virus france.exe

virus france.exe - Sécurité - Windows & Software

Marsh Posté le 16-05-2005 à 16:28:04    

Salut!!
je crois que j'ai chopé un virus dénommé france.exe, mais je ne sais pas comment le virer.Si vous pouviez m'aider , ce serait cool.
Voici mon log
 
Logfile of HijackThis v1.99.1
Scan saved at 14:52:43, on 15/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\program files\180solutions\sais.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Temp\hijackthis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINNT\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINNT\EliteSideBar\EliteSideBar 08.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HELPER] C:\WINNT\system32\france.exe  -N
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitebht32.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [khol] C:\WINNT\khol.exe
O4 - HKLM\..\RunServices: [strmsnmsgr] msnmsgrs.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusea [...] xdm075YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] e-c283.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocac [...] .0.8-2.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/soft [...] egular.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D03082C4-F72A-4276-8EDA-4C94DE92D3E2}: NameServer = 134.214.100.6,134.214.100.245
O18 - Protocol: bw+0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
 

Reply

Marsh Posté le 16-05-2005 à 16:28:04   

Reply

Marsh Posté le 16-05-2005 à 16:31:40    

Salut,  
 
il y a déjà une bonne dizaine de topics là dessus avec la solution pour le virer.
 
En gros : tu coches toutes les lignes avec "France.exe" dedans et tu les vires.
 
Ensuite en mode sans echec, tu supprimmes tous les fichiers appelés france.exe et tu nettoies avec CCLeaner, et tu rebootes.
 

Reply

Marsh Posté le 16-05-2005 à 16:36:08    

Reply

Marsh Posté le 16-05-2005 à 17:38:51    

Bonjour, je regarde ton rapport. En attendant, télécharge ces utilitaires:
 
Elite Toolbar remover le dézipper dans un répertoire dédié et placer un raccourci sur le bureau
 
http://www.clubic.com/telecharger- [...] mover.html
 
CleanUp
 
http://downloads.stevengould.org/cleanup/CleanUp40.exe
 
Pocket Killbox  
 
http://www.bleepingcomputer.com/fi [...] illBox.zip
Une fois téléchargé, tu le dézippes sur ton bureau.
 
 
 
 
 
 
 

Reply

Marsh Posté le 16-05-2005 à 18:17:00    

Re,
 
1 Démarre en mode sans échec(F8). Clique sur Kill Elite Toolbar. Redémarre ton ordinateur.
 
2 Désinstalle via ajout:suppression de programmes ces applications, si elles sont présentes:
 
EliteToolBar, EliteSideBar, MyWebSearch, 180 solutions.
 
3 Démarre en mode sans échec. Lance Hijackthis Do a system scan onlyet coche les lignes suivantes:
 
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php  
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)  
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL  
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINNT\EliteToolBar\EliteToolBar version 60.dll  
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINNT\EliteSideBar\EliteSideBar 08.dll  
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe  
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe  
O4 - HKLM\..\Run: [HELPER] C:\WINNT\system32\france.exe  -N  
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitebht32.exe  
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe  
O4 - HKLM\..\Run: [khol] C:\WINNT\khol.exe  
O4 - HKLM\..\RunServices: [strmsnmsgr] msnmsgrs.exe  
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe  
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE  
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE  
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusea [...] xdm075YYFR  
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)  
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] e-c283.cab  
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocac [...] .0.8-2.cab  
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx  
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/soft [...] egular.cab  
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab  
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab  
O18 - Protocol: bw+0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw+0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw-0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw-0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw00 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw00s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw10 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw10s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw20 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw20s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw30 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw30s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw40 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw40s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw50 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw50s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw60 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw60s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw70 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw70s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw80 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw80s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw90 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bw90s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwa0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwa0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwb0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwb0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwc0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwc0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwd0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwd0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwe0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwe0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwf0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwf0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll  
O18 - Protocol: bwg0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwg0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwh0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwh0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwi0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwi0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwj0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwj0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwk0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwk0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwl0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwl0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwm0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwm0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwn0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwn0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwo0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwo0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwp0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwp0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwq0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwq0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwr0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwr0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bws0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bws0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwt0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwt0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwu0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwu0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwv0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwv0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bww0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bww0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwx0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwx0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwy0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwy0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwz0 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: bwz0s - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
O18 - Protocol: offline-8876480 - {36774A53-8AC4-4FAE-B9FD-760312543236} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll  
 
Ferme toutes les fenêtres tous les programmes puis Fix checked.
 
4 Lance Killbox. Ouvre le bloc note et copie colle le chemin des fichiers ci dessous:
 
C:\WINNT\system32\france.exe  -N  
C:\winnt\system32\elitebht32.exe  
c:\program files\180solutions\sais.exe  
C:\WINNT\khol.exe
 
Entre les dans la fenêtre de Killbox. Coche Delete on reboot et clique sur la croix sur fon rouge. Au message File will be deleted... Do you want to reboot now réponds oui.
 
Assure toi d'avoir accès à tous les fichiers
 

Citation :

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :  
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer


 
5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
 
C:\Program Files\MyWebSearch  
C:\WINNT\EliteToolBar  
C:\WINNT\EliteSideBar
C:\PROGRA~1\MYWEBS~1
C:\WINNT\system32\france.exe  -N  
C:\winnt\system32\elitebht32.exe  
c:\program files\180solutions\sais.exe  
C:\WINNT\khol.exe  
msnmsgrs.exe< utiliser la fonction rechercher, attention à la syntaxe  
C:\Program Files\MyWebSearch
 
6 Lance Cleanup
Recache les fichiers système afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
 
7 Redémarre normalement et poste un nouveau rapport Hijackthis pour vérification
 
 
 
 
 
 
 
 
 
 
 
 
 

Reply

Marsh Posté le 16-05-2005 à 19:57:46    

Joli bordel son log :D

Reply

Marsh Posté le 16-05-2005 à 20:20:01    

darren a écrit :

Joli bordel son log :D


 
Et en plus du coriace. On verra s'il répond ce que ça donne...  

Reply

Marsh Posté le 16-05-2005 à 21:13:24    

Stonangel... :jap:  
 
félicitation pour tes réponses, c'est pas la première que je vois tes "post" .
Clair et précis.
Tu as dû en "dépatouiller" plus d'un sur ce forum !
 :jap:  :hello:


Message édité par philo2 le 16-05-2005 à 21:15:10
Reply

Marsh Posté le 16-05-2005 à 22:44:28    

:hello: Merci beaucoup

Reply

Marsh Posté le 16-05-2005 à 22:49:02    

Stonangel est très fort, je ne suis qu'un jeune padawan comparé à lui :jap:
 
Plus sérieusement, c'est super sympa de sa part d'aider les autres comme il le fait.

Reply

Marsh Posté le 16-05-2005 à 22:49:02   

Reply

Marsh Posté le 17-05-2005 à 13:52:52    

Salut la compagnie!!
je crois que le problème est réglé
t'es Trop fort STONANGEL
merci les gars!!
 
voici mon log, je pense qu'il est clean comme l'eau de roche
 :)  :)  :)  
 
 
Logfile of HijackThis v1.99.1
Scan saved at 13:49:49, on 17/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D03082C4-F72A-4276-8EDA-4C94DE92D3E2}: NameServer = 134.214.100.6,134.214.100.245
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
 

Reply

Marsh Posté le 17-05-2005 à 18:11:49    

Bonsoir, effectivement c'est réglé. Bon surf  :hello:

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed