Posez votre question Signaler

Pb virus rootkit [Résolu]

loul37 49Messages postés 1 juillet 2007Date d'inscription - Dernière réponse le 23 mai 2008 à 15:03
Bonjour,
bonjour pb virus rootkit!!
voici mes différents rapport
MSNFix 1.716
C:\Documents and Settings\starwars\Bureau\MSNFix\MSNFix
Fix exécuté le 19/05/2008 - 17:17:17,17 By starwars
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\mcrh.tmp
... C:\??????.exe
... C:\WINDOWS\system32\mcrh.tmp
... C:\WINDOWS\system32\tmp.txt
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\mcrh.tmp
.. OK ... C:\??????.exe
.. OK ... C:\WINDOWS\system32\mcrh.tmp
.. OK ... C:\WINDOWS\system32\tmp.txt
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\ftklhae.exe] D25B554B8356434EAAA159EF7AD5DD7B
[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\starwars\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 19052008_17202532.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Lire la suite 

Pb virus rootkit »

36 réponses
Réponse
+0
moins plus
loul37 49Messages postés 1 juillet 2007Date d'inscription 21 mai 2008 à 07:43
SmitFraudFix v2.320

Rapport fait à 16:55:53,70, 19/05/2008
Executé à partir de C:\Documents and Settings\starwars\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 china.dalexcars.com
127.0.0.1 dl.aaascreensavers.com
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
127.0.0.1 www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com
127.0.0.1 www.adcipta.net #[W32/Malware]
127.0.0.1 adserv.adbonus.com
127.0.0.1 www.adbonus.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad3.adcept.net
127.0.0.1 www.adcept.net
127.0.0.1 adcomplete.com
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 ads.adcorps.com
127.0.0.1 ads.addynamix.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com
127.0.0.1 www.ad4ever.com
127.0.0.1 adhearus.com
127.0.0.1 display2.adhearus.com
127.0.0.1 ssl3.adhost.com
127.0.0.1 www2.adhost.com
127.0.0.1 www.addme.com
127.0.0.1 www.adinfinity.com
127.0.0.1 te.adlandpro.com
127.0.0.1 classic.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 www.adminder.com
127.0.0.1 adsfac.net
127.0.0.1 www.adonweb.com
127.0.0.1 www.adrelevance.com #[NetRatings]
127.0.0.1 media.adrevolver.com
127.0.0.1 adroar.com
127.0.0.1 ads.adroar.com
127.0.0.1 delta.adroar.com
127.0.0.1 iads.adroar.com #[Adware.AdRoar][ADW_ADROAR.A]
127.0.0.1 lists.adroar.com
127.0.0.1 www.adroar.com
127.0.0.1 ads.adsag.com
127.0.0.1 di.adsag.com
127.0.0.1 img.adsag.com
127.0.0.1 adserv.com
127.0.0.1 www.adserv.com
127.0.0.1 ads.adtomi.com
127.0.0.1 www.adtomi.com #[Adware.Adtomi]
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com
127.0.0.1 www.adtrader.com
127.0.0.1 www.adtraffic.net
127.0.0.1 survey.advantageresearch.com
127.0.0.1 ad.adver.com.tw
127.0.0.1 ads.advertise.net
127.0.0.1 advertisingvision.com #[Adware.Advision]
127.0.0.1 www.advertisingvision.com
127.0.0.1 adviva.com
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net
127.0.0.1 adstats.adviva.net
127.0.0.1 tracker.affistats.com #[msvrl.dll]
127.0.0.1 www.affiliatefuel.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 affiliatetarget.com
127.0.0.1 www.affiliatetarget.com
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 our.affiliatetracking.net
127.0.0.1 www.affiliatetracking.net
127.0.0.1 www.affiliatetracking.com
127.0.0.1 adserver.aim4media.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 pops.aim4media.com
127.0.0.1 www.aim4media.com
127.0.0.1 crs.akamai.com
127.0.0.1 soap.alexa.com #[Spyware.Alexa][Alexa Toolbar]
127.0.0.1 traffic.alexa.com
127.0.0.1 xsltcache.alexa.com
127.0.0.1 www.alexa.com
127.0.0.1 allcheapsolutions.com #[Backdoor-CIE]
127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster]
127.0.0.1 bantam.ai.net
127.0.0.1 fiona.ai.net
127.0.0.1 ads.amazingmedia.com
127.0.0.1 bohema.amillo.net #[Trojan.Mitglieder.H]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 banner.arttoday.com
127.0.0.1 ads.aspalliance.com
127.0.0.1 associmg.com #[amazon.com]
127.0.0.1 armbender.com #[UCSearch.ucUCSearch][W32.Adclicker.F.Trojan]
127.0.0.1 www.armbender.com #[UCSearch.ArmBender]
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com #[Restricted Zone site]
127.0.0.1 adserving.autotrader.com
127.0.0.1 www.avatarresources.com #[Parasite.AutoStartup]
127.0.0.1 www.avres.net
127.0.0.1 www.aweber.com
127.0.0.1 cploving.awmhost.net #[TrojanClicker.Win32.Lopin]
127.0.0.1 bar.baidu.com #[Parasite.ClientMan]
127.0.0.1 www.baltictop.com
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com #[Restricted Zone site]
127.0.0.1 www2.bannerspace.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com
127.0.0.1 bannerswap.com
127.0.0.1 www.bannerswap.com
127.0.0.1 www.bidclix.com
127.0.0.1 bidclix.net
127.0.0.1 www.bidclix.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net #[Restricted Zone site]
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 download.bigwebportal.com #[hotwebsearch.com]
127.0.0.1 www.bigwebportal.com
127.0.0.1 counter.bizland.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.black-hole.co.uk #[Restricted Zone site]
127.0.0.1 www.blazehits.net #[gonnasearch.com]
127.0.0.1 s7.blingblingcontent.com #[Easywebinstaller Control]
127.0.0.1 ads.bmais.net #[bluemountain]
127.0.0.1 bookedspace.com #[Parasite.BookedSpace]
127.0.0.1 www.bookedspace.com #[Adware.Bookedspace]
127.0.0.1 a.boom.ro
127.0.0.1 s.boom.ro
127.0.0.1 www1.boomerank.com
127.0.0.1 boomerank.com
127.0.0.1 citi.bridgetrack.com #[Tracking Service]
127.0.0.1 rccl.bridgetrack.com
127.0.0.1 config.broadcastpc.tv #[TROJ_RVP.E]
127.0.0.1 report.broadcastpc.tv #[AdvWare.Broadcap.a]
127.0.0.1 www.broadcastpc.tv #[Adware.Broadcastpc]
127.0.0.1 www.browserplugin.com #[WebHlprObj Class]
127.0.0.1 install.browsertoolbar.com #[Backdoor.Autoupder][BrowserToolbar]
127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]
127.0.0.1 www.browsertoolbar.com #[Parasite.BrowserToolbar]
127.0.0.1 browserwise.com #[Parasite.Xupiter][Xupiter.BrowserWise]
127.0.0.1 www.browserwise.com
127.0.0.1 www.buildtraffic.com
127.0.0.1 casino-on-net.com
127.0.0.1 java2.casino-on-net.com
127.0.0.1 www.casino-on-net.com
127.0.0.1 casinojems.com
127.0.0.1 www.casinojems.com
127.0.0.1 cc-dt.com
127.0.0.1 ads.cc-dt.com
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 www.capital-systems.net #[Troj/Ovedil-B]
127.0.0.1 www.care2.com #[TopMoxie]
127.0.0.1 ads.cars.com
127.0.0.1 www.cashforclicks.com
127.0.0.1 www.cashpile.com
127.0.0.1 ads.cdfreaks.com #[Ads.cdfreaks]
127.0.0.1 mds.centrport.net
127.0.0.1 c.clickaire.com #[CWS trojan downloads]
127.0.0.1 classifieds1000.com
127.0.0.1 www.classifieds1000.com
127.0.0.1 clearfind.com
127.0.0.1 www.clearfind.com #[Restricted Zone site]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank]
127.0.0.1 zzz.clickbank.net
127.0.0.1 clickedyclick.com
127.0.0.1 www.clickexchange.ru
127.0.0.1 click2boost.com
127.0.0.1 secure.click2boost.com
127.0.0.1 service.click2boost.com
127.0.0.1 www.click2boost.com
127.0.0.1 servedby.clickexperts.net
127.0.0.1 www.clicks2you.com
127.0.0.1 stats1.clicktracks.com
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com
127.0.0.1 www1.click-fr.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com
127.0.0.1 www.clicks4u.com
127.0.0.1 www.clipgenie.com
127.0.0.1 comclick.com
127.0.0.1 ct2.comclick.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com #[Restricted Zone site]
127.0.0.1 www.thecoolbar.com #[Softomate Toolbar][The Coolbar]
127.0.0.1 www.compactbanner.com
127.0.0.1 ads.console.net
127.0.0.1 coolshader.com
127.0.0.1 c.coolshader.com #[Win32.Harnig]
127.0.0.1 www.coolshader.com
127.0.0.1 counted.com
127.0.0.1 bilbo.counted.com
127.0.0.1 www.counted.com
127.0.0.1 www.counterguide.com
127.0.0.1 counter4u.de
127.0.0.1 connectionzone.com
127.0.0.1 count.casino-trade.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com
127.0.0.1 twci.coremetrics.com
127.0.0.1 us.cqcounter.com
127.0.0.1 zz.cqcounter.com
127.0.0.1 1us.cqcounter.com
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 cyberbounty.com
127.0.0.1 js.cybermonitor.com
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 cytron.com #[DailyWinner][Cytron]
127.0.0.1 www.cytron.com
127.0.0.1 www.dash.com
127.0.0.1 ads.date.com
127.0.0.1 banner.date.com
127.0.0.1 dbbsrv.com #[bserv.darkblue.com][Restricted Zone site]
127.0.0.1 freestuff.com.19828.fb.dbbsrv.com #[roar.com]
127.0.0.1 spyware.com.16871.fb.dbbsrv.com
127.0.0.1 webads.com.18345.fb.dbbsrv.com
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com #[Data Miner]
127.0.0.1 ad.ads.dk
127.0.0.1 tdkads.ads.dk
127.0.0.1 didtheyreadit.com #[email tracker]
127.0.0.1 www.didtheyreadit.com
127.0.0.1 counter.digits.com
127.0.0.1 www.divago.com #[Adware.Surfairy]
127.0.0.1 www.dnscaching.net #[stickypops.com]
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 downloadalot.com
127.0.0.1 get.downloadalot.com
127.0.0.1 www.downloadalot.com #[Restricted Zone site]
127.0.0.1 www.downseek.com #[DownSeek Search]
127.0.0.1 dqmedia.net #[spam]
127.0.0.1 drmx01.net #[spam]
127.0.0.1 www.duenow.com
127.0.0.1 gfx.dvlabs.com
127.0.0.1 klipads.dvlabs.com
127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
127.0.0.1 www.e2give.com
127.0.0.1 www.e-bannerx.com
127.0.0.1 adv1.eblocs.com
127.0.0.1 adv2.eblocs.com #[Rogue/Suspect]
127.0.0.1 www.easycounter.com
127.0.0.1 banners.easydns.com
127.0.0.1 banner.easyspace.com
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 www.efinder.cc #[StartPage-DA]
127.0.0.1 enhancemysearch.com #[xzoomy.com]
127.0.0.1 www.enhancemysearch.com
127.0.0.1 epeople.com
127.0.0.1 errorpage404.com #[JS_TRAFFICHBAR.A]
127.0.0.1 www.errorpage404.com #[Parasite.TinyBar]
127.0.0.1 vipuk.escritorioactivo.com #[123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[bogus antivirus spyware]
127.0.0.1 www.eshopads2.com
127.0.0.1 perso.estat.com
127.0.0.1 prof.estat.com
127.0.0.1 www.estat.com #[Restricted Zone site]
127.0.0.1 eu-adcenter.net
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 ugo.eu-adcenter.net #[evidence-eliminator.com]
127.0.0.1 www.euroklik.nl #[EasyBar][InstallerX Class]
127.0.0.1 engage.everyone.net
127.0.0.1 static.everyone.net
127.0.0.1 www.exchangead.com
127.0.0.1 exitexchange.com
127.0.0.1 count.exitexchange.com
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com #[Restricted Zone site]
127.0.0.1 www.exchangeexit.com #[Installer Class][Winupie]
127.0.0.1 www.exittraffic.net
