 
Salut,


Affiche tous les fichiers et dossiers :
Clique sur démarrer, panneau de configuration, outi,option des dossiers, affichage

Coche: afficher les fichiers et dossiers cachés

Décoche la case:
-masquer les fichiers protégés du système d'exploitation (recommandé)
-masquer les extensions dont le type est connu

Appliquer, puis ok

Télécharge SpySweeper (de Webroot) de ce lien (version d'essai de 14 jours) : http://www.webroot.com/fr/products/spysweeper
Clique sur "Essayer".
Installe le programme. Une fois installé, il se lancera.
L'option de le mettre à jour s'affichera; clic Yes.
Lorsque les mises à jour seront installées, clic Options sur la gauche.
Clic sur l'onglet Sweep Options.
Sous What to Sweep, coche les options suivantes:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
DÉCOCHE Do not Sweep System Restore Folder.
Clic Sweep Now sur la gauche.
Clic sur Start.
Quand le scan est terminé, clic sur Next.
Assure-toi que tous les items sont cochés, puis clic sur Next.
Tous les items cochés seront éliminés.
Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.
Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.
Clic sur l'onglet Summary, puis clic sur Finish.
Colle le contenu du "Session Log" Puis colle le ici.
0
distingo07 Messages postés 7 Statut Membre
 
Téléchargement réussi, mais au lancement ce message:
Erreur interne "failed to load DLL C:\Docum~1\a\loca~\temp\is-62CR1.temp\-isdecmp.dll

!!!!

Distingo
0
Utilisateur anonyme > distingo07 Messages postés 7 Statut Membre
 
Oki, ..pas grave en plus tu l'avais déjà apparament ..

Fait ceci pourton fichier ..

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.

Puis remet un rapport HijackThis
0
Réponse 7 / 9
distingo07 Messages postés 7 Statut Membre
 
