Virus mechant
yoyo
-
Utilisateur anonyme -
Utilisateur anonyme -
J'ai un probleme de gros virus : il lance des fenetres de pub adroite a gauche , bloque les telechargements, si je suis pas en mode sans echec il plante au bout de 10 secondes, ll neutralise l'autoprotect de norton et au bout de 5 min d'analyse avec l'anti virus il redemarre, et biensur la restauration windows marche pas!
J'ai essaye aussi les antivirus en ligne mais le navigateur plante quand il telecharge l'antvirus...
/!\ HELP! /!\
Je voudrais au moins son nom...
J'ai essaye aussi les antivirus en ligne mais le navigateur plante quand il telecharge l'antvirus...
/!\ HELP! /!\
Je voudrais au moins son nom...
A voir également:
- Virus mechant
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
6 réponses
sûrement serflog (sumom) ........
il faut un AV de moins d'un mois sur CD-Rom, l'installer et le lancer en mode sans échec
sinon, lance voir hijackthis et post les logs
bon courage
il faut un AV de moins d'un mois sur CD-Rom, l'installer et le lancer en mode sans échec
sinon, lance voir hijackthis et post les logs
bon courage
Logfile of HijackThis v1.99.1
Scan saved at 12:31:22, on 21/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sysinit32m.exe
C:\WINDOWS\sys713.exe
C:\WINDOWS\sys744.exe
C:\WINDOWS\sys752.exe
C:\WINDOWS\sys752.exe
C:\WINDOWS\sys755.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/ymsgr6/fr/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.190.135/?to=FED&from=start_page&type=start_page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/ymsgr6/fr/*http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe sysinit32m.exe
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 www.iframeprofit.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 www.statscash.biz
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FICHIE~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sys002] C:\WINDOWS\System32\sys002.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [aLd0e] C:\WINDOWS\cxuhjgd.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [ijsv] C:\WINDOWS\ijsv.exe
O4 - HKLM\..\Run: [5srV3Fj] setef.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [Bkn] C:\WINDOWS\System32\Eer.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FICHIE~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{EDED533B-6DB5-41C4-BFCC-9EECD7DA6CAF}\SVCHOST.EXE
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Cot] C:\WINDOWS\System32\Hdl.exe
O4 - HKLM\..\Run: [Nbu] C:\WINDOWS\System32\Sai.exe
O4 - HKLM\..\Run: [Lat] C:\WINDOWS\Ust.exe
O4 - HKLM\..\Run: [Pui] C:\WINDOWS\Edc.exe
O4 - HKLM\..\Run: [Niq] C:\WINDOWS\Pkk.exe
O4 - HKLM\..\Run: [Rmm] C:\WINDOWS\Beo.exe
O4 - HKLM\..\Run: [Lkn] C:\WINDOWS\Edu.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\System32\icasServ.exe
O4 - HKLM\..\Run: [Hta] C:\WINDOWS\Irc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Vrl] C:\WINDOWS\Dro.exe
O4 - HKLM\..\Run: [Lvb] C:\WINDOWS\Hau.exe
O4 - HKLM\..\Run: [Jmq] C:\WINDOWS\Mcu.exe
O4 - HKLM\..\Run: [Kti] C:\WINDOWS\System32\Ssr.exe
O4 - HKLM\..\Run: [Ffm] C:\WINDOWS\System32\Gka.exe
O4 - HKLM\..\Run: [Ure] C:\WINDOWS\Ghr.exe
O4 - HKLM\..\Run: [Rus] C:\WINDOWS\Hfl.exe
O4 - HKLM\..\Run: [Bqk] C:\WINDOWS\System32\Njm.exe
O4 - HKLM\..\Run: [Vtp] C:\WINDOWS\Uvm.exe
O4 - HKLM\..\Run: [Etk] C:\WINDOWS\Tve.exe
O4 - HKLM\..\Run: [Ulm] C:\WINDOWS\System32\Skl.exe
O4 - HKLM\..\Run: [Hpf] C:\WINDOWS\System32\Gmk.exe
O4 - HKLM\..\Run: [Are] C:\WINDOWS\Ugp.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [KB09RPHES] sdbntui.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Bkn] C:\WINDOWS\System32\Eer.exe
O4 - HKCU\..\Run: [Cot] C:\WINDOWS\System32\Hdl.exe
O4 - HKCU\..\Run: [Nbu] C:\WINDOWS\System32\Sai.exe
O4 - HKCU\..\Run: [Lat] C:\WINDOWS\Ust.exe
O4 - HKCU\..\Run: [Pui] C:\WINDOWS\Edc.exe
O4 - HKCU\..\Run: [Niq] C:\WINDOWS\Pkk.exe
O4 - HKCU\..\Run: [Rmm] C:\WINDOWS\Beo.exe
O4 - HKCU\..\Run: [Lkn] C:\WINDOWS\Edu.exe
O4 - HKCU\..\Run: [Hta] C:\WINDOWS\Irc.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
O4 - Global Startup: Sagem - Utilitaire pour Clé Wi-Fi USB.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYFR_ZSxdm155
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Microsoft AntiSpyware helper - {43FAC60C-D7F1-45A1-8FE7-CB9D06BA2BE4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {43FAC60C-D7F1-45A1-8FE7-CB9D06BA2BE4} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: avpx32 - C:\WINDOWS\SYSTEM32\avpx32.dll
O21 - SSODL: LwmJozzpovqnI - {DCA28C95-7608-263F-1EBE-7C3AB7E7491C} - C:\WINDOWS\System32\wqgk.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
voila ce quil me di
Scan saved at 12:31:22, on 21/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sysinit32m.exe
C:\WINDOWS\sys713.exe
C:\WINDOWS\sys744.exe
C:\WINDOWS\sys752.exe
C:\WINDOWS\sys752.exe
C:\WINDOWS\sys755.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/ymsgr6/fr/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.190.135/?to=FED&from=start_page&type=start_page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/ymsgr6/fr/*http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe sysinit32m.exe
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 www.iframeprofit.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 www.statscash.biz
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FICHIE~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sys002] C:\WINDOWS\System32\sys002.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [aLd0e] C:\WINDOWS\cxuhjgd.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [ijsv] C:\WINDOWS\ijsv.exe
O4 - HKLM\..\Run: [5srV3Fj] setef.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [Bkn] C:\WINDOWS\System32\Eer.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FICHIE~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{EDED533B-6DB5-41C4-BFCC-9EECD7DA6CAF}\SVCHOST.EXE
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Cot] C:\WINDOWS\System32\Hdl.exe
O4 - HKLM\..\Run: [Nbu] C:\WINDOWS\System32\Sai.exe
O4 - HKLM\..\Run: [Lat] C:\WINDOWS\Ust.exe
O4 - HKLM\..\Run: [Pui] C:\WINDOWS\Edc.exe
O4 - HKLM\..\Run: [Niq] C:\WINDOWS\Pkk.exe
O4 - HKLM\..\Run: [Rmm] C:\WINDOWS\Beo.exe
O4 - HKLM\..\Run: [Lkn] C:\WINDOWS\Edu.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\System32\icasServ.exe
O4 - HKLM\..\Run: [Hta] C:\WINDOWS\Irc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Vrl] C:\WINDOWS\Dro.exe
O4 - HKLM\..\Run: [Lvb] C:\WINDOWS\Hau.exe
O4 - HKLM\..\Run: [Jmq] C:\WINDOWS\Mcu.exe
O4 - HKLM\..\Run: [Kti] C:\WINDOWS\System32\Ssr.exe
O4 - HKLM\..\Run: [Ffm] C:\WINDOWS\System32\Gka.exe
O4 - HKLM\..\Run: [Ure] C:\WINDOWS\Ghr.exe
O4 - HKLM\..\Run: [Rus] C:\WINDOWS\Hfl.exe
O4 - HKLM\..\Run: [Bqk] C:\WINDOWS\System32\Njm.exe
O4 - HKLM\..\Run: [Vtp] C:\WINDOWS\Uvm.exe
O4 - HKLM\..\Run: [Etk] C:\WINDOWS\Tve.exe
O4 - HKLM\..\Run: [Ulm] C:\WINDOWS\System32\Skl.exe
O4 - HKLM\..\Run: [Hpf] C:\WINDOWS\System32\Gmk.exe
O4 - HKLM\..\Run: [Are] C:\WINDOWS\Ugp.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [KB09RPHES] sdbntui.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Bkn] C:\WINDOWS\System32\Eer.exe
O4 - HKCU\..\Run: [Cot] C:\WINDOWS\System32\Hdl.exe
