j essaie depuis quelque jour de trouver le moyen de m en débarasser kalibouwere pis je sais po comment quelqu un peux m aider
C:WINDOWSsystem32gpgpegp.dll
Le fichier est infecté avec le virus "W32/Downloader.AXM". Le fichier ne peut être désinfecté ni supprimé.
Nombre total de fichier dans le répertoire: 6161
chu encore pogner avec un maudit virus
si fallais que je face cela pour pouvoir m aider ben tener la jespere avoir de l aide merciiiiiiiiiiiiiiiiiiiiii au secourrrrrrrrrrrrrrrrrrrrrrr
Logfile of HijackThis v1.98.2
Scan saved at 09:55:04, on 2005-05-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsCommand Softwaredvpapi.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSALCWZRD.EXE
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe
C:Program FilesLexmark X1100 Serieslxbkbmgr.exe
C:WINDOWSsystem32\_root_AIM.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSsystem32
rnran.exe
C:Program FilesLexmark X1100 Serieslxbkbmon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesOpenOffice.org1.1.0programsoffice.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesQuickZipQuickZip.exe
C:DOCUME~1DEFAULTLOCALS~1TempQZTEMPHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.search-itnow.com/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.ca/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://fr.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.search-itnow.com/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.233.167.104 www.symantec.com
O1 - Hosts: 64.233.167.104 www.sophos.com
O1 - Hosts: 64.233.167.104 www.mcafee.com
O1 - Hosts: 64.233.167.104 www.viruslist.com
O1 - Hosts: 64.233.167.104 www.f-secure.com
O1 - Hosts: 64.233.167.104 www.avp.com
O1 - Hosts: 64.233.167.104 www.kaspersky.com
O1 - Hosts: 64.233.167.104 www.networkassociates.com
O1 - Hosts: 64.233.167.104 www.ca.com
O1 - Hosts: 64.233.167.104 www.my-etrust.com
O1 - Hosts: 64.233.167.104 www.nai.com
O1 - Hosts: 64.233.167.104 www.trendmicro.com
O1 - Hosts: 64.233.167.104 www.grisoft.com
O1 - Hosts: 64.233.167.104 securityresponse.symantec.com
O1 - Hosts: 64.233.167.104 symantec.com
O1 - Hosts: 64.233.167.104 sophos.com
O1 - Hosts: 64.233.167.104 mcafee.com
O1 - Hosts: 64.233.167.104 liveupdate.symantecliveupdate.com
O1 - Hosts: 64.233.167.104 viruslist.com
O1 - Hosts: 64.233.167.104 f-secure.com
O1 - Hosts: 64.233.167.104 kaspersky.com
O1 - Hosts: 64.233.167.104 kaspersky-labs.com
O1 - Hosts: 64.233.167.104 avp.com
O1 - Hosts: 64.233.167.104 networkassociates.com
O1 - Hosts: 64.233.167.104 ca.com
O1 - Hosts: 64.233.167.104 mast.mcafee.com
O1 - Hosts: 64.233.167.104 my-etrust.com
O1 - Hosts: 64.233.167.104 download.mcafee.com
O1 - Hosts: 64.233.167.104 dispatch.mcafee.com
O1 - Hosts: 64.233.167.104 secure.nai.com
O1 - Hosts: 64.233.167.104 nai.com
O1 - Hosts: 64.233.167.104 update.symantec.com
O1 - Hosts: 64.233.167.104 updates.symantec.com
O1 - Hosts: 64.233.167.104 us.mcafee.com
O1 - Hosts: 64.233.167.104 liveupdate.symantec.com
O1 - Hosts: 64.233.167.104 customer.symantec.com
O1 - Hosts: 64.233.167.104 rads.mcafee.com
O1 - Hosts: 64.233.167.104 trendmicro.com
O1 - Hosts: 64.233.167.104 grisoft.com
O1 - Hosts: 64.233.167.104 sandbox.norman.no
O1 - Hosts: 64.233.167.104 www.pandasoftware.com
O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program Filesero KnowledgeFreedompkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:Program Filesero KnowledgeFreedomFreeBHOR.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST1.02.3000.1002en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [msnappau] "C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe"
O4 - HKLM..Run: [Lexmark X1100 Series] "C:Program FilesLexmark X1100 Serieslxbkbmgr.exe"
O4 - HKLM..Run: [FireWall] C:WINDOWSsystem32\_root_svchost.exe
O4 - HKLM..Run: [AIMMSG] C:WINDOWSsystem32\_root_AIM.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..Run: [EBMrRFK] C:WINDOWSvbykwdkx.exe
O4 - HKLM..Run: [ErrorGuard] C:Program FilesErrorGuardErrorGuard.Exe
O4 - HKLM..Run: [KavSvc] C:WINDOWSsystem32
rnran.exe
O4 - HKLM..Run: [kbehuj] C:WINDOWSkbehuj.exe
O4 - HKLM..Run: [Windows Updater] paste.exe
O4 - HKLM..RunServices: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..RunServices: [Windows Updater] paste.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [rmkm] C:PROGRA~1COMMON~1
mkm
mkmm.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:Program FilesOpenOffice.org1.1.0programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesFichiers communsMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/HardwareDetection/ ... ection.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/canada_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLMSystemCCSServicesTcpip..{85BAFA59-DEDA-4782-825B-A49A7D2F3AB7}: NameServer = 206.47.244.79 206.47.244.15