127.0.0.1 ezcybersearch.com #[EZCyberSearch.Surebar]
127.0.0.1 ads.ezcybersearch.com #[Adware.EZSearch.B]
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 www.ezcybersearch.com #[Parasite.ezCyberSearch]
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 redirect.fairfax.com.au
127.0.0.1 campaigns.f2.com.au
127.0.0.1 www.fast2net.com
127.0.0.1 www.fastfind.org #[SubSearch][TROJ_STARTPAG.KF][Adware.Fastfind.B]
127.0.0.1 fasttrack.nu
127.0.0.1 www.fceboard.com #[Adware.EBoard]
127.0.0.1 www.fightpopups.net #[Adware.MessStopper]
127.0.0.1 adserver.filefront.com
127.0.0.1 www.filemix.net #[Surf+]
127.0.0.1 www.fineclicks.com
127.0.0.1 firstname.com
127.0.0.1 clicks.firstname.com
127.0.0.1 www.fizzlewizzle.com #[Fizzle Wizzle Searchbar]
127.0.0.1 flashtrack.net
127.0.0.1 ads.flashtrack.net #[Adware.Flashtrack.B]
127.0.0.1 coreg.flashtrack.net
127.0.0.1 www.flashtrack.net #[Adware.FlashEnhancer][KB312429]
127.0.0.1 flyinads.com
127.0.0.1 www.flyinads.com
127.0.0.1 ads.forbes.com
127.0.0.1 klipmart.forbes.com
127.0.0.1 www.ampira.com #[Fortunecity]
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.v3.com #[Fortunecity]
127.0.0.1 www2.fortunecity.com
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehistorycleaner.com #[Adware.Fapi][ADW_HISCLEAN.A]
127.0.0.1 free-stats.com
127.0.0.1 www.freewebsites.com
127.0.0.1 ads.free-windows-games.com
127.0.0.1 www.free-windows-games.com #[Parasite.GAMsys][GamHelper]
127.0.0.1 pops.freeze.com #[[GamHelper]
127.0.0.1 ads.gamespy.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 www.getsmart.com
127.0.0.1 bp2.getredirect.com
127.0.0.1 4.getredirect.com #[superlogy.com]
127.0.0.1 www.getredirect.com
127.0.0.1 getupdate.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 www.getupdate.com #[Adware.Getup]
127.0.0.1 gigex.com
127.0.0.1 media.gigex.com #[SpeedDelivery]
127.0.0.1 oascentral.gigex.com #[RealMedia]
127.0.0.1 www.gigex.com #[download Class]
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com #[Restricted Zone site][CWS]
127.0.0.1 banner.goldenpalace.com #[redirects]
127.0.0.1 www.goldenwebawards.com #[server down?]
127.0.0.1 goldstats.net
127.0.0.1 www.goldstats.net
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 ads.gorillanation.com #[Restricted Zone site]
127.0.0.1 adserver.gorillanation.com
127.0.0.1 gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com
127.0.0.1 webcounter.goweb.de
127.0.0.1 greatstartpage.com #[parasite downloads]
127.0.0.1 www.greatstartpage.com
127.0.0.1 grokster.com #[Restricted Zone site][P2P]
127.0.0.1 dl.grokster.com
127.0.0.1 www.grokster.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 www.g-wizzads.net
127.0.0.1 hamster.com #[apps5.oingo.com]
127.0.0.1 ad0.haynet.com
127.0.0.1 www.hitboss.com
127.0.0.1 www.hit4hit.com
127.0.0.1 ads.hitcents.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 loga.hit-parade.com
127.0.0.1 hit-parade.com
127.0.0.1 www.hitpointer.com
127.0.0.1 hitslink.com
127.0.0.1 counter.hitslink.com
127.0.0.1 counter2.hitslink.com
127.0.0.1 www2.hitslink.com
127.0.0.1 www.hitslink.com #[Restricted Zone site]
127.0.0.1 hitstats.net
127.0.0.1 www.hiwire.com
127.0.0.1 ads.home.net
127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
127.0.0.1 counters.honesty.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 hotphrase.com
127.0.0.1 www.hotphrase.com #[Restricted Zone site]
127.0.0.1 hotsearch.com #[roar.com][Restricted Zone site]
127.0.0.1 www.hotsearch.com
127.0.0.1 hotsearchbar.com #[iiittt Class][SpiderSearch]
127.0.0.1 www.hotsearchbar.com
127.0.0.1 www.10s.com.br #[Trojan.Cargao]
127.0.0.1 cgi.hotstat.nl
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 hc2.humanclick.com
127.0.0.1 www.humanclick.com #[Data Miner]
127.0.0.1 www.hypertracker.com
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 image-catcher.com
127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
127.0.0.1 stats.surfaid.ihost.com
127.0.0.1 ads.imdb.com #[amazon.com]
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 stats.indextools.com
127.0.0.1 adserver.indieclick.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads7.inet1.com
127.0.0.1 banners.inetfast.com
127.0.0.1 ads.infospace.com
127.0.0.1 bvads.infospace.com
127.0.0.1 dpxml.infospace.com
127.0.0.1 xads.infospace.com
127.0.0.1 www.infospider.com
127.0.0.1 ads.intellicast.com
127.0.0.1 ads.intelihealth.com
127.0.0.1 ads.intermezzia.com
127.0.0.1 mjxads.internet.com
127.0.0.1 indiads.com
127.0.0.1 infostart.com
127.0.0.1 popups.infostart.com
127.0.0.1 www.intelli-tracker.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipstat.com
127.0.0.1 istarthere.com #[Troj/IEStart-C]
127.0.0.1 directory.istarthere.com
127.0.0.1 moviesponsor.istarthere.com
127.0.0.1 partners.istarthere.com
127.0.0.1 www.istarthere.com #[VBS_IESTART.F]
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 isurfplus.com
127.0.0.1 www.isurfplus.com #[Adware.Surebar]
127.0.0.1 www.itrafficstar.com #[Restricted Zone site]
127.0.0.1 www.jcount.com
127.0.0.1 affiliates.jeanharris.com
127.0.0.1 popup.jeanharris.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 www.joltid.com #[Adware.P2PNetworking]
127.0.0.1 www1.kliks.nl
127.0.0.1 www2.kliks.nl
127.0.0.1 www.kliks.nl
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 stats.klsoft.com
127.0.0.1 www.kmindex.ru
127.0.0.1 ad.leadcrunch.com
127.0.0.1 ts1.lexmark.com
127.0.0.1 www.linkcounter.com
127.0.0.1 linkexchange.ru
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com
127.0.0.1 plus.link4link.com
127.0.0.1 www.links4trade.com
127.0.0.1 escati.linkopp.net
127.0.0.1 www.linkopp.net
127.0.0.1 js.livehelper.com #[Restricted Zone site]
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 liveperson.net
127.0.0.1 server.iad.liveperson.net #[Data Miner]
127.0.0.1 www.liveperson.com
127.0.0.1 adserv.lwmn.net
127.0.0.1 locators.com #[Adware.Locator]
127.0.0.1 toolbar.locators.com #[Locators Toolbar]
127.0.0.1 www.locators.com
127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 luckyhomepage.com #[search.targetwords.com\1stblaze.com]
127.0.0.1 www.luckyhomepage.com #[Restricted Zone site]
127.0.0.1 adverts.lzio.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 search.lzio.com
127.0.0.1 updates.lzio.com #[Downloader-LE][Adware.ZioCom]
127.0.0.1 make-deal.com
127.0.0.1 www.madoogali.com #[Madoogali]
127.0.0.1 go.mailbits.com
127.0.0.1 mair.net #[Realtracker]
127.0.0.1 marnet.us #[Downloader-IU]
127.0.0.1 image.masterstats.com
127.0.0.1 link.masterstats.com
127.0.0.1 ads.affiliates.match.com
127.0.0.1 associmage.match.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 maybeyes.biz #[Trojan.Ducky]
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 banner.meerhits.nl #[IEHIjacker.Meerhits.nl]
127.0.0.1 pokpok.meerhits.nl
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com #[typo squatter]
127.0.0.1 www.megaseek.net #[Restricted Zone site]
127.0.0.1 pubs.mgn.net #[Grolier Network]
127.0.0.1 www.mgshareware.com #[Adware Bundler]
127.0.0.1 micorsoft.com
127.0.0.1 www.micorsoft.com #[typo hijacker]
127.0.0.1 www.mini-player.com #[5MOF Mini-Player]
127.0.0.1 banner.missingkids.com
127.0.0.1 ads.monster.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.a.in.monster.com
127.0.0.1 ads.monstermoving.com
127.0.0.1 cookie.monster.com
127.0.0.1 mp3today.net
127.0.0.1 www.mp3yes.com #[C2Media\LOP]
127.0.0.1 mpamexit.com
127.0.0.1 www.messagetag.com #[Email tracker]
127.0.0.1 msgtag.com
127.0.0.1 img.msgtag.com #[Restricted Zone site]
127.0.0.1 www.msgtag.com
127.0.0.1 multi1.rmuk.co.uk #[RealMedia]
127.0.0.1 mvtracker.com
127.0.0.1 www.mvtracker.com
127.0.0.1 mvr3d.net #[NavExcel\n-CASE]
127.0.0.1 mvr.us #[Parasite.NavExcel]
127.0.0.1 www.mvr.us
127.0.0.1 www.myaffiliateprogram.com
127.0.0.1 www.myarmory.com #[Spyware.Bazookabar]
127.0.0.1 ads.mydailyhoroscope.net
127.0.0.1 www.mydailyhoroscope.net #[Adware.Horoscope]
127.0.0.1 www.myemessenger.com
127.0.0.1 rm.myoc.com
127.0.0.1 myhitlogger.com
127.0.0.1 mypagefinder.com #[Parasite.MyPageFinder]
127.0.0.1 hit.namimedia.com
127.0.0.1 ads.nandomedia.com
127.0.0.1 neededware.com #[Adware.NeededWare]
127.0.0.1 www.neededware.com
127.0.0.1 neo-toolbar.com #[InstControl Class][Trojan.NeoToolbar.Installer]
127.0.0.1 www6.netbroadcaster.com
127.0.0.1 code.netbreak.com.au
127.0.0.1 www.netflip.com
127.0.0.1 money2.netfirms.com #[The Money Toolbar]
127.0.0.1 partner.netmechanic.com
127.0.0.1 tracker.netmechanic.com
127.0.0.1 counter.netmore.net
127.0.0.1 www.netpoll.nl
127.0.0.1 servedby.netshelter.net
127.0.0.1 ads.netsol.com
127.0.0.1 www.netsearch.info
127.0.0.1 ads.newsint.co.uk
127.0.0.1 adq.nextag.com
127.0.0.1 newiframe.biz #[TROJ_DELF.DS]
127.0.0.1 www.newiframe.biz
127.0.0.1 web1.noadware.net
127.0.0.1 www.noadware.net #[SCAM.Enigma.NoAdware]
127.0.0.1 nowbox.com
127.0.0.1 www.nowbox.com #[Parasite.NowBox]
127.0.0.1 mediatickets.nubela.net
127.0.0.1 www.nubela.net
127.0.0.1 nzads.net.nz
127.0.0.1 okcounter.com
127.0.0.1 www.okww.net #[Trojan.StartPage.C]
127.0.0.1 stat.onestat.com
127.0.0.1 www.onestat.com
127.0.0.1 one.ru
127.0.0.1 cnt.one.ru
127.0.0.1 stats0.one.ru
127.0.0.1 stats1.one.ru
127.0.0.1 stats2.one.ru
127.0.0.1 www.oneandonlynetwork.com #[Ticketmaster]
127.0.0.1 server1.opentracker.net
127.0.0.1 www.opinionlab.com
127.0.0.1 ccc00.opinionlab.com
127.0.0.1 rate.opinionlab.com
127.0.0.1 banner.orb.net
127.0.0.1 www.originalicons.com #[F1 Organizer Class]
127.0.0.1 geoads.osdn.com
127.0.0.1 tg-images.osdn.com
127.0.0.1 otx5.otxresearch.com
127.0.0.1 otx.ifilm.com #[OTXMedia.dll]
127.0.0.1 survey.otxresearch.com #[TrojanDownloader.OTXloader.A]
127.0.0.1 www.otxresearch.com #[OTXMovie Class]
127.0.0.1 adpopper.outblaze.com #[bargain-buddy.net]
127.0.0.1 www.p3marketing.com #[Zapspot]
127.0.0.1 click.payserve.com
127.0.0.1 www.pc-test.net
127.0.0.1 ad1.peel.com
127.0.0.1 ad3.peel.com
127.0.0.1 ads.peel.com
127.0.0.1 ad4.peel.com
127.0.0.1 ads5.peel.com
127.0.0.1 www.peel.com
127.0.0.1 www.peel.net
127.0.0.1 ads.pennyweb.com #[addynamix.com]
127.0.0.1 banners.pennyweb.com
127.0.0.1 www.peruvianmarket.com #[Trojan.Beagooz.D][server down?]
127.0.0.1 ads.photosight.ru
127.0.0.1 phpadsnew.com
127.0.0.1 www.phpadsnew.com
127.0.0.1 ads2.playnet.com
127.0.0.1 popfind.net #[Adware.Ddpop]
127.0.0.1 www.popupads.com
127.0.0.1 www.popupad.net
127.0.0.1 popupblockade.com #[Parasite.Httper]
127.0.0.1 www.popupblockade.com
127.0.0.1 popupmoney.com #[Restricted Zone site]
127.0.0.1 server01.popupmoney.com
127.0.0.1 www.popupmoney.com
127.0.0.1 popadstop.com #[Adware.PopAdStop]
127.0.0.1 www.popadstop.com
127.0.0.1 www.popunder.info #[TROJ_CHECKIN.B]
127.0.0.1 www.popupswappers.com
127.0.0.1 ad.popupswappers.com
127.0.0.1 www.popuptop.com
127.0.0.1 www2.portdetective.com
127.0.0.1 www.positivebeats.com #[C2Media\LOP]
127.0.0.1 x0x0l.pp.ru #[BKDR_CCT.A]
127.0.0.1 www.praize.com #[Adware.Praize]
127.0.0.1 1.primaryads.com
127.0.0.1 www.privacyoutpost.com #[Troj/Regldr-A]
127.0.0.1 www.prtracker.com
127.0.0.1 www.profitzone.com #[ProfitZONE Adbar]
127.0.0.1 prolivation.com #[Restricted Zone site]
127.0.0.1 www.prolivation.com
127.0.0.1 ads.pro-market.net
127.0.0.1 www.promo.com.au
127.0.0.1 www.prutect.com #[Spyware.e2give][Win32.Prutec.A]
127.0.0.1 www.pstopper.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 sma.punto.net
127.0.0.1 www.pureseeker.com #[C2Media\LOP]
127.0.0.1 www.pwallet.com #[Restricted Zone site]
127.0.0.1 rads01.quadrogram.com #[Adware.Quadro][Memwatcher.B][TROJ_PEPER.A]
127.0.0.1 adserv.quality-channel.de
127.0.0.1 www.quarterserver.de
127.0.0.1 questionmarket.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ch.questionmarket.com
127.0.0.1 survey.questionmarket.com
127.0.0.1 www.questionmarket.com
127.0.0.1 download.quickflicks.com #[Parasite.SVAPlayer]
127.0.0.1 www.qq886.com #[Backdoor.Semes]
127.0.0.1 ramgo.com #[Restricted Zone site]
127.0.0.1 www.ramgo.com #[Win32.Startpage.B]
127.0.0.1 www.autoraskrutka.ru #[Spyware.Acext]
127.0.0.1 www.raskrutim.ru #[Spyware.Acext]
127.0.0.1 www.realclicks.com
127.0.0.1 www.relmaxtop.com
127.0.0.1 banner.relcom.ru
127.0.0.1 adservice.recon-networks.com
127.0.0.1 rightmedia.net
127.0.0.1 rightstats.com
127.0.0.1 www.rightstats.com
127.0.0.1 m.rmbclick.com
127.0.0.1 www.rgs-rostock.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 track.roiservice.com
127.0.0.1 ad.ro2cn.com #[Adware.Ro2cn]
127.0.0.1 www.sandboxer.com #[Adware.Quadro][memorywatcher.com][Memwatcher.B]
127.0.0.1 www.savehits.com
127.0.0.1 st.sageanalyst.net
127.0.0.1 scorpionsearch.com #[W32.Adclicker.C.Trojan]
127.0.0.1 www.scorpionsearch.com #[x10.com][Trojan.Clicker.NetBuie a-b]
127.0.0.1 adsremote.scripps.com
127.0.0.1 te.scripps.com
127.0.0.1 counter.search.bg
127.0.0.1 searchalot.com
127.0.0.1 cards.searchalot.com
127.0.0.1 mail.searchalot.com
127.0.0.1 search.searchalot.com
127.0.0.1 web.searchalot.com
127.0.0.1 www.searchalot.com #[Adware-Tronix]
127.0.0.1 searchandclick.com
127.0.0.1 search.searchandclick.com
127.0.0.1 www.searchandclick.com #[Browseraid][SearchAndClick]
127.0.0.1 searchby.net
127.0.0.1 www.searchby.net #[Ultimate Popup Killer]
127.0.0.1 searchfst.com #[SFUtility Class][keywordsinc.com]
127.0.0.1 www.searchfst.com
127.0.0.1 www.searchgauge.com
127.0.0.1 www.search-control.com #[TrojanDropper.Win32.Small.ig]
127.0.0.1 search-itnow.com #[Parasite.AdultLinks]
127.0.0.1 www.search-itnow.com
127.0.0.1 www.searchmachine.com
127.0.0.1 www.searchmagnifier.com
127.0.0.1 www.searchrelevancy.com
127.0.0.1 www.searchresult.net #[Parasite.IgetNet]
127.0.0.1 searchseekfind.com #[Adware.SearchSeekFind]
127.0.0.1 www.searchseekfind.com
127.0.0.1 browser.secondpower.com
127.0.0.1 download.secondpower.com
127.0.0.1 www1.secondpower.com
127.0.0.1 www3.secondpower.com #[KB320159]
127.0.0.1 www.secondpower.com
127.0.0.1 adserver.securityfocus.com #[RealMedia]
127.0.0.1 www.selfsurveys.com
127.0.0.1 www.seehits.com
127.0.0.1 www.sendtraffic.com
127.0.0.1 sesso.com
127.0.0.1 www.sesso.com #[VBS.Biscuit.A@mm]
127.0.0.1 ds.serving-sys.com
127.0.0.1 quasar.sitegauge.com
127.0.0.1 tracker.sitescout.com
127.0.0.1 advertpro.sitepoint.com
127.0.0.1 www.sitestatslive.com
127.0.0.1 www.sitetracking.info #[Naughty Pops]
127.0.0.1 www.shadowcrew.com #[spam]
127.0.0.1 adserver.sharewareonline.com #[nictechnetworks.com]
127.0.0.1 www.shockcounter.com
127.0.0.1 shopathomeselect.com #[Parasite.ShopAtHomeSelect]
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 downloads.shopathomeselect.com
127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com #[Restricted Zone site]
127.0.0.1 smart2com.net #[Trojan.Autoproxy]
127.0.0.1 smart-browser.com
127.0.0.1 update.smart-browser.com #[Parasite.SmartBrowser]
127.0.0.1 www.smart-browser.com
127.0.0.1 smartclicks.net
127.0.0.1 www.smartclicks.net
127.0.0.1 smarter.com #[Restricted Zone site]
127.0.0.1 sidebar.smarter.com
127.0.0.1 www.smarter.com
127.0.0.1 ads.smni.com
127.0.0.1 static.smni.com
127.0.0.1 www.sonyasys.com #[Downloader.Botten]
127.0.0.1 www1.spaex.com #[searchboss.com]
127.0.0.1 www.specialoffersnetworks.com
127.0.0.1 www.spedia.net #[SpediaBar]
127.0.0.1 www.spyarsenal.com #[Spyware.DesktopSpy][Spyware.FamilyKeylog]
127.0.0.1 spyferret.com #[OnlinePcFix.SpyFerret]
127.0.0.1 www.spyferret.com
127.0.0.1 spyware.com #[roar.com]
127.0.0.1 www.ssppyy.com #[Spyware.Ssppyy]
127.0.0.1 www.s-tracking.com
127.0.0.1 adsintl.starwave.com
127.0.0.1 c1.statcounter.com
127.0.0.1 c2.statcounter.com
127.0.0.1 c3.statcounter.com
127.0.0.1 www.statcounter.com
127.0.0.1 js.statistici.ro
127.0.0.1 log.statistici.ro
127.0.0.1 s.statistici.ro
127.0.0.1 www.statomatic.com
127.0.0.1 reg.stats4all.com
127.0.0.1 stats4you.com
127.0.0.1 www.stats4you.com
127.0.0.1 ctgbn.stellaremperor.com #[Backdoor.Alets]
127.0.0.1 www.stickypops.com
127.0.0.1 clix.superclix.de
127.0.0.1 www.superlogy.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 sqwire.com #[Adware.Sqwire][Xupiter.Sqwire]
127.0.0.1 www.sqwire.com #[Parasite.Xupiter][Adware-PornKings]
127.0.0.1 www.supaseek.com #[Spyware.Supaseek]
127.0.0.1 rd1.surfernetwork.com #[SurferNETWORK Plugin]
127.0.0.1 www.surfernetwork.com
127.0.0.1 surfsidekick.com
127.0.0.1 dl.surfsidekick.com
127.0.0.1 www.surfsidekick.com #[Adware.SurfSideKick]
127.0.0.1 www2.surveyfocus.com
127.0.0.1 www.surveynetworks.com
127.0.0.1 www.surveysite.com
127.0.0.1 www2.survey-poll.com #[microsoft]
127.0.0.1 swift-look.com #[phishing exploit]
127.0.0.1 www.symantic.com #[Typo Squatter]
127.0.0.1 adpick.switchboard.com
127.0.0.1 adtag.sympatico.ca
127.0.0.1 www.syspage.com #[pop-up scam]
127.0.0.1 ad.uk.tangozebra.com
127.0.0.1 targetsearch.info #[Trojan.StartPage.H]
127.0.0.1 adult.targetsearch.info
127.0.0.1 go.targetsearch.info
127.0.0.1 tat-neftbank.ru #[Backdoor.Berbew.H]
127.0.0.1 www.tech-marketresearch.com
127.0.0.1 www.textads.biz
127.0.0.1 a.tfag.de
127.0.0.1 ak.tfag.de
127.0.0.1 theaffiliateprogram.com
127.0.0.1 myaffiliateprogram.com
127.0.0.1 www.the-counter.net
127.0.0.1 adbot.theonion.com
127.0.0.1 www.thepokerclub.com #[SecurityRisk.ClubPoker]
127.0.0.1 thesearchmall.com #[Adware.SearchMall]
127.0.0.1 www.thesearchmall.com
127.0.0.1 tnc4u.com #[Parasite.DownloadPlus]
127.0.0.1 new.tnc4u.com
127.0.0.1 www.tnc4u.com #[Adware.DownloadPlus]
127.0.0.1 www.toilet.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 tooncomics.com #[IEDLL.ToonComics][here4search.com]
127.0.0.1 www.tooncomics.com #[Downloader.Tooncom][CWS.Aff.Tooncomics]
127.0.0.1 log.trafic.ro
127.0.0.1 storage.trafic.ro
127.0.0.1 tool4ame.com #[TROJ_GOLID.A][Adware.IAGold]
127.0.0.1 www.toolshack.com
127.0.0.1 ads.toplayerserver.com
127.0.0.1 www1.toplayerserver.com
127.0.0.1 www.toplayerserver.com
127.0.0.1 toprebates.com #[webrebates]
127.0.0.1 www.toprebates.com
127.0.0.1 stat.toprefsys.com
127.0.0.1 www.top-search.com #[Adware-SSF.dr]
127.0.0.1 ad.topstat.com
127.0.0.1 nl.topstat.com #[Restricted Zone site]
127.0.0.1 s26.topstat.com
127.0.0.1 xl.topstat.com
127.0.0.1 ads.track-star.com
127.0.0.1 adserver.track-star.com
127.0.0.1 geo2.track-star.com
127.0.0.1 www.track-star.com
127.0.0.1 tradeexit.com
127.0.0.1 www.tradeexit.com #[Parasite.Winupie]
127.0.0.1 www.trafficbeamer.nl
127.0.0.1 trafficg.com #[Restricted Zone site]
127.0.0.1 www.trafficg.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 images.trafficmp.com
127.0.0.1 t.trafficmp.com
127.0.0.1 www.trafficflame.com
127.0.0.1 trafficfile.com
127.0.0.1 www.trafficfile.com
127.0.0.1 trackyourstats.com
127.0.0.1 trafficmarketplace.com
127.0.0.1 get.trafficmultiplier.com
127.0.0.1 go.trafficmultiplier.com
127.0.0.1 goto.trafficmultiplier.com
127.0.0.1 a.tribalfusion.com
127.0.0.1 cdn1.tribalfusion.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 tribalfusion.speedera.net
127.0.0.1 ads.tucows.com
127.0.0.1 counts.tucows.com
127.0.0.1 google.tucows.com
127.0.0.1 www.turbomemorycharger.com #[Adware.Fapi]
127.0.0.1 ads.ucomics.com
127.0.0.1 image.ugo.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 www.ukbanners.com
127.0.0.1 ultimatecounter.com
127.0.0.1 www.ultimatecounter.com
127.0.0.1 www.ultimatepopupkiller.com #[searchby.net]
127.0.0.1 www.ultraload.net #[MHTMLRedir.Exploit]
127.0.0.1 adcontroller.unicast.com
127.0.0.1 ads.unlimitedbanners.com
127.0.0.1 ads1.updated.com
127.0.0.1 www.updatenow.org #[Messenger Pop-up]
127.0.0.1 www.upgradenow.org
127.0.0.1 www.upp2ono41xi9rman2.com #[TrojanDropper.Small.LG]
127.0.0.1 url.biz.ua #[Download.Ject.B]
127.0.0.1 config.url404.com #[Parasite.Httper]
127.0.0.1 urlblaze.com #[Adware.TurboDownload]
127.0.0.1 www.urlblaze.com #[Adware Bundler]
127.0.0.1 www.urlblaze.net #[IEDriver][ADW_RULEDOR.C]
127.0.0.1 usachoice.net
127.0.0.1 ads.valuead.com #[Restricted Zone site]
127.0.0.1 adnetintads.valuead.com
127.0.0.1 banners.valuead.com
127.0.0.1 cs.valuead.com
127.0.0.1 oin.valuead.com #[outerinfo.com]
127.0.0.1 servedby.valuead.com
127.0.0.1 ad.valuehost.ru
127.0.0.1 image.versiontracker.com
127.0.0.1 spinbox.versiontracker.com
127.0.0.1 ads.vesperexchange.com
127.0.0.1 www.vesperexchange.com
127.0.0.1 cinnam.vibrahost.com #[PWSteal.Revcuss.C][Win32.Revcuss.C]
127.0.0.1 vivi.vibrahost.com #[PWSteal.Revcuss.A]
127.0.0.1 dns2010.vicp.net #[Backdoor.Tumag]
127.0.0.1 uygurman.vicp.net #[Trojan.Riler][Troj/Riler-B]
127.0.0.1 oas.villagevoice.com
127.0.0.1 www.vikord.com #[Download.Ject.C]
127.0.0.1 visit-link.com
127.0.0.1 www.voonda.com #[Spyware.TAFbar]
127.0.0.1 generic.vpptechnologies.com
127.0.0.1 images2.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]
127.0.0.1 xml.vpptechnologies.com #[BlazeFind]
127.0.0.1 www.vstats.net
127.0.0.1 ads.vnuemedia.com
127.0.0.1 sevenc.vze.com #[VBS.Powcox@mm]
127.0.0.1 www.w3exit.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 wazam.com
127.0.0.1 www.wazam.com #[Parasite.Wazam]
127.0.0.1 wcft.net #[Parasite.LinkReplacer]
127.0.0.1 www.wcft.net
127.0.0.1 ads.weather.com
127.0.0.1 ads.webattack.com
127.0.0.1 webcounter.com
127.0.0.1 www.webcounter.com
127.0.0.1 ads.webhosting.info
127.0.0.1 www.weblink.ru #[server down?]
127.0.0.1 adv.webmd.com
127.0.0.1 webhits.de
127.0.0.1 banners.webmasterplan.com
127.0.0.1 stat.webmedia.pl
127.0.0.1 bannervip.web1000.com
127.0.0.1 ads.webads360.com
127.0.0.1 clickcash.webpower.com
127.0.0.1 orders.webpower.com
127.0.0.1 img.webring.com
127.0.0.1 img1.webring.com
127.0.0.1 ads.webshots.com
127.0.0.1 websponsors.com
127.0.0.1 a.websponsors.com
127.0.0.1 ads.websponsors.com
127.0.0.1 g.websponsors.com
127.0.0.1 www.websponsors.com
127.0.0.1 www.webstars2000.com
127.0.0.1 hits.webstat.com
127.0.0.1 www.wenksdisdkjeilsow.com #[Parasite.AutoStartup][Download.Trojan]
127.0.0.1 wetrack.it
127.0.0.1 st.wetrack.it
127.0.0.1 www.wgutv.com #[Adware.BuddyLinks]
127.0.0.1 partner1.whatsfind.com
127.0.0.1 www.whatsfind.com #[HTML_STARTPAGE.C]
127.0.0.1 www.win-fix.com #[Rogue/Suspect]
127.0.0.1 window1.com
127.0.0.1 ads.winhelp2002.com
127.0.0.1 ads.winsite.com
127.0.0.1 winstream.com #[Parasite.Searchex]
127.0.0.1 www.winstream.com
127.0.0.1 clicktrack.wnu.com
127.0.0.1 www.wowweb.net #[Adware.WWWBar]
127.0.0.1 www.wurldmedia.com #[Adware.Wurldmedia][WurldMedia][KB321923]
127.0.0.1 x0x.biz
127.0.0.1 www.x0x.biz #[Backdoor.Berbew.D]
127.0.0.1 xtra.co.nz
127.0.0.1 nedstats.xs4all.nl
127.0.0.1 hit1.xstats.com
127.0.0.1 view1.xstats.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 bs.yandex.ru
127.0.0.1 counter.yadro.ru
127.0.0.1 crsky2004.yeah.net #[Backdoor.Singu.B]
127.0.0.1 yourspecialoffers.com #[FavoriteMan]
127.0.0.1 www.yourspecialoffers.com
127.0.0.1 ysearchus.com #[Parasite.TinyBar]
127.0.0.1 www.ysearchus.com
127.0.0.1 zuvio.com #[UCSearch.ucUCSearch]
127.0.0.1 www.zuvio.com #[Adware.OpenSite][OpenSite]
127.0.0.1 bannerads.zwire.com
127.0.0.1 www.0stats.com
127.0.0.1 cc.1asphost.com #[Trojan.Bansap]
127.0.0.1 www.123counts.com #[hitslink.com]
127.0.0.1 www.123mania.com #[SrchHook Class][Parasite.123Mania]
127.0.0.1 123stat.com
127.0.0.1 1234.2bro.com #[Adware.Satbo]
127.0.0.1 www.241hits.com
127.0.0.1 up.isp.2ch.net #[Trojan.Upchan]
127.0.0.1 www.321search.com #[SearchAssistant.dll]
127.0.0.1 ct.360i.com
127.0.0.1 www.ff.iij4u.or.jp #[Trojan.Upchan]
127.0.0.1 download.35mb.com #[impregnable.net]
127.0.0.1 www.35mb.com #[download_35mb_com.applet]
127.0.0.1 1000stars.ru
127.0.0.1 xxxwwwjjjhd.20forfree.com #[W32.Autex.Worm]
127.0.0.1 www.xxxwwwjjjhd.20forfree.com
127.0.0.1 ad.37.com
127.0.0.1 2jm.com
127.0.0.1 7adpower.com
127.0.0.1 www.7adpower.com #[Svezia.Dialer][VacPro.UserControl1]
127.0.0.1 7am.com
127.0.0.1 www.777search.com #[LOP]
127.0.0.1 ad2.163.com
127.0.0.1 adclient.163.com
127.0.0.1 popme.163.com
127.0.0.1 smtp.163.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 ajim.delphibbs.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 14713804A.l2m.net #[LiveTechnology]
127.0.0.1 banner.50megs.com
127.0.0.1 guannan.3322.net #[Restricted Zone site]
127.0.0.1 www.fan8.com
127.0.0.1 banners.dot.tk
127.0.0.1 topsites.us #[Parasite.eStart]
127.0.0.1 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com
127.0.0.1 www.123banners.com
127.0.0.1 ftp.123banners.com
127.0.0.1 123go.com
127.0.0.1 ns1.123go.net
127.0.0.1 n-case.com
127.0.0.1 www.n-case.com
127.0.0.1 ads.180solutions.com
127.0.0.1 ax.180solutions.com #[180SAInstaller Class]
127.0.0.1 bis.180solutions.com #[nCaseInstaller Class]
127.0.0.1 bisads.180solutions.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 installs.180solutions.com
127.0.0.1 ping.180solutions.com
127.0.0.1 tv.180solutions.com
127.0.0.1 www.180solutions.com #[Parasite.nCase]
127.0.0.1 www.180searchassistant.com #[Adware.180Search]
127.0.0.1 www.surfassistant.com #[Adware.SurfAssistant]
127.0.0.1 downloads.zango.com
127.0.0.1 games.zango.com
127.0.0.1 infinity.zango.com #[ZangoInstaller Class]
127.0.0.1 messenger.zango.com
127.0.0.1 showtimes.zango.com
127.0.0.1 www.zango.com
127.0.0.1 www.zangomessenger.com
127.0.0.1 www.zangoshowtimes.com
127.0.0.1 address.3721.com
127.0.0.1 agent.3721.com
127.0.0.1 assistant.3721.com
127.0.0.1 cns.3721.com
127.0.0.1 cnsmin.3721.com
127.0.0.1 corp.3721.com
127.0.0.1 dir.3721.com
127.0.0.1 download.3721.com
127.0.0.1 express.3721.com
127.0.0.1 img.3721.com
127.0.0.1 magic.3721.com
127.0.0.1 mark.3721.com
127.0.0.1 meta.3721.com
127.0.0.1 msearch.3721.com
127.0.0.1 sbox.3721.com
127.0.0.1 shanghai.3721.com
127.0.0.1 sina.3721.com
127.0.0.1 user.3721.com
127.0.0.1 wap.3721.com
127.0.0.1 www.3721.com #[Adware.Chinet][ADW_CNSMIN.A]
127.0.0.1 yahoo.3721.com
127.0.0.1 3721.com
127.0.0.1 download.feiyang.com
127.0.0.1 adtracker.411web.com
127.0.0.1 hits.411web.com
127.0.0.1 overture.411web.com
127.0.0.1 static.411web.com
127.0.0.1 xml.411web.com
127.0.0.1 search.letssearch.com
127.0.0.1 search2.letssearch.com
127.0.0.1 www.letssearch.com #[BrowserAid.LetsSearch]
127.0.0.1 7search.com #[Parasite.7FaSSt Search]
127.0.0.1 www.7search.com
127.0.0.1 fstrack.7search.com
127.0.0.1 impression.7search.com
127.0.0.1 img.7meta.com
127.0.0.1 www.7metasearch.com
127.0.0.1 bannerx.adtactics.com
127.0.0.1 adtactics.com
127.0.0.1 www.adtactics.com
127.0.0.1 ajokeaday.com
127.0.0.1 bannersxchange.com
127.0.0.1 img.bannersxchange.com
127.0.0.1 www.linkstoyou.com
127.0.0.1 www.payperranking.com
127.0.0.1 www.pay-per-search.com
127.0.0.1 paypertext.com
127.0.0.1 predictivesearch.com
127.0.0.1 tracking.roispy.com
127.0.0.1 www.roispy.com
127.0.0.1 tracking.spiderbait.com
127.0.0.1 www.spiderbait.com
127.0.0.1 advertisingagent.com
127.0.0.1 clicks.about.com
127.0.0.1 f.about.com
127.0.0.1 home.about.com
127.0.0.1 js.get.about.com
127.0.0.1 images.about.com
127.0.0.1 lunafetch.about.com
127.0.0.1 pixel3.about.com
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 statistics.s5.com
127.0.0.1 ad.aboutwebservices.com
127.0.0.1 abroadsoftware.com #[EzSearchBar]
127.0.0.1 www.exits.ro
127.0.0.1 superwebsearch.com #[Parasite.ILookup][Adware.ILookup]
127.0.0.1 www.superwebsearch.com
127.0.0.1 adops.adbureau.net
127.0.0.1 etype.adbureau.net
127.0.0.1 granada.adbureau.net
127.0.0.1 www.adbureau.net
127.0.0.1 accipiter.speedera.net
127.0.0.1 ad-blaster.com
127.0.0.1 www.ad-blaster.com
127.0.0.1 promote4profit.com
127.0.0.1 www.promote4profit.com
127.0.0.1 addfreestats.com
127.0.0.1 top.addfreestats.com
127.0.0.1 www.addfreestats.com
127.0.0.1 www.3dstats.com
127.0.0.1 www1.addfreestats.com
127.0.0.1 www2.addfreestats.com
127.0.0.1 www3.addfreestats.com
127.0.0.1 adlogix.com #[InPop.InControl][IEEnhancer]
127.0.0.1 lasagne.adlogix.com
127.0.0.1 publisher.adlogix.com
127.0.0.1 traffic.adlogix.com
127.0.0.1 trafficsource.adlogix.com
127.0.0.1 www.adlogix.com
127.0.0.1 getpopped.com
127.0.0.1 www.getpopped.com
127.0.0.1 hitgo.com #[IPU][InPop.InControl]
127.0.0.1 www.hitgo.com
127.0.0.1 popmonster.com #[IEFeature Class]
127.0.0.1 www.popmonster.com #[TROJ_POPMON.A]
127.0.0.1 r2.trafficserverstats.com
127.0.0.1 ads.adorigin.com
127.0.0.1 dev.adorigin.com
127.0.0.1 www.adorigin.com
127.0.0.1 blowsearch.com
127.0.0.1 msxml.blowsearch.com
127.0.0.1 web.blowsearch.com #[infospace.com]
127.0.0.1 www.blowsearch.com
127.0.0.1 cb.adprofile.net
127.0.0.1 content.adprofile.net
127.0.0.1 tx.adprofile.net
127.0.0.1 w2-ver.adprofile.net
127.0.0.1 adteractive.com
127.0.0.1 www.adteractive.com
127.0.0.1 adtegrity.com
127.0.0.1 www.adtegrity.com
127.0.0.1 webalize.com #[SearchCentrix][VisiCom.SearchCentric]
127.0.0.1 toolbar.webalize.com #[downloads.searchcentrix.com]
127.0.0.1 www.webalize.com #[Visicom Media Toolbar]
127.0.0.1 webalize.net
127.0.0.1 www.webalize.net
127.0.0.1 webalize.mygeek.com
127.0.0.1 advertisementbanners.com
127.0.0.1 ads.specificclick.com
127.0.0.1 www.specificclick.com
127.0.0.1 specificpop.com
127.0.0.1 ads.specificpop.com
127.0.0.1 banners.specificpop.com
127.0.0.1 www.specificpop.com
127.0.0.1 adopt.specificclick.net
127.0.0.1 images.specificclick.net
127.0.0.1 image.adjuggler.com
127.0.0.1 rotator.adjuggler.com
127.0.0.1 www.adjuggler.com
127.0.0.1 thruport.com
127.0.0.1 adj54.thruport.com
127.0.0.1 imageserver1.thruport.com
127.0.0.1 www.thruport.com
127.0.0.1 alset.com #[WIN32/HXDL AL]
127.0.0.1 www.alset.com
127.0.0.1 aveo.com
127.0.0.1 www.aveo.com #[server down?]
127.0.0.1 allcybersearch.com #[REG_STARTPAGE.A]
127.0.0.1 www.allcybersearch.com
127.0.0.1 amigeek.com
127.0.0.1 www.amigeek.com
127.0.0.1 clickyestoenter.net
127.0.0.1 www.clickyestoenter.net
127.0.0.1 www.gay50.com
127.0.0.1 gocybersearch.com
127.0.0.1 www.gocybersearch.com
127.0.0.1 www.hotelxxxcams.com
127.0.0.1 hotpopup.com
127.0.0.1 search.hotpopup.com
127.0.0.1 www.hotpopup.com
127.0.0.1 hotsearchbox.com #[JAVA_STARTPAGE.F]
127.0.0.1 www.hotsearchbox.com
127.0.0.1 i--search.com
127.0.0.1 www.i--search.com #[StartPage-FN]
127.0.0.1 jethomepage.com #[JS.Exception.Exploit]
127.0.0.1 www.jethomepage.com #[Troj/JetHome-B]
127.0.0.1 jetseeker.com #[CWS.Bootconf]
127.0.0.1 www.jetseeker.com
127.0.0.1 searchxl.com #[Adware.ZeroPopUpBar]
127.0.0.1 www.searchxl.com
127.0.0.1 tinybar.com
127.0.0.1 www.tinybar.com #[Parasite.TinyBar]
127.0.0.1 topsearcher.com #[JV/Goplanet]
127.0.0.1 www.topsearcher.com #[Troj/JetHome-J]
127.0.0.1 trixscripts.com
127.0.0.1 www.trixscripts.com
127.0.0.1 zeropopup.com #[Parasite.ZeroPopUp]
127.0.0.1 www.zeropopup.com #[Tellafriend.Trojan]
127.0.0.1 znext.com #[JS_TRAFFICHBAR.A][Parasite.TinyBar]
127.0.0.1 www.znext.com #[Parasite.ZeroPopUp][App/P0P-A]
127.0.0.1 adpowerzone.com
127.0.0.1 ads.adpowerzone.com
127.0.0.1 easy.adpowerzone.com
127.0.0.1 ss.adpowerzone.com
127.0.0.1 tb.adpowerzone.com
127.0.0.1 tb-static.adpowerzone.com #[Adware.Websearch]
127.0.0.1 www.adpowerzone.com #[Adware.Searchexplorer]
127.0.0.1 adserver.adsincontext.com
127.0.0.1 ns1.adsincontext.com
127.0.0.1 srv01.adsincontext.com
127.0.0.1 srv02.adsincontext.com
127.0.0.1 srv03.adsincontext.com
127.0.0.1 srv04.adsincontext.com
127.0.0.1 srv05.adsincontext.com
127.0.0.1 srv07.adsincontext.com
127.0.0.1 adgoblin.com #[Adware.AdGoblin]
127.0.0.1 crossroad.adgoblin.com
127.0.0.1 www.adgoblin.com #[AdGoblin.foontext]
127.0.0.1 adforce.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adserv003.adtech.de
127.0.0.1 imageserv.adtech.de
127.0.0.1 livingnet.adtech.de
127.0.0.1 cdn1.adsdk.com
127.0.0.1 cdn2.adsdk.com #[VirtualBouncer]
127.0.0.1 advertising.com
127.0.0.1 adserve.advertising.com
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 demo.advertising.com
127.0.0.1 opera1-servedby.advertising.com
127.0.0.1 servedby.advertising.com
127.0.0.1 rd.advertising.com
127.0.0.1 wap.advertising.com
127.0.0.1 www.advertising.com
127.0.0.1 clk4.com
127.0.0.1 www.clk4.com
127.0.0.1 www.contextualclicks.com
127.0.0.1 fastseeker.com #[Adware.FastSeek]
127.0.0.1 www.fastseeker.com
127.0.0.1 spyblast.com #[Parasite.SpyBlast]
127.0.0.1 www.spyblast.com #[SBFullInst Control]
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 t.ign.com
127.0.0.1 tracker.ign.com
127.0.0.1 adserver.snowball.com
127.0.0.1 polls.snowball.com
127.0.0.1 scripts.snowball.com
127.0.0.1 t.snowball.com
127.0.0.1 tracker.snowball.com
127.0.0.1 altnet.com
127.0.0.1 file.altnet.com
127.0.0.1 media.altnet.com
127.0.0.1 ts.altnet.com
127.0.0.1 tss.altnet.com
127.0.0.1 pm.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 brilliantdigital.com #[Parasite.BDE]
127.0.0.1 st.brilliantdigital.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 b3d.com
127.0.0.1 www.b3d.com
127.0.0.1 bde3d.com
127.0.0.1 xiti.com
127.0.0.1 loga.xiti.com
127.0.0.1 logc13.xiti.com
127.0.0.1 logi6.xiti.com
127.0.0.1 logi7.xiti.com
127.0.0.1 logv3.xiti.com
127.0.0.1 logv18.xiti.com
127.0.0.1 logv20.xiti.com
127.0.0.1 logp.xiti.com
127.0.0.1 trafic.xiti.com
127.0.0.1 www.xiti.com
127.0.0.1 adintelligence.net
127.0.0.1 acc.adintelligence.net
127.0.0.1 adchannel.adintelligence.net
127.0.0.1 creatives.adintelligence.net
127.0.0.1 download.adintelligence.net #[SysAI]
127.0.0.1 www.adintelligence.net
127.0.0.1 adchannel.contextplus.net #[Parasite.AproposMedia]
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.com
127.0.0.1 adv.peopleonpage.com
127.0.0.1 app.peopleonpage.com
127.0.0.1 download.peopleonpage.com #[POP Loader]
127.0.0.1 envolo.peopleonpage.com
127.0.0.1 img.peopleonpage.com
127.0.0.1 srv.peopleonpage.com #[Spyware.Apropos.B]
127.0.0.1 www.peopleonpage.com #[Apropos.bho][PeopleOnPage.Apropos]
127.0.0.1 image.avenuea.com
127.0.0.1 www.avenuea.com
127.0.0.1 www.atdmt.com
127.0.0.1 click.atdmt.com
127.0.0.1 clk.atdmt.com
127.0.0.1 spd.atdmt.com
127.0.0.1 spe.atdmt.com
127.0.0.1 switch.atdmt.com
127.0.0.1 view.atdmt.com
127.0.0.1 atlasdmt.com
127.0.0.1 www.atlasdmt.com
127.0.0.1 www.avenueainc.com
127.0.0.1 active-alert-server.com
127.0.0.1 www.active-alert-server.com
127.0.0.1 amnv.net
127.0.0.1 www.amnv.net
127.0.0.1 avenuemedia.com
127.0.0.1 www.avenuemedia.com
127.0.0.1 climaxbucks.com #[ClimaxBucks.InternetOptimizer]
127.0.0.1 cdn.climaxbucks.com
127.0.0.1 mt1.climaxbucks.com
127.0.0.1 mt23.climaxbucks.com
127.0.0.1 xbs.climaxbucks.com
127.0.0.1 www.climaxbucks.com
127.0.0.1 xbs.cocktailcash.com
127.0.0.1 cocktailcash.com
127.0.0.1 www.cocktailcash.com
127.0.0.1 ads.internet-optimizer.com #[Parasite.Internet Optimizer]
127.0.0.1 internet-optimizer.com #[Downloader.Dyfcia.F]
127.0.0.1 configure.internet-optimizer.com
127.0.0.1 help.internet-optimizer.com
127.0.0.1 www.internet-optimizer.com #[Adware.NetOptimizer]
127.0.0.1 www.lunasearch.com
127.0.0.1 movies-etc.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 www.movies-etc.com
127.0.0.1 yoogee.com #[Parasite.Internet Optimizer]
127.0.0.1 www.yoogee.com
127.0.0.1 c.azjmp.com
127.0.0.1 images.azoogleads.com
127.0.0.1 images.azooimages.com
127.0.0.1 www.azoogleads.com
127.0.0.1 www.giftfox.com
127.0.0.1 images.imgehost.com
127.0.0.1 c.qckjmp.com
127.0.0.1 google.begin2search.com
127.0.0.1 toolbar.begin2search.com
127.0.0.1 www.begin2search.com #[Adware.Begin2search][iiittt Class]
127.0.0.1 click2findnow.com
127.0.0.1 www.click2findnow.com
127.0.0.1 desktoptraffic.net
127.0.0.1 toolbar.desktoptraffic.net
127.0.0.1 popupsearches.com
127.0.0.1 www.popupsearches.com
127.0.0.1 www.eaffiliateinc.com
127.0.0.1 globalwebsearch.com #[Parasite.ILookup]
127.0.0.1 toolbar.globalwebsearch.com #[I-Lookup.GWS]
127.0.0.1 toolbar2.globalwebsearch.com #[iiittt Class]
127.0.0.1 www.globalwebsearch.com #[Adware.ILookup]
127.0.0.1 hotwebsearch.com
127.0.0.1 www.hotwebsearch.com
127.0.0.1 worldanywhere.com
127.0.0.1 toolbar.worldanywhere.com
127.0.0.1 www.worldanywhere.com
127.0.0.1 adcounter.theglobeandmail.com
127.0.0.1 adrates.theglobeandmail.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads1.theglobeandmail.com
127.0.0.1 visit.theglobeandmail.com
127.0.0.1 www1.theglobeandmail.com
127.0.0.1 adbot.com
127.0.0.1 w1.adbot.com
127.0.0.1 www.adbot.com
127.0.0.1 counter.bloke.com
127.0.0.1 www1.counter.bloke.com
127.0.0.1 www3.counter.bloke.com
127.0.0.1 www4.counter.bloke.com
127.0.0.1 www5.counter.bloke.com
127.0.0.1 www6.counter.bloke.com
127.0.0.1 www7.counter.bloke.com
127.0.0.1 counterbot.com
127.0.0.1 cb1.counterbot.com
127.0.0.1 ak.bluestreak.com
127.0.0.1 ca1.bluestreak.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 www.bluestreak.com
127.0.0.1 download.bonzi.com
127.0.0.1 images.bonzi.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.bonzibuddy.com
127.0.0.1 bravenet.com
127.0.0.1 adserv.bravenet.com
127.0.0.1 images.bravenet.com
127.0.0.1 linktrack.bravenet.com
127.0.0.1 pub1.bravenet.com
127.0.0.1 www.bravenet.com
127.0.0.1 belgiandip.com #[ITS Protocol exploit]
127.0.0.1 www.belgiandip.com
127.0.0.1 fassia.net #[Parasite.AutoSearch]
127.0.0.1 www.fassia.net
127.0.0.1 flipperkeys.com
127.0.0.1 www.flipperkeys.com
127.0.0.1 www.illtemperedguppys.com
127.0.0.1 manipulatingtheicesurface.com
127.0.0.1 www.manipulatingtheicesurface.com
127.0.0.1 www.no-beba-el-agua.com
127.0.0.1 smokeandapancake.org #[Adware.Winpup]
127.0.0.1 www.smokeandapancake.org #[AdClicker-O][Troj/Psyme-C]
127.0.0.1 www.undergroundlair.net #[Troj/AdClick-N]
127.0.0.1 www2.undergroundlair.net
127.0.0.1 www.00z70az77mnsa-00swj1zzprh.com #[www2.undergroundlair.net]
127.0.0.1 www.funcionamiento-con-la-tijera.com #[undergroundlair.net]
127.0.0.1 www.pshnw6510990nmo-34nue7700.net
127.0.0.1 burstmedia.com
127.0.0.1 web.burstmedia.com
127.0.0.1 roscoe.burstmedia.com
127.0.0.1 ads.burstnet.com
127.0.0.1 gifs.burstnet.com
127.0.0.1 sj.burstnet.com
127.0.0.1 te.burstnet.com
127.0.0.1 www.burstnet.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www3.burstnet.com
127.0.0.1 www4.burstnet.com
127.0.0.1 www5.burstnet.com
127.0.0.1 www6.burstnet.com
127.0.0.1 www.burstnet.akadns.net
127.0.0.1 casalemedia.com
127.0.0.1 as.casalemedia.com
127.0.0.1 asg01.casalemedia.com
127.0.0.1 asg02.casalemedia.com
127.0.0.1 asg03.casalemedia.com
127.0.0.1 asg04.casalemedia.com
127.0.0.1 asg05.casalemedia.com
127.0.0.1 asg06.casalemedia.com
127.0.0.1 asg07.casalemedia.com
127.0.0.1 asg08.casalemedia.com
127.0.0.1 asg09.casalemedia.com
127.0.0.1 asg10.casalemedia.com
127.0.0.1 asg11.casalemedia.com
127.0.0.1 asg12.casalemedia.com
127.0.0.1 asg13.casalemedia.com
127.0.0.1 asg14.casalemedia.com
127.0.0.1 asg15.casalemedia.com
127.0.0.1 asg16.casalemedia.com
127.0.0.1 asg17.casalemedia.com
127.0.0.1 asg18.casalemedia.com
127.0.0.1 asg19.casalemedia.com
127.0.0.1 asg20.casalemedia.com
127.0.0.1 asg21.casalemedia.com
127.0.0.1 asg22.casalemedia.com
127.0.0.1 asg23.casalemedia.com
127.0.0.1 asg24.casalemedia.com
127.0.0.1 asg25.casalemedia.com
127.0.0.1 asg26.casalemedia.com
127.0.0.1 asg27.casalemedia.com
127.0.0.1 asg28.casalemedia.com
127.0.0.1 asg29.casalemedia.com
127.0.0.1 asg30.casalemedia.com
127.0.0.1 asg31.casalemedia.com
127.0.0.1 asg32.casalemedia.com
127.0.0.1 asg33.casalemedia.com
127.0.0.1 asg34.casalemedia.com
127.0.0.1 asg35.casalemedia.com
127.0.0.1 asg36.casalemedia.com
127.0.0.1 asg37.casalemedia.com
127.0.0.1 asg38.casalemedia.com
127.0.0.1 asg39.casalemedia.com
127.0.0.1 asg40.casalemedia.com
127.0.0.1 asg41.casalemedia.com
127.0.0.1 asg42.casalemedia.com
127.0.0.1 asg43.casalemedia.com
127.0.0.1 asg44.casalemedia.com
127.0.0.1 asg45.casalemedia.com
127.0.0.1 asg46.casalemedia.com
127.0.0.1 asg47.casalemedia.com
127.0.0.1 asg48.casalemedia.com
127.0.0.1 asg49.casalemedia.com
127.0.0.1 asg50.casalemedia.com
127.0.0.1 asg51.casalemedia.com
127.0.0.1 asg52.casalemedia.com
127.0.0.1 aslg01.casalemedia.com
127.0.0.1 aslg02.casalemedia.com
127.0.0.1 aslg03.casalemedia.com
127.0.0.1 aslg04.casalemedia.com
127.0.0.1 aslg05.casalemedia.com
127.0.0.1 aslg06.casalemedia.com
127.0.0.1 aslg07.casalemedia.com
127.0.0.1 aslg08.casalemedia.com
127.0.0.1 aslg09.casalemedia.com
127.0.0.1 aslg10.casalemedia.com
127.0.0.1 c.casalemedia.com
127.0.0.1 i.casalemedia.com
127.0.0.1 is.casalemedia.com
127.0.0.1 isg01.casalemedia.com
127.0.0.1 isg02.casalemedia.com
127.0.0.1 isg03.casalemedia.com
127.0.0.1 isg04.casalemedia.com
127.0.0.1 isg05.casalemedia.com
127.0.0.1 isg06.casalemedia.com
127.0.0.1 isg07.casalemedia.com
127.0.0.1 isg08.casalemedia.com
127.0.0.1 isg09.casalemedia.com
127.0.0.1 isg10.casalemedia.com
127.0.0.1 r.casalemedia.com
127.0.0.1 www.casalemedia.com
127.0.0.1 www.spywarestormer.com #[CInstall Class][Zoombar Object][Rogue/Suspect]
127.0.0.1 active-max.com
127.0.0.1 search.active-max.com
127.0.0.1 www.active-max.com
127.0.0.1 allaboutsearching.com
127.0.0.1 www.allaboutsearching.com
127.0.0.1 amazingautossearch.com
127.0.0.1 www.amazingautossearch.com
127.0.0.1 contexualsearch.com
127.0.0.1 www.contexualsearch.com
127.0.0.1 www.dialup2.com
127.0.0.1 ecpm.com
127.0.0.1 www.ecpm.com
127.0.0.1 find-quick.com
127.0.0.1 www.find-quick.com
127.0.0.1 look-today.com
127.0.0.1 www.look-today.com
127.0.0.1 lop.com
127.0.0.1 ao.lop.com
127.0.0.1 ayb.lop.com
127.0.0.1 bins.lop.com
127.0.0.1 k17177.bins.lop.com
127.0.0.1 img.lop.com
127.0.0.1 sue.lop.com
127.0.0.1 srch.lop.com #[Parasite.LOP]
127.0.0.1 www1.lop.com
127.0.0.1 www.lop.com
127.0.0.1 maxexp.com
127.0.0.1 www.mp3search.com
127.0.0.1 mysearchnow.com
127.0.0.1 search200.com
127.0.0.1 www.search200.com
127.0.0.1 search.mysearchnow.com
127.0.0.1 www.mysearchnow.com
127.0.0.1 netsearchsoft.com
127.0.0.1 www.netsearchsoft.com
127.0.0.1 omegasearch.com
127.0.0.1 www.omegasearch.com
127.0.0.1 prosearching.com
127.0.0.1 www.prosearching.com
127.0.0.1 www.rub.to
127.0.0.1 sbvr.com
127.0.0.1 www.sbvr.com
127.0.0.1 searchexe.com
127.0.0.1 www.searchexe.com
127.0.0.1 searchweb2.com
127.0.0.1 www.searchweb2.com
127.0.0.1 spawnet.com
127.0.0.1 www.spawnet.com
127.0.0.1 tdmy.com #[TrojanDownloader.Win32.Swizzor.h]
127.0.0.1 tefs.com
127.0.0.1 tfil.com
127.0.0.1 www.tfil.com
127.0.0.1 tdko.com
127.0.0.1 www.tdko.com
127.0.0.1 wfix.com #[super-spider.com]
127.0.0.1 installdollars.com #[affiliate]
127.0.0.1 www2.installdollars.com #[Adware.Instdollars][server down?]
127.0.0.1 www.installdollars.com
127.0.0.1 clickxchange.com
127.0.0.1 caweb1.clickxchange.com
127.0.0.1 caweb2.clickxchange.com
127.0

