Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
1579 connectés 

 
 


 Mot :   Pseudo :  
 
 Page :   1  2  3  4  5
Page Suivante
Page Précédente
Bas de page 
Auteur Sujet :

elitebar ma pire galere sur le net, le plu coriace des spy

n°1965923
HxCs
HxC
Posté le 18-03-2005 à 22:43:00  profilanswer
 

Reprise du message précédent :
Slt Acrobaez je vois ke t as  l'air de bien savoir traduire Hijackthis si tu c faire un tour sur mon poste "Big probleme Xp" pcq je suis mal barré :| Merci a toi

mood
Publicité
Posté le 18-03-2005 à 22:43:00  profilanswer
 

n°1965929
darknaud
Posté le 18-03-2005 à 22:46:43  profilanswer
 

Exact, ça ne marche pas, j'ai bien du virer l'uninstall. En tout cas ca a l'air de marcher impec! Merci pour ton aide précieuse...
Arnaud

n°1965936
acrobaze
Posté le 18-03-2005 à 22:49:19  profilanswer
 


Ok! A+!

n°1966150
bombadil
Modern composers refuse to die
Posté le 19-03-2005 à 07:39:17  profilanswer
 

Je n'ai aucune aide à demander, mais j'ai parcouru le post et je tiens juste à féliciter acrobaze pour l'aide qu'il apporte, en toute simplicité.  D'autant que c'est un sacré boulot a chaque fois ! Bravo acrobaze.

n°1971655
bidiboul
Posté le 23-03-2005 à 21:30:12  profilanswer
 

bonsoir! je suis nouvelle sur ce forum, et je suis nulle en informatique... j'ai bien sûr "elitebar" ki s'est incrusté dans mon ordi et ke spybot n'arrive ps à enlever... si vous pouviez m'aider ce serait sympa!!! (en décrivant les étapes une à une, je suis vraiment très mauvaise...) merci bcp!!!

n°1971670
acrobaze
Posté le 23-03-2005 à 21:45:26  profilanswer
 

bidiboul a écrit :

bonsoir! je suis nouvelle sur ce forum, et je suis nulle en informatique... j'ai bien sûr "elitebar" ki s'est incrusté dans mon ordi et ke spybot n'arrive ps à enlever... si vous pouviez m'aider ce serait sympa!!! (en décrivant les étapes une à une, je suis vraiment très mauvaise...) merci bcp!!!


 
Commence par faire ceci :
 
Télécharger "HijackThis" 1.99.1 sur:
 
http://www.spywareinfo.com/~merijn/downloads.html
 
-Le poser dans un dossier spécialement créé pour lui (par exemple:
C:\HijackThis ).
-Le lancer -> "Scan" -> "Save log"
-Récupérer ce log/texte avec le bloc notes.
-Le copier/coller ici, dans une réponse,sans rien faire d'autre.
 

n°1971731
bidiboul
Posté le 23-03-2005 à 22:25:57  profilanswer
 

merci bcp pr ton aide acrobaze!  
voici mon log:
 
Logfile of HijackThis v1.99.1
Scan saved at 22:22:23, on 23/03/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast\ashWebSv.exe
C:\Program Files\Alwil Software\Avast\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\server05.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\m2.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Syste.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\bfhpeu.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
c:\Syste.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\Syste.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Syste.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [System Log Event] csrss32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Server Backbone] server05.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [REGRUN] C:\m2.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevyk32.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] c:\Syste.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [S9oU] C:\WINDOWS\bfhpeu.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\RunServices: [System Log Event] csrss32.exe
O4 - HKLM\..\RunServices: [Server Backbone] server05.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [InstantGet] C:\Program Files\InstantGet\InstantGet.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Yox4RRitO] srcint40.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://chat.francite.com:8888/java/cr.cab
O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/file [...] n-test.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binar [...] _FR_XP.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binar [...] _FR_XP.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] dge-c6.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233200} - http://sex.xxxhard.com/starnews-aw.exe
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binar [...] TML_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.co [...] nPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/5 [...] taller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/soft [...] egular.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11984.kit.carpediem.fr/FanClara.exe
O16 - DPF: {ABB08127-7417-11D4-8566-00500448008D} (Chat Class) - http://downloads.winwise.fr/Common/npchatlax.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binar [...] _FR_XP.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/conten [...] loader.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binar [...] _FR_XP.cab
O18 - Protocol: bw+0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

n°1973923
coolman14
Posté le 25-03-2005 à 14:17:39  profilanswer
 

salut Acrobaze peut tu m'aider pour venir a bout de elitebar?