[01/10/2006, 13:13:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Téléchargement\VirtumundoBeGone.exe" )
[01/10/2006, 13:13:09] - Detected System Information:
[01/10/2006, 13:13:10] - Windows Version: 5.1.2600, Service Pack 2
[01/10/2006, 13:13:10] - Current Username: a (Admin)
[01/10/2006, 13:13:10] - Windows is in NORMAL mode.
[01/10/2006, 13:13:10] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:10] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:10] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:10] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:10] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:10] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:10] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:10] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:10] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:11] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:12] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:12] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:12] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:12] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:12] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:12] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:12] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:12] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:12] - ! File rename was unsucessful.
[01/10/2006, 13:13:12] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:13] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:13] -
[01/10/2006, 13:13:13] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:13] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:13] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:13] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:13] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:13] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:13] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:13] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:13] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:13] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:13] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:13] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:13] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:14] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:14] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:15] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:15] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:15] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:15] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:15] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:15] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:15] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:15] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:15] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:15] - ! File rename was unsucessful.
[01/10/2006, 13:13:15] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:15] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:15] -
[01/10/2006, 13:13:15] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:15] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:15] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:15] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:15] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:16] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:16] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:16] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:16] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:16] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:16] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:16] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:16] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:16] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:16] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:17] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:17] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:17] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:17] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:17] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:17] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:18] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:18] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:18] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:18] - ! File rename was unsucessful.
[01/10/2006, 13:13:18] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:18] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:18] -
[01/10/2006, 13:13:18] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:18] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:18] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:18] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:18] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:18] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:18] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:18] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:18] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:18] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:18] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:18] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:19] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:19] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:19] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:20] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:20] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:20] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:20] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:20] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:20] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:20] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:20] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:20] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:20] - ! File rename was unsucessful.
[01/10/2006, 13:13:20] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:20] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:20] -
[01/10/2006, 13:13:20] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:20] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:20] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:21] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:21] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:21] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:21] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:21] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:21] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:21] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:21] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:21] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:21] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:21] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:21] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:22] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:22] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:22] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:22] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:22] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:23] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:23] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:23] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:23] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:23] - ! File rename was unsucessful.
[01/10/2006, 13:13:23] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:23] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:23] -
[01/10/2006, 13:13:23] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:23] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:23] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:23] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:23] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:23] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:23] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:23] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:23] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:23] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:23] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:24] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:24] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:24] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:24] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:25] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:25] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:25] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:25] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:25] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:25] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:25] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:25] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:25] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:25] - ! File rename was unsucessful.
[01/10/2006, 13:13:25] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:25] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:25] -
[01/10/2006, 13:13:25] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:25] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:26] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:26] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:26] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:26] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:26] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:26] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:26] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:26] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:26] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:26] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:26] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:26] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:26] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:27] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:27] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:27] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:27] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:28] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:28] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:28] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:28] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:28] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:28] - ! File rename was unsucessful.
[01/10/2006, 13:13:28] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:28] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:28] -
[01/10/2006, 13:13:28] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:28] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:28] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:28] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:29] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:29] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:29] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:29] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:29] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:29] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:29] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:29] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:29] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:29] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:29] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:30] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:30] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:30] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:30] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:30] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:31] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:31] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:31] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:31] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:31] - ! File rename was unsucessful.
[01/10/2006, 13:13:31] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:31] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:31] -
[01/10/2006, 13:13:31] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:31] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:31] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:31] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:31] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:31] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:31] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:31] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:31] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:32] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:32] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:32] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:32] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:32] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:32] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:33] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:33] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:33] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:33] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:33] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:33] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:33] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:33] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:33] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:33] - ! File rename was unsucessful.
[01/10/2006, 13:13:33] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:33] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:33] -
[01/10/2006, 13:13:34] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:34] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:34] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:34] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:34] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:34] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:34] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:34] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:34] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:34] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:34] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:34] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:34] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:34] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:34] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:35] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:36] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:36] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:36] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:36] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:36] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:36] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:36] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:36] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:36] - ! File rename was unsucessful.
[01/10/2006, 13:13:36] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:36] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:36] -
[01/10/2006, 13:13:36] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:37] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:37] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:37] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:37] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:37] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:37] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:37] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:37] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:37] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:37] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:37] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:38] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:38] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:38] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:39] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:39] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:39] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:39] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:39] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:39] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:39] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:39] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:39] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:39] - ! File rename was unsucessful.
[01/10/2006, 13:13:39] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:39] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:39] -
[01/10/2006, 13:13:39] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:39] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:39] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:40] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:40] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:40] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:40] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:40] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:40] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:40] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:40] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:40] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:40] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:40] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:40] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:41] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:41] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:41] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:41] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:41] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:41] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:42] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:42] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:42] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:42] - ! File rename was unsucessful.
[01/10/2006, 13:13:42] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:42] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:42] -
[01/10/2006, 13:13:42] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:42] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:42] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:42] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:42] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:42] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:42] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:42] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:42] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:42] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:42] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:43] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:43] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:43] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:43] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:44] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:44] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:44] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:44] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:44] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:44] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:44] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:44] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:44] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:44] - ! File rename was unsucessful.
[01/10/2006, 13:13:44] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:44] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:44] -
[01/10/2006, 13:13:44] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:44] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:44] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:45] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:45] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:45] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:45] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:45] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:45] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:45] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:45] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:45] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:45] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:45] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:45] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:45] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:46] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:46] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:46] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:46] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:46] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:47] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:47] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:47] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:47] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:47] - ! File rename was unsucessful.
[01/10/2006, 13:13:47] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:47] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:47] -
[01/10/2006, 13:13:47] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:47] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:47] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:47] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:47] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:47] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:47] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:47] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:47] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:47] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:48] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:48] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:48] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:48] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:48] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:48] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:49] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:49] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:49] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:49] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:49] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:49] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:49] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:49] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:49] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:49] - ! File rename was unsucessful.
[01/10/2006, 13:13:49] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:49] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:49] -
[01/10/2006, 13:13:50] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:50] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:50] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:50] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:50] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:50] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:50] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:50] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:50] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:50] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:50] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:50] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:50] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:50] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:50] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:51] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:51] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:51] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:52] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:52] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:52] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:52] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:52] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:52] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:52] - ! File rename was unsucessful.
[01/10/2006, 13:13:52] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:52] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:52] -
[01/10/2006, 13:13:52] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:52] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:52] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:52] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:52] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:52] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:52] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:53] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:53] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:53] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:53] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:53] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:53] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:53] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:53] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:54] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:54] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:54] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:54] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:54] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:54] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:54] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:54] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:54] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:54] - ! File rename was unsucessful.
[01/10/2006, 13:13:54] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:55] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:55] -
[01/10/2006, 13:13:55] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:55] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:55] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:55] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:55] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:55] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:55] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:55] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:55] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:55] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:55] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:55] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:55] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:55] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:55] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:56] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:57] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:57] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:57] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:57] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:57] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:57] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:57] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:57] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:13:57] - ! File rename was unsucessful.
[01/10/2006, 13:13:57] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:57] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:13:57] -
[01/10/2006, 13:13:57] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:13:57] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:57] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:57] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:13:57] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:13:57] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:13:57] - Searching for Browser Helper Objects:
[01/10/2006, 13:13:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:13:58] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:13:58] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:13:58] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:13:58] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:13:58] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:13:58] - Finished Searching Browser Helper Objects
[01/10/2006, 13:13:58] - *** Detected ATLDistrib Object
[01/10/2006, 13:13:58] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:13:59] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:13:59] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:13:59] - Disabling Automatic Shell Restart
[01/10/2006, 13:13:59] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:13:59] - Suspending the NT Session Manager System Service
[01/10/2006, 13:13:59] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:13:59] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:13:59] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:13:59] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:14:00] - ! File rename was unsucessful.
[01/10/2006, 13:14:00] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:14:00] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:14:00] -
[01/10/2006, 13:14:00] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:14:00] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:14:00] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:14:00] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:14:00] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:14:00] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:14:00] - Searching for Browser Helper Objects:
[01/10/2006, 13:14:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:14:00] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:14:00] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:14:00] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:14:00] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:14:00] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:14:00] - Finished Searching Browser Helper Objects
[01/10/2006, 13:14:00] - *** Detected ATLDistrib Object
[01/10/2006, 13:14:01] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:14:02] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:14:02] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:14:02] - Disabling Automatic Shell Restart
[01/10/2006, 13:14:02] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:14:02] - Suspending the NT Session Manager System Service
[01/10/2006, 13:14:02] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:14:02] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:14:02] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:14:02] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:14:02] - ! File rename was unsucessful.
[01/10/2006, 13:14:02] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:14:02] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:14:02] -
[01/10/2006, 13:14:02] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:14:02] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:14:02] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:14:02] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:14:02] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:14:02] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:14:03] - Searching for Browser Helper Objects:
[01/10/2006, 13:14:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:14:03] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:14:03] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:14:03] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:14:03] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:14:03] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:14:03] - Finished Searching Browser Helper Objects
[01/10/2006, 13:14:03] - *** Detected ATLDistrib Object
[01/10/2006, 13:14:03] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:14:04] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:14:04] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:14:04] - Disabling Automatic Shell Restart
[01/10/2006, 13:14:04] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:14:04] - Suspending the NT Session Manager System Service
[01/10/2006, 13:14:04] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:14:04] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:14:04] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:14:05] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:14:05] - ! File rename was unsucessful.
[01/10/2006, 13:14:05] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:14:05] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:14:05] -
[01/10/2006, 13:14:05] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:14:05] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:14:05] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:14:05] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 13:14:05] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:14:05] - Removing HKLM\...\Winlogon\Notify\mlljk
[01/10/2006, 13:14:05] - Searching for Browser Helper Objects:
[01/10/2006, 13:14:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 13:14:05] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[01/10/2006, 13:14:05] - BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 13:14:05] - ALERT: Found ATLDistrib Object!
[01/10/2006, 13:14:05] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/10/2006, 13:14:05] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:14:06] - Finished Searching Browser Helper Objects
[01/10/2006, 13:14:06] - *** Detected ATLDistrib Object
[01/10/2006, 13:14:06] - Trying to remove ATLDistrib Object...
[01/10/2006, 13:14:07] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:14:07] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:14:07] - Disabling Automatic Shell Restart
[01/10/2006, 13:14:07] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:14:07] - Suspending the NT Session Manager System Service
[01/10/2006, 13:14:07] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:14:07] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:14:07] - File to disable: C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:14:07] - Renaming C:\WINDOWS\system32\mlljk.dll -> C:\WINDOWS\system32\mlljk.dll.vir
[01/10/2006, 13:14:07] - ! File rename was unsucessful.
[01/10/2006, 13:14:07] - Attempting to Deny Access to C:\WINDOWS\system32\mlljk.dll
[01/10/2006, 13:14:07] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 13:14:07] -
[01/10/2006, 13:14:07] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 13:14:08] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}