O4 - HKCU\..\Run: [Nbu] C:\WINDOWS\System32\Sai.exe
O4 - HKCU\..\Run: [Lat] C:\WINDOWS\Ust.exe
O4 - HKCU\..\Run: [Pui] C:\WINDOWS\Edc.exe
O4 - HKCU\..\Run: [Niq] C:\WINDOWS\Pkk.exe
O4 - HKCU\..\Run: [Rmm] C:\WINDOWS\Beo.exe
O4 - HKCU\..\Run: [Lkn] C:\WINDOWS\Edu.exe
O4 - HKCU\..\Run: [Hta] C:\WINDOWS\Irc.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
O4 - Global Startup: Sagem - Utilitaire pour Clé Wi-Fi USB.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYFR_ZSxdm155
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Microsoft AntiSpyware helper - {43FAC60C-D7F1-45A1-8FE7-CB9D06BA2BE4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {43FAC60C-D7F1-45A1-8FE7-CB9D06BA2BE4} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: avpx32 - C:\WINDOWS\SYSTEM32\avpx32.dll
O21 - SSODL: LwmJozzpovqnI - {DCA28C95-7608-263F-1EBE-7C3AB7E7491C} - C:\WINDOWS\System32\wqgk.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
voila ce quil me di
[url=http://www.sotokeiya.com/tagheuer/]?????????/url
[url=http://www.sotokeiya.com/louisvuitton/]?????????/url
??????????????
????????? ????????????? 3 ?? 1 ???? 75 ??????????????????
?????????????????????????????????????? ??? ? ???????
??? ? ?????????????????? ???????????? ???????????????
???????????????86. 37 ???????????????????????????? ? ??
?????????????????????????????? ? ???????????????????
???????????????? 40 ????????????????????????????????
?????????? ? ???????????????
[url=http://www.sotokeiya.com/vacheron-constantin/]????????????????/url
[url=http://www.sotokeiya.com/piaget/]???????/url
[url=http://www.sotokeiya.com/chopard/]????????/url
[url=http://www.sotokeiya.com/hermes/]???????/url
[url=http://www.sotokeiya.com/jaeger-lecoultre/]???????????/url
[url=http://www.sotokeiya.com/alange-soehne/]???&??????/url
[url=http://www.sotokeiya.com/montblanc/]????????/url
[url=http://www.sotokeiya.com/louisvuitton/]?????????/url
??????????????
????????? ????????????? 3 ?? 1 ???? 75 ??????????????????
?????????????????????????????????????? ??? ? ???????
??? ? ?????????????????? ???????????? ???????????????
???????????????86. 37 ???????????????????????????? ? ??
?????????????????????????????? ? ???????????????????
???????????????? 40 ????????????????????????????????
?????????? ? ???????????????
[url=http://www.sotokeiya.com/vacheron-constantin/]????????????????/url
[url=http://www.sotokeiya.com/piaget/]???????/url
[url=http://www.sotokeiya.com/chopard/]????????/url
[url=http://www.sotokeiya.com/hermes/]???????/url
[url=http://www.sotokeiya.com/jaeger-lecoultre/]???????????/url
[url=http://www.sotokeiya.com/alange-soehne/]???&??????/url
[url=http://www.sotokeiya.com/montblanc/]????????/url
Des que je fais un analyse ou un fix en mode sans echec il reboot c'est peut etre une nouvvelle version du virus car kand je fais kill procesus sur le fichier svchost.exe il lance un compte a rebourd que j'arrive areter ce compte a rebourd me dis que dans une minute le pc redemarera...
il ne faut pas faire un kill du processus svchost.exe ......
il faut comme je l'ai dit lancer un AV récent en mode sans échec.
les virus courants ne sont pas lancés en mode sans échec.
ce n'est pas le virus que je disais mais ça y ressemble beaucoup ...
il faut comme je l'ai dit lancer un AV récent en mode sans échec.
les virus courants ne sont pas lancés en mode sans échec.
ce n'est pas le virus que je disais mais ça y ressemble beaucoup ...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Le virus dont il s'agit est paytime.exe ou plus exactement cws_paytime ou encore http:://81.222.131.49/index.php.
Pour s'en débarasser:
1-redémarrer en mode sans echec (F8 au démarrage)
2-rechercher et supprimer tout ce qui commence par paytime dont paytime .exe
3-lancer highjackthis
4- cocher toutes les entrées suivantes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http:://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http:://81.222.131.49/index.php
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O16 - DPF: {08F9B026-4ECE-0B2B-59ED-60DD2C2D155D} - http:://69.31.82.260/1/gdnUS10.exe
5-cliquer sur FIX
6- quiter highjackthis
7-vider la corbeille
8-redemarer en mode normal
C'est tout. Maintenant, commentaire perso sut le log highjack: trop de visites sur des sites peu clairs ...Un reformatage serait préférable.
Bonne journée
Pour s'en débarasser:
1-redémarrer en mode sans echec (F8 au démarrage)
2-rechercher et supprimer tout ce qui commence par paytime dont paytime .exe
3-lancer highjackthis
4- cocher toutes les entrées suivantes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http:://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http:://81.222.131.49/index.php
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O16 - DPF: {08F9B026-4ECE-0B2B-59ED-60DD2C2D155D} - http:://69.31.82.260/1/gdnUS10.exe
5-cliquer sur FIX
6- quiter highjackthis
7-vider la corbeille
8-redemarer en mode normal
C'est tout. Maintenant, commentaire perso sut le log highjack: trop de visites sur des sites peu clairs ...Un reformatage serait préférable.
Bonne journée
<a href="https://www.facebook.com/only.cmc/"><img src="http://www.observer.com/sites/all/themes/observer/images/observer_logo.gif"></img></a>
<a href="https://www.facebook.com/only.cmc/"><img src="http://www.chinesetoday.com/images/jpb.jpg"></img></a>
<a href="http://www.yuppy111.com/swiss_rolex-watch.html">ロレックス時計</a>
<a href="http://www.yuppy111.com/C-Cartier-104_159-1.html">カルティエ時計</a>
<a href="http://www.yuppy111.com/swiss_iwc-watch.html">IWC時計</a>
<a href="http://www.yuppy111.com/swiss_Gucci-watch.html">グッチ時計</a>
<a href="http://www.yuppy111.com/swiss_Omega-watch.html">オメガ時計</a>"Everywhere I go, I hear
stories about families selling off their boats and motorcycles to make ends meet. They have garage
sales and yard sales," he told the Legislature this week, offering his rationale for selling assets.
"They know that you don't have or keep a boat at the dock when you can't put food on the table."
<a href="https://www.facebook.com/only.cmc/"><img src="http://blogs.watoday.com.au/lifestyle/fearclothing/sexy_trashy_comp.jpg"></img></a>
<a href="http://www.yuppy111.com/swiss_Panerai-watch.html">パネライ時計</a>
<a href="http://www.yuppy111.com/Japan_rolex-copy.html">ロレックスレプリカ</a>
<a href="http://www.yuppy111.com/C-Cartier-104_159-1.html">カルティエコピー</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie and fitch</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie & fitch</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie model</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie clothes</a>
<a href="http://www.abercrombieandfitchusa.com">cheap abercrombie</a>
<a href="http://www.yuppy111.com/swiss_rolex-watch.html">ロレックスコピー</a>
<a href="http://www.yuppy111.com/Japan_Gucci-Copy.html">グッチコピー</a>
<a href="http://www.yuppy111.com/Japan_Panerai-Copy.html">パネライコピー</a>The governor said California could generate $3 billion from selling seven landmarks and 11 office buildings scattered
around the state.In most cases, however, it would take a few years to complete the sales, doing
nothing for California's immediate budget crisis. Moreover, selling in the middle of a recession and
a downturn in real estate is a questionable proposition.
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> cmc audio rca </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> wbt audio rca </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> cmc rca plugs </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> wbt rca plugs </b></a>
<a href="https://www.facebook.com/only.cmc/?id=417&pid=0&sortpath=417"><b> cmc rca jacks </b></a>
<a href="https://www.facebook.com/only.cmc/?id=417&pid=0&sortpath=417"><b> wbt rca jacks </b></a>Fundamentally, this is the wrong time to do this," said Robert Griswold, a real estate author
and member of the planning commission in San Diego. "The market is down and is now in the favor of
people looking to buy these properties and not in the favor of the state."