n°1974127
acrobaze
Posté le 25-03-2005 à 17:45:06  profilanswer
 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php  
 
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll  
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll  
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll  
 
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE  
O4 - HKLM\..\Run: [System Log Event] csrss32.exe
O4 - HKLM\..\Run: [Server Backbone] server05.exe  
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe  
O4 - HKLM\..\Run: [REGRUN] C:\m2.exe  
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe  
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevyk32.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] c:\Syste.exe  
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe  
O4 - HKLM\..\Run: [S9oU] C:\WINDOWS\bfhpeu.exe  
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe  
O4 - HKLM\..\RunServices: [System Log Event] csrss32.exe  
O4 - HKLM\..\RunServices: [Server Backbone] server05.exe  
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Yox4RRitO] srcint40.exe
 
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)  
 
+
Toutes les lignes O16
 
Ferme tous les programmes, y compris internet explorer.
Lance HijackThis. Coche ces lignes et clique "Fix checked".
 
----------
Redémarre en mode sans échec (en tapotant F8 au démarrage).
Assure-toi que tu as accès aux fichiers cachés.
(explorateur windows->outils->options des dossiers->affichage
""Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché)
 
Et supprime:
C:\WINDOWS\System32\server05.exe
C:\Program Files\Media Access\ <-le dossier
C:\m2.exe
C:\Syste.exe
C:\Program Files\ISTsvc\ <-le dossier
C:\WINDOWS\bfhpeu.exe
 
Recherche et supprime aussi les fichiers ou dossiers surlignés.
 
Vide la corbeille. Redémarre en mode normal et poste un nouveau log.

n°1974274
bidiboul
Posté le 25-03-2005 à 19:44:52  profilanswer
 

merci de détailler autant tes réponses, c vraiment très clair! j'ai juste un problème... HijackThis ne veut ps se lancer! il est pourtant dans un dossier spécialement crée pr lui, et j'ai bien tout fermé avt de le lancer... la fenêtre s'affiche 1 seconde et disparaît aussitôt! je ne comprends ps...

mood
Publicité
Posté le 25-03-2005 à 19:44:52  profilanswer
 

n°1974278
acrobaze
Posté le 25-03-2005 à 19:49:06  profilanswer
 

bidiboul a écrit :

merci de détailler autant tes réponses, c vraiment très clair! j'ai juste un problème... HijackThis ne veut ps se lancer! il est pourtant dans un dossier spécialement crée pr lui, et j'ai bien tout fermé avt de le lancer... la fenêtre s'affiche 1 seconde et disparaît aussitôt! je ne comprends ps...


 
Ha bon. Alors tente ceci : télécharge la version 1.98 de cette page:
http://www.spywareinfo.com/~merijn/
 
elle est là:
NOTE: Systems infected with the 'Ms4Hd' rootkit parasite will experience crashes in HijackThis 1.99.x since this parasite deliberately crashes programs that try to detect it. For such cases, a copy of HijackThis 1.98.2 will always be available here or here.
 
et si elle fonctionne correctement, fais le nettoyage avec elle.

n°1974284
bidiboul
Posté le 25-03-2005 à 19:52:19  profilanswer
 

c'est pareil! la page disparaît aussitôt...

n°1974294
acrobaze
Posté le 25-03-2005 à 20:06:06  profilanswer
 

Ok. Alors démarre tout de suite en mode sans échec.

n°1974393
bidiboul
Posté le 25-03-2005 à 21:32:25  profilanswer
 

ça y est, j'ai enfin réussi... :sweat:  
voici mon nouveau log:
 