Logfile of HijackThis v1.98.2
Scan saved at 09:55:04, on 2005-05-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsCommand Softwaredvpapi.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSALCWZRD.EXE
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe
C:Program FilesLexmark X1100 Serieslxbkbmgr.exe
C:WINDOWSsystem32\_root_AIM.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSsystem32
rnran.exe
C:Program FilesLexmark X1100 Serieslxbkbmon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesOpenOffice.org1.1.0programsoffice.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesQuickZipQuickZip.exe
C:DOCUME~1DEFAULTLOCALS~1TempQZTEMPHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.search-itnow.com/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.ca/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://fr.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.search-itnow.com/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.233.167.104 www.symantec.com
O1 - Hosts: 64.233.167.104 www.sophos.com
O1 - Hosts: 64.233.167.104 www.mcafee.com
O1 - Hosts: 64.233.167.104 www.viruslist.com
O1 - Hosts: 64.233.167.104 www.f-secure.com
O1 - Hosts: 64.233.167.104 www.avp.com
O1 - Hosts: 64.233.167.104 www.kaspersky.com
O1 - Hosts: 64.233.167.104 www.networkassociates.com
O1 - Hosts: 64.233.167.104 www.ca.com
O1 - Hosts: 64.233.167.104 www.my-etrust.com
O1 - Hosts: 64.233.167.104 www.nai.com
O1 - Hosts: 64.233.167.104 www.trendmicro.com
O1 - Hosts: 64.233.167.104 www.grisoft.com
O1 - Hosts: 64.233.167.104 securityresponse.symantec.com
O1 - Hosts: 64.233.167.104 symantec.com
O1 - Hosts: 64.233.167.104 sophos.com
O1 - Hosts: 64.233.167.104 mcafee.com
O1 - Hosts: 64.233.167.104 liveupdate.symantecliveupdate.com
O1 - Hosts: 64.233.167.104 viruslist.com
O1 - Hosts: 64.233.167.104 f-secure.com
O1 - Hosts: 64.233.167.104 kaspersky.com
O1 - Hosts: 64.233.167.104 kaspersky-labs.com
O1 - Hosts: 64.233.167.104 avp.com
O1 - Hosts: 64.233.167.104 networkassociates.com
O1 - Hosts: 64.233.167.104 ca.com
O1 - Hosts: 64.233.167.104 mast.mcafee.com
O1 - Hosts: 64.233.167.104 my-etrust.com
O1 - Hosts: 64.233.167.104 download.mcafee.com
O1 - Hosts: 64.233.167.104 dispatch.mcafee.com
O1 - Hosts: 64.233.167.104 secure.nai.com
O1 - Hosts: 64.233.167.104 nai.com
O1 - Hosts: 64.233.167.104 update.symantec.com
O1 - Hosts: 64.233.167.104 updates.symantec.com
O1 - Hosts: 64.233.167.104 us.mcafee.com
O1 - Hosts: 64.233.167.104 liveupdate.symantec.com
O1 - Hosts: 64.233.167.104 customer.symantec.com
O1 - Hosts: 64.233.167.104 rads.mcafee.com
O1 - Hosts: 64.233.167.104 trendmicro.com
O1 - Hosts: 64.233.167.104 grisoft.com
O1 - Hosts: 64.233.167.104 sandbox.norman.no
O1 - Hosts: 64.233.167.104 www.pandasoftware.com
O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program Filesero KnowledgeFreedompkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:Program Filesero KnowledgeFreedomFreeBHOR.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST1.02.3000.1002en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [msnappau] "C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe"
O4 - HKLM..Run: [Lexmark X1100 Series] "C:Program FilesLexmark X1100 Serieslxbkbmgr.exe"
O4 - HKLM..Run: [FireWall] C:WINDOWSsystem32\_root_svchost.exe
O4 - HKLM..Run: [AIMMSG] C:WINDOWSsystem32\_root_AIM.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..Run: [EBMrRFK] C:WINDOWSvbykwdkx.exe
O4 - HKLM..Run: [ErrorGuard] C:Program FilesErrorGuardErrorGuard.Exe
O4 - HKLM..Run: [KavSvc] C:WINDOWSsystem32
rnran.exe
O4 - HKLM..Run: [kbehuj] C:WINDOWSkbehuj.exe
O4 - HKLM..Run: [Windows Updater] paste.exe
O4 - HKLM..RunServices: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..RunServices: [Windows Updater] paste.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [rmkm] C:PROGRA~1COMMON~1
mkm
mkmm.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:Program FilesOpenOffice.org1.1.0programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesFichiers communsMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/HardwareDetection/ ... ection.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/canada_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLMSystemCCSServicesTcpip..{85BAFA59-DEDA-4782-825B-A49A7D2F3AB7}: NameServer = 206.47.244.79 206.47.244.15
Ce qui est passé a fui ; ce que tu espères est absent ; mais le présent est à toi.
j'ai trouvé ça, mais je sais pas si c'est bien ton problème :/
http://www.trendmicro.com/vinfo/virusen ... _SDBOT.AXM
C'est un trojan.
http://www.trendmicro.com/vinfo/virusen ... _SDBOT.AXM
C'est un trojan.
