[Résolu] WIN32:Agent-IVT Impossible à supprimer

Forum ayant pour theme les virus, les vers de messagerie, les chevaux de troie, les anti-trojans, les spywares et les anti-virus

Modérateur: modos Ixus

Publier une réponse

[Résolu] WIN32:Agent-IVT Impossible à supprimer

Messagepar Amny » 24 Mars 2008 03:35

Bonjour, je viens vous demander votre aide sur les conseils d'un ami qui m'a indiqué votre adresse.
Il s'avère que j'ai des soucis avec le trojan/virus cité dans le titre, je n'arrive pas à m'en débarasser avec avast même après désactivation de la restauration système et scan en mode sans échec.
Il se trouve que j'ai 2 partitions, la partition system que j'ai déjà formaté pensant que ca allez m'aider à résoudre mon problème et une autre que je n'ai pas formaté, car j'aimerai si possible trouver une solution plutôt que d'en arriver là ;)

Voiçi mon log avast, avec la première ligne le fichier en question, et les deux autres qui apparaissent dès que je me connecte à internet.

24/03/2008 00:23:10 SYSTEM 1920 Sign of "Win32:Agent-IVT [Trj]" has been found in "C:\WINDOWS\system32\horexv98.dll" file.
24/03/2008 00:28:23 SYSTEM 1920 Sign of "Win32:Agent-LTO [Trj]" has been found in "C:\Documents and Settings\Amnezia\Local Settings\Temporary Internet Files\Content.IE5\45MJSXIR\server[1].exe\[Upack]" file.
24/03/2008 00:29:22 SYSTEM 1920 Sign of "Win32:Agent-LTO [Trj]" has been found in "C:\WINDOWS\system32\ksavp.exe\[Upack]" file.


Voiçi un log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:01, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\VentriloMIX\VentriloMIX.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C6FB348-B55D-400F-BB21-C1949D2D1EDE}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: bw+0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: portablemsi - Unknown owner - C:\WINDOWS\system32\tcpip.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

End of file - 16986 bytes


Grâce à Prevx CSI , j'ai déjà supprimé la ligne et les fichiers correspondants à
O23 - Service: portablemsi - Unknown owner - C:\WINDOWS\system32\tcpip.exe
dans hijackthis et depuis je n'ai plus affaire aux fichiers ci dessous, du moins depuis mon redémarrage et environ 30min sur internet, donc peut etre juste une coincidence

24/03/2008 00:28:23 SYSTEM 1920 Sign of "Win32:Agent-LTO [Trj]" has been found in "C:\Documents and Settings\Amnezia\Local Settings\Temporary Internet Files\Content.IE5\45MJSXIR\server[1].exe\[Upack]" file.
24/03/2008 00:29:22 SYSTEM 1920 Sign of "Win32:Agent-LTO [Trj]" has been found in "C:\WINDOWS\system32\ksavp.exe\[Upack]" file.


Par contre ca bloque toujours sur mon WIN32:Agent-IVT :( et voiçi mon dernier log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:21:44, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C6FB348-B55D-400F-BB21-C1949D2D1EDE}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: bw+0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F809E91D-097F-49FB-B03D-EA6E2D8AFF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 16942 bytes


Voila en tout cas merci d'avance pour vos réponses
Dernière édition par Amny le 04 Avr 2008 22:37, édité 1 fois au total.
Amny
Matelot
Matelot
 
Messages: 4
Inscrit le: 24 Mars 2008 02:59
Haut

Messagepar Billou02 » 24 Mars 2008 11:02

Bonjour,

24/03/2008 00:23:10 SYSTEM 1920 Sign of "Win32:Agent-IVT [Trj]" has been found in "C:\WINDOWS\system32\horexv98.dll" file.
24/03/2008 00:28:23 SYSTEM 1920 Sign of "Win32:Agent-LTO [Trj]" has been found in "C:\Documents and Settings\Amnezia\Local Settings\Temporary Internet Files\Content.IE5\45MJSXIR\server[1].exe\[Upack]" file.
24/03/2008 00:29:22 SYSTEM 1920 Sign of "Win32:Agent-LTO [Trj]" has been found in "C:\WINDOWS\system32\ksavp.exe\[Upack]" file.