Logfile of HijackThis v1.99.1
Scan saved at 21:25:02, on 25/03/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Compaq Service Drivers] work.exe
O4 - HKLM\..\Run: [Server Backbone] server05.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] work.exe
O4 - HKLM\..\RunServices: [Server Backbone] server05.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [InstantGet] C:\Program Files\InstantGet\InstantGet.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] work.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] work.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: bw+0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
 
 
apparemment tout a l'air normal, en tt cas elitebar a disparu! merci bcp pr ton aide!

n°1974407
acrobaze
Posté le 25-03-2005 à 21:47:16  profilanswer
 

Il va falloir continuer car il reste des traces. Ce "work.exe" n'était pas ds le log précédent.
 
Donc, tu démarres en mode sans échec.
 
O4 - HKLM\..\Run: [Compaq Service Drivers] work.exe  
O4 - HKLM\..\Run: [Server Backbone] server05.exe  
O4 - HKLM\..\RunServices: [Compaq Service Drivers] work.exe  
O4 - HKLM\..\RunServices: [Server Backbone] server05.exe  
O4 - HKCU\..\Run: [Compaq Service Drivers] work.exe  
O4 - HKCU\..\RunServices: [Compaq Service Drivers] work.exe  
 
Lance HJT, coche ces lignes, clique "Fix checked".
 
Et supprime ce work.exe . Vide la corbeille.
 
Tu peux lancer HJT en mode normal maintenant ? De tt façon, poste un nouveau log.
 
Courage, c'est bientôt terminé!
 

n°1974416
acrobaze
Posté le 25-03-2005 à 22:00:46  profilanswer
 

Avant de poster un nouveau log, va sur ce SITE.
 
Clique sur "Parcourir" et va à :
C:\WINDOWS\vsnpstd.exe  
Clique "Submit".
 
En une ou deux minutes, il te donnera ses résultats.  
Copie/colle les ds ta réponse.

n°1975038
bidiboul
Posté le 26-03-2005 à 16:32:22  profilanswer
 

Bon... j'ai fait tt ce ke tu m'as dit, voici le résultat du scan pr "vsnpstd.exe":
 
 
File:  vsnpstd.exe  
Status:  MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
Packers detected:  -  
   
AntiVir  No viruses found  
Avast  No viruses found  
AVG Antivirus  No viruses found  
BitDefender  No viruses found  
ClamAV  No viruses found  
Dr.Web  No viruses found  
F-Prot Antivirus  No viruses found  
Fortinet  No viruses found  
Kaspersky Anti-Virus  No viruses found  
mks_vir  No viruses found  
NOD32  No viruses found  
Norman Virus Control  No viruses found  
   
Statistics  
Last piece of malware found was Worm/Robobot in install.exe, detected by:
 
Scanner  Malware name  
AntiVir  Worm/Robobot  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  Trojan.DownLoader.2033  
F-Prot Antivirus  W32/Robobot.gen  
Fortinet  X  
Kaspersky Anti-Virus  Backdoor.Win32.Robobot.r  
mks_vir  Win32.4  
NOD32  probably modified Win32/Yodup-based (NewHeur_PE)  
Norman Virus Control  Sandbox: W32/Malware  
 
 
--------------------------
 
ça, c'est fait... voici maintenant mon nouveau log (d'ailleurs je peux à nouveau lancer HJT en mode normal!):
 
 
Logfile of HijackThis v1.99.1
Scan saved at 16:30:30, on 26/03/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\Syste.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\m1.exe
C:\WINDOWS\System32\cuwe.exe
C:\WINDOWS\System32\??rvices.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Alwil Software\Avast\ashWebSv.exe
C:\Program Files\Alwil Software\Avast\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D70A526A-E4DA-AD50-A921-CCC9D6C13CC0} - C:\WINDOWS\System32\ilxmilcx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\Syste.exe
O4 - HKLM\..\Run: [REGRUN] C:\m1.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [InstantGet] C:\Program Files\InstantGet\InstantGet.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Heth] C:\WINDOWS\System32\cuwe.exe
O4 - HKCU\..\Run: [Nwq] C:\WINDOWS\System32\??rvices.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c46.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/soft [...] _adult.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTi [...] refid=3965
O18 - Protocol: bw+0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
 

n°1975048
acrobaze
Posté le 26-03-2005 à 16:46:05  profilanswer
 

Ok. Bon, je vais te dire ce que je pense.  
 
