bonjour a tous j ai pratiquement 40 fenetres d internet explorer qui s ouvre en 6 heures avec comme adresse "http://www.popuppers.com/popsn16.php?firstd=20040507&aff=wyard&c={18E4CB79-D2CF-4594-839F-EC62151EF9E7}&oldmybo=1&oldmyexe=1&oldhanse=1&oldocx18=1&oldocx18=1&oldocx18=1&oldourexe=1&oldocx18=1&oldcasico=1&oldourexe=1&oldocx18=1&oldcasico=1&oldourexe=1&oldocx18=1&oldcasico=1&oldourexe=1&oldocx18=1&oldcasico=1&oldourexe=1" quelqu un a t il une idée pour se debarrasser de ce desagrement merci d avance pour vos reponses

Bonjour renatus Poste un rapport hijackthis, on va te débarasser : l'explication de l'utilisation du programme : https://forum.pcastuces.com/sujet.asp?SUJET_ID=8269 a+

merci voila le log Logfile of HijackThis v1.98.2 Scan saved at 10:48:24, on 04/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Logitech\ImageStudio\LogiTray.exe D:\Program Files\D-Tools\daemon.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe D:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Winamp\Winampa.exe D:\program files\qttask.exe D:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\WINDOWS\System32\effqzo.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\WINDOWS\medload.exe D:\MAXTOR\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe D:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\LVComS.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinPoET\WrOS.EXE D:\MAXTOR\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Web_Rebates\WebRebates1.exe D:\MAXTOR\Program Files\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\THEWEA~1\The Weather Channel.exe D:\MAXTOR\Program Files\Trillian\trillian.exe D:\MAXTOR\Téléchargement\AntiSpam\antispam\NoSpam.exe D:\MAXTOR\Program Files\eMule\emule.exe C:\Program Files\Web_Rebates\WebRebates0.exe C:\WINDOWS\medload.exe D:\Program Files\Netscape\Netscape\Netscp.exe D:\Program Files\Opera\opera.exe F:\Mes documents\hijackthis_198\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.my.yahoo.com/?.rand=1093722085593&.mt=6WL6L52MhYuBzw2yBvSUxrZpbaHJ.5ve9jK4fQ-- R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.9online.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.my.yahoo.com/"); (C:\Documents and Settings\nene\Application Data\Mozilla\Profiles\default\b6x740gh.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CMAXTOR%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\nene\Application Data\Mozilla\Profiles\default\b6x740gh.slt\prefs.js) O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\MAXTOR\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\MAXTOR\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] D:\MAXTOR\Program Files\UrlLstCk.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\qttask.exe" -atboottime O4 - HKLM\..\Run: [qgvmjtd] C:\WINDOWS\System32\effqzo.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "d:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [loads.exe] C:\WINDOWS\medload.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe O4 - Global Startup: Microsoft Office.lnk = D:\MAXTOR\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk14242FR O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - D:\MAXTOR\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Télécharger en utilisant FlashGet - D:\MAXTOR\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8e0c24e8effd07b128e225c91fe269f1e3e53b395f49377f8e3605dd230f34a38bc2fbef0a2d6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://metaboli.clubic.com/components/Metaboli.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fr/games3.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{195395C8-91EC-4571-BCCF-55CC639CD8B5}: NameServer = 212.30.96.108 212.203.124.146 O18 - Filter: text/html - {0F7B0FCB-C8FC-467B-911F-1326CDFDB339} - C:\Documents and Settings\nene\Local Settings\Application Data\microsoft\internet explorer\V0.15.dat

