Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
1213 connectés 

  FORUM HardWare.fr
  Windows & Software
  Logiciels

  Comment supprimer "C:\windows\system32\eliteaoh32.exe"

 
 


 Mot :   Pseudo :  
 
Bas de page
Auteur Sujet :

Comment supprimer "C:\windows\system32\eliteaoh32.exe"

n°2135962
flash93160
Posté le 24-08-2005 à 21:45:24  profilanswer
 

Bonsoir,
 
Comment peut-on supprimer ce fichier définitvement de mon poste et de la base des regsitre ?
 
Voilà le fichier : C:\windows\system32\eliteaoh32.exe  
 
Il n'est pas visible dans le répertoire mentionné.


---------------
Cordialement Flash93160
mood
Publicité
Posté le 24-08-2005 à 21:45:24  profilanswer
 

n°2135974
Profil sup​primé
Posté le 24-08-2005 à 21:57:13  answer
 

utilise le mode sans échec, en faisant F8 avant l'apparition du logo windows au démarrage de ta machine.

n°2135991
Space
Profil: Maux des rateurs
Posté le 24-08-2005 à 22:08:49  profilanswer
 

regarde s il est activé dans ton MSCONFIG
si c est le cas,tu décoche la case
 
tu peux aussi utiliser un antispyware


---------------
Ma cinémathèque
n°2136163
flash93160
Posté le 25-08-2005 à 06:22:16  profilanswer
 


Actuellement je ne peux pas utiliser le mode sans echec car il ne démarrae pas. aucun message d'erreur mais ecran noir avec le curseur en heut à gauche.

n°2136164
flash93160
Posté le 25-08-2005 à 06:26:17  profilanswer
 

Space a écrit :

regarde s il est activé dans ton MSCONFIG
si c est le cas,tu décoche la case
 
tu peux aussi utiliser un antispyware


 
Il est bien dans MSCONFIG.
Je l'ai bien désactivé mais il revient au prochain redémarrage.
Et tout les antispyware (ad-aware et spysubtract) ne le reconnaissent pas comme tel donc impossible de le désactivé comme çà et il n'est pas physiquement sur le poste

n°2136176
wackevat
Posté le 25-08-2005 à 08:07:35  profilanswer
 

Donc maintenant tu as seulement le mode normal et pas le mode sans échec ?
 
Si tu fais, depuis l'invite de commandes :
dir /a C:\windows\system32\elite*.*
qu'est-ce que ça donne ?

n°2136802
flash93160
Posté le 25-08-2005 à 18:00:19  profilanswer
 

voilà le résultat :
 
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
 
C:\>dir /a elite*.*
 Le volume dans le lecteur C s'appelle WINDOWS
 Le numéro de série du volume est BCA7-8A89
 
 Répertoire de C:\
 
Fichier introuvable
 
C:\>dir /a /s elite*.*
 Le volume dans le lecteur C s'appelle WINDOWS
 Le numéro de série du volume est BCA7-8A89
Fichier introuvable
 
C:\>

n°2136923
wackevat
Posté le 25-08-2005 à 19:37:11  profilanswer
 

Effectivement, il n'est plus là. Ou au moins, on ne le voit pas.
Tu peux poster un log HijackThis ?

n°2136926
flash93160
Posté le 25-08-2005 à 19:41:08  profilanswer
 

ok
 
le voici
 
Logfile of HijackThis v1.99.1
Scan saved at 19:40:49, on 25/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\WINDOWS\System32\wupdate.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
D:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NetMeeting\conf.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Download Express\Fichier Téléchargé\Eradication Spyware\hijackthis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteaoh32.exe
O4 - HKLM\..\Run: [Microsoft Update] wupdate.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wupdate.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [Tracks Eraser Pro] D:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [HomeAlarm] D:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: SpySubtract.lnk = Eradication Spyware\Spysubtract\SpySub.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: SpySubtract.lnk = Eradication Spyware\Spysubtract\SpySub.exe
O8 - Extra context menu item: Download using Download &Express - file://D:\Program Files\Download Express\Add_Url.htm
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f003.mail.caramail.lycos.fr [...] loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =  
O17 - HKLM\Software\..\Telephony: DomainName = mshome.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B49A259-C00F-4C9C-8DEE-069491F90AE7}: Domain = mshome.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B49A259-C00F-4C9C-8DEE-069491F90AE7}: NameServer = 212.94.174.85 212.94.174.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =  
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mshome.net,cegetel.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mshome.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mshome.net,cegetel.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mshome.net,cegetel.net
O18 - Protocol: bw+0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ADSLAutoconnect - Unknown owner - D:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\System32\nprotect.exe (file missing)
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
 