Logfile of HijackThis v1.99.1
Scan saved at 13:21:37, on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\a\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O1 - Hosts: ap.zdnet.com.com SpySweeperCASS
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136398099406
O18 - Protocol: bw+0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\De
0
Réponse 8 / 9
distingo07 Messages postés 7 Statut Membre
 
j'ai oublié de te dire que je pars au boulot et je ne pourrais reprendre la discution que ce soir vers 18 h 00.

Merci encore à ce soir

Distingo
0
Utilisateur anonyme
 
Dès que tu rentres remet un rapport HijacfkThis en entier ;-)
0
Réponse 9 / 9
distingo07 Messages postés 7 Statut Membre
 
Me voilà de retour.

Logfile of HijackThis v1.99.1
Scan saved at 18:16:39, on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\a\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O1 - Hosts: ap.zdnet.com.com SpySweeperCASS
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136398099406
O18 - Protocol: bw+0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {189630BF-EA95-4170-986F-B0C828F644D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
0
Utilisateur anonyme
 
Salut

Fait ceci:

Telecharge et installe ceci:
http://www.diamondcs.com.au/index.php?page=apm

Par contre ferme toutes les fenêtres et en particulier ferme internet explorer

Lance APM.

Dans la fenêtre supérieure, sélectionne "explorer.exe"

Regarde dans la liste qui s'affiche dans la fenêtre inférieure s'il y a:

mlljk.dll

A chaque fois que tu en trouves une, sélectionne-la, fais un clique droit et clique sur "Unload dll" Ok.

Une fois que c'est fait remet redemarre le pc puis remet un rapport HijackThis
0

Discussions similaires

Problème de Téléchargement avec ma Switch.
shinzz -
Maastook -

7 réponses