On a commencé à nettoyer cet ordi. Mais là, tes lignes O16 et les nouveaux fichiers parasites montrent que tu as téléchargé (en cliquant sur un lien quelconque) de nouveaux parasites (spywares et trojans).  
 
Si tu t'y prends comme ça, ton ordi ne sera jamais propre.
 
Généralement, les personnes dont l'ordi a eu de telles infections font attention ensuite. Mais toi, tu continues. C'est un nettoyage sans fin.
 
Ne crois pas que je veuille donner des leçons, mais je ne veux pas perdre mon temps. Tu as par exemple un spyware "PurityScan", et je sais d'expérience que ce n'est pas en cliquant un lien météo que l'on attrape ça.

n°1975122
bidiboul
Posté le 26-03-2005 à 17:50:08  profilanswer
 

Je te remercie bcp pr ton aide et je ne veux absolument ps te faire perdre ton temps, j'imagine ke tu as mieux à faire! ms je ne pense ps être responsable de l'arrivée de ces nouveaux parasites...  
Je t'explique: à chaque démarrage, avast détecte un trojan (W32 trojan-gen) dans le fichier C:\DOCUME-1\PROPRI-1\LOCALS-1\Temp\installer.exe, je le supprime à chaque fois, ms à chaque nouveau démarrage de mon ordi ça revient.  
D'autre part, au bout de qq instants après un démarrage (ça ne devrait ps tarder à arriver), je reçois des messages d'avast m'avertissant ke je reçois des mails suspects (probablement des trucs pornos d'après les adresses...), ces messages s'affichent de plus en plus vite, si je m'absente un quart d'heure, j'en ai au moins une quinzaine!!! je clique à chaque fois sur "ne pas envoyer", j'espère ke c'est bien ce qu'il faut faire...  
Enfin, une page internet s'affiche tte seule à chaque démarrage, dont l'adresse est "air689.startdedicated.com"...
Je croyais ke tt était dû à ces saletés ke tu m'as aidée à éliminer, ms ça revient qd même!
Donc voilà, c peut-être à cause de tt ça ke mon ordi est à nouveau infecté de parasites, dans ce cas je ne sais ps koi faire, d'autant ke je ne clique jms sur des liens suspects... internet je m'en sers, ms surtt pr travailler. bref je ne suis ps irresponsable...
excuse-moi de t'ennuyer avec tt ça, j'espère arriver à bout de ces parasites!

n°1975170
bidiboul
Posté le 26-03-2005 à 18:24:31  profilanswer
 

Bon... j'ai relancé HJT, j'ai supprimé les lignes 016 et la ligne 04-HKLM\..\Run:[Anti-Virus Update Scheduler V1.39.12R]c:\Syste.exe ki était revenue... j'ai aussi supprimé en mode sans échec "C:\Syste.exe"...
je te renvoie le nouveau log, en espérant k'il soit "propre"... merci bcp!
 
Logfile of HijackThis v1.99.1
Scan saved at 18:24:32, on 26/03/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast\ashServ.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\m1.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\WINDOWS\System32\cuwe.exe
C:\WINDOWS\System32\??rvices.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Alwil Software\Avast\ashWebSv.exe
C:\Program Files\Alwil Software\Avast\ashMaiSv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D70A526A-E4DA-AD50-A921-CCC9D6C13CC0} - C:\WINDOWS\System32\ilxmilcx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [REGRUN] C:\m1.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [InstantGet] C:\Program Files\InstantGet\InstantGet.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Heth] C:\WINDOWS\System32\cuwe.exe
O4 - HKCU\..\Run: [Nwq] C:\WINDOWS\System32\??rvices.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: bw+0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {872684A4-7D29-4C3C-8607-83C3AD0C8AF2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
 

n°1975377
coolman14
Posté le 26-03-2005 à 22:14:44  profilanswer
 

salut a tous je prie une personne qui veuille bien m'aider a eliminer cette saleter d' elitebar je deviens fou toute les 2 min une fenetre arrive je poste mon log pour que qqu'un puisse m'aider merci
 