Ti-radis a écritj'ai trouvé ça, mais je sais pas si c'est bien ton problème :/
http://www.trendmicro.com/vinfo/virusen ... _SDBOT.AXM
C'est un trojan.
ton adresse m ammene sur google rien d autre crime
http://www.trendmicro.com/vinfo/virusen ... _SDBOT.AXM
C'est un trojan.
ton adresse m ammene sur google rien d autre crime
Ce qui est passé a fui ; ce que tu espères est absent ; mais le présent est à toi.
pompon__3 a écrit
ton adresse m ammene sur google rien d autre crime
ha oui ? pas moi...a lors voici donc la page:
http://www.trendmicro.com/vinfo/virusen ... _SDBOT.AXM
Home > Security Information > Virus Encyclopedia > WORM_SDBOT.AXM
WORM_SDBOT.AXM
Overview Solution Technical Details Statistics
QUICK LINKS Understanding New Pattern Format | Printer Friendly Page
--------------------------------------------------------------------------------
Malware type: Worm
Aliases: W32.Randex, Win32.Slinbot.ACH
In the wild: No
Destructive: Yes
Language: English
Platform: Windows NT, 2000, XP
Encrypted: Yes
Characteristics: Propagates through Network Shares
Overall risk rating: Low
--------------------------------------------------------------------------------
Reported infections: Low
Damage potential: High
Distribution potential: High
--------------------------------------------------------------------------------
Descrïption:
This memory-resident worm propagates across networks by exploiting the following vulnerabilities:
RPC Locator vulnerability
RPC/DCOM vulnerability
For more information about the said Windows vulnerabilities, please refer to the following Microsoft Web pages:
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-026
It also propagates via network shares by using NetBEUI functions to get available lists of user names and passwords. It then lists down the available network shares. It uses the obtained user names and passwords to drop a copy of itself into accessed shares.
(Note: NetBEUI [short for NetBios Extended User Interface] is an enhanced version of the NetBIOS protocol. For more information about NetBEUI, click here.)
Aside from the gathered network credentials, it may also use a list of user names and passwords to access machines.
This worm opens a random port and operates as an Internet Relay Chat (IRC) bot that connects to an IRC server. It then joins an IRC channel, where it waits for several commands from a malicious user.
For additional information about this threat, see:
Solution
Technical Details
Statistics
ton adresse m ammene sur google rien d autre crime
ha oui ? pas moi...a lors voici donc la page:
http://www.trendmicro.com/vinfo/virusen ... _SDBOT.AXM
Home > Security Information > Virus Encyclopedia > WORM_SDBOT.AXM
WORM_SDBOT.AXM
Overview Solution Technical Details Statistics
QUICK LINKS Understanding New Pattern Format | Printer Friendly Page
--------------------------------------------------------------------------------
Malware type: Worm
Aliases: W32.Randex, Win32.Slinbot.ACH
In the wild: No
Destructive: Yes
Language: English
Platform: Windows NT, 2000, XP
Encrypted: Yes
Characteristics: Propagates through Network Shares
Overall risk rating: Low
--------------------------------------------------------------------------------
Reported infections: Low
Damage potential: High
Distribution potential: High
--------------------------------------------------------------------------------
Descrïption:
This memory-resident worm propagates across networks by exploiting the following vulnerabilities:
RPC Locator vulnerability
RPC/DCOM vulnerability
For more information about the said Windows vulnerabilities, please refer to the following Microsoft Web pages:
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-026
It also propagates via network shares by using NetBEUI functions to get available lists of user names and passwords. It then lists down the available network shares. It uses the obtained user names and passwords to drop a copy of itself into accessed shares.
(Note: NetBEUI [short for NetBios Extended User Interface] is an enhanced version of the NetBIOS protocol. For more information about NetBEUI, click here.)
Aside from the gathered network credentials, it may also use a list of user names and passwords to access machines.
This worm opens a random port and operates as an Internet Relay Chat (IRC) bot that connects to an IRC server. It then joins an IRC channel, where it waits for several commands from a malicious user.
For additional information about this threat, see:
Solution
Technical Details
Statistics
Ti-radis a écrit
ha oui ? pas moi...a lors voici donc la page:
http://www.trendmicro.com/vinfo/virusen ... _SDBOT.AXM
tu peux me dire se que faut que je fasse????????????????????????
Home > Security Information > Virus Encyclopedia > WORM_SDBOT.AXM
WORM_SDBOT.AXM
Overview Solution Technical Details Statistics
QUICK LINKS Understanding New Pattern Format | Printer Friendly Page
--------------------------------------------------------------------------------
Malware type: Worm
Aliases: W32.Randex, Win32.Slinbot.ACH
In the wild: No
Destructive: Yes
Language: English
Platform: Windows NT, 2000, XP
Encrypted: Yes
Characteristics: Propagates through Network Shares
Overall risk rating: Low
--------------------------------------------------------------------------------
Reported infections: Low
Damage potential: High
Distribution potential: High
--------------------------------------------------------------------------------
Descrïption:
This memory-resident worm propagates across networks by exploiting the following vulnerabilities:
RPC Locator vulnerability
RPC/DCOM vulnerability
For more information about the said Windows vulnerabilities, please refer to the following Microsoft Web pages:
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-026
It also propagates via network shares by using NetBEUI functions to get available lists of user names and passwords. It then lists down the available network shares. It uses the obtained user names and passwords to drop a copy of itself into accessed shares.
(Note: NetBEUI [short for NetBios Extended User Interface] is an enhanced version of the NetBIOS protocol. For more information about NetBEUI, click here.)
Aside from the gathered network credentials, it may also use a list of user names and passwords to access machines.