Fred Aguiar, Schwarzenegger's secretary of consumer services, defended the proposal, saying many of
the properties cannot be compared to ordinary commercial or retail space because they are unique and
often sit on prime land. He said potential buyers have already inquired about the sites, though he
would not identify them.
<a href="https://www.facebook.com/only.cmc/"><img src="http://img1.gtimg.com/news/pics/18692/18692362.jpg"></img></a>
<a href="https://www.facebook.com/only.cmc/?id=418&pid=0&sortpath=418"><b> cmc tube sockets </b></a>
<a href="https://www.facebook.com/only.cmc/?id=418&pid=0&sortpath=418"><b> wbt tube sockets </b></a>
<a href="https://www.facebook.com/only.cmc/?id=419&pid=0&sortpath=419"><b> cmc binding posts </b></a>
<a href="https://www.facebook.com/only.cmc/?id=419&pid=0&sortpath=419"><b> wbt binding posts </b></a>
<a href="https://www.facebook.com/only.cmc/?id=420&pid=0&sortpath=420"><b> cmc banana & spades </b></a>These are some very valuable properties," Aguiar said. "When you start a bidding process on
valuable properties, I think a lot of people will be surprised at the kind of prices they will
fetch."
<a href="http://www.abercrombieandfitchusa.com">abercrombie</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie and fitch</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie & fitch</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie model</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie clothes</a>
<a href="http://www.abercrombieandfitchusa.com">cheap abercrombie</a>
The state estimates that San Quentin Prison — situated on 488 picturesque acres on the San Francisco
Bay — could bring in $1 billion in today's market. It is widely assumed that any buyer would be
interested primarily in the land and might tear down all or some of the 1880s prison to make way for condos or some other development.
<a href="https://www.facebook.com/only.cmc/"><img src="http://www.melbourneairport.com.au/images/photos/WEB_News-Bar.jpg"></img></a>
It is unclear, however, where California's death row would be housed, and how long it would take to
move the prison's 5,150 inmates — a process that could cost many millions of dollars and eat into
any proceeds from San Quentin's sale.
<a href="http://www.yuppy111.com/swiss_Panerai-watch.html">パネライ時計</a>
<a href="http://www.yuppy111.com/Japan_rolex-copy.html">ロレックスレプリカ</a>
<a href="http://www.yuppy111.com/C-Cartier-104_159-1.html">カルティエコピー</a>
<a href="http://www.yuppy111.com/swiss_rolex-watch.html">ロレックスコピー</a>
<a href="http://www.yuppy111.com/Japan_Gucci-Copy.html">グッチコピー</a>
<a href="http://www.yuppy111.com/Japan_Panerai-Copy.html">パネライコピー</a>
The state has not put a price tag on the Los Angeles Memorial Coliseum but estimates any sale of the 86-year-old stadium could take two to three years. The expectation is that a buyer would continue to operate the stadium, which can seat more than 100,000 people and was the site of the 1932 and 1984 Summer Olympics.
<a href="https://www.facebook.com/only.cmc/"><img src="http://tpc.googlesyndication.com/simgad/11850701813695177663"></img></a>
Democratic state Sen. Rod Wright said lawmakers should be careful about holding a fire sale of
valuable landmarks.
<a href="https://www.facebook.com/only.cmc/?id=420&pid=0&sortpath=420"><b> wbt banana & spades </b></a>
<a href="https://www.facebook.com/only.cmc/?id=432&pid=0&sortpath=432"><b> cmc loudspeaker </b></a>
<a href="https://www.facebook.com/only.cmc/?id=432&pid=0&sortpath=432"><b> wbt loudspeaker </b></a>
www.onlycmc.com
www.yuppy111.com
<a href="https://www.facebook.com/only.cmc/"><img src="http://img1.gtimg.com/news/pics/18695/18695388.jpg"></img></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> cmc audio rca </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> wbt audio rca </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> cmc rca plugs </b></a>
<a href="https://www.facebook.com/only.cmc/"><img src="http://img1.gtimg.com/news/pics/18696/18696361.jpg"></img></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> wbt rca plugs </b></a>
<a href="https://www.facebook.com/only.cmc/?id=417&pid=0&sortpath=417"><b> cmc rca jacks </b></a>
<a
href="https://www.facebook.com/only.cmc/?id=417&pid=0&sortpath=417"><b> wbt rca jacks </b></a>
<a href="https://www.facebook.com/only.cmc/"><img src="http://itv.hexun.com/lbi-html/ly/2009/baidu/nb/0905/0521-1.jpg"></img></a>
<a href="https://www.facebook.com/only.cmc/"><img src="http://www.chinesetoday.com/images/jpb.jpg"></img></a>
<a href="http://www.yuppy111.com/swiss_rolex-watch.html">ロレックス時計</a>
<a href="http://www.yuppy111.com/C-Cartier-104_159-1.html">カルティエ時計</a>
<a href="http://www.yuppy111.com/swiss_iwc-watch.html">IWC時計</a>
<a href="http://www.yuppy111.com/swiss_Gucci-watch.html">グッチ時計</a>
<a href="http://www.yuppy111.com/swiss_Omega-watch.html">オメガ時計</a>"Everywhere I go, I hear
stories about families selling off their boats and motorcycles to make ends meet. They have garage
sales and yard sales," he told the Legislature this week, offering his rationale for selling assets.