Logfile of HijackThis v1.99.1
Scan saved at 22:14:27, on 26.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ntsmod.exe
G:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\Program Files\Logitech\SetPoint\MediaPlayerMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\hijackthis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hispeed.ch/fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Mobile Phone Suite] C:\Program Files\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe -nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MediaFace Integration] F:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [ntsmod] C:\WINDOWS\system32\ntsmod.exe
O4 - HKLM\..\Run: [AnyDVD] G:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitefjt32.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SPYWAREREMOVER] C:\BulletProofSoft.com\BPS Spyware & Adware Remover\SpyRem.exe /STARTUP
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signupte [...] kurity.cab
O18 - Protocol: bw+0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {33630D40-8949-4097-A713-EFEA7B1AF162} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\hr0405dqe.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\dn8o01l3e.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
 

n°1975767
joxer
Posté le 27-03-2005 à 15:16:28  profilanswer
 

j'ai aussi cette elitebar, franchement je commence à devenir fou, j'ai reformaté 2 fois mon ordi et rien n'y fait. je me suis donc mis à la recherche d'une solution sur internet et je suis tombé sur votre forum et j'ai essayé de suivre certain conseils. j'ai utilisé HijackThis et essayé moi même d'enlever ce qu'il fallait mais je ne dois pas être doué. si qualqu'un pouvait m'aider car je craque:
 
voici mon logfile
 
Logfile of HijackThis v1.99.1
Scan saved at 15:16:07, on 03/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\nvcsv32.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Documents and Settings\joxer\Application Data\sgrunt\IE4321.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\hnit.exe
C:\WINDOWS\System32\l?gonui.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\joxer\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C62A6066-B99F-AF16-8619-FCE4EEF110F1} - C:\WINDOWS\System32\ebdjg.dll
O2 - BHO: (no name) - {F3075066-94AC-9A22-AB29-CCC9DEC13DC1} - C:\WINDOWS\System32\ebdjg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [FireWire Services] nvcsv32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\joxer\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [twpahcl] C:\WINDOWS\twpahcl.exe
O4 - HKLM\..\Run: [8FHKf] C:\WINDOWS\cbavtu.exe
O4 - HKLM\..\Run: [YTawoh] C:\WINDOWS\bjdxc.exe
O4 - HKLM\..\Run: [DCT5OU] C:\WINDOWS\efebahnf.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitenfd32.exe
O4 - HKLM\..\RunServices: [FireWire Services] nvcsv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Amap] C:\WINDOWS\System32\hnit.exe
O4 - HKCU\..\Run: [Uqxio] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: www.sgrunt.biz
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFC1129-BFDC-428E-8566-3DA620F90696}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

n°1976187
cerbere_
Posté le 27-03-2005 à 20:59:24  profilanswer
 

Pour moi pareil elle vient d'apparaitre et elle ne veux plus me quitter alors plutot que de faire l'ane je vais demander a acrobaze qui a l'air de bien s'y entendre d'avoir la gentillesse de voir mon problème...merci d'avance
 
Logfile of HijackThis v1.99.1
Scan saved at 20:39:19, on 27/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\NORTON~3\NORTON~3\GHOSTS~2.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe
C:\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\ELITET~1\ELITET~2.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\ELITET~1\ELITET~2.DLL
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ [...] /setup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/conten [...] loader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~3\GHOSTS~2.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
 

n°1976212
cerbere_
Posté le 27-03-2005 à 21:23:35  profilanswer
 

Voila j'ai réussi a la virer j'espère pour tout le temps
J'ai fait un scan avec spybot et adaware ensuite je suis allez dans c/windows/elitetoolbar et j'ai mis ce fichier a la corbeille et voila elle est partie

