Problème avec elitebar

Problème avec elitebar - Sécurité - Windows & Software

Marsh Posté le 18-06-2005 à 17:38:30    

Bonjour à tous.
 
Voilà, je bataille depuis deux jours avec elitebar, impossible de m'en débarrasser.
J'en appelle humblement à quelqu'un de compétent pour me sortir de ce mauvais pas.
Merci d'avance pour vos réponses.
 
Voici mon rapport:
 
Logfile of HijackThis v1.99.1
Scan saved at 17:38:08, on 18/06/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hiajckthis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe  
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Security GManagers] kzehmlo.exe
O4 - HKLM\..\Run: [Explorer] explorer.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitefmw32.exe
O4 - HKLM\..\Run: [System Event Manager] secsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Security GManagers] kzehmlo.exe
O4 - HKLM\..\RunServices: [Explorer] explorer.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://www.cotedazur.banquepopulaire.fr
O15 - Trusted Zone: http://www.battle-arenas.net
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_pao.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: bw+0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown owner - C:\WINDOWS\System32\rpcclient.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 

Reply

Marsh Posté le 18-06-2005 à 17:38:30   

Reply

Marsh Posté le 18-06-2005 à 17:41:41    

Ton pare-feu est activé ?


---------------
www.macetpc.com
Reply

Marsh Posté le 18-06-2005 à 17:44:51    

Et bien, au risque de paraitre naif, j'ai norton 2005 à jour et actif oui. Je pensais que c'était suffisant et qu'il remplissait cette fonction.

Reply

Marsh Posté le 19-06-2005 à 06:24:44    

Bonjour,
 
Désactive ta restauration système
 
Kille ce fichier (celui dans system32, pas l'autre. Pour être sûr de ne pas te tromper, fais le avec Process Explorer car le gestionnaire des taches ne te permet pas de voir les chemins complets vers le fichier. C'est fort probable que ce soit le ver Spybot :|)

Citation :

C:\WINDOWS\System32\explorer.exe


 
 
Ensuite fixe ces lignes :

Citation :


O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
 
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
 
O4 - HKLM\..\Run: [Microsoft Security GManagers] kzehmlo.exe
O4 - HKLM\..\Run: [Explorer] explorer.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitefmw32.exe
O4 - HKLM\..\Run: [System Event Manager] secsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Security GManagers] kzehmlo.exe
O4 - HKLM\..\RunServices: [Explorer] explorer.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe
 
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_pao.exe
 
O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown owner - C:\WINDOWS\System32\rpcclient.exe (file missing)


 
Puis supprime ces fichiers :
 

Citation :


- C:\WINDOWS\System32\explorer.exe (celui dans \System32\uniquement, fais bien attention, l'autre étant un fichier windows indispensable  !!!)
 
- kzehmlo.exe (Je n'ai pas le path vers le fichier dans ton log, mais une recherche sur ton disque dur, en priorité dans c:\windows\ ou c:\windows\system32\ si tu veux gagner du temps, ou jeter un oeil directement à la racine sous C:\,devrait te permettre de le localiser.
Et si tu ne le vois pas :
panneau de configuration > options des dossiers > onglet affichage
Cocher "Afficher les fichiers et dossiers cachés" )
 
- C:\windows\system32\elitefmw32.exe
 
- secsvc.exe (normalement dans c:\windows\system32\, sinon fais une recherche comme pour le fichier précédent)


 
Supprime ce dossier complet (en gras) :

Citation :


C:\WINDOWS\EliteToolBar\


 
Je te conseille d'activer ton firewall XP (si ce n'est pas déjà fait) ou mieux d'installer un firewall freeware tel que Kerio ou Zone Alarm car je doûte que Norton 2005 joue le rôle d'un firewall également... ceci dit je peux me tromper :).
 
 

Reply

Marsh Posté le 20-06-2005 à 00:30:06    

Merci beaucoup pour ton aide. j'ai installé zole alarme, ça fera en effet pas de mal.
Cependant, aprés avoir fait les manips, je craind qu'il reste encore pas mal de choses qui s'accrochent.
 
