Comment se débarrasser de : EXPL IFRAMEBO.A

salut

telecharge hijackthis:
http://www.merijn.org/files/hijackthis.zip
Dezippe le dans un dossier prévu a cet effet.
Par exemple C:\hijack
et surtout pas dans un dossier temporaire (temp)
lance le puis:
clic sur "do a system scan and save logfile" et pas autre chose
Le bloc note va s'ouvrir, copie tout le contenu et colle le ici a la suite de ton message.
Si tu as du mal, regarde ceci:
http://pageperso.aol.fr/balltrap34/demohijack.htm

a+

Merci Moe31
Voilà le résultat obtenu :

Logfile of HijackThis v1.99.1
Scan saved at 02:04:18, on 10/08/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\usrbridg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\shnlog.exe
C:\WINNT\popuper.exe
C:\WINNT\System32\msole32.exe
C:\WINNT\System32\intmonp.exe
C:\WINNT\System32\intmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\System32\hpE89A.tmp
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DC44FE6-ADCD-446B-8A4F-2­7F494FD133D}: NameServer = 81.22.90.29 82.101.136.29
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DC44FE6-ADCD-446B-8A4F-2­7F494FD133D}: NameServer = 81.22.90.29 82.101.136.29
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINNT\system32\usrbridg.exe

Merci pour ton aide

Est-ce que quelqu'un peut m'aider?
Je n'ai toujours pas de réponse.

Bonjour,

Méthode a suivre dans l'ordre...
------------------------------------------------------------­----------------
¤Télécharge ces logiciels mais que tu n utilises pas tout de suite:

1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html

Démo d utilisation (merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourra le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo ici d'utilisation:(merci a Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf

3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm

----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as télécharger avant)
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
----------------------------------------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite click sur fix checked :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/

O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\System32\hpE89A.tmp


----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si present)
C:\WINNT\System32\shnlog.exe
C:\WINNT\popuper.exe
C:\WINNT\System32\msole32.exe
C:\WINNT\System32\intmonp.exe
C:\WINNT\System32\intmon.exe
C:\WINNT\System32\hpE89A.tmp

----------------------------------------------------------------------------
¤ Passe adaware et vire tous se qu il trouve
----------------------------------------------------------------------------
¤ Passe spybot et vire tous se qu il trouve
----------------------------------------------------------------------------
> Tu vide ta poubelle et tu redémarre en mode normal et refait un Hijack


Précise tes soucis si il en restes....

Tiens moi au courant

a+

Très grand merci Regis59
J'ai fait comme tu m'as dit et c'est en partie rentré dans l'ordre. Je peux de nouveau choisir mes fonds d'écran.
Mais je découvre que je suis également infecté par deux autres virus:
PSguard et Smitfraud.
J'ai fait un Hijackthis et voilà le résultat:

Logfile of HijackThis v1.99.1
Scan saved at 11:43:39, on 11/08/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\usrbridg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\explorer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\intell32.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\System32\intell32.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DC44FE6-ADCD-446B-8A4F-27F494FD133D}: NameServer = 81.22.90.29 82.101.136.29
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DC44FE6-ADCD-446B-8A4F-27F494FD133D}: NameServer = 81.22.90.29 82.101.136.29
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINNT\system32\usrbridg.exe

Merci d'avance pour toute solution.

re,
telecharge ceci
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

choisit i l option 1 et copie/colle le rapport stp

a+

Salut Regis
Voilà le rapport demandé:

SmitFraudFix v1.6

Rapport fait à 20:28:19.23 le Thu 11/08/2005
Executé à partir de C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT

C:\WINNT\sites.ini PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system32

C:\WINNT\system32\hhk.dll PRESENT !
C:\WINNT\system32\intell32.exe PRESENT !
C:\WINNT\system32\ole32vbs.exe PRESENT !
C:\WINNT\system32\oleext.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

C:\Program Files\PSGuard\ PRESENT!

»»»»»»»»»»»»»»»»»»»»»»»» Recherche fichiers créés le 11/08/2005
!!! Attention, les fichiers qui suivent ne sont pas forcément infectés !!!

C:\hiberfil.sys
C:\pagefile.sys
C:\WINNT\SchedLgU.Txt
C:\WINNT\Sti_Trace.log
C:\WINNT\ShellIconCache
C:\WINNT\ModemLog_Conexant-Ambit
C:\WINNT\ModemLog_Standard
C:\WINNT\ModemLog_Communications
C:\WINNT\sites.ini
C:\WINNT\ntbtlog.txt
C:\WINNT\system32\intell32.exe
C:\WINNT\system32\hhk.dll
C:\WINNT\system32\ole32vbs.exe

C:\WINNT\system32\wininet.dll infecté !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche wininet.dll de remplacement

Volume in drive C is VAIONOTE
Volume Serial Number is 4268-1807

Directory of C:\WINNT\system32

30/08/2002 18:24 590,336 wininet.dll
1 File(s) 590,336 bytes

Directory of C:\WINNT\system32\dllcache

30/08/2002 18:24 590,336 wininet.dll
1 File(s) 590,336 bytes

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Merci, à bientôt

salut
tu demarre en mode sans echec et tu relanse le fix mais cette fois
l option 2
et ensuite met un hijack la chasse et le balltrap ma vrai passion
voir site perso dans profil

aie, voila ce que ça me donne, mais ensuite apres i avoir collé ici ds ce forrum, jen fait quoi?
Aidez moi svp!

