probleme ie / hijackthis

[hippa]

bonjour tout le monde!

 

je vous sollicite pour un peu d'aide svp!

 

ie lance des cochonneries sur la page de démarrage et présence d'icones à la noix aussi (casino games)

 

j'ai donc fait un log par hijackthis mais j'aimerais avoir l'avis de spécialiste pour me dire ce que je dois faire!

 

voici le log

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manflhqcyvnsuwoexe.com/f7cfsxRR...4yxZqAwoCk.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.vwwhgiwhswqfxshxho.com/f7cfsxRR...M795DDRlHc.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\WANADOO\SEARCH~1.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {BD026F11-EB27-CB2F-87C0-427458EBB939} - D:\PROGRA~1\OBJUPL~1\surf junk.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1629.0\fr\msntb.dll

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\WANADOO\CnxMon.exe

O4 - HKLM\..\Run: [Demon] D:\PROGRA~1\MESSAG~1\Demon.exe

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [dartcake] D:\PROGRA~1\WIPEHO~1\Bin Trust Live.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [love blue meow play] D:\Documents and Settings\All Users\Application Data\Part2LoveBlue\bore defy.exe

O4 - HKCU\..\Run: [incrediMail] D:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: e-Backup 1.42 Scheduler.lnk = ?

O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm122

O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Wanadoo (HKCU)

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.encyclo.wanadoo.fr/JS/tdserver.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab

 

 

jpsr que qqn pourra m'aider

 

merci d'avance!

 

hippa

[Laubean]

Salut,

 

déjà tu vas commencer par lire le tutorial sur la page d'accueil de Zebulon ( http://www.zebulon.fr ), tu pourras remarquer qu'il est demandé de lancer d'autres softs de nettoyage avant de poster le log HJT, de plus, le tutorial permet de faire le ménage soi-même.....

[ipl_001]

Bonsoir hippa, Laubean, bonsoir à tous,

 

Comme te le dit Laubean, commence par passer un certains nombre de logiciels :

- vide tes caches (Temp, TIF, Cookies, corbeille)

- antivirus comme HouseCall (système de restauration désactivé)

- anti trojan comme A²

- anti spyware comme Ad-Aware et Spybot Search and Destroy

 

Ferme IE, coche ce qui est en gras ci-dessous et "Fix Checked" :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manflhqcyvnsuwoexe.com/f7cfsxRR...4yxZqAwoCk.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.vwwhgiwhswqfxshxho.com/f7cfsxRR...M795DDRlHc.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\WANADOO\SEARCH~1.DLL <- pour celle là, j'hésite parce qu'elle est marquée Wanadoo mais si çà ne marche pas, elle passera à la casserole

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {BD026F11-EB27-CB2F-87C0-427458EBB939} - D:\PROGRA~1\OBJUPL~1\surf junk.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1629.0\fr\msntb.dll

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\WANADOO\CnxMon.exe

O4 - HKLM\..\Run: [Demon] D:\PROGRA~1\MESSAG~1\Demon.exe

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [dartcake] D:\PROGRA~1\WIPEHO~1\Bin Trust Live.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [love blue meow play] D:\Documents and Settings\All Users\Application Data\Part2LoveBlue\bore defy.exe

O4 - HKCU\..\Run: [incrediMail] D:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: e-Backup 1.42 Scheduler.lnk = ?

O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm122

O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Wanadoo (HKCU)

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.encyclo.wanadoo.fr/JS/tdserver.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab

 

Dans Ajout-Suppression de programmes, essaie de désinstaller (si çà y est) :

- My Web Search

- Messenger Plus!

- Part2LoveBlue

 

Supprime ces fichiers ou répertoires, éventuellement en mode sans échec :

- D:\Program Files\MyWebSearch (répert.)

- D:\PROGRA~1\OBJUPL~1 (répert.)

- D:\PROGRA~1\MESSAG~1 (répert.)

- D:\Documents and Settings\All Users\Application Data\Part2LoveBlue