This worm opens a random port and operates as an Internet Relay Chat (IRC) bot that connects to an IRC server. It then joins an IRC channel, where it waits for several commands from a malicious user.
For additional information about this threat, see:
Solution
Technical Details
Statistics
ha oui ? pas moi...a lors voici donc la page:
http://www.trendmicro.com/vinfo/virusen ... _SDBOT.AXM
tu peux me dire se que faut que je fasse????????????????????????
Home > Security Information > Virus Encyclopedia > WORM_SDBOT.AXM
WORM_SDBOT.AXM
Overview Solution Technical Details Statistics
QUICK LINKS Understanding New Pattern Format | Printer Friendly Page
--------------------------------------------------------------------------------
Malware type: Worm
Aliases: W32.Randex, Win32.Slinbot.ACH
In the wild: No
Destructive: Yes
Language: English
Platform: Windows NT, 2000, XP
Encrypted: Yes
Characteristics: Propagates through Network Shares
Overall risk rating: Low
--------------------------------------------------------------------------------
Reported infections: Low
Damage potential: High
Distribution potential: High
--------------------------------------------------------------------------------
Descrïption:
This memory-resident worm propagates across networks by exploiting the following vulnerabilities:
RPC Locator vulnerability
RPC/DCOM vulnerability
For more information about the said Windows vulnerabilities, please refer to the following Microsoft Web pages:
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-026
It also propagates via network shares by using NetBEUI functions to get available lists of user names and passwords. It then lists down the available network shares. It uses the obtained user names and passwords to drop a copy of itself into accessed shares.
(Note: NetBEUI [short for NetBios Extended User Interface] is an enhanced version of the NetBIOS protocol. For more information about NetBEUI, click here.)
Aside from the gathered network credentials, it may also use a list of user names and passwords to access machines.
This worm opens a random port and operates as an Internet Relay Chat (IRC) bot that connects to an IRC server. It then joins an IRC channel, where it waits for several commands from a malicious user.
For additional information about this threat, see:
Solution
Technical Details
Statistics
Ce qui est passé a fui ; ce que tu espères est absent ; mais le présent est à toi.
Premièrement, as-tu essayé le scan en ligne de trend-micro (je crois que oui me semble)
deuxièmement lis -tu l'anglais ?
La page que je donnais plus haut, qui conduisait sur trend micro, tu ne la vois toujours pas ?
dans la page il y avait une solution je te la donne ici
http://www.trendmicro.com/vinfo/virusen ... M&VSect=Sn
Solution:
Terminating the Malware Program
This procedure terminates the running malware process.
Open Windows Task Manager. To do this, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the process:
ISS.EXE
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
Configuration Loader = "iss.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Configuration Loader = "iss.exe"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Configuration Loader = "iss.exe"
Close Registry Editor.
--------------------------------------------------------------------------------
NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system.
Additional Windows XP Cleaning Instructions
Users running Windows XP must disable System Restore to allow full scanning of infected systems.
Users running other Windows versions can proceed with the succeeding procedure set(s).
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_SDBOT.AXM. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s online virus scanner.
Applying Patches
This malware exploits known vulnerabilities in Windows. Download and install the fix patch found in the following Microsoft pages:
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-026
Refrain from using this product until the appropriate patch has been installed. Trend Micro advises users to download critical patches upon release by vendors.
-
Lucky Luke
- Immortel du Domaine
- Messages : 14394
- Inscription : mer. nov. 26, 2003 1:00 am
Ouff pompon Il y a queques petites choses à corriger avant
1- Ton Hijackthis est passé date et il est situé dans un répertoire temporaire
Je t'invite à télécharger la nouvelle version à :
http://www.merijn.org/files/hijackthis.zip
et à l'installer dans un répertoire que tu crée comme c:hijackthis
2- Ton fichier hosts est rempli de redirections des sites antivirus vers la page de google . C'est pour cette raison que tu ne peux avoir accès aux sites antivirus ...... il te ramène vers la page de google .