Bon voici quelques adresses pour et conseil de nettoyage : Veux u bien passer les 3 antispy et au moins un scan on line on gagnera du temp antyspy gratuit : 1- Ad-aware: http://www.lavasoft.de/support/download/#free 2- Spybot: http://www.safer-networking.org/fr/download/index.html A metre a jour avant le scan . 3- CWShredder : -Le télécharger d'ici: http://www.spywareinfo.com/downloads/tools/CWShredder.exe installer CWShredder dans un répertoire créer pour lui fermer toutes les fenêtres lancer CWShredder et cliquer sur "Fix". 2)Désactiver la resto système (XP) 1. Cliquez sur Démarrer. 2. Cliquez avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés. 3. Cliquez sur l'onglet «Restauration du système». 4. Sélectionnez «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs» 4) Vider vos temps 3)antivirus on line (désactivez votre antivirus pendant le scan) http://www.secuser.com/outils/antivirus.htm http://securityresponse.symantec.com/ http://www.pandasoftware.com/activescan/com/activescan_principal.htm Redémarrer en modes sans échec Presser la touche f 8 au ( re)démarrage… au bon moment. Réparer IE6 : http://www.technicland.com/powerie6.php3 Ces 2 ci sont + que douteux (voir ci les programmes ci-dessus ne t’en débarasse pas : C:\WINDOWS\System32\effqzo.exe C:\WINDOWS\medload.exe Ceux la a effacer en mode sans echec : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Web_Rebates\WebRebates0.exe C:\Program Files\WindUpdates\WinUpdt.exe Fix IT dans hijack : R3 - Default URLSearchHook is missing O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" O8 - Extra context menu item: &Search - http O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm://bar.mywebsearch.com/menusearch.html?p=ZNxmk14242FR O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8 e0c24e8effd07b128e225c91fe269f1e3e53b395f49377f8e3605dd230f34a38bc2fbef0a2d 6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc Quant tu as fini repost un rapport. A+

Modifié par phillan le 04/10/2004 12:26

merci pour tes conseils je vais m y atteler

Passes déjà adaware et spybot cela va en enlever pas mal.

j ai passé ad ware et spybot rien n y fait, je vais suivre les indications de Phillan

salut Phillan je n ai pas pu reparer ie6 je mets mon nouveau logfile Logfile of HijackThis v1.98.2 Scan saved at 18:20:46, on 04/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe D:\Program Files\D-Tools\daemon.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe D:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Winamp\Winampa.exe D:\program files\qttask.exe D:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe D:\MAXTOR\Program Files\Norton AntiVirus\SAVScan.exe D:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\LVComS.exe C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinPoET\WrOS.EXE D:\MAXTOR\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\Messenger\msmsgs.exe F:\Mes documents\hijackthis_198\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.my.yahoo.com/?.rand=1093722085593&.mt=6WL6L52MhYuBzw2yBvSUxrZpbaHJ.5ve9jK4fQ-- R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.9online.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.my.yahoo.com/"); (C:\Documents and Settings\nene\Application Data\Mozilla\Profiles\default\b6x740gh.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CMAXTOR%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\nene\Application Data\Mozilla\Profiles\default\b6x740gh.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\MAXTOR\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\MAXTOR\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] D:\MAXTOR\Program Files\UrlLstCk.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\qttask.exe" -atboottime O4 - HKLM\..\Run: [qgvmjtd] C:\WINDOWS\System32\effqzo.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "d:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [loads.exe] C:\WINDOWS\medload.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe O4 - Global Startup: Microsoft Office.lnk = D:\MAXTOR\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - D:\MAXTOR\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Télécharger en utilisant FlashGet - D:\MAXTOR\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://metaboli.clubic.com/components/Metaboli.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fr/games3.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab

Salut tu en as laissé : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe à supprimer en mode sans echec dans hijack fixer : R3 - Default URLSearchHook is missing O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm Bon enlèves ceux la et dis moi si cela va.. y a d'autre truc pas net mais non identifié. Si nécessaire on les virera. je rajoure a fixer : O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll Ceux ci tu peux fixer aussi O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab A+

Re laisse celui la : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe Dis moi si tes ennuis continuent. A+

c est impecable tout est rentré dans l ordre encore mille mercis et bonne soirée j essaierais de virer le reste plus tard puisque tout est parfait

Salut, tout simplement en cochant fixant ce malware passé au travers dans la 2eme analyse ;o) ( http://startup.iamnotageek.com/srch-medload.exe.html ) cocher: O4 - HKLM\..\Run: [loads.exe] C:\WINDOWS\medload.exe fixer. supprimer: C:\WINDOWS\medload.exe Puis reviens mettre un rapport Hijackthis pour vérification...