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
loul37 49Messages postés 1 juillet 2007Date d'inscription 21 mai 2008 à 07:44
[b]SDFix: Version 1.181 /b
Run by starwars on 19/05/2008 at 17:10

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:

[b]Name /b:
tcpsr

[b]Path /b:
\??\C:\WINDOWS\System32\drivers\tcpsr.sys

tcpsr - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files /b:

Trojan Files Found:

C:\WINDOWS\system32\crypts.dll - Deleted
C:\WINDOWS\system32\WinNt32.dll - Deleted
C:\WINDOWS\system32\drivers\tcpsr.sys - Deleted
C:\WINDOWS\system32\pjsapdg.sys - Deleted





Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 17:15:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\starwars\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\starwars\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\HomePlayer1.5.3.1\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5.3.1\\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\d.exe"="C:\\d.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\service.exe"="C:\\WINDOWS\\system32\\service.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files /b:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Wed 10 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 3 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 22 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Mon 2 Dec 2002 431,616 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe"

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
loul37 49Messages postés 1 juillet 2007Date d'inscription 21 mai 2008 à 07:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:00, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07b2a86a-c40f-433a-be90-6318943f1b67} - (no file)
O2 - BHO: (no name) - {0f3ebb87-4831-4001-b44e-617805214538} - (no file)
O2 - BHO: (no name) - {2484b0a2-be7b-4f18-8b42-bb373c1d543a} - (no file)
O2 - BHO: (no name) - {2512dc24-38b6-452c-8892-490e5931b479} - (no file)
O2 - BHO: (no name) - {2d398ab0-e0c8-4857-b34d-42b2cdba890b} - (no file)
O2 - BHO: (no name) - {368b752a-01d5-4529-a66b-e5cd5a9ee344} - (no file)
O2 - BHO: (no name) - {39052101-ebbe-4f01-bc4a-41d759c3640d} - (no file)
O2 - BHO: (no name) - {3963e43e-ee7a-46ab-ae46-53c05477d291} - (no file)
O2 - BHO: (no name) - {3d454eb8-8941-4e63-9c7f-c1c983a0b766} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58957896-c7a4-4e66-a067-1cc2fe962aa0} - (no file)
O2 - BHO: (no name) - {740d5a25-e00b-49e0-939f-b2c92dc3aac3} - (no file)
O2 - BHO: (no name) - {75c44daf-bed4-4bea-bfdd-01d5811db072} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {76f7d35f-74b0-41d6-88e8-3195034d8e2e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {b9ab28fa-ed73-4e5e-ba11-0925d85120d1} - C:\WINDOWS\system32\iifgFYss.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {bfa78864-efc8-473c-8fe1-c5f47bc65924} - (no file)
O2 - BHO: (no name) - {c1f29f1c-e20f-4a1d-9f76-0aac3aecbbbd} - (no file)
O2 - BHO: (no name) - {c687269c-54e1-4020-9ff0-5e36c94cc7a1} - (no file)
O2 - BHO: (no name) - {c9978c24-54ff-416d-9e60-630197f0a881} - (no file)
O2 - BHO: (no name) - {d682dd9e-d239-480b-82ed-efcc897b1b6b} - (no file)
O2 - BHO: (no name) - {dbf08d74-10d0-4743-9450-569df1972349} - C:\WINDOWS\system32\opnlMffE.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ec364224] rundll32.exe "C:\WINDOWS\system32\haigrxdu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f5e19a493dd24e6e9c10237861bdbd75
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f5e19a493dd24e6e9c10237861bdbd75
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
O20 - Winlogon Notify: iifgFYss - C:\WINDOWS\SYSTEM32\iifgFYss.dll
O20 - Winlogon Notify: winnt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
loul37 49Messages postés 1 juillet 2007Date d'inscription 21 mai 2008 à 07:46
BTFix 1.060 (par bibi26) - 19/05/2008 16:58:20 - Analyse
Lancé depuis C:\Documents and Settings\starwars\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés


---> Analyse terminée


Merci de votre aide

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 21 mai 2008 à 09:37
Bonjours fais ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 21 mai 2008 à 09:39
up up

 Ajouter un commentaire
loul37- 21 mai 2008 à 10:14
merci je vais me charger de faire ca...

le seul pb c'est que le virus et sur le pc de mes parents alors soit il y arrive avec tes explications soit je dois le faire peut etre que vendredi..
merci encore
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 21 mai 2008 à 10:16
Je pense que vos mieux attendre vendredi car y aura d autres manipulations a faire....

 Ajouter un commentaire
loul37- 21 mai 2008 à 10:23
ok je vous recontacte vendredi.. certainement vers 12h
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 21 mai 2008 à 10:27
OK A VENDREDI

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
loul37 49Messages postés 1 juillet 2007Date d'inscription 23 mai 2008 à 11:57
bi*onjoiur comme prevu me voila

ci joint le rapprt combofix

ComboFix 08-05-21.3 - starwars 2008-05-23 11:38:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.182 [GMT 2:00]
Endroit: C:\Documents and Settings\starwars\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Google\googletoolbar1.dll
C:\WINDOWS\system32\AJlSCJlm.ini
C:\WINDOWS\system32\AJlSCJlm.ini2
C:\WINDOWS\system32\aKjmoUtv.ini
C:\WINDOWS\system32\aKjmoUtv.ini2
C:\WINDOWS\system32\bqyohmun.ini
C:\WINDOWS\system32\cbLUvyay.ini
C:\WINDOWS\system32\cbLUvyay.ini2
C:\WINDOWS\system32\cbXNHBTM.dll
C:\WINDOWS\system32\ccdjmdfr.ini
C:\WINDOWS\system32\cxwghnmc.ini
C:\WINDOWS\system32\DJiiSvut.ini
C:\WINDOWS\system32\DJiiSvut.ini2
C:\WINDOWS\system32\EffMlnpo.ini
C:\WINDOWS\system32\EffMlnpo.ini2
C:\WINDOWS\system32\ekbenedt.ini
C:\WINDOWS\system32\embgivaa.ini
C:\WINDOWS\system32\fehQYcfe.ini
C:\WINDOWS\system32\fehQYcfe.ini2
C:\WINDOWS\system32\fflfonvk.ini
C:\WINDOWS\system32\fqknkyro.ini
C:\WINDOWS\system32\fqqmidfy.ini
C:\WINDOWS\system32\iifgFYss.dll
C:\WINDOWS\system32\jpnpvkcs.ini
C:\WINDOWS\system32\jwmalqlm.ini
C:\WINDOWS\system32\Lortutwa.ini
C:\WINDOWS\system32\Lortutwa.ini2
C:\WINDOWS\system32\lqbyleww.ini
C:\WINDOWS\system32\nbfoqovr.ini
C:\WINDOWS\system32\NXbadfii.ini
C:\WINDOWS\system32\NXbadfii.ini2
C:\WINDOWS\system32\OoqWwyxx.ini
C:\WINDOWS\system32\OoqWwyxx.ini2
C:\WINDOWS\system32\PsvEOXbc.ini
C:\WINDOWS\system32\PsvEOXbc.ini2
C:\WINDOWS\system32\PXyxaGgh.ini
C:\WINDOWS\system32\PXyxaGgh.ini2
C:\WINDOWS\system32\QrtBdcfe.ini
C:\WINDOWS\system32\QrtBdcfe.ini2
C:\WINDOWS\system32\rkauhpgg.ini
C:\WINDOWS\system32\suBJRXbc.ini
C:\WINDOWS\system32\suBJRXbc.ini2
C:\WINDOWS\system32\Sutsutwa.ini
C:\WINDOWS\system32\Sutsutwa.ini2
C:\WINDOWS\system32\tpcsovcn.ini
C:\WINDOWS\system32\tuvvyGgh.ini
C:\WINDOWS\system32\tuvvyGgh.ini2
C:\WINDOWS\system32\twwFNqru.ini
C:\WINDOWS\system32\twwFNqru.ini2
C:\WINDOWS\system32\ubrbehvb.ini
C:\WINDOWS\system32\udxrgiah.ini
C:\WINDOWS\system32\VEhOqBeg.ini
C:\WINDOWS\system32\VEhOqBeg.ini2
C:\WINDOWS\system32\vkjdceya.ini
C:\WINDOWS\system32\vljcwmam.ini
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\YaGjmnmp.ini
C:\WINDOWS\system32\YaGjmnmp.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PJSAPDG
-------\Service_pjsapdg


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.

2008-05-19 17:21 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-19 17:21 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 17:21 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-19 17:21 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-19 17:21 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-19 17:03 . 2008-05-19 17:03 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-17 16:51 . 2008-05-17 16:51 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
2008-05-11 17:59 . 2008-05-19 17:15 <REP> d-------- C:\SDFix
2008-05-11 17:56 . 2008-05-19 17:01 2,374 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-11 17:56 . 2008-05-19 17:01 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-05-11 17:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-11 17:55 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-11 17:55 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-11 17:55 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-11 17:55 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-11 17:55 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-11 17:55 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-11 17:55 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-11 17:54 . 2008-05-11 17:54 <REP> d-------- C:\VundoFix Backups
2008-05-11 17:52 . 2008-05-11 17:52 <REP> d-------- C:\Program Files\CCleaner
2008-05-11 17:47 . 2008-05-11 17:47 <REP> d-------- C:\Program Files\7-Zip
2008-05-11 17:20 . 2008-05-11 17:20 <REP> d-------- C:\Program Files\Trend Micro
2008-05-11 15:32 . 2008-05-11 15:32 <REP> d-------- C:\stdtsa
2008-05-10 19:17 . 2008-05-19 17:59 1,660 --a------ C:\WINDOWS\wininit.ini
2008-05-10 17:20 . 2008-05-14 07:01 27,136 --a------ C:\WINDOWS\system32\drivers\Eil60.sys
2008-05-10 17:20 . 2008-05-10 17:20 2 --a------ C:\-331988341
2008-05-10 17:19 . 2008-05-10 17:19 80,384 --a------ C:\mltaxc.MSNFix
2008-05-10 17:19 . 2008-05-10 17:19 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 12:09 . 2008-05-08 12:09 <REP> d-------- C:\WINDOWS\system32\VirtualExpander

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 09:38 --------- d-----w C:\Program Files\Google
2008-05-19 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-17 07:05 --------- d-----w C:\Program Files\HomePlayer1.5.3.1
2008-05-12 08:25 --------- d-----w C:\Documents and Settings\starwars\Application Data\Azureus
2008-05-10 21:05 --------- d-----w C:\Program Files\Big Kahuna Reef
2008-04-19 08:19 --------- d-----w C:\Program Files\Azureus
2008-03-16 14:11 32,568 ----a-w C:\Documents and Settings\starwars\Application Data\GDIPFONTCACHEV1.DAT
2008-03-04 17:39 691,545 ----a-w C:\WINDOWS\unins000.exe
2005-02-01 05:03 119 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat
2005-02-01 05:03 119 ----a-w C:\Documents and Settings\starwars\user.bat
2005-02-01 05:03 119 ----a-w C:\Documents and Settings\Default User\user.bat
.