n°2136938
wackevat
Posté le 25-08-2005 à 19:55:44  profilanswer
 

Tiens, l'analyse :
http://hijackthis.de/logfiles/be78 [...] aadcf.html
 
--> tu as un service Windows Update déguisé à enlever.
Tuto HJT :
http://forum.hardware.fr/hardwaref [...] 1913-1.htm

mood
Publicité
Posté le 25-08-2005 à 19:55:44  profilanswer
 

n°2136939
flash93160
Posté le 25-08-2005 à 20:00:51  profilanswer
 

je connais ce tuto je l'ai déjà recuperer et je viens de supprimer ce service
 
 
Voilà le nouveau log
 
Logfile of HijackThis v1.99.1
Scan saved at 20:00:32, on 25/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
D:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NetMeeting\conf.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Download Express\Fichier Téléchargé\Eradication Spyware\hijackthis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteaoh32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wupdate.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [Tracks Eraser Pro] D:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [HomeAlarm] D:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: SpySubtract.lnk = Eradication Spyware\Spysubtract\SpySub.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: SpySubtract.lnk = Eradication Spyware\Spysubtract\SpySub.exe
O8 - Extra context menu item: Download using Download &Express - file://D:\Program Files\Download Express\Add_Url.htm
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f003.mail.caramail.lycos.fr [...] loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =  
O17 - HKLM\Software\..\Telephony: DomainName = mshome.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B49A259-C00F-4C9C-8DEE-069491F90AE7}: Domain = mshome.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B49A259-C00F-4C9C-8DEE-069491F90AE7}: NameServer = 212.94.174.85 212.94.174.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =  
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mshome.net,cegetel.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mshome.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mshome.net,cegetel.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mshome.net,cegetel.net
O18 - Protocol: bw+0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5FB8EB61-4A1C-404B-B6DF-34BF1387ED89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ADSLAutoconnect - Unknown owner - D:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\System32\nprotect.exe (file missing)
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
 

n°2136959
wackevat
Posté le 25-08-2005 à 20:33:48  profilanswer
 

Il est toujours là. Et eliteaoh32.exe dans les Run aussi. Il faut fixer ces lignes puis supprimer wupdate.exe dans C:\WINDOWS\System32.
 
Tu as désactivé la restauration système avant de les fixer ?
 
Tu peux aussi supprimer les O18 en multiples, laisse une seule ligne, ça suffira.

n°2137016
flash93160
Posté le 25-08-2005 à 21:31:59  profilanswer
 

Voilà c'est fait mais il revient tout le temps
 
C'est bon j'ai supprimer eliteaoh32.exe dans les Run et je les ai fixé. mais wupdate n'est pas dans C:\WINDOWS\System32
 
Sinon voici mon nouveau log
 
Logfile of HijackThis v1.99.1
Scan saved at 21:27:16, on 25/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
D:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetMeeting\conf.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rsvp.exe
D:\Program Files\Download Express\Fichier Téléchargé\Eradication Spyware\hijackthis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [Tracks Eraser Pro] D:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [HomeAlarm] D:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: SpySubtract.lnk = Eradication Spyware\Spysubtract\SpySub.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: SpySubtract.lnk = Eradication Spyware\Spysubtract\SpySub.exe
O8 - Extra context menu item: Download using Download &Express - file://D:\Program Files\Download Express\Add_Url.htm
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f003.mail.caramail.lycos.fr [...] loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =  
O17 - HKLM\Software\..\Telephony: DomainName = mshome.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B49A259-C00F-4C9C-8DEE-069491F90AE7}: Domain = mshome.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B49A259-C00F-4C9C-8DEE-069491F90AE7}: NameServer = 212.94.174.85 212.94.174.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =  
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mshome.net,cegetel.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mshome.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mshome.net,cegetel.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mshome.net,cegetel.net
O23 - Service: ADSLAutoconnect - Unknown owner - D:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\System32\nprotect.exe (file missing)
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
 

n°2137043
wackevat
Posté le 25-08-2005 à 21:47:07  profilanswer
 

OK, ça a l'air bon. Analyse ton log une dernière fois sur hijackthis.de et vérifie si tu connais tous les points jaunes.