n°1976275
kaltan1
Posté le 27-03-2005 à 23:28:47  profilanswer
 

vous allez le flinguer le pauvre acrobaze :/
une soluce pour tous vos probléme: arrêter d'installer tout et n'importe quoi
c'est bien beau d'aller sur des sites peu recommandables mais ya moyen de le faire proprement
un formatage ou ghost de temps en temps ca ne fait pas de mal ;)

n°1976279
joxer
Posté le 27-03-2005 à 23:36:19  profilanswer
 

t'as raison, mais c bien là que je ne comprend pas, je n'utilise pas kazaa, ni autre programmes du genre, j'ai reformaté mon disque 2 fois et cette barre ainsi que plein de programmes publicitaires font leur apparition dés que j'installe internet. je suis même allé jusqu'à acheter norton 2005 (60 euros de perdu)

n°1976282
kaltan1
Posté le 27-03-2005 à 23:45:15  profilanswer
 

tu installes une version correcte de ton OS?

n°1976291
joxer
Posté le 27-03-2005 à 23:55:42  profilanswer
 

oui, je l'ai acheté, donc y'a pas plus correcte je crois.
windows XP Home Edition

n°1976293
kaltan1
Posté le 27-03-2005 à 23:58:46  profilanswer
 

alors ya pas de raison si tu formates qu'un spyware entre dans ton ordi sans que tu n'ais rien fait

n°1976296
joxer
Posté le 28-03-2005 à 00:01:50  profilanswer
 

c'est ce que je dis, dès l'installation de mon modem. je lance internet pour mettre à jour norton et paf, plein de fenêtres publicitaire et cette elitebar à la noix. sérieux j'ai failli pleurer

n°1976298
kaltan1
Posté le 28-03-2005 à 00:02:38  profilanswer
 

tu es sur de formater et non pas de réparer?

n°1976305
joxer
Posté le 28-03-2005 à 00:12:59  profilanswer
 

oui oui, certain, la première fois j'ai juste réparer ensuite, comme rien ne changeait, j'ai formaté (2x)
voilà, je quitte mon ordi 10 mn et j'ai au moins 6 fenêtres, pub jamba, Search Results for..., et trop fort des spywares qui me préviennent que j'ai des spywares, trop fort lol


Message édité par joxer le 28-03-2005 à 00:38:11
n°1976492
acrobaze
Posté le 28-03-2005 à 11:25:40  profilanswer
 

joxer
 
------1
 
Télécharge et lance cet uninstall.
et redémarre.
 
------2
 
O2 - BHO: (no name) - {C62A6066-B99F-AF16-8619-FCE4EEF110F1} - C:\WINDOWS\System32\ebdjg.dll  
O2 - BHO: (no name) - {F3075066-94AC-9A22-AB29-CCC9DEC13DC1} - C:\WINDOWS\System32\ebdjg.dll  
 
O4 - HKLM\..\Run: [FireWire Services] nvcsv32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe  
O4 - HKLM\..\Run: [twpahcl] C:\WINDOWS\twpahcl.exe
O4 - HKLM\..\Run: [8FHKf] C:\WINDOWS\cbavtu.exe
O4 - HKLM\..\Run: [YTawoh] C:\WINDOWS\bjdxc.exe
O4 - HKLM\..\Run: [DCT5OU] C:\WINDOWS\efebahnf.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitenfd32.exe
O4 - HKLM\..\RunServices: [FireWire Services] nvcsv32.exe  
O4 - HKCU\..\Run: [Amap] C:\WINDOWS\System32\hnit.exe
 
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm  
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
 
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone  
 
Ferme tous les programmes, y compris internet explorer.
Lance HijackThis. Coche ces lignes et clique "Fix checked".
 
----------
Redémarre en mode sans échec (en tapotant F8 au démarrage).
Assure-toi que tu as accès aux fichiers cachés.
(explorateur windows->outils->options des dossiers->affichage
""Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché)
 
Et supprime les fichiers ou dossier surlignés en gras.
 
Vide la corbeille. Redémarre en mode normal et poste un nouveau log.
 
