Impossible de suprimmer le trojan !! [RESOLU]
Forum Sécurité - Virus : Impossible de suprimmer le trojan !! [RESOLU]
bonjour
voila jai découvert un trojan grace a kaspersky a cette endroit :
c:\windows\system32\cmcfg3.dll
il me dit sa:
cheval de troie:
Trojan.Win32.BHO.agz
Mais il impossible de le suprimer !! jai éssayer en mode sans échec mais sa ne marche pas donc jai telecharger unlocker mes rien a faire il veut pas d'effacer.
si vous savier comment faire ?? je vous remercie
Message édité par joe-77 le 02-01-2008 à 21:48:05
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Salut,
Utilise le programme suivant :
http://www.sendspace.com/file/fl1fpr
Poste le rapport en fin de suppression.
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Message édité par Angeldark le 31-12-2007 à 13:49:03
Répondre à Angeldark
voila le raport kill.cmd [/#c60038]:
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
Et voila le raport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:03, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.249.93.99 www.google.fr
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [burn long] C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 7806 bytes
Message édité par joe-77 le 31-12-2007 à 19:54:38
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Re,
Télécharge Lop S&D.exe sur ton Bureau.
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
- Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Répondre à Angeldark
Voila mon rapport :
[#c60038]-----------------------------[ Lop S&D 2.0.2.b ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 01/01/2008 | 20:17:31,09 ] [ C156FA7ABCBB40A ]
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
C:\Documents and Settings\All Users\APPLIC~1\avg7
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\Apple
C:\Documents and Settings\All Users\APPLIC~1\CenerTCPMessenger
C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft
C:\Documents and Settings\joe\APPLIC~1\Microsoft
C:\Documents and Settings\joe\APPLIC~1\AVG7
C:\Documents and Settings\joe\APPLIC~1\teamspeak2
C:\Documents and Settings\joe\APPLIC~1\Apple Computer
C:\Documents and Settings\joe\APPLIC~1\BitTorrent
C:\Documents and Settings\joe\APPLIC~1\FrostWire
C:\Documents and Settings\joe\APPLIC~1\Media Player Classic
C:\Documents and Settings\joe\APPLIC~1\Mozilla
C:\Documents and Settings\joe\APPLIC~1\Participatory Culture Foundation
C:\Documents and Settings\joe\APPLIC~1\LimeWire
C:\Documents and Settings\joe\APPLIC~1\Newsbin
C:\Documents and Settings\joe\APPLIC~1\Ahead
C:\Documents and Settings\joe\APPLIC~1\Nero
C:\Documents and Settings\joe\APPLIC~1\Lavasoft
C:\Documents and Settings\joe\APPLIC~1\UnH Solutions
C:\Documents and Settings\joe\APPLIC~1\WinRAR
C:\Documents and Settings\joe\APPLIC~1\Avant Profiles
C:\Documents and Settings\joe\APPLIC~1\Macromedia
C:\Documents and Settings\joe\APPLIC~1\desktop.ini
C:\Documents and Settings\joe\APPLIC~1\Xentient
C:\Documents and Settings\joe\APPLIC~1\Styler
C:\Documents and Settings\joe\APPLIC~1\Identities
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\AVG7
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\NetworkService\APPLIC~1\AVG7
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[31/12/2007 23:00][--ah-----]C:\WINDOWS\tasks\A9C0666D91C01AFD.job
[01/01/2008 20:10][--ah-----]C:\WINDOWS\tasks\SA.DAT
[28/08/2004 14:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Ad-Aware
C:\Program Files\Adssite Games Collection
C:\Program Files\Alwil Software
C:\Program Files\AMD
C:\Program Files\Apple Software Update
C:\Program Files\AskSBar
C:\Program Files\AusLogics Disk Defrag
C:\Program Files\Avant Browser
C:\Program Files\BitComet
C:\Program Files\BitTorrent
C:\Program Files\Cener Development
C:\Program Files\Circle Developement
C:\Program Files\Compare It!
C:\Program Files\ComPlus Applications
C:\Program Files\Crux Calculator v5
C:\Program Files\Everest
C:\Program Files\Fichiers communs
C:\Program Files\Foreignword
C:\Program Files\FoxitReader
C:\Program Files\FrostWire
C:\Program Files\Grisoft
C:\Program Files\Hercules
C:\Program Files\IE Privacy Keeper
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Kaspersky Lab
C:\Program Files\K-Lite Codec Pack
C:\Program Files\LimeWire
C:\Program Files\Lop SD
C:\Program Files\Messenger Plus! Live
C:\Program Files\microsoft frontpage
C:\Program Files\movie maker
C:\Program Files\msn gaming zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\Nero
C:\Program Files\Nero Portable 8.1.1.0
C:\Program Files\netmeeting
C:\Program Files\NewsBin
C:\Program Files\Occtpt
C:\Program Files\Outlook Express
C:\Program Files\Paint.NET
C:\Program Files\Participatory Culture Foundation
C:\Program Files\PKR
C:\Program Files\Prophet Soft
C:\Program Files\QuickTime
C:\Program Files\SAGEM
C:\Program Files\Soft4Ever
C:\Program Files\Spybot
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Styler
C:\Program Files\Teamspeak2_RC2
C:\Program Files\Trend Micro
C:\Program Files\TweakRAM
C:\Program Files\UberIcon
C:\Program Files\Unlocker
C:\Program Files\Windows Live
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\windows nt
C:\Program Files\Windows Sidebar
C:\Program Files\WinRAR
C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\Apple
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System
----------------------[ Recherche avec S_Lop ]---------------------
C:\DOCUME~1\joe\LOCALS~1\Temp\bisB.exe
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\WINDOWS\Tasks\A9C0666D91C01AFD.job
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 localhost
::1 localhost
127.0.0.1 rad.msn.com
127.0.0.1 rad.live.com
127.0.0.1 ads1.msn.com
127.0.0.1 adfarm.mediaplex.com
66.249.93.99 www.google.fr
# ********************************************************#
# ------------------Updated: 07-31-07---------------------#
# ********************************************************#
#start of lines added by WinHelp2002
# [Misc A - Z]
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[IE-SpyAd]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 ads.active.com
127.0.0.1 am1.activemeter.com
127.0.0.1 www.activemeter.com
127.0.0.1 ads.activepower.net
127.0.0.1 at.ad2click.nl
127.0.0.1 cms.ad2click.nl
127.0.0.1 banner.ad.nu
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adagencypro.com
127.0.0.1 adbest.com #[IE-SpyAd]
127.0.0.1 ad.adbest.com
127.0.0.1 ad.pop1.adbn.ru
127.0.0.1 adserv.adbonus.com #[IE-SpyAd]
127.0.0.1 www.adbonus.com
127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie]
127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de]
127.0.0.1 adcp.adcentriconline.com
127.0.0.1 bell.adcentriconline.com #[Wildcard DNS]
127.0.0.1 media.adcentriconline.com #[IE-SpyAd]
127.0.0.1 adcomplete.com #[IE-SpyAd]
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 axa.addcontrol.net #[Ewido.TrackingCookie.Addcontrol]
127.0.0.1 ads.addynamix.com #[SpySweeper.Spy.Cookie]
127.0.0.1 e13.media.addynamix.com
127.0.0.1 www.adeos.eu
127.0.0.1 adcode.adengage.com
127.0.0.1 stats2.adengage.com
127.0.0.1 www.adengage.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com #[IE-SpyAd]
127.0.0.1 www.ad4ever.com #[IE-SpyAd]
127.0.0.1 track.adform.net
127.0.0.1 www.adfusion.com
127.0.0.1 harvest.adgardener.com
127.0.0.1 harvest8.adgardener.com
127.0.0.1 harvest11.adgardener.com
127.0.0.1 harvest12.adgardener.com
127.0.0.1 harvest13.adgardener.com
127.0.0.1 harvest163.adgardener.com
127.0.0.1 seeds.adgardener.com
127.0.0.1 www.adgroups.net
127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code]
127.0.0.1 www.adgauge.com
127.0.0.1 host1.adhese.be #[Adhese Datamine Tag]
127.0.0.1 host2.adhese.be
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net]
127.0.0.1 host4.adhese.be
127.0.0.1 ssl3.adhost.com #[IE-SpyAd]
127.0.0.1 www2.adhost.com
127.0.0.1 ads.adhostingsolutions.com
127.0.0.1 www.adimpact.com
127.0.0.1 www.adinventoryrecorder.com
127.0.0.1 adfarm1.adition.com
127.0.0.1 imagesrv.adition.com
127.0.0.1 ad.adition.net
127.0.0.1 adsearch.adkontekst.pl
127.0.0.1 community.adlandpro.com #[Ad-Aware Tracking Cookie]
127.0.0.1 pk.adlandpro.com
127.0.0.1 te.adlandpro.com #[IE-SpyAd]
127.0.0.1 trafficex.adlandpro.com
127.0.0.1 www.adlandpro.com #[Ad-Aware Tracking Cookie]
127.0.0.1 engine.adland.ru
127.0.0.1 publicidad.adlead.com
127.0.0.1 ad.adlegend.com #[affects Webroot AlertNet]
127.0.0.1 media.adlegend.com
127.0.0.1 www.adlimg03.com
127.0.0.1 classic.adlink.de #[IE-SpyAd]
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 rc.de.adlink.net
127.0.0.1 tr.de.adlink.net
127.0.0.1 www.adminder.com #[SpySweeper.Spy.Cookie]
127.0.0.1 rms.admeta.com #[admeta.basefarm.net]
127.0.0.1 ads.admodus.com
127.0.0.1 ad.adnet.biz
127.0.0.1 engine.adnet.ru
127.0.0.1 ad2.adnetinteractive.com
127.0.0.1 ad.adnetwork.com.br
127.0.0.1 www.adnetworkonline.com
127.0.0.1 s1.ad.adocean.pl #[Ewido.Spyware.Cookie.Adocean]
127.0.0.1 s2.ad.adocean.pl
127.0.0.1 s1.centrumcz.adocean.pl
127.0.0.1 s1.czgde.adocean.pl
127.0.0.1 s1.skgde.adocean.pl
127.0.0.1 ad01.adonspot.com #[IE-SpyAd]
127.0.0.1 ad02.adonspot.com
127.0.0.1 isohunt.adonspot.com
127.0.0.1 ab.adpro.com.ua
127.0.0.1 ac.adpro.com.ua
127.0.0.1 system.adquick.nl
127.0.0.1 www.adquest.nl
127.0.0.1 adreactor.com
127.0.0.1 adserver.adreactor.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 adx.adrenaline.cz
127.0.0.1 www.adsforindians.com
127.0.0.1 ad.adrefer.net
127.0.0.1 www.adreporting.com #[SunBelt.Adreporting.com]
127.0.0.1 gambling911.adrevolver.com
127.0.0.1 media.adrevolver.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 track.adrevolver.com #[McAfee.Cookie-Adrevolver]
127.0.0.1 cntr.adrime.com
127.0.0.1 images.adrime.com
127.0.0.1 ad.adriver.ru
127.0.0.1 www.adrotate.net
127.0.0.1 serv.ad-rotator.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ad.ads8.com
127.0.0.1 vip.ads8.com
127.0.0.1 www.ads183.com
127.0.0.1 antevenio.flux.ads-click.com
127.0.0.1 ad.ads.dk #[IE-SpyAd]
127.0.0.1 tdkads.ads.dk
127.0.0.1 adservercentral.com
127.0.0.1 banners.adservercentral.com
127.0.0.1 www.adservercentral.com #[SunBelt.adservercentral.com]
127.0.0.1 adservicedomain.info
127.0.0.1 adsfac.net #[Facilitate Tracking Code][IE-SpyAd]
127.0.0.1 images.adshuffle.com
127.0.0.1 this.content.served.by.adshuffle.com
127.0.0.1 ad-soft.net #[regfreeze.net][IE-SpyAd]
127.0.0.1 adsaway.com #[HTML/TrojanDownloader.Agent.BP trojan]
127.0.0.1 www.adsaway.com #[Google.Warning]
127.0.0.1 www.adshot.de
127.0.0.1 allchix.adsmax.com
127.0.0.1 www2.adsmax.com
127.0.0.1 www.adsodainteractive.com
127.0.0.1 37.adsonar.com
127.0.0.1 ads.adsonar.com
127.0.0.1 foxnews.adsonar.com
127.0.0.1 js.adsonar.com
127.0.0.1 redir.adsonar.com
127.0.0.1 www.adspace.be
127.0.0.1 g.adspeed.net
127.0.0.1 serv.adspeed.com
127.0.0.1 ads.adsponse.de
127.0.0.1 www.adsprve1.com #[IE-SpyAd]
127.0.0.1 adserve.adster.com
127.0.0.1 images.adster.com
127.0.0.1 adsvert.com
127.0.0.1 o.adtargeter.com
127.0.0.1 ads.adtiger.de
127.0.0.1 www.adtiger.de
127.0.0.1 ads.adgoto.com
127.0.0.1 adsrv.admindshare.com
127.0.0.1 adtology.com
127.0.0.1 adtology2.com
127.0.0.1 ad.adtoma.com
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com #[IE-SpyAd]
127.0.0.1 www.adtrade.net
127.0.0.1 www.adtrader.com #[IE-SpyAd]
127.0.0.1 netshelter.adtrix.com
127.0.0.1 ads.advancedpcmedia.com