Voici le dernier rapport:
 
Logfile of HijackThis v1.99.1
Scan saved at 00:23:07, on 20/06/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\mqfnypg.exe
C:\WINDOWS\System32\runm.pif
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hiajckthis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe  
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Security GManagers] mqfnypg.exe
O4 - HKLM\..\Run: [Microsoftf DDEs ContrDL] runm.pif
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelfv32.exe
O4 - HKLM\..\RunServices: [Microsoft Security GManagers] mqfnypg.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs ContrDL] runm.pif
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://www.cotedazur.banquepopulaire.fr
O15 - Trusted Zone: http://www.battle-arenas.net
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com  
O15 - Trusted Zone: http://*.windowsupdate.com  
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: bw+0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1629BDF9-1419-4C62-B8A6-4AB9A67ED2F5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown owner - C:\WINDOWS\System32\rpcclient.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

Reply

Marsh Posté le 20-06-2005 à 02:35:34    

Arg Spybot est revenu... (et elitetoolbar aussi, mais ça ça me surprend moins...)
Tu es sûr et certain que ton antivirus est à jour ? Que tu n'as pas exclu des dossiers qui au contraire devraient être surveillés en permanence (comme c:\windows\ ou c:\windows\system32\ ?)
 
- Dans tous les cas : commence par récupérer toutes les mises à jour de windows que tu n'as jamais téléchargées et installe-les (celles pour IE aussi : je vois que le tien n'est pas à jour) via Windows Update, parce que Spybot peut passer par certaines grosses failles pour se propager...
 
- Spybot peut se propager par tes partages de fichiers aussi (ça dépend des versions...), donc si tu n'es pas en réseau, tu n'as pas besoin de partager tes fichiers ou ton imprimante et le plus simple est d'ouvrir un fichier avec ton bloc-note, et de copier ces lignes dedans :

Citation :


net share c$ /delete
net share d$ /delete
net share e$ /delete
net share ipc$ /delete
net share admin$ /delete


Tu sauvegardes ce fichier en delshare.bat et tu double-cliques dessus (tu peux même les placer dans ton dossier C:\Documents and Settings\Ton_Login_Admin\Menu Démarrer\ à titre "préventif" ).
Par contre si tu es en réseau et que tu tiens à ces partages de fichiers, tu ne peux pas executer ce bat sinon tu vas perdre tous tes partages, mais dans ce cas il faut absolument que tu mettes un password sur ton compte administrateur, et un password "solide" (minimum 8 caractères avec minuscules-majuscules-chiffres et en tout cas qu'il n'ait pas de sens (aucun risque qu'il se retrouve dans le dico du malware).
 
Dans tous les cas, on reprend :
 
- Desactiver la restauration système (si tu l'as réactivée entre temps)
 
- Kille ces fichiers (ctrl+alt+suppr) :

Citation :


C:\WINDOWS\System32\mqfnypg.exe
C:\WINDOWS\System32\runm.pif


 
- Fixe ces lignes :

Citation :


O4 - HKLM\..\Run: [Microsoft Security GManagers] mqfnypg.exe
O4 - HKLM\..\Run: [Microsoftf DDEs ContrDL] runm.pif
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelfv32.exe
O4 - HKLM\..\RunServices: [Microsoft Security GManagers] mqfnypg.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs ContrDL] runm.pif
 
O23 - Service: Remote Procedure Call (RPC) Client (RpcClient) - Unknown owner - C:\WINDOWS\System32\rpcclient.exe (file missing)


 
- Supprime ces fichiers :
 

Citation :


C:\WINDOWS\System32\mqfnypg.exe
C:\WINDOWS\System32\runm.pif
C:\windows\system32\elitelfv32.exe
C:\WINDOWS\System32\rpcclient.exe (s'il existe)


 
 
- Télécharge ce fichier (c'est un outil qui va te permettre de détecter tous les fichiers d'elitetoolbar susceptibles d'être sur ton disque dur ainsi que toutes les clefs de registres en rapport) :
http://www.simplytech.it/ETRemover/setup.zip
Installe-le sur C:\ET par exemple (tu pourras le désintaller plus tard)
 
- Reboot en mode sans echec
 
- Lance ETRemover en mode sans echec et confirme la suppression des fichiers et des clefs de registre qu'il te trouve.
 
- Reviens sous windows normalement et reposte un log hijackthis.


Message édité par elooo le 20-06-2005 à 02:44:25
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed