Aide sur Log Hitjackthis [Résolu]
Forum Sécurité - Virus : Aide sur Log Hitjackthis [Résolu]
Après avoir bataillé tte une après midi pour virer 2 virus, est ce que qqu'un pourrais m'indiquer au vu du log de Hitjackthis si tout est clean...
Merci d'avance...
Logfile of HijackThis v1.99.1
Scan saved at 18:10:41, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\3M\PSNotes\psn.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\3M\PSNotes\PSNGive.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\J-Philippe\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 4651515968
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/conten [...] loader.cab
O18 - Protocol: bw+0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
:-( :-? :-(
Apparement j'ai encore mon dialer porndial.f, car j'ai mon Nod 32 qui s'éxcite de tmeps en temps et me bloque les fichiers crée dans c:\windows\temp
svp à l'aide, je craque, ça fait 5 heures que j'essai de l'éradiquer...
snif...
Bonjour
Rien de spécial dans ce rapport.
Télécharge Silent Runners
http://www.silentrunners.org/Silent%20Runners.zip
Si tu as une alerte de ton antivirus au cours du téléchargement, ou au cours de son utilisation au sujet de ce script, n'en tiend pas compte.
Une fois téléchargé,tu le dézippes dans un dossier dédié.
Puis tu double cliques sur ce fichier,il va travailler, patiente jusqu'à l'affichage d'un message.
Un rapport est généré dans le meme dossier, colle le ici.
La fin doit ressembler à ceci
| Citation : + This report excludes default entries except where indicated.
|
Bonjour,
Voilà le rapport de Silent Runner
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Tray Temperature" = "C:\PROGRA~1\AWS\MiniBug.exe 1" [file not found]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"LVCOMSX" = "C:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"WildTangent CDA" = "RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"DiskeeperSystray" = ""C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"" ["Executive Software International, Inc."]
"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{28BE9A0C-C024-46D2-89F0-C23E01C067BB}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\jkkjk.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Ton rapport est incomplet, tu n'as pas attendu assez.
Regarde bien comment il doit terminer.
Mais avant de refaire un scan, fais ceci.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Coche Run VundoFix as a task.
* Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport Silent Runners.
Avec vundofix après l'analyse il m'a marqué "no infected files"
Pourtant j'ai tjs les alertes de Nod32 pour les dialers...
Voici le nouveau scan de Silent Runners
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Tray Temperature" = "C:\PROGRA~1\AWS\MiniBug.exe 1" [file not found]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"LVCOMSX" = "C:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"WildTangent CDA" = "RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"DiskeeperSystray" = ""C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"" ["Executive Software International, Inc."]
"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1683B8C3-1240-45B9-B2EF-67A5DBE28055}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\jkkjk.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\NVCPL.DLL" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{EF479680-EA35-4EA9-B093-7114F3E3E0DA}" = "Directory Lister"
-> {HKLM...CLSID} = "ShlMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Directory Lister\DirListerExt.dll" [empty string]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{D120D80B-BD26-4A74-8E43-2C2AF0966139}" = "QuickPar ContextMenu extension"
-> {HKLM...CLSID} = "QuickParContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\QuickPar\QuickParShlExt.dll" ["Peter B Clements"]
"{1EBC3533-B289-409F-9924-B84B3F0717D2}" = "AceFTP Context Menu Shell Extension"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1\ftpcntxt.dll" ["Visicom Media Inc."]
"{604C5810-D0CC-11D2-955F-00C04F79ED8A}" = "CIEL SA In-File System"
-> {HKLM...CLSID} = "CIEL SA In-File System"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ifsrel.dll" ["CIEL SA"]
"{B089FE88-FB52-11d3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MpShHook.dll" [MS]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! jkkjk\DLLName = "C:\WINDOWS\system32\jkkjk.dll" [null data]
INFECTION WARNING! winjrs32\DLLName = "winjrs32.dll" [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
FTP Expert\(Default) = "{1EBC3533-B289-409F-9924-B84B3F0717D2}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1\ftpcntxt.dll" ["Visicom Media Inc."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]
Quick Par\(Default) = "{D120D80B-BD26-4A74-8E43-2C2AF0966139}"
-> {HKLM...CLSID} = "QuickParContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\QuickPar\QuickParShlExt.dll" ["Peter B Clements"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
FTP Expert\(Default) = "{1EBC3533-B289-409F-9924-B84B3F0717D2}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1\ftpcntxt.dll" ["Visicom Media Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
DirLister\(Default) = "{EF479680-EA35-4EA9-B093-7114F3E3E0DA}"
-> {HKLM...CLSID} = "ShlMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Directory Lister\DirListerExt.dll" [empty string]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "J-Philippe" & "All Users" startup folders:
------------------------------------------------------------
C:\Documents and Settings\J-Philippe\Menu Démarrer\Programmes\Démarrage
"Stardock ObjectDock" -> shortcut to: "C:\Program Files\Stardock\ObjectDock\ObjectDock.exe" ["Stardock"]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
"Post-it® Software Notes" -> shortcut to: "C:\Program Files\3M\PSNotes\psn.exe -RegRun" ["3M"]
Enabled Scheduled Tasks:
------------------------
"FRU Task #Hewlett-Packard#hp psc 1100 series#1142010503" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1100 series#1142010503"" [empty string]
"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
imon.dll ["Eset "], 01 - 05, 23
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" )
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Belkin High-Speed Mode Wireless G USB Driver, Belkin High-Speed Mode Wireless G USB Network Adapter Service, "C:\Program Files\Belkin\F5D7051\WLService.exe" [null data]
Diskeeper, Diskeeper, ""C:\Program Files\Executive Software\Diskeeper\DkService.exe"" ["Executive Software International, Inc."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 48 seconds, including 18 seconds for message boxes)
Les voilà.
1. Télécharge The Avenger par Swandog46 sur le Bureau
http://swandog46.geekstogo.com/avenger.zip
- Clique sur Avenger.zip pour ouvrir le fichier
- Extraire avenger.exe sur le bureau
2. Copier tout le texte de la boîte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):
Files to delete:
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\SYSTEM32\winjrs32.dll
C:\WINDOWS\system32\kjkkj.bak
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\kjkkj.bak2
C:\WINDOWS\SYSTEM32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini1
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\SYSTEM32\kjkkj.tmp
IMPORTANT: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.[/i]
3. Maintenant, lance The Avenger en cliquant sur son icône du bureau.
- Sous "Script file to execute" choisir "Input Script Manually".
- Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
- Dans cette fenêtre, colle le texte précedemment copié sur le bureau par les touches (Ctrl+V).
- Clique Done
- ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
- Répondre "Yes" deux fois quand demandé.
4. The Avenger va automatiquement faire ce qui suit:
- Il va Re-démarrer le système.
- Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur le bureau, ceci est NORMAL.
- Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
- The Avenger aura également sauvegardé tous les fichiers, etc., que tu lui as demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.
5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans ta réponse avec un nouveau log HijackThis en utilisant REPONDRE
Voilà le log de Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jbdvlcgm
*******************
Script file located at: \??\C:\Documents and Settings\qkgjawad.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\jkkjk.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\winjrs32.dll deleted successfully.
File C:\WINDOWS\system32\kjkkj.bak not found!
Deletion of file C:\WINDOWS\system32\kjkkj.bak failed!
Could not process line:
C:\WINDOWS\system32\kjkkj.bak
Status: 0xc0000034
File C:\WINDOWS\system32\kjkkj.bak1 deleted successfully.
File C:\WINDOWS\system32\kjkkj.bak2 deleted successfully.
File C:\WINDOWS\SYSTEM32\kjkkj.ini deleted successfully.
File C:\WINDOWS\system32\kjkkj.ini1 not found!
Deletion of file C:\WINDOWS\system32\kjkkj.ini1 failed!
Could not process line:
C:\WINDOWS\system32\kjkkj.ini1
Status: 0xc0000034
File C:\WINDOWS\system32\kjkkj.ini2 not found!
Deletion of file C:\WINDOWS\system32\kjkkj.ini2 failed!
Could not process line:
C:\WINDOWS\system32\kjkkj.ini2
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\kjkkj.tmp not found!
Deletion of file C:\WINDOWS\SYSTEM32\kjkkj.tmp failed!
Could not process line:
C:\WINDOWS\SYSTEM32\kjkkj.tmp
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
et celui de Hitjackthis:
Logfile of HijackThis v1.99.1
Scan saved at 14:29:26, on 06/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\3M\PSNotes\psn.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\3M\PSNotes\PSNGive.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\J-Philippe\Bureau\Anti vérole\Hitjackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4253C464-68AD-4CBF-BBEC-8955BD5412D8} - C:\WINDOWS\system32\jkkjk.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 4651515968
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/conten [...] loader.cab
O18 - Protocol: bw+0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5B49505E-16D8-4E21-B495-D500F1102A7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Bonjour,
Ca me semble bon.
- Lance Hijackthis ->Do a system scan only
->Coche les lignes puis clique sur Fix checked:
O2 - BHO: (no name) - {4253C464-68AD-4CBF-BBEC-8955BD5412D8} - C:\WINDOWS\system32\jkkjk.dll (file missing)
O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
- Fais un scan en ligne Kaspersky
Aide pour le scan en ligne
Sauvegarde puis colle le rapport en fin d'analyse.
J'ai fait ce que tu m'a dit avec Hitjackthis, par contre impossible de faire un scan avec Kaspersky, quand je cliques pour intaller l'active x au lieu de me sortir la fenêtre "executer" comme dans l'aide, il bascule sur une fenêtre d'explication...la même qu'il y a au début "conditions générales"...
On change de scan alors :
b]Avec Internet Explorer[/b]
Fais un scan en ligne Panda
- Clique sur " Scan your PC "
- Ensuite sur " Check Now "
- /!\ Clique en bas sur " I don't Accept "
Entre ton adresse e-mail puis commence le scan
- Poste le rapport en fin d'analyse
Si tu as Avast! désactive-le lors du scan
Voilà ce que Panda m'a trouvé:
Incident : adware:Adware/SuperSpider
Status : Not disinfected
Location : C:\avenger\backup.zip avenger/winjrs32.dll]
Donc le PC est propre :-D
Supprime The Avenger, VundoFix et Silent Runners.
Un grand MERCI à vous... :-D :-D :-D
Une dernière petite question vous me conseillez quel logiciel comme antispyware ???
J'en ai trois sur la machine:
- windows defender (actuellement le seul activé)
- Ad-Aware SE
- Ewido
Ad Aware + Ewido
Avace un scan hebdomadaire
Ok encore merci à vous d'avoir sauvé ma machine...
Il y a 2557 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
Par Destrio5 il y a 6 jours :