127.0.0.1 survey.advantageresearch.com #[IE-SpyAd]
127.0.0.1 ad.adver.com.tw
127.0.0.1 www.adventideas.com #[Adcycle]
127.0.0.1 www.adversal.com
127.0.0.1 www.adversalservers.com
127.0.0.1 austria1.adverserve.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 ads.advertise.net #[IE-SpyAd]
127.0.0.1 www.advertisingspaces.net
127.0.0.1 www.advertisingstats.com #[IE-SpyAd]
127.0.0.1 advertisingpurchase.com
127.0.0.1 ad.adverticum.net
127.0.0.1 img.adverticum.net
127.0.0.1 imgs.adverticum.net
127.0.0.1 ads.advertisingz.com
127.0.0.1 ad.advertstream.com
127.0.0.1 adviva.com #[IE-SpyAd]
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net #[Panda.Spyware:Cookie/Adviva]
127.0.0.1 de.ads.adviva.net
127.0.0.1 adstats.adviva.net
127.0.0.1 www.traf.advscripts.com
127.0.0.1 ad.adworx.at
127.0.0.1 www.ad-z.de
127.0.0.1 banners.adzones.com
127.0.0.1 clicks.adzones.com
127.0.0.1 feeds.adzones.com
127.0.0.1 www.adzones.com
127.0.0.1 aeoworld.de
127.0.0.1 www.aeoworld.de #[W32/WMF-exploit]
127.0.0.1 banners.affilimatch.de
127.0.0.1 tracker.affistats.com #[IE-SpyAd][msvrl.dll]
127.0.0.1 adz.afterdawn.net
127.0.0.1 ad.afy11.net
127.0.0.1 stats.agent.co.il
127.0.0.1 agentmediagroup.com #[Javascript.Exploit]
127.0.0.1 www.agentmediagroup.com
127.0.0.1 rmbannerserver.agestado.com.br
127.0.0.1 stats.agentinteractive.com
127.0.0.1 api.aggregateknowledge.com
127.0.0.1 aams1.aim4media.com
127.0.0.1 artwork.aim4media.com
127.0.0.1 www.aim4media.com #[SunBelt.Adserver.aim4media]
127.0.0.1 adlik.akavita.com
127.0.0.1 adlik2.akavita.com
127.0.0.1 adserver.akqa.net #[Ad-Aware Tracking Cookie]
127.0.0.1 www.alaqiq.net #[Javascript.Exploit]
127.0.0.1 download.alexa.com #[Trackware.Alexa][SPYW_ALEXA.A]
127.0.0.1 download.china.alibaba.com #[Adware.AlibabaTB][AdWare.ToolBar.Alibabar.b]
127.0.0.1 tracking.allposters.com
127.0.0.1 ad.allstar.cz
127.0.0.1 bokee.allyes.com
127.0.0.1 demoafp.allyes.com
127.0.0.1 eastmoney.allyes.com
127.0.0.1 smarttrade.allyes.com
127.0.0.1 taobaoafp.allyes.com
127.0.0.1 tom.allyes.com
127.0.0.1 uuseeafp.allyes.com
127.0.0.1 www.almondnetworks.com
127.0.0.1 www.almoso3h.com #[Trojan-PSW.Win32.VB.cl]
127.0.0.1 www.alsaloumainvestment.com #[Win32/SpamTool.Gadina]
127.0.0.1 ad.altervista.org
127.0.0.1 marx2.altervista.org
127.0.0.1 pqwaker.altervista.org
127.0.0.1 bantam.ai.net #[IE-SpyAd]
127.0.0.1 fiona.ai.net
127.0.0.1 adimg.alice.it
127.0.0.1 adv.alice.it
127.0.0.1 count1.altastat.com
127.0.0.1 altmedia101.com
127.0.0.1 www.alldep.com #[Spamdexing]
127.0.0.1 adserver.alt.com
127.0.0.1 c0.amazingcounters.com
127.0.0.1 c1.amazingcounters.com
127.0.0.1 c2.amazingcounters.com
127.0.0.1 c3.amazingcounters.com
127.0.0.1 c4.amazingcounters.com
127.0.0.1 c5.amazingcounters.com
127.0.0.1 c6.amazingcounters.com
127.0.0.1 c7.amazingcounters.com
127.0.0.1 c8.amazingcounters.com
127.0.0.1 www.amazingcounters.com
127.0.0.1 banner.ambercoastcasino.com
127.0.0.1 ads.amdmb.com
127.0.0.1 whos.amung.us #[WebBug]
127.0.0.1 advert.ananzi.co.za
127.0.0.1 advert2.ananzi.co.za
127.0.0.1 adserver.ancestry.com #[RealMedia]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 andishecenter.com #[VBS/Envary.A]
127.0.0.1 www.andyhoppe.com
127.0.0.1 angpeu.info #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 ads.angryape.com
127.0.0.1 banners.ads.angryape.com
127.0.0.1 www.antarasystems.com
127.0.0.1 www.anticlown.com
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 www.arcadebanners.com
127.0.0.1 www.arcadebannerexchange.com
127.0.0.1 ard114.info #[Spamdexing]
127.0.0.1 areabuyreal.com
127.0.0.1 act.areabuyreal.com #[Win32/TrojanDownloader.Zlob]
127.0.0.1 click.areabuyreal.com #[WildCard DNS]
127.0.0.1 www.areabuyreal.com
127.0.0.1 demiurge.arstechnica.com
127.0.0.1 artsklimited.info #[Win32/Padodor.NAQ]
127.0.0.1 banner.arttoday.com
127.0.0.1 ads.asia1.com.sg
127.0.0.1 asimpleinternet.com #[Tenebril.SpecialOffers]
127.0.0.1 www.asimpleinternet.com
127.0.0.1 ads.ask.com #[sv-click.looksmart.com]
127.0.0.1 www.askyaya.com #[SunBelt.AskYaya]
127.0.0.1 ads.aspalliance.com
127.0.0.1 ads.associatedcontent.com
127.0.0.1 dist.atlas-ia.com #[ADW_ATLAST.A]
127.0.0.1 www.atlas-ia.com #[Adware.OfferAgent][Adware-Atlas]
127.0.0.1 elitegaming.ath.cx #[Adware.AdSupport]
127.0.0.1 www.elitegaming.ath.cx
127.0.0.1 ads.auctionads.com
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com
127.0.0.1 auto-search.org #[VicMan Search]
127.0.0.1 ads.auctioncity.co.nz
127.0.0.1 www.autosurfpro.com #[IE-SpyAd]
127.0.0.1 ads.autotrader.co.za
127.0.0.1 adserving.autotrader.com #[SunBelt.AdServing.AutoTrader.com]
127.0.0.1 www.axill.com
127.0.0.1 images.axill.in
127.0.0.1 www.axill.in
127.0.0.1 axload.to #[Adware.Webprefix][Trojan.Downloader.6588.E]
127.0.0.1 valid.axload.to
127.0.0.1 ayiosamvrosios.com #[Javascript.Exploit]
127.0.0.1 www.azads.net #[IE-SpyAd]
127.0.0.1 azresults.com #[Spamdexing]
127.0.0.1 www.azresults.com
127.0.0.1 azsearch.org
# [B]
127.0.0.1 babla.info #[Spamdexing]
127.0.0.1 adserver1.backbeatmedia.com
127.0.0.1 adserver1-images.backbeatmedia.com
127.0.0.1 bullseye.backbeatmedia.com
127.0.0.1 www.badhyip.org #[Google.Warning]
127.0.0.1 ads.badische-zeitung.de
127.0.0.1 bar.baidu.com #[Win32/Adware.Toolbar.Baidu][Sophos.JS/BDHelper-A]
127.0.0.1 ad.baiso.com.cn #[Trojan.Baiso][ADSPY/BaiduBar.P]
127.0.0.1 balticaffiliate.com #[Spamdexing]
127.0.0.1 www.baltictop.com
127.0.0.1 adsrv.bankrate.com
127.0.0.1 click.banneradv.com
127.0.0.1 adserver.banneradministration.com
127.0.0.1 www.bannerbox.cn
127.0.0.1 bannerboxes.com #[BannerBoxes Ad Code]
127.0.0.1 clicks.bannerboxes.com
127.0.0.1 feeds.bannerboxes.com
127.0.0.1 www.bannerboxes.com
127.0.0.1 bannerbg.com
127.0.0.1 www.banner-exchange.nl
127.0.0.1 ad.bannerhost.ru
127.0.0.1 banners.bannerlandia.com.ar
127.0.0.1 www.bannermanagement.nl
127.0.0.1 www.bannerout.com
127.0.0.1 www.banneroverdrive.com
127.0.0.1 www.bannerpromotion.it
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com
127.0.0.1 www3.bannerspace.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com #[Tenebril.Tracking Cookie]
127.0.0.1 www.bannerswap.ca
127.0.0.1 ads.vg.basefarm.net #[RealMedia]
127.0.0.1 media.baventures.com
127.0.0.1 ads.baz.ch
127.0.0.1 ad2.bbmedia.cz
127.0.0.1 bbeplayer.com #[WebBug]
127.0.0.1 bc0.cn #[ANI.Exploit]
127.0.0.1 www.beachtrash.com #[MHTMLRedir.Exploit]
127.0.0.1 autocontext.begun.ru
127.0.0.1 adlogger.bertgeens.be
127.0.0.1 www.belstat.be
127.0.0.1 www.belstat.com
127.0.0.1 www.belstat.nl
127.0.0.1 oas.benchmark.fr #[RealMedia]
127.0.0.1 bengilani.com #[VBS/Envary.A]
127.0.0.1 bestinfosearch.com
127.0.0.1 www.bestinfosearch.com #[Malicious.Links]
127.0.0.1 bestinshowjewelry.com #[HTML/TrojanDownloader.Agent.BP]
127.0.0.1 webtrends.besite.be
127.0.0.1 www.besttoolbars.net #[ADW_TBARWIN32.A]
127.0.0.1 bestzarplata.info
127.0.0.1 www.bestzarplata.info #[Javascript.Exploit.makemelaugh][server down?]
127.0.0.1 ads.betanews.com
127.0.0.1 banner.betfred.com
127.0.0.1 download.baigoo.com #[AdWare.Win32.Baigoo.a][Trackware.Baigoo]
127.0.0.1 big4top.com
127.0.0.1 www.big4top.com #[IFrame.Exploit]
127.0.0.1 ad0.bigmir.net
127.0.0.1 ad1.bigmir.net
127.0.0.1 ad4.bigmir.net
127.0.0.1 ad5.bigmir.net
127.0.0.1 ad6.bigmir.net
127.0.0.1 ad7.bigmir.net
127.0.0.1 adi.bigmir.net
127.0.0.1 c.bigmir.net #[SecuritySpace.WebBug]
127.0.0.1 i.bigmir.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 counter.bigli.ru
127.0.0.1 banex.bikers-engine.com
127.0.0.1 ad2.billboard.cz
127.0.0.1 adserver.bizhat.com
127.0.0.1 counter.bizland.com
127.0.0.1 dc.bizjournals.com
127.0.0.1 webads.bizservers.com
127.0.0.1 blackhatcrew.ru
127.0.0.1 www.black-hole.co.uk
127.0.0.1 ads2.blastro.com
127.0.0.1 ads3.blastro.com
127.0.0.1 ads4.blastro.com
127.0.0.1 blaze-search.com
127.0.0.1 ads.blick.ch
127.0.0.1 streamstats1.blinkx.com
127.0.0.1 ads.blizzard.com
127.0.0.1 blogadswap.com
127.0.0.1 tracker.blogbeat.net
127.0.0.1 ads.blogdrive.com
127.0.0.1 banners.blogexplosion.com
127.0.0.1 counter.blogexplosion.com
127.0.0.1 blogtextlinks.blogexplosion.com
127.0.0.1 rentblog.blogexplosion.com
127.0.0.1 mapstats.blogflux.com
127.0.0.1 www.blogpatrol.com
127.0.0.1 pcbutts1-therealtruth.blogspot.com
127.0.0.1 t.blogreaderproject.com #[WebBug]
127.0.0.1 ads1.prod.bluetape.com
127.0.0.1 blogmark.bokee.com #[Adware.BocaiToolbar]
127.0.0.1 count.blogscout.de
127.0.0.1 track.blogcounter.de
127.0.0.1 www.blogcounter.de
127.0.0.1 adserver.bluewin.ch
127.0.0.1 ads.boardtracker.com
127.0.0.1 ranks.boardtracker.com
127.0.0.1 adimage.bokee.com
127.0.0.1 ad.bol.bg
127.0.0.1 adv.bol.bg
127.0.0.1 ads.bomis.com
127.0.0.1 banners.bookmaker.com
127.0.0.1 boolom.com #[Win32/Viking.DA]
127.0.0.1 ccc.boolans.com #[Adware.Rugo]
127.0.0.1 err.boom.ru
127.0.0.1 www.borlander.cn #[Adware.Borlan]
127.0.0.1 www.borlander.com.cn #[ADSPY/Boran.X.19.C]
127.0.0.1 astalavista.box.sk #[SiteAdvisor.astalavista.box.sk]
127.0.0.1 ads.brainiads.com
127.0.0.1 download.bravesentry.com #[McAfee.BraveSentry]
127.0.0.1 support.bravesentry.com
127.0.0.1 www.bravesentry.com #[NOD32.Win32/Adware.SpySheriff.variant]
127.0.0.1 bans.bride.ru #[IE-SpyAd]
127.0.0.1 cc.bridgetrack.com
127.0.0.1 citi.bridgetrack.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 citi.bridgetrack.com.edgesuite.net
127.0.0.1 rccl.bridgetrack.com #[MVPS.Criteria]
127.0.0.1 banners.broadwayworld.com
127.0.0.1 www.browserplugin.com #[HJTH.EroticAccess][wobz.de]
127.0.0.1 bsdpng.info
127.0.0.1 btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
127.0.0.1 www.btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
127.0.0.1 www.bulletads.com
127.0.0.1 redemption.bullseye-media.net
127.0.0.1 users.bullseye-media.net
127.0.0.1 www.bullseye-media.net
127.0.0.1 bunnezone.com #[Win32/Jep.Russ]
127.0.0.1 burnsrecyclinginc.com #[Win32/TrojanDropper.Agent.NBX]
127.0.0.1 www.burnsrecyclinginc.com
127.0.0.1 ad1.bustcash.com
127.0.0.1 www.buy404s.com
127.0.0.1 www.buzzclick.com
127.0.0.1 tr.buzzlogic.com
127.0.0.1 byet.org #[zedo.com]
127.0.0.1 byindia.com #[Spamdexing]
127.0.0.1 www.byip.cn #[Google.Warning]
127.0.0.1 multi.byulcom.com #[Win32/TrojanDownloader.Small.BIV]
# [C]
127.0.0.1 ads.calgarystampede.com
127.0.0.1 canadianhw.ca #[VBS/Envary.A]
127.0.0.1 www.canadianhw.ca
127.0.0.1 images.cashfiesta.com #[AdWare.CashFiesta.a]
127.0.0.1 www.cashfiesta.com #[McAfee.Adware-CashFiesta]
127.0.0.1 www.cashfiesta.net
127.0.0.1 banner.casinoking.com #[AdWare.Win32.Casino.ae]
127.0.0.1 www.cashventure.com
127.0.0.1 ads.casino.com
127.0.0.1 out.catchonlife.com #[lootseek.com]
127.0.0.1 ad.caradisiac.com
127.0.0.1 ads.cars.com
127.0.0.1 blockbuster.com.7.ccg360.com
127.0.0.1 blockbuster.med.ccg360.com
127.0.0.1 www.cd321.com
127.0.0.1 ads.cdfreaks.com #[eTrust.Ads.cdfreaks]
127.0.0.1 ads.cdrinfo.com
127.0.0.1 stats.cdrinfo.com #[WebBug]
127.0.0.1 www.celebritypicturesarchive.com #[Trojan-Downloader.Win32.IstBar.nn]
127.0.0.1 www.celebrity-pictures-world.com #[Trojan-Downloader.Win32.IstBar.nn]
127.0.0.1 clicktracker.centrum.cz
127.0.0.1 mds.centrport.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 cetrk.com
127.0.0.1 cesp.be #[HTML/TrojanDownloader.Agent.NAB]
127.0.0.1 adserver.cducinema.com
127.0.0.1 counter.cgiworld.net
127.0.0.1 tracker.cgiworld.net
127.0.0.1 abc.checkm8.com
127.0.0.1 rmm1u.checkm8.com
127.0.0.1 web.checkm8.com #[CHECKM8 AD TAGS]