----------
Ca, tu sais ce que c'est :
 O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\joxer\Application Data\sgrunt\IE4321.exe  ???
 

n°1976612
balltrap34
Posté le 28-03-2005 à 12:57:08  profilanswer
 

pour acrobaze j ai trouver ceci qu en pense tu stp
en r^pport avec IE4321.exe  
http://www.virit.com/startup/scheda.asp?num=128


Message édité par balltrap34 le 28-03-2005 à 12:58:01

---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/
n°1976627
acrobaze
Posté le 28-03-2005 à 13:10:19  profilanswer
 

balltrap34 a écrit :

pour acrobaze j ai trouver ceci qu en pense tu stp
en r^pport avec IE4321.exe  
http://www.virit.com/startup/scheda.asp?num=128


 
Oui. Je n'avais pas cherché...
 
http://www.trendmicro.com/vinfo/gr [...] L_SGRUNT.A

n°1976743
joxer
Posté le 28-03-2005 à 14:49:40  profilanswer
 

je le vire alors.
après avoir redémarrer en mode sans échec et décoché "Masquer les extensions.." je ne vois pas quels dossiers ou fichiers je dois supprimer. de plus je n'arrive plus maintenant à acceder à certain site où je dois mettre des mots de passe comme hotmail, ogame, ect...en plus internet se déconnecte sans raison.
je reformate ?

n°1976761
balltrap34
Posté le 28-03-2005 à 15:05:34  profilanswer
 

ont se donne du mal si c est pour formater c est pas la peine
suppr les fichiers que acrobaze ta mis et aussi
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\joxer\Application Data\sgrunt\IE4321.exe
telecharge ceci et utilise le
tu fait clik droit dessus et executer
cela devrait remettre comme il faut la zone de securite
http://mvps.org/winhelp2002/DelDomains.inf


---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/
n°1976923
joxer
Posté le 28-03-2005 à 16:47:00  profilanswer
 

ça va maintenant, tout est en ordre, pour l'instant en tout cas. un grand merci pour votre aide précieuse.

n°1978703
papY CaStO​r
Posté le 29-03-2005 à 23:31:14  profilanswer
 

Bonsoir à tous
 
Je suis désolé d'en remettre encore une couche mais j'ai le même problème que joxer : des spywares très coriaces s'installent sur le disque au moment ou j'effectue ma première connection Wanadoo après le reformatage pour les mêmes raisons que lui. J'ai éxécuté HiJackThis mais je n'ai apperement pas le même log que joxer.
 
Je poste le mien ci-dessous :
 
Logfile of HijackThis v1.99.1
Scan saved at 23:20:30, on 29/03/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\rymktuf.exe
C:\WINDOWS\System32\winole.exe
C:\WINDOWS\System32\trmupdate.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\gsuoujp.exe
C:\WINDOWS\switpb.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Fichiers d'install\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Windows update 32] rymktuf.exe
O4 - HKLM\..\Run: [07Ef37V] ir3ogmgr.exe
O4 - HKLM\..\Run: [Windows Compliant] winole.exe
O4 - HKLM\..\Run: [MS Unix Binary] trmupdate.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [vFAkB] C:\WINDOWS\gsuoujp.exe
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpb.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Windows update 32] rymktuf.exe
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] trmupdate.exe
O4 - HKCU\..\Run: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [MS Unix Binary] trmupdate.exe
O4 - Startup: Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 2110351237
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/soft [...] egular.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE96311E-0244-466B-8566-A14A5A28329C}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
 
 
Si qq'un pourrait m'indiquer, comme pr joxer, les lignes à fixer et le reste ce serait vraiment sympa.
 