------- Sigcheck -------

2004-08-04 02:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe

2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll

2004-08-04 02:54 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\DllCache\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 02:55 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\system32\ntoskrnl.exe

2004-12-03 18:12 1036288 0e32ca931db10f6852ee25c7ccd4d8bf C:\WINDOWS\explorer.exe

2004-08-04 02:55 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\services.exe

2004-08-04 02:54 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\lsass.exe

2004-08-04 02:54 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b2a86a-c40f-433a-be90-6318943f1b67}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f3ebb87-4831-4001-b44e-617805214538}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2484b0a2-be7b-4f18-8b42-bb373c1d543a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2512dc24-38b6-452c-8892-490e5931b479}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2634CFF2-9F9E-47FC-8270-702B26E982DE}]
C:\WINDOWS\system32\urqNFwwt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d398ab0-e0c8-4857-b34d-42b2cdba890b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{368b752a-01d5-4529-a66b-e5cd5a9ee344}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39052101-ebbe-4f01-bc4a-41d759c3640d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3963e43e-ee7a-46ab-ae46-53c05477d291}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d454eb8-8941-4e63-9c7f-c1c983a0b766}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45E45DCB-3824-4F25-A99D-105401B6591F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58957896-c7a4-4e66-a067-1cc2fe962aa0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{740d5a25-e00b-49e0-939f-b2c92dc3aac3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75c44daf-bed4-4bea-bfdd-01d5811db072}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76f7d35f-74b0-41d6-88e8-3195034d8e2e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9967A2B5-5591-4B19-9757-0BFC2FFC3C3D}]
C:\WINDOWS\system32\efcdBtrQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bfa78864-efc8-473c-8fe1-c5f47bc65924}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1f29f1c-e20f-4a1d-9f76-0aac3aecbbbd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c687269c-54e1-4020-9ff0-5e36c94cc7a1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9978c24-54ff-416d-9e60-630197f0a881}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d682dd9e-d239-480b-82ed-efcc897b1b6b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbf08d74-10d0-4743-9450-569df1972349}]
C:\WINDOWS\system32\opnlMffE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
"LClock"="lclock.exe" [2004-12-08 19:06 65536 C:\WINDOWS\LClock.exe]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"SiSPower"="SiSPower.dll" [2005-01-04 10:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe" [2007-03-01 18:32 370176]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2004-12-22 18:32 892928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:54 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2002-12-22 15:56 2176]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 02:37 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgFYss]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinNt32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cfi25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eil60.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\HomePlayer1.5.3.1\\HomePlayer.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 eil60;eil60;C:\WINDOWS\system32\Drivers\Eil60.sys [2008-05-14 07:01]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2002-12-22 21:53]
S0 cfi25;cfi25;C:\WINDOWS\system32\Drivers\Cfi25.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2002-12-22 22:53]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-02-08 07:03:13 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 12:03
salut

ne désinstal pas combofix


Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

 Ajouter un commentaire
loul37- 23 mai 2008 à 12:18
alwarebytes' Anti-Malware 1.12
Version de la base de données: 779

Type de recherche: Examen complet (A:\|C:\|D:\|G:\|H:\|I:\|J:\|K:\|)
Eléments examinés: 61410
Temps écoulé: 9 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinNt32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\mltaxc.MSNFix (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXNHBTM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifgFYss.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED77B7BD-8331-4B35-A791-02A0F50E355D}\RP2\A0000036.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED77B7BD-8331-4B35-A791-02A0F50E355D}\RP2\A0000037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 12:22
réouvre maleware byte
va sur quarantaine
supprime tout

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

 Ajouter un commentaire
loul37- 23 mai 2008 à 12:25
2008-05-23 a 12:24:00.34

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 12:40
refais un scan hijackthis et poste le rapport stp

 Ajouter un commentaire
loul37- 23 mai 2008 à 12:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44, on 2008-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07b2a86a-c40f-433a-be90-6318943f1b67} - (no file)
O2 - BHO: (no name) - {0f3ebb87-4831-4001-b44e-617805214538} - (no file)
O2 - BHO: (no name) - {2484b0a2-be7b-4f18-8b42-bb373c1d543a} - (no file)
O2 - BHO: (no name) - {2512dc24-38b6-452c-8892-490e5931b479} - (no file)
O2 - BHO: (no name) - {2634CFF2-9F9E-47FC-8270-702B26E982DE} - C:\WINDOWS\system32\urqNFwwt.dll (file missing)
O2 - BHO: (no name) - {2d398ab0-e0c8-4857-b34d-42b2cdba890b} - (no file)
O2 - BHO: (no name) - {368b752a-01d5-4529-a66b-e5cd5a9ee344} - (no file)
O2 - BHO: (no name) - {39052101-ebbe-4f01-bc4a-41d759c3640d} - (no file)
O2 - BHO: (no name) - {3963e43e-ee7a-46ab-ae46-53c05477d291} - (no file)
O2 - BHO: (no name) - {3d454eb8-8941-4e63-9c7f-c1c983a0b766} - (no file)
O2 - BHO: (no name) - {45E45DCB-3824-4F25-A99D-105401B6591F} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58957896-c7a4-4e66-a067-1cc2fe962aa0} - (no file)
O2 - BHO: (no name) - {740d5a25-e00b-49e0-939f-b2c92dc3aac3} - (no file)
O2 - BHO: (no name) - {75c44daf-bed4-4bea-bfdd-01d5811db072} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {76f7d35f-74b0-41d6-88e8-3195034d8e2e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9967A2B5-5591-4B19-9757-0BFC2FFC3C3D} - C:\WINDOWS\system32\efcdBtrQ.dll (file missing)
O2 - BHO: (no name) - {b9ab28fa-ed73-4e5e-ba11-0925d85120d1} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {bfa78864-efc8-473c-8fe1-c5f47bc65924} - (no file)
O2 - BHO: (no name) - {c1f29f1c-e20f-4a1d-9f76-0aac3aecbbbd} - (no file)
O2 - BHO: (no name) - {c687269c-54e1-4020-9ff0-5e36c94cc7a1} - (no file)
O2 - BHO: (no name) - {c9978c24-54ff-416d-9e60-630197f0a881} - (no file)
O2 - BHO: (no name) - {d682dd9e-d239-480b-82ed-efcc897b1b6b} - (no file)
O2 - BHO: (no name) - {dbf08d74-10d0-4743-9450-569df1972349} - C:\WINDOWS\system32\opnlMffE.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f5e19a493dd24e6e9c10237861bdbd75
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f5e19a493dd24e6e9c10237861bdbd75
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
O20 - Winlogon Notify: iifgFYss - C:\WINDOWS\
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 12:49
supprime toutes les lignes qui se termine par "no file"

POUR LES SUPPRIMER TU LES COCHES ENSUITE TU CLIC SUR FIX CHECKED


apres refais un scann hijackthis et poste le nouveau arpport

 Ajouter un commentaire
loul37- 23 mai 2008 à 12:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50, on 2008-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2634CFF2-9F9E-47FC-8270-702B26E982DE} - C:\WINDOWS\system32\urqNFwwt.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9967A2B5-5591-4B19-9757-0BFC2FFC3C3D} - C:\WINDOWS\system32\efcdBtrQ.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {dbf08d74-10d0-4743-9450-569df1972349} - C:\WINDOWS\system32\opnlMffE.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f5e19a493dd24e6e9c10237861bdbd75
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f5e19a493dd24e6e9c10237861bdbd75
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
O20 - Winlogon Notify: iifgFYss - C:\WINDOWS\
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 12:58
supprime ces lignes :

O2 - BHO: (no name) - {2634CFF2-9F9E-47FC-8270-702B26E982DE} - C:\WINDOWS\system32\urqNFwwt.dll (file missing)

O2 - BHO: (no name) - {9967A2B5-5591-4B19-9757-0BFC2FFC3C3D} - C:\WINDOWS\system32\efcdBtrQ.dll (file missing)

O2 - BHO: (no name) - {dbf08d74-10d0-4743-9450-569df1972349} - C:\WINDOWS\system32\opnlMffE.dll (file missing)

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

ensuite désinstal java car pas a jours et telecharge et instal cette version :

http://www.java.com/fr/download/manual.jsp

ensuite telecharge et instal internet 7

http://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

apres installation redémarre le pc

ensuite reviens avec un nouveau rapport hijackthsi

 Ajouter un commentaire
loul37- 23 mai 2008 à 13:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09, on 2008-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07b2a86a-c40f-433a-be90-6318943f1b67} - (no file)
O2 - BHO: (no name) - {0f3ebb87-4831-4001-b44e-617805214538} - (no file)
O2 - BHO: (no name) - {2484b0a2-be7b-4f18-8b42-bb373c1d543a} - (no file)
O2 - BHO: (no name) - {2512dc24-38b6-452c-8892-490e5931b479} - (no file)
O2 - BHO: (no name) - {2634CFF2-9F9E-47FC-8270-702B26E982DE} - (no file)
O2 - BHO: (no name) - {2d398ab0-e0c8-4857-b34d-42b2cdba890b} - (no file)
O2 - BHO: (no name) - {368b752a-01d5-4529-a66b-e5cd5a9ee344} - (no file)
O2 - BHO: (no name) - {39052101-ebbe-4f01-bc4a-41d759c3640d} - (no file)
O2 - BHO: (no name) - {3963e43e-ee7a-46ab-ae46-53c05477d291} - (no file)
O2 - BHO: (no name) - {3d454eb8-8941-4e63-9c7f-c1c983a0b766} - (no file)
O2 - BHO: (no name) - {45E45DCB-3824-4F25-A99D-105401B6591F} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58957896-c7a4-4e66-a067-1cc2fe962aa0} - (no file)
O2 - BHO: (no name) - {740d5a25-e00b-49e0-939f-b2c92dc3aac3} - (no file)
O2 - BHO: (no name) - {75c44daf-bed4-4bea-bfdd-01d5811db072} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {76f7d35f-74b0-41d6-88e8-3195034d8e2e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9967A2B5-5591-4B19-9757-0BFC2FFC3C3D} - (no file)
O2 - BHO: (no name) - {b9ab28fa-ed73-4e5e-ba11-0925d85120d1} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {bfa78864-efc8-473c-8fe1-c5f47bc65924} - (no file)
O2 - BHO: (no name) - {c1f29f1c-e20f-4a1d-9f76-0aac3aecbbbd} - (no file)
O2 - BHO: (no name) - {c687269c-54e1-4020-9ff0-5e36c94cc7a1} - (no file)
O2 - BHO: (no name) - {c9978c24-54ff-416d-9e60-630197f0a881} - (no file)
O2 - BHO: (no name) - {d682dd9e-d239-480b-82ed-efcc897b1b6b} - (no file)
O2 - BHO: (no name) - {dbf08d74-10d0-4743-9450-569df1972349} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f5e19a493dd24e6e9c10237861bdbd75
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f5e19a493dd24e6e9c10237861bdbd75
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: iifgFYss - C:\WINDOWS\
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 13:21
pour fusionner: regarde ici

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

________________



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :







File::
C:\WINDOWS\system32\urqNFwwt.dll
C:\WINDOWS\system32\efcdBtrQ.dll
C:\WINDOWS\system32\opnlMffE.dll
C:\WINDOWS\SYSTEM32\WinNt32.dll


Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b2a86a-c40f-433a-be90-6318943f1b67}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f3ebb87-4831-4001-b44e-617805214538}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2484b0a2-be7b-4f18-8b42-bb373c1d543a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2512dc24-38b6-452c-8892-490e5931b479}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2634CFF2-9F9E-47FC-8270-702B26E982DE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d398ab0-e0c8-4857-b34d-42b2cdba890b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{368b752a-01d5-4529-a66b-e5cd5a9ee344}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39052101-ebbe-4f01-bc4a-41d759c3640d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3963e43e-ee7a-46ab-ae46-53c05477d291}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d454eb8-8941-4e63-9c7f-c1c983a0b766}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45E45DCB-3824-4F25-A99D-105401B6591F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58957896-c7a4-4e66-a067-1cc2fe962aa0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{740d5a25-e00b-49e0-939f-b2c92dc3aac3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75c44daf-bed4-4bea-bfdd-01d5811db072}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76f7d35f-74b0-41d6-88e8-3195034d8e2e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9967A2B5-5591-4B19-9757-0BFC2FFC3C3D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bfa78864-efc8-473c-8fe1-c5f47bc65924}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1f29f1c-e20f-4a1d-9f76-0aac3aecbbbd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c687269c-54e1-4020-9ff0-5e36c94cc7a1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9978c24-54ff-416d-9e60-630197f0a881}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d682dd9e-d239-480b-82ed-efcc897b1b6b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbf08d74-10d0-4743-9450-569df1972349}]





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

 Ajouter un commentaire
loul37- 23 mai 2008 à 13:55
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.158 [GMT 2:00]
Endroit: C:\Documents and Settings\starwars\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\starwars\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color