avec ceci tu connais les emplacements de ces dits virus.
boot avec un cd alternatif (ubuntu, live cd linux quelconque, etc...) et va supprimer a la main ces fichiers.
il ne te restera plus qu'a faire des vérifs usuelles avec ton Spybot.
fais aussi un scan en ligne avec un site comme secuser ou bitdefender (attention, internet explorer obligatoire).

bon courage.
Avatar de l’utilisateur
Billou02
Amiral
Amiral
 
Messages: 1177
Inscrit le: 27 Jan 2004 01:00
Localisation: Picardie
Haut

Messagepar Amny » 24 Mars 2008 13:55

D'accord, merci pour ses infos. Je suis actuellement en train de dl knoppix pour tester cette méthode, j'aurais juste une question par rapport à cela:

lorsque mon système démarre j'ai un message dans ce style "rundll32 impossible de charger horexv98.dll accès refusé" qui est donc le fichier en cause, et j'imagine que l'accès refusé est dû à mon antivirus.
Est ce que en supprimant le fichier par votre méthode, je ne risque d'avoir un message d'erreur de type dll manquante, ou est ce que rundll32 charge tout simplement toutes les dll du répertoire windows\system32 et je n'aurais donc plus de message d'erreur ?

merci.
Amny
Matelot
Matelot
 
Messages: 4
Inscrit le: 24 Mars 2008 02:59
Haut

Messagepar jibe » 25 Mars 2008 00:24

Salut,

Bien sûr, les fichiers supprimés ont toute chance d'être sigalés au démarrage de Windows !

Trois cas peuvent se produire :

- 1 : le fichier est un fichier système de Windows, et windows ne démarrera plus ou il lui manquera certains services. Il faut remettre en place un fichier sain pris sur le CD d'install de W$.

- 2 : Le fichier est nécessaire à une application ou un quelconque soft installé : celui-ci ne fonctionnera plus, il faut remettre en place un fichier sain.

- 3 : Le fichier a été installé par le virus et ne sert qu'à lui. Inutile dans ce cas de trouver une version saine de ce fichier :P Par contre, il faudra supprimer son lancement au démarrage par une méthode adaptée de ton choix (nettoyeur de base de registres et/ou effacement manuel du menu "démarrage", antispyware, méthode spécifique au virus etc.) qui te fera disparaitre le message d'erreur de chargement.
"Le monde ne sera pas détruit par ceux qui font le mal, mais par ceux qui les regardent sans rien faire" (Albert Einstein)

Autrefois, l'Etat défendait des valeurs. Maintenant, il défend des profits... (Anne Haunnime)
Avatar de l’utilisateur
jibe
Amiral
Amiral
 
Messages: 4366
Inscrit le: 17 Oct 2003 00:00
Localisation: Haute Savoie
Haut

Messagepar Amny » 04 Avr 2008 19:49

bonsoir,

je viens donc aux nouvelles après 2 semaines sans avoir pu tester la méthode si dessus, j'ai donc tester avec une version de knoppix mais apparement je n'ai pu réussir à supprimer le fichier en question :(
j'ai essayé tout simplement par l'explorateur disponible dans la version , du fait de mon coté novice dans ces types de système, je ne connais pas vraiment si d'autres possibilités existent.
Amny
Matelot
Matelot
 
Messages: 4
Inscrit le: 24 Mars 2008 02:59
Haut

Messagepar Amny » 04 Avr 2008 22:37

Problème résolu apparement complètement grâce à ComboFix.

Merci à ceux qui ce sont penchés sur mon problème.
Amny
Matelot
Matelot
 
Messages: 4
Inscrit le: 24 Mars 2008 02:59
Haut
Publier une réponse

Retour vers Virus et Anti-virus

Qui est en ligne ?

Utilisateur(s) parcourant actuellement ce forum : Aucun utilisateur inscrit et 1 invité

Powered by boolaz
cron