"They know that you don't have or keep a boat at the dock when you can't put food on the table."
<a href="https://www.facebook.com/only.cmc/"><img src="http://blogs.watoday.com.au/lifestyle/fearclothing/sexy_trashy_comp.jpg"></img></a>
<a href="http://www.yuppy111.com/swiss_Panerai-watch.html">パネライ時計</a>
<a href="http://www.yuppy111.com/Japan_rolex-copy.html">ロレックスレプリカ</a>
<a href="http://www.yuppy111.com/C-Cartier-104_159-1.html">カルティエコピー</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie and fitch</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie & fitch</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie model</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie clothes</a>
<a href="http://www.abercrombieandfitchusa.com">cheap abercrombie</a>
<a href="http://www.yuppy111.com/swiss_rolex-watch.html">ロレックスコピー</a>
<a href="http://www.yuppy111.com/Japan_Gucci-Copy.html">グッチコピー</a>
<a href="http://www.yuppy111.com/Japan_Panerai-Copy.html">パネライコピー</a>The governor said California could generate $3 billion from selling seven landmarks and 11 office buildings scattered
around the state.In most cases, however, it would take a few years to complete the sales, doing
nothing for California's immediate budget crisis. Moreover, selling in the middle of a recession and
a downturn in real estate is a questionable proposition.
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> cmc audio rca </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> wbt audio rca </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> cmc rca plugs </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> wbt rca plugs </b></a>
<a href="https://www.facebook.com/only.cmc/?id=417&pid=0&sortpath=417"><b> cmc rca jacks </b></a>
<a href="https://www.facebook.com/only.cmc/?id=417&pid=0&sortpath=417"><b> wbt rca jacks </b></a>Fundamentally, this is the wrong time to do this," said Robert Griswold, a real estate author
and member of the planning commission in San Diego. "The market is down and is now in the favor of
people looking to buy these properties and not in the favor of the state."
Fred Aguiar, Schwarzenegger's secretary of consumer services, defended the proposal, saying many of
the properties cannot be compared to ordinary commercial or retail space because they are unique and
often sit on prime land. He said potential buyers have already inquired about the sites, though he
would not identify them.
<a href="https://www.facebook.com/only.cmc/"><img src="http://img1.gtimg.com/news/pics/18692/18692362.jpg"></img></a>
<a href="https://www.facebook.com/only.cmc/?id=418&pid=0&sortpath=418"><b> cmc tube sockets </b></a>
<a href="https://www.facebook.com/only.cmc/?id=418&pid=0&sortpath=418"><b> wbt tube sockets </b></a>
<a href="https://www.facebook.com/only.cmc/?id=419&pid=0&sortpath=419"><b> cmc binding posts </b></a>
<a href="https://www.facebook.com/only.cmc/?id=419&pid=0&sortpath=419"><b> wbt binding posts </b></a>
<a href="https://www.facebook.com/only.cmc/?id=420&pid=0&sortpath=420"><b> cmc banana & spades </b></a>These are some very valuable properties," Aguiar said. "When you start a bidding process on
valuable properties, I think a lot of people will be surprised at the kind of prices they will
fetch."