POur corriger ceci :
Menu Démarrer -> Rechercher -> Fichiers et dossiers -> Touts les fichier et dossiers -> tu inscris hosts
dans la liste qu'il va trouver tu cliques droit sur le fichier hosts et tu fais ouvrir ->Windows va te dire qu'il ne peut ouvrir le fichier ........ tu cliques sur sélectionner le programme -> tu choisis le bloc notes ->ok
là alors ton fichier hosts devrait ressembler à ceci
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x
127.0.0.1 localhost
64.233.167.104 www.symantec.com
64.233.167.104 www.sophos.com
64.233.167.104 www.mcafee.com
64.233.167.104 www.viruslist.com
64.233.167.104 www.f-secure.com
64.233.167.104 www.avp.com
64.233.167.104 www.kaspersky.com
64.233.167.104 www.networkassociates.com
64.233.167.104 www.ca.com
64.233.167.104 www.my-etrust.com
64.233.167.104 www.nai.com
64.233.167.104 www.trendmicro.com
64.233.167.104 www.grisoft.com
64.233.167.104 securityresponse.symantec.com
64.233.167.104 symantec.com
64.233.167.104 sophos.com
64.233.167.104 mcafee.com
64.233.167.104 liveupdate.symantecliveupdate.com
64.233.167.104 viruslist.com
64.233.167.104 f-secure.com
64.233.167.104 kaspersky.com
64.233.167.104 kaspersky-labs.com
64.233.167.104 avp.com
64.233.167.104 networkassociates.com
64.233.167.104 ca.com
64.233.167.104 mast.mcafee.com
64.233.167.104 my-etrust.com
64.233.167.104 download.mcafee.com
64.233.167.104 dispatch.mcafee.com
64.233.167.104 secure.nai.com
64.233.167.104 nai.com
64.233.167.104 update.symantec.com
64.233.167.104 updates.symantec.com
64.233.167.104 us.mcafee.com
64.233.167.104 liveupdate.symantec.com
64.233.167.104 customer.symantec.com
64.233.167.104 rads.mcafee.com
64.233.167.104 trendmicro.com
64.233.167.104 grisoft.com
64.233.167.104 sandbox.norman.no
64.233.167.104 www.pandasoftware.com
64.233.167.104 uk.trendmicro-europe.com
Si oui tu supprimes tout ce qui est en vert et tu ne gardes que
127.0.0.1 local host
tu enregistres le fichier et
repostes un nouveau log Hijackthis
1- Ton Hijackthis est passé date et il est situé dans un répertoire temporaire
Je t'invite à télécharger la nouvelle version à :
http://www.merijn.org/files/hijackthis.zip
et à l'installer dans un répertoire que tu crée comme c:hijackthis
2- Ton fichier hosts est rempli de redirections des sites antivirus vers la page de google . C'est pour cette raison que tu ne peux avoir accès aux sites antivirus ...... il te ramène vers la page de google .
POur corriger ceci :
Menu Démarrer -> Rechercher -> Fichiers et dossiers -> Touts les fichier et dossiers -> tu inscris hosts
dans la liste qu'il va trouver tu cliques droit sur le fichier hosts et tu fais ouvrir ->Windows va te dire qu'il ne peut ouvrir le fichier ........ tu cliques sur sélectionner le programme -> tu choisis le bloc notes ->ok
là alors ton fichier hosts devrait ressembler à ceci
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x
127.0.0.1 localhost
64.233.167.104 www.symantec.com
64.233.167.104 www.sophos.com
64.233.167.104 www.mcafee.com
64.233.167.104 www.viruslist.com
64.233.167.104 www.f-secure.com
64.233.167.104 www.avp.com
64.233.167.104 www.kaspersky.com
64.233.167.104 www.networkassociates.com
64.233.167.104 www.ca.com
64.233.167.104 www.my-etrust.com
64.233.167.104 www.nai.com
64.233.167.104 www.trendmicro.com
64.233.167.104 www.grisoft.com
64.233.167.104 securityresponse.symantec.com
64.233.167.104 symantec.com
64.233.167.104 sophos.com
64.233.167.104 mcafee.com
64.233.167.104 liveupdate.symantecliveupdate.com
64.233.167.104 viruslist.com
64.233.167.104 f-secure.com
64.233.167.104 kaspersky.com
64.233.167.104 kaspersky-labs.com
64.233.167.104 avp.com
64.233.167.104 networkassociates.com
64.233.167.104 ca.com
64.233.167.104 mast.mcafee.com
64.233.167.104 my-etrust.com
64.233.167.104 download.mcafee.com
64.233.167.104 dispatch.mcafee.com
64.233.167.104 secure.nai.com
64.233.167.104 nai.com
64.233.167.104 update.symantec.com
64.233.167.104 updates.symantec.com
64.233.167.104 us.mcafee.com
64.233.167.104 liveupdate.symantec.com
64.233.167.104 customer.symantec.com
64.233.167.104 rads.mcafee.com
64.233.167.104 trendmicro.com
64.233.167.104 grisoft.com
64.233.167.104 sandbox.norman.no
64.233.167.104 www.pandasoftware.com
64.233.167.104 uk.trendmicro-europe.com
Si oui tu supprimes tout ce qui est en vert et tu ne gardes que
127.0.0.1 local host
tu enregistres le fichier et
repostes un nouveau log Hijackthis
Je trouve ça super intéressant ton message luckyluck
dis-moi pourquoi ses adresse de tous les anti-virus sont envoyé sur google, cela dépasse mes compétences !!! C'est pour ça qu,elle pouvait pas lire la page de trend-micro ?
En passant j'entends beaucoup de bien de hijack, ça sert à quoi ou juste ?
dis-moi pourquoi ses adresse de tous les anti-virus sont envoyé sur google, cela dépasse mes compétences !!! C'est pour ça qu,elle pouvait pas lire la page de trend-micro ?
En passant j'entends beaucoup de bien de hijack, ça sert à quoi ou juste ?
crime luke luke j ai pas vue le 127.0.0.1 localhost
j ai tout suprimer le reste pis je sais po comment mettre le programe hijackthis ailleur il s en vas directement dans le win zip pour etre déziper bon la je fais quoi jespere que tu continueras a m aider j ai encore mon kalibouwere de virus
Logfile of HijackThis v1.99.1
Scan saved at 06:12:20, on 2005-05-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsCommand Softwaredvpapi.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSALCWZRD.EXE
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe
C:Program FilesLexmark X1100 Serieslxbkbmgr.exe
C:WINDOWSsystem32\_root_AIM.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSsystem32
rnran.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesLexmark X1100 Serieslxbkbmon.exe
C:Program FilesOpenOffice.org1.1.0programsoffice.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesQuickZipQuickZip.exe
C:DOCUME~1DEFAULTLOCALS~1TempQZTEMPHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.search-itnow.com/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.ca/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://fr.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.search-itnow.com/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program Filesero KnowledgeFreedompkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:Program Filesero KnowledgeFreedomFreeBHOR.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST1.02.3000.1002en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [msnappau] "C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe"
O4 - HKLM..Run: [Lexmark X1100 Series] "C:Program FilesLexmark X1100 Serieslxbkbmgr.exe"
O4 - HKLM..Run: [FireWall] C:WINDOWSsystem32\_root_svchost.exe
O4 - HKLM..Run: [AIMMSG] C:WINDOWSsystem32\_root_AIM.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..Run: [EBMrRFK] C:WINDOWSvbykwdkx.exe
O4 - HKLM..Run: [ErrorGuard] C:Program FilesErrorGuardErrorGuard.Exe
O4 - HKLM..Run: [KavSvc] C:WINDOWSsystem32
rnran.exe
O4 - HKLM..Run: [kbehuj] C:WINDOWSkbehuj.exe
O4 - HKLM..Run: [Windows Updater] paste.exe
O4 - HKLM..RunServices: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..RunServices: [Windows Updater] paste.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [rmkm] C:PROGRA~1COMMON~1
mkm
mkmm.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:Program FilesOpenOffice.org1.1.0programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesFichiers communsMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/HardwareDetection/ ... ection.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/canada_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLMSystemCCSServicesTcpip..{85BAFA59-DEDA-4782-825B-A49A7D2F3AB7}: NameServer = 206.47.244.79 206.47.244.15
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:Program FilesFichiers communsCommand Softwaredvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:Program FilesFichiers communsMacromedia SharedServiceMacromedia Licensing.exe
j ai tout suprimer le reste pis je sais po comment mettre le programe hijackthis ailleur il s en vas directement dans le win zip pour etre déziper bon la je fais quoi jespere que tu continueras a m aider j ai encore mon kalibouwere de virus
Logfile of HijackThis v1.99.1
Scan saved at 06:12:20, on 2005-05-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsCommand Softwaredvpapi.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSALCWZRD.EXE
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe
C:Program FilesLexmark X1100 Serieslxbkbmgr.exe
C:WINDOWSsystem32\_root_AIM.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSsystem32
rnran.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesLexmark X1100 Serieslxbkbmon.exe
C:Program FilesOpenOffice.org1.1.0programsoffice.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesQuickZipQuickZip.exe
C:DOCUME~1DEFAULTLOCALS~1TempQZTEMPHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.search-itnow.com/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.ca/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://fr.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.search-itnow.com/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program Filesero KnowledgeFreedompkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:Program Filesero KnowledgeFreedomFreeBHOR.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST1.02.3000.1002en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [msnappau] "C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe"
O4 - HKLM..Run: [Lexmark X1100 Series] "C:Program FilesLexmark X1100 Serieslxbkbmgr.exe"
O4 - HKLM..Run: [FireWall] C:WINDOWSsystem32\_root_svchost.exe
O4 - HKLM..Run: [AIMMSG] C:WINDOWSsystem32\_root_AIM.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..Run: [EBMrRFK] C:WINDOWSvbykwdkx.exe
O4 - HKLM..Run: [ErrorGuard] C:Program FilesErrorGuardErrorGuard.Exe
O4 - HKLM..Run: [KavSvc] C:WINDOWSsystem32
rnran.exe
O4 - HKLM..Run: [kbehuj] C:WINDOWSkbehuj.exe
O4 - HKLM..Run: [Windows Updater] paste.exe
O4 - HKLM..RunServices: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..RunServices: [Windows Updater] paste.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [rmkm] C:PROGRA~1COMMON~1
mkm
mkmm.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:Program FilesOpenOffice.org1.1.0programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesFichiers communsMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/HardwareDetection/ ... ection.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/canada_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLMSystemCCSServicesTcpip..{85BAFA59-DEDA-4782-825B-A49A7D2F3AB7}: NameServer = 206.47.244.79 206.47.244.15
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:Program FilesFichiers communsCommand Softwaredvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:Program FilesFichiers communsMacromedia SharedServiceMacromedia Licensing.exe
Ce qui est passé a fui ; ce que tu espères est absent ; mais le présent est à toi.
nonnnnnnnnje lis pas l anglais du tout je suis nul
Ti-radis a écrit
Premièrement, as-tu essayé le scan en ligne de trend-micro (je crois que oui me semble)
deuxièmement lis -tu l'anglais ?
La page que je donnais plus haut, qui conduisait sur trend micro, tu ne la vois toujours pas ?
dans la page il y avait une solution je te la donne ici
http://www.trendmicro.com/vinfo/virusen ... M&VSect=Sn
Solution:
Terminating the Malware Program
This procedure terminates the running malware process.
Open Windows Task Manager. To do this, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the process:
ISS.EXE
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
Configuration Loader = "iss.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Configuration Loader = "iss.exe"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Configuration Loader = "iss.exe"
Close Registry Editor.
--------------------------------------------------------------------------------
NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system.
Additional Windows XP Cleaning Instructions
Users running Windows XP must disable System Restore to allow full scanning of infected systems.
Users running other Windows versions can proceed with the succeeding procedure set(s).
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_SDBOT.AXM. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s online virus scanner.
Applying Patches
This malware exploits known vulnerabilities in Windows. Download and install the fix patch found in the following Microsoft pages:
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-026
Refrain from using this product until the appropriate patch has been installed. Trend Micro advises users to download critical patches upon release by vendors.
Ce qui est passé a fui ; ce que tu espères est absent ; mais le présent est à toi.
je viens encore de faire un analyse avec mon anti virus pis j ai encore le virussssssssss
C:WINDOWSsystem32gpgpegp.dll
Le fichier est infecté avec le virus "W32/Downloader.AXM". Le fichier ne peut être désinfecté ni supprimé.
Total des fichiers: 55360
Fichiers infectés: 1
Fichiers désinfectés: 0
Fichiers supprimés: 0
Nombre de fichiers non analysés sur le disque: 1
Résumé du rapport
Total des fichiers: 55360
Total des fichiers infectés: 1
Total des fichiers désinfectés: 0
Total des fichiers supprimés: 0
Total non analysés: 1
Statut de l'engin Antivirus
Dernière mise à jour: 2005-05-09 16:00:19
Fichier de définition de virus: avsdk-20051280.msp
C:WINDOWSsystem32gpgpegp.dll
Le fichier est infecté avec le virus "W32/Downloader.AXM". Le fichier ne peut être désinfecté ni supprimé.
Total des fichiers: 55360
Fichiers infectés: 1
Fichiers désinfectés: 0
Fichiers supprimés: 0
Nombre de fichiers non analysés sur le disque: 1
Résumé du rapport
Total des fichiers: 55360
Total des fichiers infectés: 1
Total des fichiers désinfectés: 0
Total des fichiers supprimés: 0
Total non analysés: 1
Statut de l'engin Antivirus
Dernière mise à jour: 2005-05-09 16:00:19
Fichier de définition de virus: avsdk-20051280.msp
Ce qui est passé a fui ; ce que tu espères est absent ; mais le présent est à toi.
-
Blanche Neige
- Caïd de la Causette
- Messages : 969
- Inscription : lun. janv. 26, 2004 1:00 am
Bonjour pompon__3, j'ai vérifié ton virus et ce que j'ai trouvé, c'est qu'il est assez récent, du 4 Mai 2005 et ce n'est pas tous les concepteur d'antivirus qui ont trouvé l'antidote pour le supprimé. Je te propose de te mettre un firewall pour l'instant et d'envoyer le fameux virus à ton concepteur d'antivirus, il va trouver le remède et te l'envoyer par émail.
C'est la seul solution que j'ai pour l'instant.
C'est la seul solution que j'ai pour l'instant.
Les vertus, la sagesse, le bonheur s'acquièrent par l'éducation. L'art de vivre s'apprend. Aristote.
Corrigez-moi si je suis dans l'erreur:
Je vois cela dans le Hijackthis:
isass - isass.exe
La présence du processus isass.exe (isass) peut indiquer la présence du ver Sasser (W32.Sasser.Worm ou Win32/Sasser).
igfxtray - igfxtray.exe
La présence du processus igfxtray.exe (igfxtray) peut indiquer la présence du cheval de Troie Troj/PAdmin-A.
Peut-être que ca corrigera pas tous les problèmes, si vous allez vérifier sur ce site, c'est là que j'ai pris les informations:
http://www.commentcamarche.net/processus/processus.php3
(partie: autres processus)
Je vois cela dans le Hijackthis:
isass - isass.exe
La présence du processus isass.exe (isass) peut indiquer la présence du ver Sasser (W32.Sasser.Worm ou Win32/Sasser).
igfxtray - igfxtray.exe
La présence du processus igfxtray.exe (igfxtray) peut indiquer la présence du cheval de Troie Troj/PAdmin-A.
Peut-être que ca corrigera pas tous les problèmes, si vous allez vérifier sur ce site, c'est là que j'ai pris les informations:
http://www.commentcamarche.net/processus/processus.php3
(partie: autres processus)
Blanche Neige a écritBonjour pompon__3, j'ai vérifié ton virus et ce que j'ai trouvé, c'est qu'il est assez récent, du 4 Mai 2005 et ce n'est pas tous les concepteur d'antivirus qui ont trouvé l'antidote pour le supprimé. Je te propose de te mettre un firewall pour l'instant et d'envoyer le fameux virus à ton concepteur d'antivirus, il va trouver le remède et te l'envoyer par émail.
C'est la seul solution que j'ai pour l'instant.
j ai fais ce que t as dit j ai appeller mon fournisseur internet avec qui j ai le freedom pour anti virus pis y a meme po pu rien faire
C'est la seul solution que j'ai pour l'instant.
j ai fais ce que t as dit j ai appeller mon fournisseur internet avec qui j ai le freedom pour anti virus pis y a meme po pu rien faire
Ce qui est passé a fui ; ce que tu espères est absent ; mais le présent est à toi.
Soleil47 a écritCorrigez-moi si je suis dans l'erreur:
Je vois cela dans le Hijackthis:
isass - isass.exe
La présence du processus isass.exe (isass) peut indiquer la présence du ver Sasser (W32.Sasser.Worm ou Win32/Sasser).
igfxtray - igfxtray.exe
j ai downloder le programme pour suprimer sasser pis imagine toi donc que sa me dit no found apres la recherche alors je l ai po j ai encore le meme virus
La présence du processus igfxtray.exe (igfxtray) peut indiquer la présence du cheval de Troie Troj/PAdmin-A.
Peut-être que ca corrigera pas tous les problèmes, si vous allez vérifier sur ce site, c'est là que j'ai pris les informations:
http://www.commentcamarche.net/processus/processus.php3
(partie: autres processus)
Je vois cela dans le Hijackthis:
isass - isass.exe
La présence du processus isass.exe (isass) peut indiquer la présence du ver Sasser (W32.Sasser.Worm ou Win32/Sasser).
igfxtray - igfxtray.exe
j ai downloder le programme pour suprimer sasser pis imagine toi donc que sa me dit no found apres la recherche alors je l ai po j ai encore le meme virus
La présence du processus igfxtray.exe (igfxtray) peut indiquer la présence du cheval de Troie Troj/PAdmin-A.
Peut-être que ca corrigera pas tous les problèmes, si vous allez vérifier sur ce site, c'est là que j'ai pris les informations:
http://www.commentcamarche.net/processus/processus.php3
(partie: autres processus)
Ce qui est passé a fui ; ce que tu espères est absent ; mais le présent est à toi.
je le refais de nouveau pour me faire aider
Logfile of HijackThis v1.99.1
Scan saved at 06:04:05, on 2005-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsCommand Softwaredvpapi.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32\_root_AIM.exe
C:WINDOWSsystem32
rnran.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program Filesero KnowledgeFreedomFreedom.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesQuickZipQuickZip.exe
C:DOCUME~1DEFAULTLOCALS~1TempQZTEMPHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.search-itnow.com/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.ca/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://fr.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.search-itnow.com/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program Filesero KnowledgeFreedompkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:Program Filesero KnowledgeFreedomFreeBHOR.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST1.02.3000.1002en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM..Run: [FireWall] C:WINDOWSsystem32\_root_svchost.exe
O4 - HKLM..Run: [AIMMSG] C:WINDOWSsystem32\_root_AIM.exe
O4 - HKLM..Run: [KavSvc] C:WINDOWSsystem32
rnran.exe
O4 - HKLM..RunServices: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..RunServices: [Windows Updater] paste.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesFichiers communsMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/HardwareDetection/ ... ection.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/canada_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLMSystemCCSServicesTcpip..{85BAFA59-DEDA-4782-825B-A49A7D2F3AB7}: NameServer = 206.47.244.79 206.47.244.15
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:Program FilesFichiers communsCommand Softwaredvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:Program FilesFichiers communsMacromedia SharedServiceMacromedia Licensing.exe
Logfile of HijackThis v1.99.1
Scan saved at 06:04:05, on 2005-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsCommand Softwaredvpapi.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32\_root_AIM.exe
C:WINDOWSsystem32
rnran.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program Filesero KnowledgeFreedomFreedom.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesMSN AppsUpdater1.02.3000.1001fr-camsnappau.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesQuickZipQuickZip.exe
C:DOCUME~1DEFAULTLOCALS~1TempQZTEMPHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.search-itnow.com/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.ca/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://fr.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.search-itnow.com/index.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program Filesero KnowledgeFreedompkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:Program Filesero KnowledgeFreedomFreeBHOR.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST1.02.3000.1002en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001fr-camsntb.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM..Run: [FireWall] C:WINDOWSsystem32\_root_svchost.exe
O4 - HKLM..Run: [AIMMSG] C:WINDOWSsystem32\_root_AIM.exe
O4 - HKLM..Run: [KavSvc] C:WINDOWSsystem32
rnran.exe
O4 - HKLM..RunServices: [serpe] C:WINDOWSsystem32formatsys.exe
O4 - HKLM..RunServices: [Windows Updater] paste.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_06in
pjpi142_06.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesFichiers communsMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/HardwareDetection/ ... ection.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/canada_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLMSystemCCSServicesTcpip..{85BAFA59-DEDA-4782-825B-A49A7D2F3AB7}: NameServer = 206.47.244.79 206.47.244.15
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:Program FilesFichiers communsCommand Softwaredvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:Program FilesFichiers communsMacromedia SharedServiceMacromedia Licensing.exe
Ce qui est passé a fui ; ce que tu espères est absent ; mais le présent est à toi.
-
Blanche Neige
- Caïd de la Causette
- Messages : 969
- Inscription : lun. janv. 26, 2004 1:00 am
D'après ton dernier scan, je ne vois pas de problème apparent, si c'est ton freedom qui te dit que tu as un virus alors telécharge AVG et scan ton disque. Tu le désinstalleras plus tard. AVG est plus puissant que freedom même s'il est gratuit. Et n'oublie pas de passer Ad-aware/se et spybot pour finir de nettoyer ton disque ( sur telecharger.com, ils sont gratuits.)
Et pour un nettoyage en profondeur, tu finis par les régistre avec easycleaner ou regcleaner ou tout autre nettoyeur de régistre.
Tu as sympatico et tu payes $5/mois pour ton freedom, c'est de l'arnaque, AVG est plus performant et il est gratos.
Tu as beaucoup trop de choses qui sont en processus et dont tu n'as pas besoin.
Et pour un nettoyage en profondeur, tu finis par les régistre avec easycleaner ou regcleaner ou tout autre nettoyeur de régistre.
Tu as sympatico et tu payes $5/mois pour ton freedom, c'est de l'arnaque, AVG est plus performant et il est gratos.
Tu as beaucoup trop de choses qui sont en processus et dont tu n'as pas besoin.
Les vertus, la sagesse, le bonheur s'acquièrent par l'éducation. L'art de vivre s'apprend. Aristote.