127.0.0.1 web2.checkm8.com
127.0.0.1 ads.checkm8.co.za
127.0.0.1 ads.chellomedia.com
127.0.0.1 ads.china.com
127.0.0.1 www.china3q.com #[Trojan.Startpage.S]
127.0.0.1 ad.chip.de
127.0.0.1 www.chsniper.com #[Downloader.Sniper]
127.0.0.1 ad.cibleclick.com #[eTrust.Cibleclick]
127.0.0.1 www.cibleclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 cindyproject.info #[Spamdexing]
127.0.0.1 www.classicequipment.com #[Google.Warning]
127.0.0.1 board.classifieds1000.com
127.0.0.1 xp.classifieds1000.com
127.0.0.1 www.classifieds1000.com #[SiteAdvisor.classifieds1000.com]
127.0.0.1 images.clckm.com
127.0.0.1 pics.clckm.com #[Parking Service]
127.0.0.1 cleanfeed.info #[Spamdexing]
127.0.0.1 ads.clickad.com #[eTrust.Tracking Cookie]
127.0.0.1 clickbank.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank][Adware.ClickDLoader]
127.0.0.1 ssl.clickbank.net
127.0.0.1 zzz.clickbank.net #[Ewido.TrackingCookie.Clickbank]
127.0.0.1 publishers.clickbooth.com #[directleads.com]
127.0.0.1 clickboothlnk.com
127.0.0.1 www.clickboothlnk.com
127.0.0.1 j.clickdensity.com
127.0.0.1 r.clickdensity.com
127.0.0.1 dsml.clickexperts.net
127.0.0.1 www.clicks2you.com
127.0.0.1 www.clickmanage.com
127.0.0.1 clicktopsite.com #[Spamdexing]
127.0.0.1 clicktracks.com #[McAfee.Cookie-Clicktracks]
127.0.0.1 stats.clicktracks.com #[Tenebril.Tracking Cookie]
127.0.0.1 stats1.clicktracks.com # [eTrust.Tracking Cookie]
127.0.0.1 stats2.clicktracks.com #[SpySweeper.Spy.Cookie]
127.0.0.1 stats3.clicktracks.com
127.0.0.1 stats4.clicktracks.com
127.0.0.1 www.clicktracks.com #[SunBelt.ClickTracks]
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com
127.0.0.1 hit.click2006.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com #[SunBelt.ClickHouse]
127.0.0.1 www.click-power.com #[Win32/TrojanDownloader.VB.JL][Win32.Virtumonde.by]
127.0.0.1 www.clicks4u.com #[IE-SpyAd]
127.0.0.1 www.clicksbroker.com
127.0.0.1 ad1.clickhype.com #[Ewido.TrackingCookie.Clickhype]
127.0.0.1 clickoly.com #[Spamdexing]
127.0.0.1 redirect.clickshield.net
127.0.0.1 clickthru.net
127.0.0.1 ads.clickthru.net
127.0.0.1 icon.clickthru.net
127.0.0.1 clicktorrent.info
127.0.0.1 static.clicktorrent.info
127.0.0.1 www.clicktorrent.info #[phpAds]
127.0.0.1 www1.clicktorrent.info
127.0.0.1 norbert_sirot.club.fr #[Trojan-Spy.Win32.Banker.anv]
127.0.0.1 banner.clubdicecasino.com
127.0.0.1 adserver.clix.pt
127.0.0.1 ad.cmfu.com
127.0.0.1 www.cnstats.com
127.0.0.1 ad.coas2.co.kr
127.0.0.1 ads.cobrad.com
127.0.0.1 collectiveads.net
127.0.0.1 www.combimedia.nl
127.0.0.1 bdx.comclick.com
127.0.0.1 br.comclick.com
127.0.0.1 ct2.comclick.com #[Tenebril.Tracking Cookie]
127.0.0.1 fl01.ct2.comclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com #[Ewido.TrackingCookie.Comclick]
127.0.0.1 members.commissionmonster.com
127.0.0.1 aa.connextra.com
127.0.0.1 bb.connextra.com #[a22.g.akamai.net]
127.0.0.1 cc.connextra.com
127.0.0.1 dd.connextra.com
127.0.0.1 ee.connextra.com
127.0.0.1 ff.connextra.com #[a22.g.akamai.net]
127.0.0.1 data.connextra.com
127.0.0.1 linkexchange.consoleunderground.com
127.0.0.1 www.consoleunderground.com #[Adware.Begin2search]
127.0.0.1 ads.consumeraffairs.com
127.0.0.1 ads.contactmusic.com #[AdvertPro]
127.0.0.1 servedby.contextuad.org
127.0.0.1 svp.contextuad.org #[SunBelt.ContextuAd]
127.0.0.1 www.contextualclick.com #[Dynamic keywords analyser]
127.0.0.1 ads.console.net
127.0.0.1 su.copylouis.info #[SiteAdvisor.msiesettings.com]
127.0.0.1 banners.copyscape.com
127.0.0.1 www.countit.ch
127.0.0.1 counter.co.kz
127.0.0.1 www.counter-gratis.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.countercentral.com
127.0.0.1 www.counterguide.com
127.0.0.1 counter-shop.net
127.0.0.1 htm-pop-ky.counterstat.net
127.0.0.1 www.counting4free.com
127.0.0.1 www.counter.cz
127.0.0.1 www.counti.de
127.0.0.1 www.countmypage.com
127.0.0.1 log1.countomat.com
127.0.0.1 connectionzone.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com
127.0.0.1 test.coremetrics.com #[SpySweeper.Spy.Cookie]
127.0.0.1 twci.coremetrics.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 banner.coza.com
127.0.0.1 www.cpaclicks.com #[Spamdexing]
127.0.0.1 server.cpmstar.com #[ads.shizmoo.com]
127.0.0.1 1.cq158.cn #[Win32/Agent.NAW]
127.0.0.1 cracklab.info #[server down?]
127.0.0.1 cracks.am #[eTrust.Cracks.am][ADW_CRAMTB.A]
127.0.0.1 www.cracks.am #[fuck-portal.com][Adware.CramToolbar]
127.0.0.1 ads.cracked.com
127.0.0.1 track.cracked.com
127.0.0.1 www.crackserver.com #[StopBadware.Report]
127.0.0.1 new.crashextads.co.uk
127.0.0.1 crawl.ws
127.0.0.1 cont.crawl.ws #[AdWare.Win32.MegaKiss.b]
127.0.0.1 www.crawl.ws
127.0.0.1 counter.credo.ru
127.0.0.1 www.cridem.org #[Win32/Spy.Banker.AHY]
127.0.0.1 www.crispads.com
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 ads.crucialparadigm.com
127.0.0.1 crunet.info #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 cxss358.com #[HTML/TrojanDownloader.Agent.BP]
127.0.0.1 cyberbounty.com
127.0.0.1 clk.cyberbounty.com
127.0.0.1 pop.cyberbounty.com
127.0.0.1 serve.cyberbounty.com
127.0.0.1 www.cyberbounty.com
127.0.0.1 js.cybermonitor.com #[McAfee.Cookie-Cybermonitor]
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 banner.cybertechdev.com
127.0.0.1 cybertown.ru
127.0.0.1 search.cygo.net
127.0.0.1 www.cygo.net #[McAfee.Adware-Cygo]
127.0.0.1 cytron.com #[DailyWinner][eTrust.Cytron]
127.0.0.1 www.cytron.com
# [D]
127.0.0.1 www.d3m0n.biz
127.0.0.1 dabestdomain.info #[SiteAdvisor.msiesettings.com]
127.0.0.1 ads.dada.it
127.0.0.1 mm.dalumm.com #[Win32/TrojanDownloader.Small.TZ]
127.0.0.1 www.data-jpn.com #[Trojan.Pajatan]
127.0.0.1 banner.date.com #[Tenebril.Tracking Cookie]
127.0.0.1 www.dateclix.com #[DateClix.com Banner Exchange Code]
127.0.0.1 datingbanners.net
127.0.0.1 ads.datinggold.com
127.0.0.1 ad.db3nf.com
127.0.0.1 dcstat.com
127.0.0.1 deansplanet.com #[Malicious.Links.Zango]
127.0.0.1 www.deansplanet.com
127.0.0.1 au.track.decideinteractive.com
127.0.0.1 au.link.decideinteractive.com
127.0.0.1 eu.link.decideinteractive.com
127.0.0.1 link.decideinteractive.com
127.0.0.1 www.decideinteractive.com
127.0.0.1 www.decideinteractive.co.uk
127.0.0.1 deepcom.com #[SiteAdvisor.deepcom.com]
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com #[Microsoft]
127.0.0.1 demsas-iran.com #[VBS/Envary.A]
127.0.0.1 ads.dennisnet.co.uk
127.0.0.1 ad.depositfiles.com
127.0.0.1 ad.detik.com
127.0.0.1 desire-search.com #[Spamdexing]
127.0.0.1 ads.deviantart.com
127.0.0.1 adsvr.deviantart.com
127.0.0.1 phpadsnew.devstart.com
127.0.0.1 banners.diariodelaltoaragon.es
127.0.0.1 track.did-it.com #[Panda.Spyware:Cookie/did-it]
127.0.0.1 digiwexonline.com #[W32/Kibik.a]
127.0.0.1 www.digink.com #[PcTools.SysCheckBop32]
127.0.0.1 ads.digitalpoint.com
127.0.0.1 geo.digitalpoint.com
127.0.0.1 hk.digitaltrends.com
127.0.0.1 comm1.digits.com
127.0.0.1 counter.digits.com #[IE-SpyAd]
127.0.0.1 ads.dir.bg
127.0.0.1 banners.dir.bg
127.0.0.1 direct-ip.com #[Adware-DirectIP][SecurityRisk.DirectIP]
127.0.0.1 www.direct-ip.com #[Adware-DirectIP][Adware-CommanderNET]
127.0.0.1 ad.directconnect.se
127.0.0.1 banners.directnic.com #[SecuritySpace.WebBug][MVPS.Criteria]
127.0.0.1 dnads.directnic.com
127.0.0.1 parked.directnic.com
127.0.0.1 stats.directnic.com
127.0.0.1 www.directnicparking.com
127.0.0.1 cache.directorym.com #[c2.mii.instacontent.net]
127.0.0.1 ads.directnetadvertising.net
127.0.0.1 www.directnetadvertising.net #[Ad-Aware Tracking Cookie]
127.0.0.1 ad.displayadsmedia.com
127.0.0.1 agentq.ditto.com
127.0.0.1 js.ditto.com
127.0.0.1 matrix.ditto.com
127.0.0.1 media.ditto.com #[a232.x.akamai.net]
127.0.0.1 www.ditto.com #[AdWare.Win32.Softomate.c]
127.0.0.1 cnads.dixcom.com
127.0.0.1 dcww.dmcast.com #[Adware-DesktopMedia]
127.0.0.1 ad1.dmcmedia.co.kr
127.0.0.1 dmdl.dmcast.com
127.0.0.1 install.dmcast.com #[Adware-DesktopMedia.dr]
127.0.0.1 track.dmipartners.com
127.0.0.1 ads.dmnews.com
127.0.0.1 ad.dmpi.net
127.0.0.1 ad2.dmpi.net
127.0.0.1 ad3.dmpi.net
127.0.0.1 ad4.dmpi.net
127.0.0.1 ubnm.dmpi.net
127.0.0.1 www.dnscaching.net #[SiteAdvisor.dnscaching.net]
127.0.0.1 dnv-counter.com
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 www.dodostats.com
127.0.0.1 doorgen.com #[Spamdexing]
127.0.0.1 www.doorgen.com
127.0.0.1 ads.dotomi.com
127.0.0.1 www.donotchangeme.com
127.0.0.1 www.down988.cn #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 www.download-services.com #[VBA32.Trojan-Downloader.Agent.26]
127.0.0.1 www.downseek.com #[SunBelt.DownSeek Search]
127.0.0.1 downloa-d.com
127.0.0.1 www.downloa-d.com #[Trojan-Clicker.Win32.Agent.ip]
127.0.0.1 banners.dpnet.com.br
127.0.0.1 drmx01.net #[Spamdexing]
127.0.0.1 counter.dreamhost.com
127.0.0.1 www.claus.drehteile-rieche.de #[Win32.Formglieder.B]
127.0.0.1 www.dreamadvert.com #[SunBelt.Dreamadvert]
127.0.0.1 www.dropthehammer.com #[Win32/Spy.Banker.AHY]
127.0.0.1 ads.drugs.com
127.0.0.1 b.ds1.nl
127.0.0.1 ddd.dudu.com #[Tenebril.DuDu Accelerator]
127.0.0.1 ulink4.dudu.com #[Adware.DDDClient][SunBelt.DuDuAccelerator]
127.0.0.1 ulink13.dudu.com #[Win32/Adware.DM]
127.0.0.1 www.dudu.com #[McAfee.Downloader-AVV]
127.0.0.1 www.duenow.com
127.0.0.1 www.dutty.de #[W32.Peerload.A]
127.0.0.1 gfx.dvlabs.com
127.0.0.1 klipads.dvlabs.com
127.0.0.1 www.dzy520.com #[Google.Warning]
# [E]
127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
127.0.0.1 www.e2give.com
127.0.0.1 hits.e.cl
127.0.0.1 blogads.ebanner.nl
127.0.0.1 www.e-bannerx.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.earncashontheinternet.com #[SunBelt.OpinionBar]
127.0.0.1 www.eash.info #[Spamdexing][Microsoft.Strider]
127.0.0.1 click.easilyfound.com #[Tenebril.AdTraffic]
127.0.0.1 www.easilyfound.com
127.0.0.1 www.eastworldnetwork.com
127.0.0.1 www.easycounter.com #[IE-SpyAd]
127.0.0.1 banners.easydns.com
127.0.0.1 easyerror.info #[Trojan-Downloader.Win32.Delf.agw]
127.0.0.1 easyhitcounters.com
127.0.0.1 beta.easyhitcounters.com
127.0.0.1 www.ebannertraffic.com
127.0.0.1 easy-web-stats.com
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 mailer.ebates.com
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 ads.eccentrix.com
127.0.0.1 ads.ecrush.com #[AdvertPro]
127.0.0.1 www.eden21.net #[Win32/Haxdoor][TR/Dldr.Botol.D.1]
127.0.0.1 c6.edgesuite.net #[RealMedia]
127.0.0.1 ads.edirectme.com
127.0.0.1 qq.ee28.cn #[Javascript.Exploit]
127.0.0.1 www.ejmx.com #[Adware.ElectroJMX]
127.0.0.1 ad.e-kolay.net
127.0.0.1 www.ek21.com #[Trojan.Chost.B]
127.0.0.1 www.elancenet.org #[Worm/Eyeveg.CH]
127.0.0.1 elitwarez.ru #[Javascript.Exploit]
127.0.0.1 www.elitwarez.ru
127.0.0.1 now.eloqua.com #[WebBug]
127.0.0.1 ads.eluniversal.com.mx
127.0.0.1 hits.eluniversal.com.mx
127.0.0.1 publicidad.eluniversal.com.mx
127.0.0.1 elwebsearch.info #[Malicious Links]
127.0.0.1 wwv.elwebsearch.info
127.0.0.1 www.elwebsearch.info
127.0.0.1 ad1.emediate.dk
127.0.0.1 ad1.emediate.se
127.0.0.1 www.emoinstaller.com #[Win32/Adware.NdotNet][SiteAdvisor.emoinstaller.com]
127.0.0.1 www.emusic.com #[McAfee.Adware-eMusic][F-Secure.Adware.eMusic]
127.0.0.1 dotnet.endai.com
127.0.0.1 stats.engineseeker.com
127.0.0.1 entk.net
127.0.0.1 log.enquisite.com
127.0.0.1 adv.entercasino.com #[Adware.Casino.V]
127.0.0.1 ads.eog.com
127.0.0.1 ads.e-planning.net
127.0.0.1 ads.us.e-planning.net
127.0.0.1 adserving00.epi.es
127.0.0.1 adserving03.epi.es
127.0.0.1 launcheruk.escritorioactivo.com
127.0.0.1 vipuk.escritorioactivo.com #[HJTH.123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[eTrust.EScorcher]
127.0.0.1 www.eshopads2.com
127.0.0.1 estat.com
127.0.0.1 perso.estat.com #[Ewido.Spyware.Cookie.Estat]
127.0.0.1 prof.estat.com #[SecuritySpace.WebBug]
127.0.0.1 sky.estat.com
127.0.0.1 www.estat.com
127.0.0.1 gtb.etology.com
127.0.0.1 pages.etology.com
127.0.0.1 www.etracker.de
127.0.0.1 www.etxh.com #[Win32/Prosti.C]
127.0.0.1 ads.ero-advertising.com
127.0.0.1 adopt.euroclick.com #[Ewido.TrackingCookie.Euroclick]
127.0.0.1 cdn.euroclick.com
127.0.0.1 www.euroklik.nl #[EasyBar][HJTH.SinCity Dialer]
127.0.0.1 advert.eurotip.cz
127.0.0.1 www.euros4click.de
127.0.0.1 ad.eurosport.com #[oas.eurosport.com]
127.0.0.1 www.eurowebstats.com
127.0.0.1 www.everestpoker.com #[AdWare.Win32.Casino.t]
127.0.0.1 advert.exaccess.ru
127.0.0.1 dynamic.exaccess.ru
127.0.0.1 static.exaccess.ru
127.0.0.1 www.exchangead.com
127.0.0.1 exchange.bg
127.0.0.1 www.exchange.bg
127.0.0.1 exit-ad.de #[Ad-Aware.Tracking Cookie]
127.0.0.1 exitexchange.com #[IE-SpyAd][SiteAdvisor.exitexchange.com]
127.0.0.1 ads.exitexchange.com
127.0.0.1 count.exitexchange.com #[McAfee.Cookie-Exitexchange]
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www.exittrade.com
127.0.0.1 www.exittraffic.net #[SiteAdvisor.exittraffic.net]
127.0.0.1 syndication.exoclick.com
127.0.0.1 nyton.experclick.com #[p.mii.instacontent.net]
127.0.0.1 www.experclick.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ads.expressindia.com
127.0.0.1 banners.expressindia.com
127.0.0.1 cdn.eyewonder.com #[SunBelt.EyeWonder]
127.0.0.1 pixel1097.everesttech.net
127.0.0.1 pixel1324.everesttech.net
127.0.0.1 pixel1370.everesttech.net
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 evilman.cn #[Win32/TrojanDownloader.VB.APY]
127.0.0.1 ads2.exhedra.com
127.0.0.1 www.eyeget.com #[McAfee.Adware-EyeGet]
127.0.0.1 feedback.eyereturn.com
127.0.0.1 resources.eyereturn.com
127.0.0.1 timespent.eyereturn.com
127.0.0.1 voken.eyereturn.com
127.0.0.1 ads.ezboard.com
127.0.0.1 eziin.com #[Adware.Eziin]
127.0.0.1 www.eziin.com
127.0.0.1 www.ezurl.co.kr #[Spyware.Ezurl]
# [F]
127.0.0.1 ads.facebook.com #[facebook-ads.vo.llnwd.net]
127.0.0.1 www.factorygames.com #[SiteAdvisor.factorygames.com]
127.0.0.1 banner.fairpoker.com #[AdWare.Win32.Casino.w]
127.0.0.1 www.fast-adv.it
127.0.0.1 www.fastfind.org #[TROJ_STARTPAG.KF][Win32/Adware.MediaBack]
127.0.0.1 fastonlineusers.com
127.0.0.1 fasttrack.nu
127.0.0.1 fastwebcounter.com
127.0.0.1 counter.fateback.com
127.0.0.1 counter1.fc2.com
127.0.0.1 www.ffxiforums.net #[Trojan-PSW.Win32.OnLineGames.kw]
127.0.0.1 alex.fileburst.com #[Win32/TrojanDropper.Agent.NBT]
127.0.0.1 adserver.filefront.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 findover.org #[Spamdexing]
127.0.0.1 search.findscout.com
127.0.0.1 www.findscout.com #[W32/Delf.KPZ]
127.0.0.1 ai.p.findology.com
127.0.0.1 banner.finn.no
127.0.0.1 ads.firingsquad.com
127.0.0.1 ads2.firingsquad.com
127.0.0.1 ads.firstgrand.com
127.0.0.1 firstwolf.org #[Downloader-BAC]
127.0.0.1 fishclix.com
127.0.0.1 www.fishclix.com
127.0.0.1 www.fish-screensaver.com #[AdWare.Win32.Gator.1008]
127.0.0.1 www.fjordbergen.com #[Win32/Spy.Banker.BIG]
127.0.0.1 www.fjjyjy.net #[Win32/Hipigon][W32.Fijjy]
127.0.0.1 cdn.flashedmail.com #[Parked?]
127.0.0.1 tracker1.flashedmail.com #[IE-SpyAd]
127.0.0.1 adserver4.fluent.ltd.uk
127.0.0.1 adserver.fmpub.net
127.0.0.1 dynamic.fmpub.net
127.0.0.1 static.fmpub.net
127.0.0.1 ads.fmwinc.com
127.0.0.1 www.foofle.net #[Backdoor.Foobot]
127.0.0.1 adcycle.footymad.net
127.0.0.1 www.forodeortodoncia.com #[Backdoor.IRC.Zapchast]
127.0.0.1 js.forrestersurveys.com
127.0.0.1 socratos.forrestersurveys.com
127.0.0.1 user.france.net.in #[Javascript.Exploit]
127.0.0.1 akcr.free.fr #[Win32/Spy.Bancos.U]
127.0.0.1 googlelite.free.fr #[Spamdexing]
127.0.0.1 ad.freecity.de
127.0.0.1 ads05.freecity.de
127.0.0.1 freecounters.xp.tl
127.0.0.1 maurobb.freecounter.it
127.0.0.1 www.freecounter.it
127.0.0.1 securinews.free.fr #[Trojan.Hexem]
127.0.0.1 www.freedownloadhq.com #[SiteAdvisor.freedownloadhq.com]
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehitwebcounters.com
127.0.0.1 adverts.freeloader.com
127.0.0.1 freelogs.com
127.0.0.1 bar.freelogs.com
127.0.0.1 goo.freelogs.com
127.0.0.1 htm.freelogs.com
127.0.0.1 ico.freelogs.com
127.0.0.1 joe.freelogs.com
127.0.0.1 mom.freelogs.com
127.0.0.1 xyz.freelogs.com
127.0.0.1 adserver.freenet.de
127.0.0.1 freeonlineusers.com
127.0.0.1 www.free-ranking.de
127.0.0.1 freescanpro.com
127.0.0.1 www.freescanpro.com
127.0.0.1 free-stats.com
127.0.0.1 abbyssh.freestats.com
127.0.0.1 insurancejournal.freestats.com
127.0.0.1 www.freestat.ws
127.0.0.1 www.freestats.ws
127.0.0.1 banners.freett.com
127.0.0.1 count.freett.com
127.0.0.1 counters.freewebs.com
127.0.0.1 ads.freeonlinegames.com
127.0.0.1 stats.freeonlinegames.com
127.0.0.1 error.freewebsites.com
127.0.0.1 www.freewebsites.com
127.0.0.1 media.ftv-publicite.fr #[RealMedia]
127.0.0.1 fullddl.com
127.0.0.1 www.fullddl.com #[HTML/TrojanDownloader.XXXToolbar]
127.0.0.1 404.funpic.de
127.0.0.1 funppc.com
127.0.0.1 www.funppc.com
127.0.0.1 ads.futurenetworkusa.com
# [G]
127.0.0.1 ads.gad-network.com
127.0.0.1 adserver.gadu-gadu.pl
127.0.0.1 www.gamersbanner.com
127.0.0.1 ads.gameservers.com
127.0.0.1 ads.gamespy.com #[SpySweeper.Spy.Cookie]
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads.gamespyid.com
127.0.0.1 www.gameurdr.com #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 server.gamyun.net
127.0.0.1 www.gamyun.net #[Adware.GamyunIeToolbar]
127.0.0.1 ad.garantiarkadas.com
127.0.0.1 ads.gather.com
127.0.0.1 track.gawker.com #[WebBug]
127.0.0.1 js.gbeb.cc #[Javascript.Exploit]
127.0.0.1 haymarket-adserver.gcnpublishing.com
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 sda.geek.com #[AdvertPro]
127.0.0.1 adserver.geenstijl.nl
127.0.0.1 kassa.geenstijl.nl
127.0.0.1 adserver.geizkragen.de
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 geotarget.info #[Whois.Blacklisted]
127.0.0.1 banners.geotarget.info
127.0.0.1 www.geotarget.info
127.0.0.1 www.geowhere.net #[SunBelt.GeoWhere Search]
127.0.0.1 get-access.host.sk #[McAfee.StartPage-IR]
127.0.0.1 getclicky.com
127.0.0.1 static.getclicky.com
127.0.0.1 www.getmusicvideocodes.com #[Malicious.Links.Zango]
127.0.0.1 www.getsmart.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b][Adware.Getup]
127.0.0.1 banner.giantvegas.com
127.0.0.1 truehits.gits.net.th
127.0.0.1 truehits1.gits.net.th
127.0.0.1 ads.globo.com
127.0.0.1 ads.img.globo.com
127.0.0.1 glory-movy.net #[Javascript.Exploit]
127.0.0.1 duke.gocomics.com #[ads.uclick.com]
127.0.0.1 www.god74.com #[Trojan.Huanux]
127.0.0.1 www.godesktop.com #[SiteAdvisor.godesktop.com]
127.0.0.1 adserver2.goals365.com
127.0.0.1 www.go-and-search.com #[Spamdexing]
127.0.0.1 goglee.biz
127.0.0.1 www.goglee.biz
127.0.0.1 golden-keys.net #[Spamdexing]
127.0.0.1 banner.goldenpalace.com #[Tenebril.Tracking Cookie]
127.0.0.1 stage.goldkey.com #[Parking Service]
127.0.0.1 goldstats.net
127.0.0.1 www.goldstats.net
127.0.0.1 www.goodhealth-search.com #[Spamdexing]
127.0.0.1 www.qooqlesearch.com #[Spamdexing]
127.0.0.1 www.goggle.com #[IE-SpyAd][typo squatter]
127.0.0.1 google-counter.com #[Win32/Spy.Banker.CKW]
127.0.0.1 www.google-counter.com #[Google.Warning]
127.0.0.1 google-moogle.com #[Spamdexing]
127.0.0.1 www.google-moogle.com
127.0.0.1 show.googleadsenseagent.com #[Adware.Roogoo][server down?]
127.0.0.1 www.google-hard.com #[Win32/TrojanProxy.Agent.LK]
127.0.0.1 google-pharmacy.com #[Spamdexing]
127.0.0.1 goooglegulp.com #[Spamdexing]
127.0.0.1 www.gogogo.com #[PremiumTraffic.Parking Service]
127.0.0.1 partner.gonamic.de
127.0.0.1 www.goodsearchnow.com #[Trojan.Jakposh]
127.0.0.1 googlus.com #[Spamdexing]
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 goserv.com #[VBS/Exploit.Phel.A]
127.0.0.1 stat.org.gosite.ws
127.0.0.1 gostats.com
127.0.0.1 as.gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com #[SpySweeper.Spy.Cookie]
127.0.0.1 c3.gostats.com
127.0.0.1 c4.gostats.com #[Panda.Spyware:Cookie/GoStats]
127.0.0.1 ded.gostats.com
127.0.0.1 monster.gostats.com
127.0.0.1 webcounter.goweb.de
127.0.0.1 ads.goyk.com
127.0.0.1 www.gpt-pal.com #[Javascript.Exploit]
127.0.0.1 graffitifonts.com
127.0.0.1 www.graffitifonts.com #[Malicious.Links.Zango]
127.0.0.1 graficastrigo.com #[Trojan.Tabela.E]
127.0.0.1 www.gratis-toplist.de
127.0.0.1 adv.gratuito.st
127.0.0.1 greatfog.com #[Javascript.Exploit]
127.0.0.1 www.greasypalm.co.uk #[PcTools.GreasyPalm bar]
127.0.0.1 greencunt.org #[Javascript.Exploit]
127.0.0.1 grepblogs.net
127.0.0.1 grigcnt.info #[Javascript.Exploit]
127.0.0.1 adserver.gruprc.ro
127.0.0.1 publi.grupocorreo.es #[RealMedia]
127.0.0.1 ads.guru3d.com
127.0.0.1 www.g-wizzads.net #[adbureau.net]
# [H]
127.0.0.1 www.h148.cn #[Google.Warning]
127.0.0.1 ads2.haber3.com
127.0.0.1 www.handyarchive.com #[SiteAdvisor.handyarchive.com]
127.0.0.1 www.haogs.cn
127.0.0.1 www.haosf128.com #[Google.Warning]
127.0.0.1 streamit.hardwarezone.com
127.0.0.1 ad1.hardware.no #[AdvertPro]
127.0.0.1 adserver.hardwareanalysis.com
127.0.0.1 www.harmonyhollow.net #[Adware Bundler]
127.0.0.1 ads.harpers.org
127.0.0.1 hartim.com
127.0.0.1 ad0.haynet.com
127.0.0.1 ad.hbv.de
127.0.0.1 ads.heias.com
127.0.0.1 www.helpdesignonline.com
127.0.0.1 helpingfind.info #[SiteAdvisor.msiesettings.com]
127.0.0.1 www.henbang.net #[Adware.Henbang][SPYW_HAP.A]
127.0.0.1 www.hentaibanners.com
127.0.0.1 www.hentaicashmachine.com
127.0.0.1 www.hentaicounter.com
127.0.0.1 www.hentaipop.com #[Electronic Group Dialer]
127.0.0.1 www.hentaiseeker.com
127.0.0.1 www.hentaitoonami.com
127.0.0.1 ads.herbalsmokeshop.com
127.0.0.1 www.herbalsmokeshops.com
127.0.0.1 www2.hermoment.com
127.0.0.1 www.hermoment.com
127.0.0.1 ads.hexun.com
127.0.0.1 www.hey.lt
127.0.0.1 hiden.info #[Javascript.Exploit]
127.0.0.1 pubs.hiddennetwork.com
127.0.0.1 ads.highdefdigest.com
127.0.0.1 www.hiperstat.com
127.0.0.1 adserver.hispanoclick.com
127.0.0.1 www.hitscount.com
127.0.0.1 hits-counter.com
127.0.0.1 www.hits-counter.com
127.0.0.1 ctr.hitcounter-1.com
127.0.0.1 www.hit-counter-download.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com #[ADW_HITHOPPER.A]
127.0.0.1 www.hitlogger.com
127.0.0.1 rdr.hitmngr.com
127.0.0.1 hitmodel.net
127.0.0.1 www.hit-counts.com
127.0.0.1 hit-now.com
127.0.0.1 www.hitscreamer.com
127.0.0.1 hitslog.com
127.0.0.1 h1.hitslog.com
127.0.0.1 s4.histats.com
127.0.0.1 s10.histats.com
127.0.0.1 s11.histats.com
127.0.0.1 www.hitstats.co.uk
127.0.0.1 hitstats.net
127.0.0.1 www.hittracking.com
127.0.0.1 images.hitwise.co.uk
127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
127.0.0.1 adserver.hostfinderguy.com
127.0.0.1 www.gontijoamaral.hpg.com.br #[Adware.Diginum]
127.0.0.1 www.adserver.home.pl
127.0.0.1 www.homeoffun.com #[SiteAdvisor.homeoffun.com]
127.0.0.1 counters.honesty.com
127.0.0.1 cgi.honesty.com #[MVPS.Criteria]
127.0.0.1 ad.hosting.pl
127.0.0.1 ns1.hosting101.biz #[JS/Small.DN]
127.0.0.1 hot8888.com #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 hot8888.cn #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 ad2.hotels.com
127.0.0.1 www.hot-lindsay.com #[Zango][Parked?]
