comment se debarasser de trojan.elitbar et w32.spybot.worm

norton à détecté ces 2 virus: w32.spybot.worm et trojan.elitbar
il n'arrive pas a les détruires.en consultant le site j'ai donc fais un log:

Logfile of HijackThis v1.99.1
Scan saved at 17:25:16, on 05/10/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\etb\pokapoka73.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\cmd.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe
C:\Program Files\Norton AntiVirus\QSERVER.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.24-7searching-and-more.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O1 - Hosts: 207.234.225.134 www.halifax-online.co.uk
O1 - Hosts: 207.234.225.134 ibank.barclays.co.uk
O1 - Hosts: 207.234.225.134 online.lloydstsb.co.uk
O1 - Hosts: 207.234.225.134 online-business.lloydstsb.co.uk
O1 - Hosts: 207.234.225.134 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 207.234.225.134 www.nwolb.com
O1 - Hosts: 207.234.225.134 banesnet.banesto.es
O1 - Hosts: 207.234.225.134 extranet.banesto.es
O1 - Hosts: 207.234.225.134 ebanking.bccbrescia.it
O1 - Hosts: 207.234.225.134 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 207.234.225.134 www.rbsdigital.com
O1 - Hosts: 207.234.225.134 oi.cajamadrid.es
O1 - Hosts: 207.234.225.134 bancae.caixapenedes.com
O1 - Hosts: 207.234.225.134 banking.postbank.de
O1 - Hosts: 207.234.225.134 meine.deutsche-bank.de
O1 - Hosts: 207.234.225.134 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 207.234.225.134 ibank.cahoot.com
O1 - Hosts: 207.234.225.134 webbank.openplan.co.uk
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [tyack drive] tyack.pif
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [System service65] C:\WINNT\etb\pokapoka69.exe
O4 - HKLM\..\Run: [tskdig] c:\winnt\system32\tskdig.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINNT\logon.exe
O4 - HKLM\..\Run: [Zango SiteFinder] "C:\Program Files\Zango SiteFinder\ZangoSiteFinder.exe"
O4 - HKLM\..\Run: [Windows Updated] spoolsac.exe
O4 - HKLM\..\Run: [System service69] C:\WINNT\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Ndqplrh] C:\Program Files\Bgdoy\Wrusfh.exe
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINNT\system32\syshost.exe
O4 - HKLM\..\Run: [NTupdater] C:\winnt\Help\Tours\van32.exe c:\winnt\help\tours\sm56help.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [resU] C:\WINNT\exe82.exe
O4 - HKLM\..\Run: [:C=e] C:\WINNT\exe82.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe
O4 - HKLM\..\Run: [System service70] C:\WINNT\\\etb\\pokapoka70.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [System service73] C:\WINNT\etb\pokapoka73.exe
O4 - HKLM\..\Run: [MS Security] systm.pif
O4 - HKLM\..\RunServices: [tyack drive] tyack.pif
O4 - HKLM\..\RunServices: [Windows Updated] spoolsac.exe
O4 - HKLM\..\RunServices: [MS Security] systm.pif
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [tskdig] c:\winnt\system32\tskdig.exe
O4 - HKCU\..\Run: [Locs] C:\Program Files\recu\ecbo.exe
O4 - HKCU\..\Run: [Rhy] C:\WINNT\System32\??oolsv.exe
O4 - HKCU\..\Run: [Windows Updated] spoolsac.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MS Security] systm.pif
O4 - HKCU\..\RunServices: [Windows Updated] spoolsac.exe
O4 - HKCU\..\RunServices: [MS Security] systm.pif
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.pe.ws/help/addon.chm::/file.exe
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://www.bardownload.com/prompt/cabs/website.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3309
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINNT\System32\dfrgfat32.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: sdktemp - Unknown owner - C:\WINNT\microsoft.exe
O23 - Service: spool - Unknown owner - C:\WINNT\spoollv.exe

je ne sais pas comment le lire, si quelqu'un peu m'aider, merci beaucoup

Voici l analyse de ton log
Disons que t as un sacré paquet de cochonneries!!!

Kickes les lignes indiquées "?" sur mon lien grace a hijackthis, et vois pour celle en "!"!!!

Bye

Starz
Oups le lien est foireux, je te le refais



Voila le bon : Hijackthis



[ Ce message a ete modifié par : : Starz le 05-10-2005 17:49 ]

merci beaucoup pour ta réponse aussi rapide, je n'ai plus de soucis avec ces deux virus, par contre norton en à détecté 2 autres: hacktool.rootkit et trojan.lowzones
je doit refaire la maneuvre avec hijackthis??

le nouveau log:
Logfile of HijackThis v1.99.1
Scan saved at 18:05:08, on 05/10/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\dfrgfat32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\spoollv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\WINNT\loadqm.exe
C:\WINNT\etb\pokapoka73.exe
C:\WINNT\System32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe
C:\Program Files\Norton AntiVirus\QSERVER.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.24-7searching-and-more.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [System service73] C:\WINNT\etb\pokapoka73.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINNT\System32\dfrgfat32.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: spool - Unknown owner - C:\WINNT\spoollv.exe

effectivemet tu avais raison j'avais pas mal de saloperies sur mon pc

salut

C:\WINNT\System32\dfrgfat32.exe est une exe de virus ici (premier lien)

Salut
je vais relancer une analyse

Voici ton nouveau log Hijackthis

Tu n arrives pas a supprimer ce virus avec norton???
Je te conseille d installer Avast free edition!!!


@+
St@Rz