<a href="http://www.abercrombieandfitchusa.com">abercrombie</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie and fitch</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie & fitch</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie model</a>
<a href="http://www.abercrombieandfitchusa.com">abercrombie clothes</a>
<a href="http://www.abercrombieandfitchusa.com">cheap abercrombie</a>
The state estimates that San Quentin Prison — situated on 488 picturesque acres on the San Francisco
Bay — could bring in $1 billion in today's market. It is widely assumed that any buyer would be
interested primarily in the land and might tear down all or some of the 1880s prison to make way for condos or some other development.
<a href="https://www.facebook.com/only.cmc/"><img src="http://www.melbourneairport.com.au/images/photos/WEB_News-Bar.jpg"></img></a>
It is unclear, however, where California's death row would be housed, and how long it would take to
move the prison's 5,150 inmates — a process that could cost many millions of dollars and eat into
any proceeds from San Quentin's sale.
<a href="http://www.yuppy111.com/swiss_Panerai-watch.html">パネライ時計</a>
<a href="http://www.yuppy111.com/Japan_rolex-copy.html">ロレックスレプリカ</a>
<a href="http://www.yuppy111.com/C-Cartier-104_159-1.html">カルティエコピー</a>
<a href="http://www.yuppy111.com/swiss_rolex-watch.html">ロレックスコピー</a>
<a href="http://www.yuppy111.com/Japan_Gucci-Copy.html">グッチコピー</a>
<a href="http://www.yuppy111.com/Japan_Panerai-Copy.html">パネライコピー</a>
The state has not put a price tag on the Los Angeles Memorial Coliseum but estimates any sale of the 86-year-old stadium could take two to three years. The expectation is that a buyer would continue to operate the stadium, which can seat more than 100,000 people and was the site of the 1932 and 1984 Summer Olympics.
<a href="https://www.facebook.com/only.cmc/"><img src="http://tpc.googlesyndication.com/simgad/11850701813695177663"></img></a>
Democratic state Sen. Rod Wright said lawmakers should be careful about holding a fire sale of
valuable landmarks.
<a href="https://www.facebook.com/only.cmc/?id=420&pid=0&sortpath=420"><b> wbt banana & spades </b></a>
<a href="https://www.facebook.com/only.cmc/?id=432&pid=0&sortpath=432"><b> cmc loudspeaker </b></a>
<a href="https://www.facebook.com/only.cmc/?id=432&pid=0&sortpath=432"><b> wbt loudspeaker </b></a>
www.onlycmc.com
www.yuppy111.com
<a href="https://www.facebook.com/only.cmc/"><img src="http://img1.gtimg.com/news/pics/18695/18695388.jpg"></img></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> cmc audio rca </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> wbt audio rca </b></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> cmc rca plugs </b></a>
<a href="https://www.facebook.com/only.cmc/"><img src="http://img1.gtimg.com/news/pics/18696/18696361.jpg"></img></a>
<a href="https://www.facebook.com/only.cmc/?id=416&pid=0&sortpath=416"><b> wbt rca plugs </b></a>
<a href="https://www.facebook.com/only.cmc/?id=417&pid=0&sortpath=417"><b> cmc rca jacks </b></a>
<a
href="https://www.facebook.com/only.cmc/?id=417&pid=0&sortpath=417"><b> wbt rca jacks </b></a>
<a href="https://www.facebook.com/only.cmc/"><img src="http://itv.hexun.com/lbi-html/ly/2009/baidu/nb/0905/0521-1.jpg"></img></a>
Bonjour
Il y a tellement d'infection que je ne sais pas par lequel commencer.
Télécharge Ad-Remover sur ton bureau:
http://www.teamxscript.org/adremoverTelechargement.html
/!\ Ferme toutes tes applications ouvertes. /!\
* Désactive la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner la procédure de recherche et de nettoyage de l'outil.
Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur
"Nettoyer".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
Si le rapport n'apparait pas il se trouve à cet emplacement :C:\Ad-Report-CLEAN[1].txt
Il y a tellement d'infection que je ne sais pas par lequel commencer.
Télécharge Ad-Remover sur ton bureau:
http://www.teamxscript.org/adremoverTelechargement.html
/!\ Ferme toutes tes applications ouvertes. /!\
* Désactive la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner la procédure de recherche et de nettoyage de l'outil.
Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur
"Nettoyer".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
Si le rapport n'apparait pas il se trouve à cet emplacement :C:\Ad-Report-CLEAN[1].txt