127.0.0.1 cgi.hotstat.nl
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 hotstream.info
127.0.0.1 ad.howstuffworks.com #[RealMedia][SpySweeper.Spy.Cookie]
127.0.0.1 hpod.com
127.0.0.1 www.htmate2.com #[Cursor.MySpace]
127.0.0.1 adserver.html.it
127.0.0.1 click.html.it
127.0.0.1 vip.huigezi.com #[Backdoor.Graybird.Q][W32.Looked.F]
127.0.0.1 down.hunll.com #[BDS/Agent.ahj.701]
127.0.0.1 www.huxley-online.net #[Win32/Spy.Elite.10.A]
127.0.0.1 hyip-review.info #[Javascript.Exploit]
127.0.0.1 www.hypercounter.com
127.0.0.1 www.hypertracker.com #[SpySweeper.Spy.Cookie]
# [I]
127.0.0.1 ads.iafrica.com
127.0.0.1 ibm-ssl.com #[Trojan.DR.Cimuz.Gen.1]
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com #[SunBelt.ICDirect.com]
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 tracker.icerocket.com
127.0.0.1 ads.idgnow.com.br
127.0.0.1 banners.idg.com.br
127.0.0.1 adidm07.idmnet.pl
127.0.0.1 adidm.idmnet.pl
127.0.0.1 ie-exe.com #[AdWare.Win32.Softomate.x]
127.0.0.1 ad.ifrance.com
127.0.0.1 ijk.cc #[JS/Downloader-BCP]
127.0.0.1 image-catcher.com
127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
127.0.0.1 stats.surfaid.ihost.com #[IE-SpyAd]
127.0.0.1 adserver.ig.com.br
127.0.0.1 gate.ilogbox.com
127.0.0.1 ads.imeem.com
127.0.0.1 bbn.img.com.ua
127.0.0.1 content-ads.impactengine.com
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 ads.ims.nl
127.0.0.1 s201.indexstats.com
127.0.0.1 stats.indexstats.com #[Analytics Tracking Code]
127.0.0.1 stats.indextools.com #[eTrust.Tracking Cookie]
127.0.0.1 campaign.indieclick.com
127.0.0.1 optimize.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 get.inetbar.com #[SunBelt.INetBar]
127.0.0.1 juggler.inetinteractive.com
127.0.0.1 rotator.juggler.inetinteractive.com
127.0.0.1 banners.inetfast.com
127.0.0.1 adserving.infinite-ads.com
127.0.0.1 www.infineo.de #[Win32/Spy.Banker.AWA]
127.0.0.1 www.info--bits.com
127.0.0.1 infospot.infocious.com
127.0.0.1 ads.infospace.com #[ADW_DEALHELPER.C]
127.0.0.1 msxml.infospace.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www.infotelsrl.com #[eTrust.Infotel srl]
127.0.0.1 ads.injersey.com #[RealMedia]
127.0.0.1 bimonline.insites.be
127.0.0.1 ads.intellicast.com #[weather.com]
127.0.0.1 strtt.interfree.it #[W32.Iberio]
127.0.0.1 counter.internet.ge
127.0.0.1 indiads.com
127.0.0.1 images.indiads.com
127.0.0.1 servedby.indiads.com #[RealMedia]
127.0.0.1 popups.infostart.com #[eTrust.Popups.infostart.com]
127.0.0.1 www.imiclk.com
127.0.0.1 inexplorer.com
127.0.0.1 toolbar.inexplorer.com #[Win32/Parite.B]
127.0.0.1 www.inexplorer.com
127.0.0.1 www.inpopo.com #[W32.Validin]
127.0.0.1 oc.inspectorclick.com
127.0.0.1 trax.inspectorclick.com
127.0.0.1 v2.inspectorclick.com
127.0.0.1 v3.inspectorclick.com
127.0.0.1 instantbuzz.com #[NOD32.Win32/Adware.InstantBuzz]
127.0.0.1 www2.instantbuzz.com
127.0.0.1 www.instantbuzz.com #[Adware.ToolBar.InstantBuzz.a]
127.0.0.1 media.intelia.it
127.0.0.1 anm.intelli-direct.com #[IntelliTracker]
127.0.0.1 info.intelli-direct.com
127.0.0.1 oxfam.intelli-direct.com
127.0.0.1 tui.intelli-direct.com
127.0.0.1 www.intelli-tracker.com
127.0.0.1 intraviewer.net
127.0.0.1 www.intraviewer.net
127.0.0.1 newadserver.interfree.it #[Adcycle]
127.0.0.1 internet-explorer.name #[Trojan-Clicker.Win32.Agent.ip]
127.0.0.1 www.internet-explorer.name
127.0.0.1 www.interstats.nl
127.0.0.1 www.intrastats.com
127.0.0.1 channels.intwined.com #[Adware/ToolBar.ISearch.c]
127.0.0.1 search.intwined.com
127.0.0.1 www.intwined.com #[McAfee.Adware-SSF!Hosts]
127.0.0.1 www.invinc.com #[Troj/Dloader-J]
127.0.0.1 www.ipcounter.de
127.0.0.1 ad2.ip.ro
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipqwe.com #[Exploit.ANI]
127.0.0.1 content.ipro.com #[WebBug]
127.0.0.1 www.ipstat.com
127.0.0.1 adzones.ircspy.com
127.0.0.1 isecurepages.net #[Google Warning]
127.0.0.1 www.isecurepages.net #[IFrame.Exploit]
127.0.0.1 www.istats.nl
127.0.0.1 a.isohunt.com
127.0.0.1 adserver1.isohunt.com
127.0.0.1 ads.isoftmarketing.com
127.0.0.1 banman.isoftmarketing.com
127.0.0.1 ads1.itadnetwork.co.uk
127.0.0.1 itcompany.com #[SunBelt.Family Cyber Alert]
127.0.0.1 www.itcompany.com #[Symantec.Spyware.CyberAlert]
127.0.0.1 www.itemgame.net #[W32/HLLP.Philis.ar][server down?]
127.0.0.1 itisbest.info #[Spamdexing]
127.0.0.1 itnos.info
127.0.0.1 www.itrackpages.com
127.0.0.1 ilead.itrack.it
127.0.0.1 adserver.itsfogo.com
127.0.0.1 partnerfeed.itsfogo.com
127.0.0.1 www1.itsun.com
127.0.0.1 www8.itsun.com
127.0.0.1 ads.itv.com #[adbureau.net]
127.0.0.1 barafranca.iwarp.com #[Win32/Spy.ProAgent]
127.0.0.1 www.iwebmusic.com
127.0.0.1 iwebtunes.com #[FTC Action]
127.0.0.1 www.iwebtunes.com
# [J]
127.0.0.1 ad.jamba.de
127.0.0.1 ad.jamba.net
127.0.0.1 ad.jamster.com
127.0.0.1 www.jcount.com
127.0.0.1 www.jellycounter.com
127.0.0.1 www.jethit.com
127.0.0.1 t1.jfglass.net #[Trojan.Booha]
127.0.0.1 dl.jiangmin.com #[Adware-BDSearch.dr]
127.0.0.1 jimmybuttons.com #[eTrust.Win32/Nirbot]
127.0.0.1 www.jm-my.com #[BackDoor-CXI]
127.0.0.1 ad.joetec.net
127.0.0.1 jointmediagroup.com #[Trojan-Spy.Win32.Delf.uc]
127.0.0.1 ads.jokaroo.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 banners.joost.com
127.0.0.1 ads.jossip.com
127.0.0.1 pastorale.jpn.org #[Win32/Spy.Banker.AHY]
127.0.0.1 www.joltid.com #[Adware.P2PNetworking][SPYW_PPNETWORK.B]
127.0.0.1 promotion.jpds.com
127.0.0.1 www.jprmthome.com #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.jstracker.com
127.0.0.1 ads.jt.org
127.0.0.1 www.justfreegames.com #[AdWare.Win32.Relevant.a]
127.0.0.1 925.vip.jx828.net #[HTML/Exploit.IframeBof]
127.0.0.1 jxdoe.com #[Win32/TrojanDownloader.Ani.Gen]
# [K]
127.0.0.1 www.k265.com #[Adware.Borlan]
127.0.0.1 stat.katalysatormedia.no
127.0.0.1 kazantip-top.com
127.0.0.1 www.kazantip-top.com #[HTML/Exploit.VMLFill]
127.0.0.1 ads.webfever.kadserver.com
127.0.0.1 ads.deblok.net.kadserver.com
127.0.0.1 ads.zebest-3000.net.kadserver.com
127.0.0.1 countus.get.kadserver.com
127.0.0.1 geo113prod.kadserver.com
127.0.0.1 get.kadserver.com
127.0.0.1 scripts.kataweb.it
127.0.0.1 kazaalite.pl
127.0.0.1 www.kazaalite.pl #[MHTMLRedir.Exploit]
127.0.0.1 gavzad.keenspot.com
127.0.0.1 ad.kewlbox.com
127.0.0.1 a.keyrun.com #[Adware-TargetAD]
127.0.0.1 u.keyrun.com
127.0.0.1 union.keyrun.com
127.0.0.1 ww.keyrun.com
127.0.0.1 www1.keyrun.com
127.0.0.1 www.keyrun.com
127.0.0.1 banner.kiev.ua
127.0.0.1 kikclick.com #[Spamdexing]
127.0.0.1 adserve.kikizo.com
127.0.0.1 union.db.kingsoft.com #[PopupAds]
127.0.0.1 www.kiss-search.net
127.0.0.1 ebay.kisswin.com #[Adware.Kiswin]
127.0.0.1 kjsc.org #[Win32/Spy.Banker.ANV]
127.0.0.1 ads.kleinman.com #[Adcycle]
127.0.0.1 www.klikvipresources.com #[Spamdexing]
127.0.0.1 gfx.klipmart.com #[gfx.dvlabs.com]
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 ads.klixxx.com
127.0.0.1 www.km-nyc.com #[W32.Lecna.A]
127.0.0.1 click.kmindex.ru
127.0.0.1 counter.kmindex.ru
127.0.0.1 counting.kmindex.ru
127.0.0.1 www.kmindex.ru
127.0.0.1 www.knacads.com
127.0.0.1 xx.ko51.com #[Google.Warning]
127.0.0.1 images.kolmic.com
127.0.0.1 pics.kolmic.com #[Parking Service]
127.0.0.1 ads.komli.com
127.0.0.1 www.kompass-intl.com #[Win32/Adware.Toolbar.PowerSearch]
127.0.0.1 de.komtrack.com
127.0.0.1 koolbar.net #[Adware Bundler][ADW_KOOLBAR.A]
127.0.0.1 www.koolbar.net #[eTrust.AutoSearch]
127.0.0.1 sitestat.kpn-is.nl
127.0.0.1 kuaiso.com #[AdWare.Win32.Kuaiso.a]
127.0.0.1 toolsbar.kuaiso.com #[Adware.Kuaiso]
127.0.0.1 www.kuaiso.com
127.0.0.1 kustusch.com #[Javascript.Exploit]
127.0.0.1 www.kz163.net #[Win32/Virut]
# [L]
127.0.0.1 alwaysforfriend.land.ru #[Trojan-Downloader.Win32.Banload.bdp]
127.0.0.1 www.animacoes.land.ru #[Downloader.Swif.B]
127.0.0.1 landinghall.com #[Spamdexing]
127.0.0.1 www.latinbusca.com #[Adware-CommanderNET]
127.0.0.1 ads.lawnsite.com
127.0.0.1 layer-ads.de
127.0.0.1 www.layer-ads.de
127.0.0.1 banner.lbs.km.ru
127.0.0.1 iframe.leadacceptor.com
127.0.0.1 leakedcelebvideos.com #[Win32/TrojanDownloader.Agent.BCZ]
127.0.0.1 www.leakedcelebvideos.com
127.0.0.1 lem0n.info
127.0.0.1 pubs.lemonde.fr
127.0.0.1 www.leopardsearch.com
127.0.0.1 ads.letemps.ch
127.0.0.1 www.letusearch.com #[Google.Warning]
127.0.0.1 ts1.lexmark.com
127.0.0.1 leythosthestalker.com
127.0.0.1 www.leythosthestalker.com
127.0.0.1 adserver.libero.it
127.0.0.1 adv-banner.libero.it
127.0.0.1 phpads.lime.com
127.0.0.1 link.ru
127.0.0.1 link.link.ru
127.0.0.1 www.linkads.net #[IE-SpyAd]
127.0.0.1 ads.linki.nl
127.0.0.1 www.linkads.de
127.0.0.1 linkbuddies.com
127.0.0.1 banners.linkbuddies.com
127.0.0.1 www.linkbuddies.com
127.0.0.1 www.linkcounter.com
127.0.0.1 linksexchange.net
127.0.0.1 linkexchange.ru
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com
127.0.0.1 plus.link4link.com
127.0.0.1 www.links4trade.com
127.0.0.1 escati.linkopp.net
127.0.0.1 www.linkopp.net
127.0.0.1 click.linkstattrack.com #[SiteAdvisor.linkstattrack.com]
127.0.0.1 www.linkpal.biz #[Trojan.Win32.LowZones.dr]
127.0.0.1 linktarget.com
127.0.0.1 banner.linktech.cn
127.0.0.1 www.linkworth.com
127.0.0.1 ads.linuxjournal.com
127.0.0.1 www.ligue13.com #[Win32/Spy.Banker.BIG]
127.0.0.1 www.liveads.org
127.0.0.1 livecounter.net
127.0.0.1 www.livecounter.net
127.0.0.1 image.adv.livedoor.com
127.0.0.1 js.livehelper.com
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 ads.livescore.com
127.0.0.1 traffic.liveuniversenetwork.com
127.0.0.1 traffic.livevideo.com
127.0.0.1 broadent.vo.llnwd.net
127.0.0.1 lw.lnkworld.com
127.0.0.1 loadz.biz #[Javascript.Exploit]
127.0.0.1 omnituretrack.local.com
127.0.0.1 ads.locators.com
127.0.0.1 toolbar.locators.com #[AdWare.Win32.Locator.f]
127.0.0.1 www.lojastal.com.br #[Win32/Spy.Banker.ANV]
127.0.0.1 lol.to #[HTML/Exploit.Mht]
127.0.0.1 err.lolipop.jp
127.0.0.1 www.lookde5.com #[W32.Looked]
127.0.0.1 lookoutsoft.net #[SiteAdvisor.lookoutsoft.net]
127.0.0.1 screensavers.lookoutsoft.net
127.0.0.1 www.lookoutsoft.net #[AdWare.Win32.WinAD.b]
127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 lolteens.in #[Haxdoor.Exploit]
127.0.0.1 lottery-news.info #[HTML/TrojanDownloader.Agent.NAB]
127.0.0.1 hexusads.fluent.ltd.uk
127.0.0.1 www.luxemil.com #[Google.Warning]
127.0.0.1 ads-apsa.lvz-online.de
127.0.0.1 www.lynxtrack.com
127.0.0.1 counter.lyricsdownload.com
127.0.0.1 www.lyricspy.com #[PluginAccess]
127.0.0.1 666.lyzh.com #[Trojan-PSW.Win32.Lineage.aec][TSPY_LINEAGE.WK]
# [M]
127.0.0.1 m2k.ru
127.0.0.1 ad.m5prod.net
127.0.0.1 ad.m-adx.com
127.0.0.1 media.m-adx.com
127.0.0.1 www.macrcmedia.com #[Exploit.ANI]
127.0.0.1 www.macrcmedia.net
127.0.0.1 ads.madisonavenue.com
127.0.0.1 resource.madisonavenue.com
127.0.0.1 textads.madisonavenue.com
127.0.0.1 www.madrascements.com #[Win32/Spy.Banker.Big]
127.0.0.1 banner.magicboxcasino.com #[AdWare.Win32.Casino.w]
127.0.0.1 msn-sexoweb.mail15.com #[Win32/Spy.Banker.ANV]
127.0.0.1 humortadela.mail15.com #[Win32/Spy.Banker.ANV]
127.0.0.1 www.novogerador.mail15.com
127.0.0.1 www.uolcard.mail15.com #[Trojan-Spy.Win32.Banker.ark]
127.0.0.1 voegol.mail15.com #[Win32/Spy.Banker.ANV]
127.0.0.1 humortadela0.mail333.com #[Win32/Spy.Banker.AHY]
127.0.0.1 destino-gol.mail333.com #[Win32/Spy.Banker.BCK]
127.0.0.1 www.messengerbeta.mail333.com #[Win32/Spy.Banker.BCK]
127.0.0.1 mair.net #[Re
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Re,
Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
Refais un scan LopS&D.
Répondre à Angeldark
voila le rapport:
-----------------------------[ Lop S&D 2.0.2.b ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 01/01/2008 | 20:50:07,46 ] [ C156FA7ABCBB40A ]
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
C:\Documents and Settings\All Users\APPLIC~1\avg7
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\Apple
C:\Documents and Settings\All Users\APPLIC~1\CenerTCPMessenger
C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft
C:\Documents and Settings\joe\APPLIC~1\Microsoft
C:\Documents and Settings\joe\APPLIC~1\AVG7
C:\Documents and Settings\joe\APPLIC~1\teamspeak2
C:\Documents and Settings\joe\APPLIC~1\Apple Computer
C:\Documents and Settings\joe\APPLIC~1\BitTorrent
C:\Documents and Settings\joe\APPLIC~1\FrostWire
C:\Documents and Settings\joe\APPLIC~1\Media Player Classic
C:\Documents and Settings\joe\APPLIC~1\Mozilla
C:\Documents and Settings\joe\APPLIC~1\Participatory Culture Foundation
C:\Documents and Settings\joe\APPLIC~1\LimeWire
C:\Documents and Settings\joe\APPLIC~1\Newsbin
C:\Documents and Settings\joe\APPLIC~1\Ahead
C:\Documents and Settings\joe\APPLIC~1\Nero
C:\Documents and Settings\joe\APPLIC~1\Lavasoft
C:\Documents and Settings\joe\APPLIC~1\UnH Solutions
C:\Documents and Settings\joe\APPLIC~1\WinRAR
C:\Documents and Settings\joe\APPLIC~1\Avant Profiles
C:\Documents and Settings\joe\APPLIC~1\Macromedia
C:\Documents and Settings\joe\APPLIC~1\desktop.ini
C:\Documents and Settings\joe\APPLIC~1\Xentient
C:\Documents and Settings\joe\APPLIC~1\Styler
C:\Documents and Settings\joe\APPLIC~1\Identities
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\AVG7
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\NetworkService\APPLIC~1\AVG7
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[31/12/2007 23:00][--ah-----]C:\WINDOWS\tasks\A9C0666D91C01AFD.job
[01/01/2008 20:10][--ah-----]C:\WINDOWS\tasks\SA.DAT
[28/08/2004 14:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Ad-Aware
C:\Program Files\Adssite Games Collection
C:\Program Files\Alwil Software
C:\Program Files\AMD
C:\Program Files\Apple Software Update
C:\Program Files\AskSBar
C:\Program Files\AusLogics Disk Defrag
C:\Program Files\Avant Browser
C:\Program Files\BitComet
C:\Program Files\BitTorrent
C:\Program Files\Cener Development
C:\Program Files\Circle Developement
C:\Program Files\Compare It!
C:\Program Files\ComPlus Applications
C:\Program Files\Crux Calculator v5
C:\Program Files\Everest
C:\Program Files\Fichiers communs
C:\Program Files\Foreignword
C:\Program Files\FoxitReader
C:\Program Files\FrostWire
C:\Program Files\Grisoft
C:\Program Files\Hercules
C:\Program Files\IE Privacy Keeper
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Kaspersky Lab
C:\Program Files\K-Lite Codec Pack
C:\Program Files\LimeWire
C:\Program Files\Lop SD
C:\Program Files\Messenger Plus! Live
C:\Program Files\microsoft frontpage
C:\Program Files\movie maker
C:\Program Files\msn gaming zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\Nero
C:\Program Files\Nero Portable 8.1.1.0
C:\Program Files\netmeeting
C:\Program Files\NewsBin
C:\Program Files\Occtpt
C:\Program Files\Outlook Express
C:\Program Files\Paint.NET
C:\Program Files\Participatory Culture Foundation
C:\Program Files\PKR
C:\Program Files\Prophet Soft
C:\Program Files\QuickTime
C:\Program Files\SAGEM
C:\Program Files\Soft4Ever
C:\Program Files\Spybot
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Styler
C:\Program Files\Teamspeak2_RC2
C:\Program Files\Trend Micro
C:\Program Files\TweakRAM
C:\Program Files\UberIcon
C:\Program Files\Unlocker
C:\Program Files\Windows Live
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\windows nt
C:\Program Files\Windows Sidebar
C:\Program Files\WinRAR
C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\Apple
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System
----------------------[ Recherche avec S_Lop ]---------------------
C:\DOCUME~1\joe\LOCALS~1\Temp\bisB.exe
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\WINDOWS\Tasks\A9C0666D91C01AFD.job
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 20:51:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
--------------------[ Fin du rapport a 20:51:07,65 ]----------------------
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Re,
Relance Lop S&D
- Choisis cette fois ci l'Option 2 (Suppression)
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Répondre à Angeldark
voila:
-----------------------------[ Lop S&D 2.0.2.b ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 01/01/2008 | 21:58:20,54 ] [ C156FA7ABCBB40A ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\WINDOWS\Tasks\A9C0666D91C01AFD.job
Supprimé! - C:\DOCUME~1\joe\LOCALS~1\Temp\bisB.exe
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
C:\Documents and Settings\All Users\APPLIC~1\avg7
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\Apple
C:\Documents and Settings\All Users\APPLIC~1\CenerTCPMessenger
C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft
C:\Documents and Settings\joe\APPLIC~1\Microsoft
C:\Documents and Settings\joe\APPLIC~1\AVG7
C:\Documents and Settings\joe\APPLIC~1\teamspeak2
C:\Documents and Settings\joe\APPLIC~1\Apple Computer
C:\Documents and Settings\joe\APPLIC~1\BitTorrent
C:\Documents and Settings\joe\APPLIC~1\FrostWire
C:\Documents and Settings\joe\APPLIC~1\Media Player Classic
C:\Documents and Settings\joe\APPLIC~1\Mozilla
C:\Documents and Settings\joe\APPLIC~1\Participatory Culture Foundation
C:\Documents and Settings\joe\APPLIC~1\LimeWire
C:\Documents and Settings\joe\APPLIC~1\Newsbin
C:\Documents and Settings\joe\APPLIC~1\Ahead
C:\Documents and Settings\joe\APPLIC~1\Nero
C:\Documents and Settings\joe\APPLIC~1\Lavasoft
C:\Documents and Settings\joe\APPLIC~1\UnH Solutions
C:\Documents and Settings\joe\APPLIC~1\WinRAR
C:\Documents and Settings\joe\APPLIC~1\Avant Profiles
C:\Documents and Settings\joe\APPLIC~1\Macromedia
C:\Documents and Settings\joe\APPLIC~1\desktop.ini
C:\Documents and Settings\joe\APPLIC~1\Xentient
C:\Documents and Settings\joe\APPLIC~1\Styler
C:\Documents and Settings\joe\APPLIC~1\Identities
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\AVG7
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\NetworkService\APPLIC~1\AVG7
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[01/01/2008 20:10][--ah-----]C:\WINDOWS\tasks\SA.DAT
[28/08/2004 14:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Ad-Aware
C:\Program Files\Adssite Games Collection
C:\Program Files\Alwil Software
C:\Program Files\AMD
C:\Program Files\Apple Software Update
C:\Program Files\AskSBar
C:\Program Files\AusLogics Disk Defrag
C:\Program Files\Avant Browser
C:\Program Files\BitComet
C:\Program Files\BitTorrent
C:\Program Files\Cener Development
C:\Program Files\Circle Developement
C:\Program Files\Compare It!
C:\Program Files\ComPlus Applications
C:\Program Files\Crux Calculator v5
C:\Program Files\Everest
C:\Program Files\Fichiers communs
C:\Program Files\Foreignword
C:\Program Files\FoxitReader
C:\Program Files\FrostWire
C:\Program Files\Grisoft
C:\Program Files\Hercules
C:\Program Files\IE Privacy Keeper
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Kaspersky Lab
C:\Program Files\K-Lite Codec Pack
C:\Program Files\LimeWire
C:\Program Files\Lop SD
C:\Program Files\Messenger Plus! Live
C:\Program Files\microsoft frontpage
C:\Program Files\movie maker
C:\Program Files\msn gaming zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\Nero
C:\Program Files\Nero Portable 8.1.1.0
C:\Program Files\netmeeting
C:\Program Files\NewsBin
C:\Program Files\Occtpt
C:\Program Files\Outlook Express
C:\Program Files\Paint.NET
C:\Program Files\Participatory Culture Foundation
C:\Program Files\PKR
C:\Program Files\Prophet Soft
C:\Program Files\QuickTime
C:\Program Files\SAGEM
C:\Program Files\Soft4Ever
C:\Program Files\Spybot
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Styler
C:\Program Files\Teamspeak2_RC2
C:\Program Files\Trend Micro
C:\Program Files\TweakRAM
C:\Program Files\UberIcon
C:\Program Files\Unlocker
C:\Program Files\Windows Live
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\windows nt
C:\Program Files\Windows Sidebar
C:\Program Files\WinRAR
C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\Apple
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System
----------------------[ Recherche avec S_Lop ]---------------------
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 21:59:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
--------------------[ Fin du rapport a 21:59:25,79 ]----------------------
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Reposte un rapport Hijackthis 
Répondre à Angeldark
voila:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:31, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [burn long] C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 7774 bytes
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Désinstalle AskSBar puis reposte un rapport Hijackthis.
Répondre à Angeldark
voila:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:59, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 7548 bytes
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Re,
Dézippe l'archive suivant :
http://cjoint.com/?bbwSvBOkd4
Lance kill.cmd puis poste le rapport.
Répondre à Angeldark
voila:
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Erreur de Suppression !
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Reposte un rapport Hijackthis.
Répondre à Angeldark
voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:57, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 7441 bytes
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Re,
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne l'emplacement dans le cadre ci-dessous :
C:\WINDOWS\system32\cmcfg3.dll |
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Répondre à Angeldark
LoadLibrary failed for C:\WINDOWS\system32\cmcfg3.dll
C:\WINDOWS\system32\cmcfg3.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cmcfg3.dll scheduled to be moved on reboot.
Created on 01/01/2008 23:21:57
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Reposte un rapport Hijackthis.
Coriace comme fichier.
Répondre à Angeldark
Le trojan n'est toujours pas supprimé.
voila le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:56, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 7187 bytes
Message édité par joe-77 le 02-01-2008 à 14:59:47
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Re,
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
voila:
ComboFix 08-01-02.1 - joe 2008-01-02 17:05:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1223 [GMT 1:00]
Running from: C:\Documents and Settings\joe\Bureau\outils virus\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsl3D.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 15:30 . 2008-01-02 15:30 <REP> d-------- C:\Program Files\Echovoice
2008-01-02 15:26 . 2008-01-02 15:26 <REP> d-------- C:\Program Files\MSBuild
2008-01-02 15:22 . 2008-01-02 15:22 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Reference Assemblies
2008-01-02 15:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-02 15:20 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-01 23:39 . 2008-01-01 23:41 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-01 20:16 . 2008-01-01 21:59 <REP> d-------- C:\Program Files\Lop SD
2007-12-31 19:45 . 2007-12-31 19:45 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 19:33 . 2007-12-30 19:33 <REP> d-------- C:\Program Files\Crux Calculator v5
2007-12-30 19:07 . 2007-12-30 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-29 23:59 . 2007-12-30 00:09 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 23:59 . 2007-12-30 00:09 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 23:57 . 2007-12-29 23:57 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 17:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 17:08 2,327,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 23:57 . 2008-01-02 17:07 36,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 23:57 . 2008-01-02 17:08 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 23:57 . 2008-01-02 17:07 4,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 23:48 . 2007-12-29 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-29 22:18 . 2007-12-29 22:18 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-12-29 21:35 . 2008-01-01 23:46 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-29 21:35 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-29 21:30 . 2007-12-29 21:30 <REP> d-------- C:\NVIDIA
2007-12-29 19:50 . 2007-12-29 19:50 109 --a------ C:\WINDOWS\wininit.ini
2007-12-29 19:11 . 2007-12-30 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:51 . 2007-12-29 18:51 24,973,198 --------- C:\AVG7QT.DAT
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 22:22 <REP> d-------- C:\Documents and Settings\joe\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Circle Developement
2007-12-28 23:55 . 2007-12-28 23:55 <REP> d-------- C:\Documents and Settings\joe\Application Data\teamspeak2
2007-12-28 23:54 . 2007-12-28 23:55 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-28 23:54 . 2007-12-28 23:54 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-28 23:20 . 2007-12-28 23:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-28 22:49 . 2007-12-28 22:49 146 --a------ C:\WINDOWS\system32\del32.bat
2007-12-26 17:59 . 19,456 C:\WINDOWS\system32\drivers\jrrgpkti.dat
2007-12-26 17:57 . 2004-08-28 14:00 84,992 --a------ C:\WINDOWS\system32\cmcfg3.dll
2007-12-26 17:56 . 2007-12-26 17:56 <REP> d-------- C:\Program Files\Adssite Games Collection
2007-12-26 17:56 . 2007-12-26 17:56 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iTunes
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iPod
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\joe\Application Data\Apple Computer
2007-12-20 21:41 . 2007-12-29 04:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 21:41 . 2007-12-20 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\QuickTime
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 20:10 . 2007-12-17 20:10 209 --a------ C:\xmlin.ini
2007-12-16 22:13 . 2007-12-16 22:13 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-16 22:10 . 2007-12-18 19:28 <REP> d-------- C:\Program Files\BitComet
2007-12-16 21:47 . 2007-12-16 21:47 <REP> d-------- C:\Program Files\BitTorrent
2007-12-16 21:47 . 2007-12-16 21:49 <REP> d-------- C:\Documents and Settings\joe\Application Data\BitTorrent
2007-12-16 21:32 . 2007-12-16 21:32 <REP> d-------- C:\Program Files\Foreignword
2007-12-16 21:32 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-16 20:59 . 2007-12-16 20:59 268 --ah----- C:\sqmdata00.sqm
2007-12-16 20:59 . 2007-12-16 20:59 244 --ah----- C:\sqmnoopt00.sqm
2007-12-13 19:08 . 2007-12-23 13:44 <REP> d-------- C:\Program Files\PKR
2007-12-11 22:27 . 2007-12-11 22:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Media Player Classic
2007-12-11 22:26 . 2007-12-11 22:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-11 21:24 . 2007-12-11 21:24 <REP> d-------- C:\Poker
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Program Files\Participatory Culture Foundation
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Participatory Culture Foundation
2007-12-11 20:01 . 2007-12-28 22:54 <REP> d-------- C:\Downloads
2007-12-11 18:40 . 2008-01-02 17:02 <REP> d-------- C:\Documents and Settings\joe\Shared
2007-12-11 18:39 . 2007-12-13 19:11 <REP> d-------- C:\Documents and Settings\joe\Application Data\FrostWire
2007-12-11 18:38 . 2007-12-11 18:39 <REP> d-------- C:\Program Files\FrostWire
2007-12-11 18:22 . 2007-12-11 18:22 <REP> d-------- C:\Program Files\NewsBin
2007-12-11 18:22 . 2007-12-11 18:28 <REP> d-------- C:\Documents and Settings\joe\Application Data\Newsbin
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-09 21:49 . 2007-12-09 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-09 21:49 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-12-09 21:49 . 2004-10-08 12:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2007-12-09 21:49 . 2004-10-08 13:00 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-12-09 21:49 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-09 21:49 . 2004-10-08 12:56 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-12-09 21:49 . 2004-10-08 12:55 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-12-09 21:49 . 2004-10-08 12:52 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-12-09 21:49 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-12-09 21:49 . 2004-10-08 12:57 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-12-09 21:49 . 2004-10-08 11:52 6,812 --a------ C:\WINDOWS\system32\lvcoinst.ini
2007-12-09 21:49 . 2007-12-09 21:49 252 --a------ C:\WINDOWS\_delis32.ini
2007-12-09 21:26 . 2007-12-09 21:26 <REP> d-------- C:\Documents and Settings\joe\Application Data\Ahead
2007-12-04 21:46 . 2007-12-04 21:46 69 --a------ C:\WINDOWS\ggfirst.ini
2007-12-04 21:39 . 2007-12-11 17:29 373,760 --a------ C:\WINDOWS\system32\Msn Attack 2007.exe
2007-12-04 21:12 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-04 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-12-04 21:12 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-12-02 20:19 . 2007-12-24 23:23 <REP> d-------- C:\Program Files\Nero Portable 8.1.1.0
2007-12-02 20:18 . 2007-12-02 20:18 <REP> d-------- C:\Documents and Settings\joe\Application Data\Nero
2007-12-02 20:15 . 2007-12-02 20:15 <REP> d-------- C:\Program Files\Alwil Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 18:12 --------- d-----w C:\Program Files\Spybot
2007-12-29 18:03 --------- d-----w C:\Program Files\Ad-Aware
2007-12-29 14:51 --------- d-----w C:\Program Files\Windows Live
2007-12-29 14:51 --------- d-----w C:\Program Files\MSN Messenger
2007-12-16 20:05 --------- d-----w C:\Program Files\Avant Browser
2007-12-11 17:38 --------- d-----w C:\Program Files\LimeWire
2007-12-11 17:35 --------- d-----w C:\Documents and Settings\joe\Application Data\LimeWire
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-01 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\CenerTCPMessenger
2007-11-30 23:58 --------- d-----w C:\Program Files\Java
2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-30 23:38 --------- d-----w C:\Documents and Settings\joe\Application Data\Lavasoft
2007-11-30 23:36 --------- d-----w C:\Program Files\Prophet Soft
2007-11-30 23:32 --------- d-----w C:\Documents and Settings\joe\Application Data\UnH Solutions
2007-11-30 23:10 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-11-30 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 22:53 --------- d-----w C:\Program Files\Hercules
2007-11-30 22:32 --------- d-----w C:\Documents and Settings\joe\Application Data\Avant Profiles
2007-11-30 22:01 --------- d-----w C:\Program Files\AMD
2007-11-30 21:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-30 21:50 --------- d-----w C:\Program Files\SAGEM
2007-11-30 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-30 21:07 --------- d-----w C:\Program Files\Styler
2007-11-30 21:07 --------- d-----w C:\Documents and Settings\joe\Application Data\Xentient
2007-11-30 21:07 --------- d-----w C:\Documents and Settings\joe\Application Data\Styler
2007-11-30 21:06 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-30 21:04 --------- d-----w C:\Program Files\Cener Development
2007-11-30 20:47 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-30 20:47 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-30 20:42 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-30 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-30 20:41 77,184 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
2007-11-30 20:41 45,824 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
2007-11-30 20:41 --------- d-----w C:\Program Files\Nero
2007-11-30 20:41 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-30 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-30 20:41 --------- d-----r C:\Program Files\Windows Sidebar
2007-11-30 20:40 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-30 20:31 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-30 20:29 --------- d-----w C:\Program Files\Windows Media Connect 2
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB2C9408-C7D6-42A2-8851-4D05FDC73CEB}]
2004-08-28 14:00 84992 --a------ C:\WINDOWS\system32\cmcfg3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="i:\program files\steam\steam.exe" [2007-12-30 20:58 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 1216512 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 22:52 53248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
"nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burn long]
C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Data Bib.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-28 14:00 25088 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 11:52 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
2006-05-03 11:48 307200 --a------ C:\Program Files\styler\Styler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
C:\WINDOWS\system32\transbar.exe /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
2002-08-14 17:26 819200 --a------ C:\Program Files\Foreignword\Xanadu\Xanadu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"burn long"=C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
R0 kaftunru;kaftunru;C:\WINDOWS\system32\drivers\jrrgpkti.dat []
R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-11-30 21:41]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279e7e7c-9f85-11dc-8a91-806d6172696f}]
\Shell\AutoRun\command - E:\ASUSACPI.exe
*Newly Created Service* - SENS
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 17:09:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\UberIcon\UberIcon.dll
-> C:\Windows\System32\VttHooks.dll
.
Completion time: 2008-01-02 17:11:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-02 16:10:59
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
je sens bien que ta besoin d'un autre rapport hijackthis donc le voila:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 7081 bytes
Message édité par joe-77 le 02-01-2008 à 17:23:20
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
voila le rapport Combofix:
ComboFix 08-01-02.1 - joe 2008-01-02 18:35:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1270 [GMT 1:00]
Running from: C:\Documents and Settings\joe\Bureau\outils virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\joe\Bureau\outils virus\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\cmcfg3.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cmcfg3.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 17:32 . 2008-01-02 17:36 <REP> d-------- C:\Program Files\LcdStudio
2008-01-02 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 15:30 . 2008-01-02 15:30 <REP> d-------- C:\Program Files\Echovoice
2008-01-02 15:26 . 2008-01-02 15:26 <REP> d-------- C:\Program Files\MSBuild
2008-01-02 15:22 . 2008-01-02 15:22 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Reference Assemblies
2008-01-02 15:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-02 15:20 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-01 23:39 . 2008-01-01 23:41 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-01 20:16 . 2008-01-01 21:59 <REP> d-------- C:\Program Files\Lop SD
2007-12-31 19:45 . 2007-12-31 19:45 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 19:33 . 2007-12-30 19:33 <REP> d-------- C:\Program Files\Crux Calculator v5
2007-12-30 19:07 . 2007-12-30 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-29 23:59 . 2007-12-30 00:09 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 23:59 . 2007-12-30 00:09 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 23:57 . 2007-12-29 23:57 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 18:38 2,490,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 23:57 . 2008-01-02 18:37 38,588 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 23:57 . 2008-01-02 18:38 26,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 23:57 . 2008-01-02 18:37 4,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 23:48 . 2007-12-29 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-29 22:18 . 2007-12-29 22:18 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-12-29 21:35 . 2008-01-01 23:46 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-29 21:35 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-29 21:30 . 2007-12-29 21:30 <REP> d-------- C:\NVIDIA
2007-12-29 19:50 . 2007-12-29 19:50 109 --a------ C:\WINDOWS\wininit.ini
2007-12-29 19:11 . 2007-12-30 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:51 . 2007-12-29 18:51 24,973,198 --------- C:\AVG7QT.DAT
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 22:22 <REP> d-------- C:\Documents and Settings\joe\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Circle Developement
2007-12-28 23:55 . 2007-12-28 23:55 <REP> d-------- C:\Documents and Settings\joe\Application Data\teamspeak2
2007-12-28 23:54 . 2007-12-28 23:55 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-28 23:54 . 2007-12-28 23:54 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-28 23:20 . 2007-12-28 23:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-28 22:49 . 2007-12-28 22:49 146 --a------ C:\WINDOWS\system32\del32.bat
2007-12-26 17:59 . 19,456 C:\WINDOWS\system32\drivers\jrrgpkti.dat
2007-12-26 17:57 . 2004-08-28 14:00 84,992 --a------ C:\WINDOWS\system32\cmcfg3.dll
2007-12-26 17:56 . 2007-12-26 17:56 <REP> d-------- C:\Program Files\Adssite Games Collection
2007-12-26 17:56 . 2007-12-26 17:56 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iTunes
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iPod
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\joe\Application Data\Apple Computer
2007-12-20 21:41 . 2007-12-29 04:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 21:41 . 2007-12-20 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\QuickTime
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 20:10 . 2007-12-17 20:10 209 --a------ C:\xmlin.ini
2007-12-16 22:13 . 2007-12-16 22:13 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-16 22:10 . 2007-12-18 19:28 <REP> d-------- C:\Program Files\BitComet
2007-12-16 21:47 . 2007-12-16 21:47 <REP> d-------- C:\Program Files\BitTorrent
2007-12-16 21:47 . 2007-12-16 21:49 <REP> d-------- C:\Documents and Settings\joe\Application Data\BitTorrent
2007-12-16 21:32 . 2007-12-16 21:32 <REP> d-------- C:\Program Files\Foreignword
2007-12-16 21:32 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-16 20:59 . 2007-12-16 20:59 268 --ah----- C:\sqmdata00.sqm
2007-12-16 20:59 . 2007-12-16 20:59 244 --ah----- C:\sqmnoopt00.sqm
2007-12-13 19:08 . 2007-12-23 13:44 <REP> d-------- C:\Program Files\PKR
2007-12-11 22:27 . 2007-12-11 22:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Media Player Classic
2007-12-11 22:26 . 2007-12-11 22:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-11 21:24 . 2007-12-11 21:24 <REP> d-------- C:\Poker
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Program Files\Participatory Culture Foundation
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Participatory Culture Foundation
2007-12-11 20:01 . 2007-12-28 22:54 <REP> d-------- C:\Downloads
2007-12-11 18:40 . 2008-01-02 17:02 <REP> d-------- C:\Documents and Settings\joe\Shared
2007-12-11 18:39 . 2007-12-13 19:11 <REP> d-------- C:\Documents and Settings\joe\Application Data\FrostWire
2007-12-11 18:38 . 2007-12-11 18:39 <REP> d-------- C:\Program Files\FrostWire
2007-12-11 18:22 . 2007-12-11 18:22 <REP> d-------- C:\Program Files\NewsBin
2007-12-11 18:22 . 2007-12-11 18:28 <REP> d-------- C:\Documents and Settings\joe\Application Data\Newsbin
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-09 21:49 . 2007-12-09 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-09 21:49 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-12-09 21:49 . 2004-10-08 12:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2007-12-09 21:49 . 2004-10-08 13:00 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-12-09 21:49 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-09 21:49 . 2004-10-08 12:56 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-12-09 21:49 . 2004-10-08 12:55 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-12-09 21:49 . 2004-10-08 12:52 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-12-09 21:49 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-12-09 21:49 . 2004-10-08 12:57 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-12-09 21:49 . 2004-10-08 11:52 6,812 --a------ C:\WINDOWS\system32\lvcoinst.ini
2007-12-09 21:49 . 2007-12-09 21:49 252 --a------ C:\WINDOWS\_delis32.ini
2007-12-09 21:26 . 2007-12-09 21:26 <REP> d-------- C:\Documents and Settings\joe\Application Data\Ahead
2007-12-04 21:46 . 2007-12-04 21:46 69 --a------ C:\WINDOWS\ggfirst.ini
2007-12-04 21:39 . 2007-12-11 17:29 373,760 --a------ C:\WINDOWS\system32\Msn Attack 2007.exe
2007-12-04 21:12 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-04 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-12-04 21:12 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-12-02 20:19 . 2007-12-24 23:23 <REP> d-------- C:\Program Files\Nero Portable 8.1.1.0
2007-12-02 20:18 . 2007-12-02 20:18 <REP> d-------- C:\Documents and Settings\joe\Application Data\Nero
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 18:12 --------- d-----w C:\Program Files\Spybot
2007-12-29 18:03 --------- d-----w C:\Program Files\Ad-Aware
2007-12-29 14:51 --------- d-----w C:\Program Files\Windows Live
2007-12-29 14:51 --------- d-----w C:\Program Files\MSN Messenger
2007-12-16 20:05 --------- d-----w C:\Program Files\Avant Browser
2007-12-11 17:38 --------- d-----w C:\Program Files\LimeWire
2007-12-11 17:35 --------- d-----w C:\Documents and Settings\joe\Application Data\LimeWire
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-02_17.10.33.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 17:06:47 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a5b56f4c7a2a5f16f5a9fbb2179f3d3c\ComSvcConfig.ni.exe
+ 2008-01-02 17:06:49 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\19c63aca789291b780e26aed783defac\Microsoft.Transactions.Bridge.ni.dll
+ 2008-01-02 17:06:50 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\422912646394eb73d7b4d2a731dadf53\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-01-02 17:07:23 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a17aeb679d15d0e1c488a13f6e8bd8a8\PresentationBuildTasks.ni.dll
+ 2008-01-02 17:06:51 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\92a5e70978574364c83d1ef6e0a1923b\ServiceModelReg.ni.exe
+ 2008-01-02 17:06:51 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\82d28c1c7fb7ac615cffec84a8d5fd26\SMDiagnostics.ni.dll
+ 2008-01-02 17:06:52 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\0c3c39e29e410f9bf5dc8438d158bdf1\SMSvcHost.ni.exe
+ 2008-01-02 17:07:27 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\912475636fa22b7244eb929e249ca694\sysglobl.ni.dll
+ 2008-01-02 17:06:16 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5c0a1be893eae7a8d517a7f76737fb7f\System.IdentityModel.Selectors.ni.dll
+ 2008-01-02 17:06:15 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\62acbb854a56e1211702aa1628560e2a\System.IdentityModel.ni.dll
+ 2008-01-02 17:06:17 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\2adc2ea418b06f4c74c67633f1593cb5\System.IO.Log.ni.dll
+ 2008-01-02 17:06:20 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b4565792948b8651d432aec5a1208f14\System.Runtime.Serialization.ni.dll
+ 2008-01-02 17:06:46 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b67d6aa655134e9dca4566650641ad92\System.ServiceModel.ni.dll
+ 2008-01-02 17:07:26 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\60703045570818429e9a76215958e06c\System.Speech.ni.dll
+ 2008-01-02 17:07:28 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\44d8b6fe933dbb1523b0bdd6a78aae40\UIAutomationClient.ni.dll
+ 2008-01-02 17:07:29 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41b141af40a582666de2bba411d69f08\UIAutomationClientsideProviders.ni.dll
+ 2008-01-02 17:07:32 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\20a7fd28518ebf02a2ff34ffd5262922\WindowsFormsIntegration.ni.dll
+ 2008-01-02 17:06:53 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\d11bc589ce335a1886b6e2c84a096856\WsatConfig.ni.exe
- 2008-01-02 14:26:35 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-02 16:12:48 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-02 14:26:35 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-02 16:12:48 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-02 14:26:35 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-02 16:12:48 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-02 14:26:35 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-02 16:12:48 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB2C9408-C7D6-42A2-8851-4D05FDC73CEB}]
2004-08-28 14:00 84992 --a------ C:\WINDOWS\system32\cmcfg3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="i:\program files\steam\steam.exe" [2007-12-30 20:58 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 1216512 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 22:52 53248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
"nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burn long]
C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Data Bib.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-28 14:00 25088 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 11:52 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
2006-05-03 11:48 307200 --a------ C:\Program Files\styler\Styler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
C:\WINDOWS\system32\transbar.exe /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
2002-08-14 17:26 819200 --a------ C:\Program Files\Foreignword\Xanadu\Xanadu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"burn long"=C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
R0 kaftunru;kaftunru;C:\WINDOWS\system32\drivers\jrrgpkti.dat []
R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-11 23:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-11 23:31]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-11-30 21:41]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 15:46]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-11 23:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-11 23:31]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279e7e7c-9f85-11dc-8a91-806d6172696f}]
\Shell\AutoRun\command - E:\ASUSACPI.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 18:38:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\UberIcon\UberIcon.dll
-> C:\Windows\System32\VttHooks.dll
.