n°2137050
flash93160
Posté le 25-08-2005 à 21:49:46  profilanswer
 

le process eliteaoh32.exe revient sans arret meme en l'enlevemnt de la base des registres

n°2137063
wackevat
Posté le 25-08-2005 à 21:55:26  profilanswer
 

Là dans le log, je ne le vois plus :??:
 
Télécharge KillBox, colle-y les deux chemins :
C:\Windows\system32\wupdate.exe
C:\Windows\system32\eliteaoh32.exe
et choisis Delete on reboot.

n°2137085
flash93160
Posté le 25-08-2005 à 22:08:30  profilanswer
 

c'est fait mais je ne peux pas rebooter mainenant sinon je dois attendre au moins 15 min avant de redémarrer mon pc

n°2137105
flash93160
Posté le 25-08-2005 à 22:30:34  profilanswer
 

Il reste deux lignes que je peux pas retirer c'est :
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\System32\nprotect.exe (file missing) : j'ai supprimer le process hier mais il revient
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe (file missing) : celui là il veut que je redémarre

n°2137108
wackevat
Posté le 25-08-2005 à 22:36:05  profilanswer
 

nprotect.exe semble être du Symantec.
 
Alors que autocomp.exe pour Tracks Eraser Pro, ce n'est pas toi qui l'as installé ?
 
En tout cas, pour les arrêter (et éventuellement passer en désactivés ou manuels), c'est dans le gestionnaire des services que ça se passe : clique droit sur Poste de travail -> Gérer.

n°2137118
flash93160
Posté le 25-08-2005 à 22:43:33  profilanswer
 

et comment le supprimer définitivement

n°2137120
flash93160
Posté le 25-08-2005 à 22:45:17  profilanswer
 

nprotect.exe : non pas celui il est dans windows\system32

n°2137125
wackevat
Posté le 25-08-2005 à 22:53:29  profilanswer
 

T'es sûr que ce n'est pas la corbeille Norton ? Clique droit sur le fichier -> Propriétés -> onglet Version.
 
Pour supprimer, il faut d'abord l'arrêter dans les services. Puis désinstaller l'application (Tracks Eraser Pro pour autocomp.exe).

n°2137128
flash93160
Posté le 25-08-2005 à 22:57:21  profilanswer
 

dans quoi ?

n°2137129
flash93160
Posté le 25-08-2005 à 22:59:16  profilanswer
 

tu as peut-être raison

n°2137316
flash93160
Posté le 26-08-2005 à 08:13:28  profilanswer
 

Ne cherche plus, mon PC ne redemarre plus.
 
J'ai la barre de progression de Windows et ensuite ecran noir mais le DD fonctionne.
 
Donc je vais le réinstaller.
Sauvegarder mes données importantes sur un autre disuque et ensuite je le formate.

n°2143238
flash93160
Posté le 31-08-2005 à 13:11:48  profilanswer
 

Je l'avais enfin trouvé le fichier eliteaoh32.exe et dans le répertoire c:\windows\system32 mais avec mon CD d'install de Windows XP SP1.
 
Mais maintenant j'ai un autre problème est celui-là physique (Le PC ne redémarre plus).

mood
Publicité
Posté le   profilanswer
 


Aller à :
Ajouter une réponse
  FORUM HardWare.fr
  Windows & Software
  Logiciels

  Comment supprimer "C:\windows\system32\eliteaoh32.exe"

 

Sujets relatifs
supprimer logo acer au demarrage de windows xpComment supprimer "Ebates Moneymaker"
Comment supprimer des fichiers automatiquements?Comment supprimer des fichier *.pqe ?
supprimer Internet ExplorerSupprimer mes documents , doc partagé et documents
comment supprimer windows messenger ,Supprimer le message d'autorisation d'acces outlook 2003
Supprimer une partition et rajouter l'espace libere a une autre?Comment supprimer toute trace d'un site sur l'ordi ??
Plus de sujets relatifs à : Comment supprimer "C:\windows\system32\eliteaoh32.exe"

Forum MesDiscussions.Net, Version 2010.2
(c) 2000-2011 Doctissimo
Page générée en 0.106 secondes

Copyright © 1997-2022 Hardware.fr SARL (Signaler un contenu illicite / Données personnelles) / Groupe LDLC / Shop HFR