FILE ::
C:\WINDOWS\system32\efcdBtrQ.dll
C:\WINDOWS\system32\opnlMffE.dll
C:\WINDOWS\system32\urqNFwwt.dll
C:\WINDOWS\SYSTEM32\WinNt32.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\WinNt32.dll
.
---- Previous Run -------
.
C:\Program Files\Google\googletoolbar1.dll
C:\WINDOWS\system32\AJlSCJlm.ini
C:\WINDOWS\system32\AJlSCJlm.ini2
C:\WINDOWS\system32\aKjmoUtv.ini
C:\WINDOWS\system32\aKjmoUtv.ini2
C:\WINDOWS\system32\bqyohmun.ini
C:\WINDOWS\system32\cbLUvyay.ini
C:\WINDOWS\system32\cbLUvyay.ini2
C:\WINDOWS\system32\cbXNHBTM.dll
C:\WINDOWS\system32\ccdjmdfr.ini
C:\WINDOWS\system32\cxwghnmc.ini
C:\WINDOWS\system32\DJiiSvut.ini
C:\WINDOWS\system32\DJiiSvut.ini2
C:\WINDOWS\system32\EffMlnpo.ini
C:\WINDOWS\system32\EffMlnpo.ini2
C:\WINDOWS\system32\ekbenedt.ini
C:\WINDOWS\system32\embgivaa.ini
C:\WINDOWS\system32\fehQYcfe.ini
C:\WINDOWS\system32\fehQYcfe.ini2
C:\WINDOWS\system32\fflfonvk.ini
C:\WINDOWS\system32\fqknkyro.ini
C:\WINDOWS\system32\fqqmidfy.ini
C:\WINDOWS\system32\iifgFYss.dll
C:\WINDOWS\system32\jpnpvkcs.ini
C:\WINDOWS\system32\jwmalqlm.ini
C:\WINDOWS\system32\Lortutwa.ini
C:\WINDOWS\system32\Lortutwa.ini2
C:\WINDOWS\system32\lqbyleww.ini
C:\WINDOWS\system32\nbfoqovr.ini
C:\WINDOWS\system32\NXbadfii.ini
C:\WINDOWS\system32\NXbadfii.ini2
C:\WINDOWS\system32\OoqWwyxx.ini
C:\WINDOWS\system32\OoqWwyxx.ini2
C:\WINDOWS\system32\PsvEOXbc.ini
C:\WINDOWS\system32\PsvEOXbc.ini2
C:\WINDOWS\system32\PXyxaGgh.ini
C:\WINDOWS\system32\PXyxaGgh.ini2
C:\WINDOWS\system32\QrtBdcfe.ini
C:\WINDOWS\system32\QrtBdcfe.ini2
C:\WINDOWS\system32\rkauhpgg.ini
C:\WINDOWS\system32\suBJRXbc.ini
C:\WINDOWS\system32\suBJRXbc.ini2
C:\WINDOWS\system32\Sutsutwa.ini
C:\WINDOWS\system32\Sutsutwa.ini2
C:\WINDOWS\system32\tpcsovcn.ini
C:\WINDOWS\system32\tuvvyGgh.ini
C:\WINDOWS\system32\tuvvyGgh.ini2
C:\WINDOWS\system32\twwFNqru.ini
C:\WINDOWS\system32\twwFNqru.ini2
C:\WINDOWS\system32\ubrbehvb.ini
C:\WINDOWS\system32\udxrgiah.ini
C:\WINDOWS\system32\VEhOqBeg.ini
C:\WINDOWS\system32\VEhOqBeg.ini2
C:\WINDOWS\system32\vkjdceya.ini
C:\WINDOWS\system32\vljcwmam.ini
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\YaGjmnmp.ini
C:\WINDOWS\system32\YaGjmnmp.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PJSAPDG
-------\Service_pjsapdg
-------\Legacy_TCPSR
-------\Service_tcpsr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.

2008-05-23 13:48 . 2008-05-23 13:48 12,800 --a------ C:\WINDOWS\system32\WinNt32.dl_
2008-05-23 13:06 . 2008-05-23 13:06 <REP> d-------- C:\Program Files\Sun
2008-05-23 13:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-23 12:05 . 2008-05-23 12:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 12:05 . 2008-05-23 12:05 <REP> d-------- C:\Documents and Settings\starwars\Application Data\Malwarebytes
2008-05-23 12:05 . 2008-05-23 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 12:05 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-23 12:05 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-19 17:21 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-19 17:21 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 17:21 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-19 17:21 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-19 17:21 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-19 17:03 . 2008-05-19 17:03 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-17 16:51 . 2008-05-17 16:51 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
2008-05-11 17:59 . 2008-05-19 17:15 <REP> d-------- C:\SDFix
2008-05-11 17:56 . 2008-05-19 17:01 2,374 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-11 17:56 . 2008-05-19 17:01 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-05-11 17:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-11 17:55 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-11 17:55 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-11 17:55 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-11 17:55 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-11 17:55 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-11 17:55 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-11 17:55 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-11 17:54 . 2008-05-11 17:54 <REP> d-------- C:\VundoFix Backups
2008-05-11 17:52 . 2008-05-11 17:52 <REP> d-------- C:\Program Files\CCleaner
2008-05-11 17:47 . 2008-05-11 17:47 <REP> d-------- C:\Program Files\7-Zip
2008-05-11 17:20 . 2008-05-11 17:20 <REP> d-------- C:\Program Files\Trend Micro
2008-05-11 15:32 . 2008-05-11 15:32 <REP> d-------- C:\stdtsa
2008-05-10 19:17 . 2008-05-19 17:59 1,660 --a------ C:\WINDOWS\wininit.ini
2008-05-10 17:20 . 2008-05-23 13:48 27,648 --a------ C:\WINDOWS\system32\drivers\Eil60.sys
2008-05-10 17:20 . 2008-05-10 17:20 2 --a------ C:\-331988341
2008-05-10 17:19 . 2008-05-10 17:19 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 12:09 . 2008-05-08 12:09 <REP> d-------- C:\WINDOWS\system32\VirtualExpander

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 11:06 --------- d-----w C:\Program Files\Java
2008-05-23 09:38 --------- d-----w C:\Program Files\Google
2008-05-19 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-17 07:05 --------- d-----w C:\Program Files\HomePlayer1.5.3.1
2008-05-12 08:25 --------- d-----w C:\Documents and Settings\starwars\Application Data\Azureus
2008-05-10 21:05 --------- d-----w C:\Program Files\Big Kahuna Reef
2008-04-19 08:19 --------- d-----w C:\Program Files\Azureus
2008-03-16 14:11 32,568 ----a-w C:\Documents and Settings\starwars\Application Data\GDIPFONTCACHEV1.DAT
2008-03-04 17:39 691,545 ----a-w C:\WINDOWS\unins000.exe
2005-02-01 05:03 119 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat
2005-02-01 05:03 119 ----a-w C:\Documents and Settings\starwars\user.bat
2005-02-01 05:03 119 ----a-w C:\Documents and Settings\Default User\user.bat
.

------- Sigcheck -------

2004-08-04 02:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe

2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\sp2gdr\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\sp2qfe\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll

2004-08-04 02:54 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\DllCache\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 02:55 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\sp2gdr\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\sp2qfe\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\sp2gdr\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\sp2qfe\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\system32\ntoskrnl.exe

2004-12-03 18:12 1036288 0e32ca931db10f6852ee25c7ccd4d8bf C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe

2004-08-04 02:55 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\services.exe

2004-08-04 02:54 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\lsass.exe

2004-08-04 02:54 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-23_11.44.41.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 09:41:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 11:47:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-05-14 05:01:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-23 11:48:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-14 05:01:47 458,752 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-23 11:48:27 458,752 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-23 10:56:09 114,688 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051220080519\index.dat
+ 2008-05-23 11:48:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008052320080524\index.dat
- 2008-05-14 05:04:33 704,512 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-23 11:48:27 704,512 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
- 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2007-05-02 00:22:52 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-05-02 00:23:00 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-05-02 02:01:20 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2005-06-28 09:20:24 13,536 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-06-28 08:20:24 13,536 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-04-29 04:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 06:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2008-05-23 11:47:50 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_440.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b2a86a-c40f-433a-be90-6318943f1b67}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f3ebb87-4831-4001-b44e-617805214538}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2484b0a2-be7b-4f18-8b42-bb373c1d543a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2512dc24-38b6-452c-8892-490e5931b479}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2634CFF2-9F9E-47FC-8270-702B26E982DE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d398ab0-e0c8-4857-b34d-42b2cdba890b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{368b752a-01d5-4529-a66b-e5cd5a9ee344}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39052101-ebbe-4f01-bc4a-41d759c3640d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3963e43e-ee7a-46ab-ae46-53c05477d291}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d454eb8-8941-4e63-9c7f-c1c983a0b766}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45E45DCB-3824-4F25-A99D-105401B6591F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58957896-c7a4-4e66-a067-1cc2fe962aa0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{740d5a25-e00b-49e0-939f-b2c92dc3aac3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75c44daf-bed4-4bea-bfdd-01d5811db072}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76f7d35f-74b0-41d6-88e8-3195034d8e2e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9967A2B5-5591-4B19-9757-0BFC2FFC3C3D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bfa78864-efc8-473c-8fe1-c5f47bc65924}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1f29f1c-e20f-4a1d-9f76-0aac3aecbbbd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c687269c-54e1-4020-9ff0-5e36c94cc7a1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9978c24-54ff-416d-9e60-630197f0a881}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d682dd9e-d239-480b-82ed-efcc897b1b6b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbf08d74-10d0-4743-9450-569df1972349}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
"LClock"="lclock.exe" [2004-12-08 19:06 65536 C:\WINDOWS\LClock.exe]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"SiSPower"="SiSPower.dll" [2005-01-04 10:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe" [2007-03-01 18:32 370176]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2004-12-22 18:32 892928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avast!"="C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 02:37 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgFYss]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinNt32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cfi25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eil60.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\HomePlayer1.5.3.1\\HomePlayer.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 eil60;eil60;C:\WINDOWS\system32\Drivers\Eil60.sys [2008-05-23 13:48]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2002-12-22 21:53]
S0 cfi25;cfi25;C:\WINDOWS\system32\Drivers\Cfi25.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2002-12-22 22:53]

*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
*Newly Created Service* - TCPSR
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-02-08 07:03:13 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 14:02
parfait

refais un scan hijackthis et poste le rapport stp

 Ajouter un commentaire
loul37- 23 mai 2008 à 14:04
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03, on 2008-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07b2a86a-c40f-433a-be90-6318943f1b67} - (no file)
O2 - BHO: (no name) - {0f3ebb87-4831-4001-b44e-617805214538} - (no file)
O2 - BHO: (no name) - {2484b0a2-be7b-4f18-8b42-bb373c1d543a} - (no file)
O2 - BHO: (no name) - {2512dc24-38b6-452c-8892-490e5931b479} - (no file)
O2 - BHO: (no name) - {2634CFF2-9F9E-47FC-8270-702B26E982DE} - (no file)
O2 - BHO: (no name) - {2d398ab0-e0c8-4857-b34d-42b2cdba890b} - (no file)
O2 - BHO: (no name) - {368b752a-01d5-4529-a66b-e5cd5a9ee344} - (no file)
O2 - BHO: (no name) - {39052101-ebbe-4f01-bc4a-41d759c3640d} - (no file)
O2 - BHO: (no name) - {3963e43e-ee7a-46ab-ae46-53c05477d291} - (no file)
O2 - BHO: (no name) - {3d454eb8-8941-4e63-9c7f-c1c983a0b766} - (no file)
O2 - BHO: (no name) - {45E45DCB-3824-4F25-A99D-105401B6591F} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58957896-c7a4-4e66-a067-1cc2fe962aa0} - (no file)
O2 - BHO: (no name) - {740d5a25-e00b-49e0-939f-b2c92dc3aac3} - (no file)
O2 - BHO: (no name) - {75c44daf-bed4-4bea-bfdd-01d5811db072} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {76f7d35f-74b0-41d6-88e8-3195034d8e2e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9967A2B5-5591-4B19-9757-0BFC2FFC3C3D} - (no file)
O2 - BHO: (no name) - {b9ab28fa-ed73-4e5e-ba11-0925d85120d1} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {bfa78864-efc8-473c-8fe1-c5f47bc65924} - (no file)
O2 - BHO: (no name) - {c1f29f1c-e20f-4a1d-9f76-0aac3aecbbbd} - (no file)
O2 - BHO: (no name) - {c687269c-54e1-4020-9ff0-5e36c94cc7a1} - (no file)
O2 - BHO: (no name) - {c9978c24-54ff-416d-9e60-630197f0a881} - (no file)
O2 - BHO: (no name) - {d682dd9e-d239-480b-82ed-efcc897b1b6b} - (no file)
O2 - BHO: (no name) - {dbf08d74-10d0-4743-9450-569df1972349} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f5e19a493dd24e6e9c10237861bdbd75
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f5e19a493dd24e6e9c10237861bdbd75
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: iifgFYss - C:\WINDOWS\
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 14:10
ok

supprime toutes les lignes qui finisssent par no file

ensuite je te conseil de désinstaller avast car c est de le M..

Pour désinstaller Avast telecharge cet outil

http://www.avast.com/fre/avast-uninstall-utility.html

a la place met ANTIVIR (gratuit en anglais mais simple )

http://www.01net.com/...

ensuite reviens avec un nouveau rapport hijackthis

 Ajouter un commentaire
loul37- 23 mai 2008 à 14:36
mes parents prefeent garder avast...pas tres fort en anglais$

par contre kan je redemarre le pC les fichiers no name reviennent


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34, on 2008-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f5e19a493dd24e6e9c10237861bdbd75
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f5e19a493dd24e6e9c10237861bdbd75
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: iifgFYss - C:\WINDOWS\
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 14:39
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la ligne qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.



C:\WINDOWS\SYSTEM32\WinNt32.dll



clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

 Ajouter un commentaire
loul37- 23 mai 2008 à 14:42
File/Folder not found.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\WinNt32.dll
C:\WINDOWS\SYSTEM32\WinNt32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\WinNt32.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05232008_144023
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 14:43
refais un scan hiajackthis stp

 Ajouter un commentaire
loul37- 23 mai 2008 à 14:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43, on 2008-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f5e19a493dd24e6e9c10237861bdbd75
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f5e19a493dd24e6e9c10237861bdbd75
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: iifgFYss - C:\WINDOWS\
O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 14:45
supprime cette ligne :

O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing)

Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.


? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

 Ajouter un commentaire
loul37- 23 mai 2008 à 14:55
j'ai fais les manip mais par trouve le rapport mais apprement tous est supprime
Ajouter un commentaire
1 2 Suivant
Posez votre question
Ce document intitulé « pb virus rootkit » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.
Dossier à la une
Passage au tout numérique : quel coût pour les particuliers ?
pb virus rootkit - page 2