Completion time: 2008-01-02 18:40:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-02 17:40:41
ComboFix2.txt 2008-01-02 16:11:09
Et voila le rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 6957 bytes
Message édité par joe-77 le 02-01-2008 à 18:48:24
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
Recommence avec ce script :
Driver::
|
Répondre à Angeldark
ComboFix 08-01-02.1 - joe 2008-01-02 20:50:33.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1205 [GMT 1:00]
Running from: C:\Documents and Settings\joe\Bureau\outils virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\joe\Bureau\outils virus\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\drivers\jrrgpkti.dat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\jrrgpkti.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_KAFTUNRU
-------\kaftunru
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 17:32 . 2008-01-02 17:36 <REP> d-------- C:\Program Files\LcdStudio
2008-01-02 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 15:30 . 2008-01-02 15:30 <REP> d-------- C:\Program Files\Echovoice
2008-01-02 15:26 . 2008-01-02 15:26 <REP> d-------- C:\Program Files\MSBuild
2008-01-02 15:22 . 2008-01-02 15:22 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Reference Assemblies
2008-01-02 15:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-02 15:20 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-01 23:39 . 2008-01-01 23:41 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-01 20:16 . 2008-01-01 21:59 <REP> d-------- C:\Program Files\Lop SD
2007-12-31 19:45 . 2007-12-31 19:45 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 19:33 . 2007-12-30 19:33 <REP> d-------- C:\Program Files\Crux Calculator v5
2007-12-30 19:07 . 2007-12-30 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-29 23:59 . 2007-12-30 00:09 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 23:59 . 2007-12-30 00:09 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 23:57 . 2007-12-29 23:57 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 20:53 2,596,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 23:57 . 2008-01-02 20:52 40,004 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 23:57 . 2008-01-02 20:54 30,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 23:57 . 2008-01-02 20:52 4,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 23:48 . 2007-12-29 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-29 22:18 . 2007-12-29 22:18 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-12-29 21:35 . 2008-01-01 23:46 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-29 21:35 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-29 21:30 . 2007-12-29 21:30 <REP> d-------- C:\NVIDIA
2007-12-29 19:50 . 2007-12-29 19:50 109 --a------ C:\WINDOWS\wininit.ini
2007-12-29 19:11 . 2007-12-30 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:51 . 2007-12-29 18:51 24,973,198 --------- C:\AVG7QT.DAT
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 22:22 <REP> d-------- C:\Documents and Settings\joe\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Circle Developement
2007-12-28 23:55 . 2007-12-28 23:55 <REP> d-------- C:\Documents and Settings\joe\Application Data\teamspeak2
2007-12-28 23:54 . 2007-12-28 23:55 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-28 23:54 . 2007-12-28 23:54 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-28 23:20 . 2007-12-28 23:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-28 22:49 . 2007-12-28 22:49 146 --a------ C:\WINDOWS\system32\del32.bat
2007-12-26 17:57 . 2004-08-28 14:00 84,992 --a------ C:\WINDOWS\system32\cmcfg3.dll
2007-12-26 17:56 . 2007-12-26 17:56 <REP> d-------- C:\Program Files\Adssite Games Collection
2007-12-26 17:56 . 2007-12-26 17:56 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iTunes
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iPod
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\joe\Application Data\Apple Computer
2007-12-20 21:41 . 2007-12-29 04:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 21:41 . 2007-12-20 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\QuickTime
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 20:10 . 2007-12-17 20:10 209 --a------ C:\xmlin.ini
2007-12-16 22:13 . 2007-12-16 22:13 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-16 22:10 . 2007-12-18 19:28 <REP> d-------- C:\Program Files\BitComet
2007-12-16 21:47 . 2007-12-16 21:47 <REP> d-------- C:\Program Files\BitTorrent
2007-12-16 21:47 . 2007-12-16 21:49 <REP> d-------- C:\Documents and Settings\joe\Application Data\BitTorrent
2007-12-16 21:32 . 2007-12-16 21:32 <REP> d-------- C:\Program Files\Foreignword
2007-12-16 21:32 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-16 20:59 . 2007-12-16 20:59 268 --ah----- C:\sqmdata00.sqm
2007-12-16 20:59 . 2007-12-16 20:59 244 --ah----- C:\sqmnoopt00.sqm
2007-12-13 19:08 . 2007-12-23 13:44 <REP> d-------- C:\Program Files\PKR
2007-12-11 22:27 . 2007-12-11 22:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Media Player Classic
2007-12-11 22:26 . 2007-12-11 22:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-11 21:24 . 2007-12-11 21:24 <REP> d-------- C:\Poker
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Program Files\Participatory Culture Foundation
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Participatory Culture Foundation
2007-12-11 20:01 . 2007-12-28 22:54 <REP> d-------- C:\Downloads
2007-12-11 18:40 . 2008-01-02 17:02 <REP> d-------- C:\Documents and Settings\joe\Shared
2007-12-11 18:39 . 2007-12-13 19:11 <REP> d-------- C:\Documents and Settings\joe\Application Data\FrostWire
2007-12-11 18:38 . 2007-12-11 18:39 <REP> d-------- C:\Program Files\FrostWire
2007-12-11 18:22 . 2007-12-11 18:22 <REP> d-------- C:\Program Files\NewsBin
2007-12-11 18:22 . 2007-12-11 18:28 <REP> d-------- C:\Documents and Settings\joe\Application Data\Newsbin
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-09 21:49 . 2007-12-09 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-09 21:49 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-12-09 21:49 . 2004-10-08 12:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2007-12-09 21:49 . 2004-10-08 13:00 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-12-09 21:49 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-09 21:49 . 2004-10-08 12:56 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-12-09 21:49 . 2004-10-08 12:55 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-12-09 21:49 . 2004-10-08 12:52 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-12-09 21:49 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-12-09 21:49 . 2004-10-08 12:57 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-12-09 21:49 . 2004-10-08 11:52 6,812 --a------ C:\WINDOWS\system32\lvcoinst.ini
2007-12-09 21:49 . 2007-12-09 21:49 252 --a------ C:\WINDOWS\_delis32.ini
2007-12-09 21:26 . 2007-12-09 21:26 <REP> d-------- C:\Documents and Settings\joe\Application Data\Ahead
2007-12-04 21:46 . 2007-12-04 21:46 69 --a------ C:\WINDOWS\ggfirst.ini
2007-12-04 21:39 . 2007-12-11 17:29 373,760 --a------ C:\WINDOWS\system32\Msn Attack 2007.exe
2007-12-04 21:12 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-04 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-12-04 21:12 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-12-02 20:19 . 2007-12-24 23:23 <REP> d-------- C:\Program Files\Nero Portable 8.1.1.0
2007-12-02 20:18 . 2007-12-02 20:18 <REP> d-------- C:\Documents and Settings\joe\Application Data\Nero
2007-12-02 20:15 . 2007-12-02 20:15 <REP> d-------- C:\Program Files\Alwil Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 18:12 --------- d-----w C:\Program Files\Spybot
2007-12-29 18:03 --------- d-----w C:\Program Files\Ad-Aware
2007-12-29 14:51 --------- d-----w C:\Program Files\Windows Live
2007-12-29 14:51 --------- d-----w C:\Program Files\MSN Messenger
2007-12-16 20:05 --------- d-----w C:\Program Files\Avant Browser
2007-12-11 17:38 --------- d-----w C:\Program Files\LimeWire
2007-12-11 17:35 --------- d-----w C:\Documents and Settings\joe\Application Data\LimeWire
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-02_17.10.33.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 17:06:47 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a5b56f4c7a2a5f16f5a9fbb2179f3d3c\ComSvcConfig.ni.exe
+ 2008-01-02 17:06:49 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\19c63aca789291b780e26aed783defac\Microsoft.Transactions.Bridge.ni.dll
+ 2008-01-02 17:06:50 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\422912646394eb73d7b4d2a731dadf53\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-01-02 17:07:23 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a17aeb679d15d0e1c488a13f6e8bd8a8\PresentationBuildTasks.ni.dll
+ 2008-01-02 17:06:51 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\92a5e70978574364c83d1ef6e0a1923b\ServiceModelReg.ni.exe
+ 2008-01-02 17:06:51 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\82d28c1c7fb7ac615cffec84a8d5fd26\SMDiagnostics.ni.dll
+ 2008-01-02 17:06:52 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\0c3c39e29e410f9bf5dc8438d158bdf1\SMSvcHost.ni.exe
+ 2008-01-02 17:07:27 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\912475636fa22b7244eb929e249ca694\sysglobl.ni.dll
+ 2008-01-02 17:06:16 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5c0a1be893eae7a8d517a7f76737fb7f\System.IdentityModel.Selectors.ni.dll
+ 2008-01-02 17:06:15 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\62acbb854a56e1211702aa1628560e2a\System.IdentityModel.ni.dll
+ 2008-01-02 17:06:17 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\2adc2ea418b06f4c74c67633f1593cb5\System.IO.Log.ni.dll
+ 2008-01-02 17:06:20 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b4565792948b8651d432aec5a1208f14\System.Runtime.Serialization.ni.dll
+ 2008-01-02 17:06:46 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b67d6aa655134e9dca4566650641ad92\System.ServiceModel.ni.dll
+ 2008-01-02 17:07:26 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\60703045570818429e9a76215958e06c\System.Speech.ni.dll
+ 2008-01-02 17:07:28 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\44d8b6fe933dbb1523b0bdd6a78aae40\UIAutomationClient.ni.dll
+ 2008-01-02 17:07:29 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41b141af40a582666de2bba411d69f08\UIAutomationClientsideProviders.ni.dll
+ 2008-01-02 17:07:32 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\20a7fd28518ebf02a2ff34ffd5262922\WindowsFormsIntegration.ni.dll
+ 2008-01-02 17:06:53 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\d11bc589ce335a1886b6e2c84a096856\WsatConfig.ni.exe
- 2008-01-02 14:26:35 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-02 16:12:48 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-02 14:26:35 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-02 16:12:48 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-02 14:26:35 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-02 16:12:48 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-02 14:26:35 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-02 16:12:48 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="i:\program files\steam\steam.exe" [2007-12-30 20:58 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 1216512 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 22:52 53248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
"nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burn long]
C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Data Bib.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-28 14:00 25088 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 11:52 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
2006-05-03 11:48 307200 --a------ C:\Program Files\styler\Styler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
C:\WINDOWS\system32\transbar.exe /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
2002-08-14 17:26 819200 --a------ C:\Program Files\Foreignword\Xanadu\Xanadu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"burn long"=C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-11 23:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-11 23:31]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-11-30 21:41]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 15:46]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-11 23:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-11 23:31]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279e7e7c-9f85-11dc-8a91-806d6172696f}]
\Shell\AutoRun\command - E:\ASUSACPI.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 20:54:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\UberIcon\UberIcon.dll
-> C:\Windows\System32\VttHooks.dll
.
Completion time: 2008-01-02 20:55:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-02 19:55:40
ComboFix2.txt 2008-01-02 17:40:45
ComboFix3.txt 2008-01-02 16:11:09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\verclsid.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 6896 bytes
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
C'est mieux ?
Répondre à Angeldark
voila jai pu le supprimer il était plus protégé !!!
Merci frenchement de t'ètre investi autant pour moi ses vrément cool !!
Un grand merci a toi !!!!!!!!!!!
_7600 GT 256 mo DDR AGP 8x
_1792 Go kingston _maxtor 120 GO_
Répondre à joe-77
a l'aide moi aussi j'ai le meme probleme je reprendre tout comme la perssonne les etapes ci dessus ou pas
merci
Bonsoir marechsand ,
| Citation : a l'aide moi aussi j'ai le meme probleme je reprendre tout comme la perssonne les etapes ci dessus ou pas
|
Surtout pas ! ce genre de manip doit être suivie de près , tous les cas sont différents ...
Merci de créer ton propre sujet
PS : Angel , tu peux faire le ménage et virer mon post 
- Mode Sans Echec -
Répondre à Eric_71
Je laisse 
-----
Tu as des questions ?
Répondre à Angeldark
Il y a 1773 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