Logfile of HijackThis v1.99.1
Scan saved at 18:18:53, on 28/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ipxl.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\System32\intell32.exe
C:\WINDOWS\apicf32.exe
D:\MSN+\MsgPlus.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\PIERRE\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wexwo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\wexwo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wexwo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\wexwo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://morwillsearch.com/?adv_id=37563&sub_id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\regchecka.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Class - {33AB6D19-5A93-6B2B-C66B-A46D17FB07FC} - C:\WINDOWS\system32\atlvr.dll
O2 - BHO: (no name) - {46D550B2-7E7F-60D8-9E68-AEC38D35FDD0} - (no file)
O2 - BHO: (no name) - {6FA4B57A-E37E-8AFD-A982-153401F912D4} - (no file)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\System32\5sxhkel1sb.dll (file missing)
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [cbqjqtkb] C:\WINDOWS\cbqjqtkb.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\System32\lsass.exe
O4 - HKLM\..\Run: [regcheck] C:\WINDOWS\regchecka.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [apicf32.exe] C:\WINDOWS\apicf32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\MSN+\MsgPlus.exe"
O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmep.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version4/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1027_FR_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fr/games3.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055_XP.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR_XP.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1077.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{183467ED-6737-4474-9A46-A262C8B03943}: NameServer = 205.188.146.145
O17 - HKLM\System\CS2\Services\Tcpip\..\{183467ED-6737-4474-9A46-A262C8B03943}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A27F66F8-617F-4266-BFE1-59CEAB853961} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: rMRLFBz - {2D73120C-87D9-B8A6-2D90-E5D8604F8BD8} - C:\WINDOWS\System32\zjpwl.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipxl.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)

salut
tu as bien fait l option 2?
tu peux nou mettre le rapport stp?
et aussi un hijack this en mettant le rapport avec option 2

a+

re
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5)
------------------------------------------------------------­----------------
ensuite tu lances le programme que tu as deja utiliser au lieu de choisir un, tu fais 2, tu repond oui a tout, une fois qu il te donne le rapport tu l enregistre
****
redemarre ton pc
reviens sur le forum et colle ce que tu as enregistrer

a+

voila ce que j'ai récolté :
Logfile of HijackThis v1.99.1
Scan saved at 19:10:21, on 28/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\PIERRE\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_hp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://4-v.net/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ovpzr.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ovpzr.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ovpzr.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A420F8C3-0402-21F1-14A6-0C3BE3A3C63A} - C:\WINDOWS\iele.dll
O4 - HKLM\..\Run: [sdkhg32.exe] C:\WINDOWS\system32\sdkhg32.exe
O4 - HKCU\..\Run: [LDM] C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\EXPLOI~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Web Search - res://C:\PROGRA~1\Utility\utility.dll/GoSrch.dll.htm
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.morwillsearch.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted IP range: 67.19.185.246
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipxl.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)


es-ce ue c'est bon?
Mon virus est toujours là.

re,ah en fait tu viens d arriver sur le poste lol

**********************BREF*************************

je parlais de ce programme la lol
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Telecharge le mais ne l execute pas !

¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5)
------------------------------------------------------------­----------------
ensuite tu lances le programme que tu viens de telecharger, tu fais 2, tu repond oui a tout, une fois qu il te donne le rapport tu l enregistre
****
redemarre ton pc
reviens sur le forum et colle ce que tu as enregistrer

a+

Merci bcp à vous, je n'y serais jamais arrivé sinon !!
Encore merci pour votre patience, ma homepage remarche.
SmitFraudFix v1.81

Rapport fait à 19:35:54,69 le 28/08/2005
Executé à partir de C:\fix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\intell32.exe supprimé
Problème suppression C:\WINDOWS\system32\oleext.dll
C:\WINDOWS\system32\wppp.html supprimé

C:\Program Files\PSGuard\ supprimé


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
HKLM\SOFTWARE\SHUDDERLTD supprimé

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Recheche wininet.dll

C:\WINDOWS\system32\wininet.dll infecté !

Recherche d'une copie de secours (backup) de wininet.dll...
Le volume dans le lecteur C s'appelle WINDOWS
Le num‚ro de s‚rie du volume est 2D73-120B

R‚pertoire de C:\WINDOWS\system32

29/08/2002 09:45 603ÿ136 wininet.dll
1 fichier(s) 603ÿ136 octets

R‚pertoire de C:\WINDOWS\system32\dllcache

29/08/2002 09:45 603ÿ136 wininet.dll
1 fichier(s) 603ÿ136 octets

Fichier trouvé : C:\WINDOWS\system32\dllcache\wininet.dll
Version System : 6.0.2800.1106
Version BackUp : 6.0.2800.1106

Remplacement wininet.dll (reboot necessaire)

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

re,
tu peux remettre un hijack this stp(en mode normal bien sur)

A+

Logfile of HijackThis v1.99.1
Scan saved at 21:19:35, on 30/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ipxl.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sdkhg32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\ESTELLE\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_hp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://4-v.net/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnpvt.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnpvt.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pnpvt.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnpvt.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnpvt.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pnpvt.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pnpvt.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A420F8C3-0402-21F1-14A6-0C3BE3A3C63A} - C:\WINDOWS\iele.dll
O4 - HKLM\..\Run: [sdkhg32.exe] C:\WINDOWS\system32\sdkhg32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent_.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [aCu8RWY7i] ntpund.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{183467ED-6737-4474-9A46-A262C8B03943}: NameServer = 205.188.146.145
O17 - HKLM\System\CS2\Services\Tcpip\..\{183467ED-6737-4474-9A46-A262C8B03943}: NameServer = 205.188.146.145
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipxl.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)