Merci d'avance.

n°1978719
acrobaze
Posté le 29-03-2005 à 23:48:37  profilanswer
 

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)  
 
O4 - HKLM\..\Run: [Windows update 32] rymktuf.exe  
O4 - HKLM\..\Run: [07Ef37V] ir3ogmgr.exe  
O4 - HKLM\..\Run: [Windows Compliant] winole.exe  
O4 - HKLM\..\Run: [MS Unix Binary] trmupdate.exe  
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE  
O4 - HKLM\..\Run: [vFAkB] C:\WINDOWS\gsuoujp.exe  
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpb.exe  
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe  
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe  
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe  
O4 - HKLM\..\RunServices: [Windows update 32] rymktuf.exe  
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe  
O4 - HKLM\..\RunServices: [MS Unix Binary] trmupdate.exe  
O4 - HKCU\..\Run: [Windows Compliant] winole.exe  
O4 - HKCU\..\Run: [MS Unix Binary] trmupdate.exe  
 
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c18.cab  
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/soft [...] egular.cab  
 
Ferme tous les programmes, y compris internet explorer.
Lance HijackThis. Coche ces lignes et clique "Fix checked".
 
----------
Redémarre en mode sans échec (en tapotant F8 au démarrage).
Assure-toi que tu as accès aux fichiers cachés.
(explorateur windows->outils->options des dossiers->affichage
""Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché)
 
Et supprime:
C:\WINDOWS\System32\rymktuf.exe  
C:\WINDOWS\System32\winole.exe  
C:\WINDOWS\System32\trmupdate.exe  
C:\WINDOWS\gsuoujp.exe  
C:\WINDOWS\switpb.exe  
C:\Program Files\Media Pass\<-dossier
C:\Program Files\ISTsvc\<-dossier
C:\UNMT.EXE  
 
Vide la corbeille. Redémarre en mode normal et poste un nouveau log.
 
Antivirus gratuit ici:
http://free.grisoft.com/freeweb.ph [...] /us/tpl/v5
 
 
 

n°1978732
papY CaStO​r
Posté le 30-03-2005 à 00:19:00  profilanswer
 

Voila mon nouveau log :  
 
Logfile of HijackThis v1.99.1
Scan saved at 00:09:58, on 30/03/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\System32\wkatzyl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Fichiers d'install\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [MS Unix Binary] trmupdate.exe
O4 - HKLM\..\Run: [Windows update 32] wkatzyl.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] trmupdate.exe
O4 - HKLM\..\RunServices: [Windows update 32] wkatzyl.exe
O4 - HKCU\..\Run: [MS Unix Binary] trmupdate.exe
O4 - Startup: Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 2110351237
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
 
 
Mais je n'ai pas pu supprimer les fichiers ci-dessous  car je ne les ai pas trouvés, Windows non plus :
C:\WINDOWS\System32\rymktuf.exe  
C:\WINDOWS\gsuoujp.exe  
C:\WINDOWS\switpb.exe  
C:\UNMT.EXE
 
Je remarque aussi qu'il y a encore Media Access ds le log et d'autres, et... ça sent mauvais.
De plus, ds C:\ il y a plrs fichiers louches dont tu n'as pas  fais référence que j'avais deja supprimer mais qui reviennent à chaque reconnection.
 
Je voulais aussi savoir à quel moment il faut tenter de désinstaller les spywares qui figurent ds Ajout/suppression de programmes ? je les ai deja bien sur désisntaller plrs fois mais ils reviennent à chaque reconnection.


Message édité par papY CaStOr le 30-03-2005 à 03:03:25
mood
Publicité
Posté le   profilanswer
 

 Page :   1  2  3  4  5
Page Suivante
Page Précédente
Haut de page 

Aller à :
Ajouter une réponse
 

Sujets relatifs
Elitum.Elitebar : l'enfer d'un internaute amateur !Processus explorer.exe..100% processeur..Galère
Airport, PCMCIA ??? Galère !!!Le pire spyware
demarrage galère de xpaidez moi chui en galere!
Galère avec réseau WifiGalère pr éteindre/redemarrer
Rimouver est pire qu'un virus! Fuyez ce programme!Le coriace adware IST
Plus de sujets relatifs à : elitebar ma pire galere sur le net, le plu coriace des spy

Forum MesDiscussions.Net, Version 2010.2
(c) 2000-2011 Doctissimo
Page générée en 0.172 secondes

Copyright © 1997-2022 Hardware.fr SARL (Signaler un contenu illicite / Données personnelles) / Groupe LDLC / Shop HFR