[Virus] Pc qui rame et redémarage deféctueux
Joabois
Messages postés
54
Statut
Membre
-
Joabois Messages postés 54 Statut Membre -
Joabois Messages postés 54 Statut Membre -
Bonjour a vous tous je suis la car j'ai encore un probleme avec mon Pc je ne sais pas ce qu'il a il a démaré plusieur fois en mode 256 couleurs et il rame a mort j'ai fais un log hijackthis ça done :
Logfile of HijackThis v1.99.1
Scan saved at 20:55:59, on 12/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Pinnacle\Shared Files\remoterm.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ArcadeRockstar\arcaderockstar32.exe
D:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
D:\Program Files\Opera\Opera.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
D:\Documents and Settings\Seb\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoby.net/sb/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - D:\Program Files\iVideoCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {2FFF1318-714F-E7F8-3F28-F780A98D871D} - D:\DOCUME~1\CCILE~1\APPLIC~1\MEOWLO~1\send gpl.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A08AE47D-E5E4-B2E4-7C0C-AC44EAEE2555} - D:\DOCUME~1\Seb\APPLIC~1\MEOWLO~1\send gpl.exe (file missing)
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - D:\Program Files\iVideoCodec\iesplugin.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleRemote] D:\Program Files\Pinnacle\Shared Files\remoterm.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AliceSAV] D:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [IpWins] D:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [arcaderockstar] D:\Program Files\ArcadeRockstar\arcaderockstar32.exe
O4 - HKCU\..\Run: [dead byte] D:\DOCUME~1\Seb\APPLIC~1\MEETRE~1\bore move link.exe
O4 - HKCU\..\Run: [WOOKIT] D:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [InstantTray] D:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [Error Safe] "D:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - D:\WINDOWS\System32\vbsys2.dll (file missing)
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - D:\WINDOWS\System32\okkmtv.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:55:59, on 12/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Pinnacle\Shared Files\remoterm.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ArcadeRockstar\arcaderockstar32.exe
D:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
D:\Program Files\Opera\Opera.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
D:\Documents and Settings\Seb\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoby.net/sb/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - D:\Program Files\iVideoCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {2FFF1318-714F-E7F8-3F28-F780A98D871D} - D:\DOCUME~1\CCILE~1\APPLIC~1\MEOWLO~1\send gpl.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A08AE47D-E5E4-B2E4-7C0C-AC44EAEE2555} - D:\DOCUME~1\Seb\APPLIC~1\MEOWLO~1\send gpl.exe (file missing)
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - D:\Program Files\iVideoCodec\iesplugin.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleRemote] D:\Program Files\Pinnacle\Shared Files\remoterm.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AliceSAV] D:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [IpWins] D:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [arcaderockstar] D:\Program Files\ArcadeRockstar\arcaderockstar32.exe
O4 - HKCU\..\Run: [dead byte] D:\DOCUME~1\Seb\APPLIC~1\MEETRE~1\bore move link.exe
O4 - HKCU\..\Run: [WOOKIT] D:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [InstantTray] D:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [Error Safe] "D:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - D:\WINDOWS\System32\vbsys2.dll (file missing)
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - D:\WINDOWS\System32\okkmtv.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- [Virus] Pc qui rame et redémarage deféctueux
- Pc qui rame - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
12 réponses
Salut
Tu es pas mal infecté ...
Supprime ces deux programmes : IpWins et Error Safe
ensuite :
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
Tu es pas mal infecté ...
Supprime ces deux programmes : IpWins et Error Safe
ensuite :
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
J'arrive pas a désinstalle error safe et j'ai fais le log smith fraud :
SmitFraudFix v2.181
Rapport fait à 21:14:07,28, 12/05/2007
Executé à partir de D:\Documents and Settings\Seb\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Pinnacle\Shared Files\remoterm.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ArcadeRockstar\arcaderockstar32.exe
D:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
D:\Program Files\Opera\Opera.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
D:\WINDOWS\System32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» D:\
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Seb
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Seb\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
D:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
D:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Seb\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files
D:\Program Files\iVideoCodec\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"
[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="D:\WINDOWS\System32\okkmtv.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="D:\WINDOWS\System32\okkmtv.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.181
Rapport fait à 21:14:07,28, 12/05/2007
Executé à partir de D:\Documents and Settings\Seb\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Pinnacle\Shared Files\remoterm.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ArcadeRockstar\arcaderockstar32.exe
D:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
D:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
D:\Program Files\Opera\Opera.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
D:\WINDOWS\System32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» D:\
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Seb
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Seb\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
D:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
D:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Seb\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files
D:\Program Files\iVideoCodec\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"
[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="D:\WINDOWS\System32\okkmtv.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="D:\WINDOWS\System32\okkmtv.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Je vien de découvrir que mes enceinte n'était plus reconnu et windows média player ne veu plus lire de fichier audio car il dit que aucun periferique audio n' est branché alors que en faite tout et en place je ne sais plus quoi faire arggg ...
ok
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
ensuite :
Prendre connaissance du contenu du lien suivant:
http://www.f-secure.com/products/license-terms/eult_fra.pdf
Tu as donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que tu vas télécharger.
Maintenant fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.bat
Laisses-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2 sans notre avis/accord)
Patientes jusqu'au message :
*** Analyse Termine le ..... ***
Appuies sur une touche comme demandé, le blocnote va s'ouvrir.
Copies-colles l'intégralité dans une réponse. Refermes le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
++
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
ensuite :
Prendre connaissance du contenu du lien suivant:
http://www.f-secure.com/products/license-terms/eult_fra.pdf
Tu as donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que tu vas télécharger.
Maintenant fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.bat
Laisses-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2 sans notre avis/accord)
Patientes jusqu'au message :
*** Analyse Termine le ..... ***
Appuies sur une touche comme demandé, le blocnote va s'ouvrir.
Copies-colles l'intégralité dans une réponse. Refermes le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ca ne marche pas clique droit enregistrer sous il me dit que c'est reservé au aboné orange ou bien il memet que le lien et eronée ...
En tout cas j'ai fais le premier log que voici :
SmitFraudFix v2.181
Rapport fait à 22:46:40,45, 12/05/2007
Executé à partir de D:\Documents and Settings\Seb\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"
[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="D:\WINDOWS\System32\okkmtv.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="D:\WINDOWS\System32\okkmtv.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.enliven.com
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 banner.linkexchange.com
127.0.0.1 ads*.focalink.com
127.0.0.1 ads.imdb.com
127.0.0.1 commonwealth.riddler.com
127.0.0.1 globaltrak.net
127.0.0.1 nrsite.com
127.0.0.1 www.nrsite.com
127.0.0.1 ad-up.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.atlas.cz
127.0.0.1 ad.blm.net
127.0.0.1 ad.dogpile.com
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.net-service.de
127.0.0.1 ad.preferences.com
127.0.0.1 ad.vol.at
127.0.0.1 adbot.com
127.0.0.1 adbureau.net
127.0.0.1 adcount.hollywood.com
127.0.0.1 add.yaho.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adimage.blm.net
127.0.0.1 adlink.deh.de
127.0.0.1 ads.criticalmass.com
127.0.0.1 ads.csi.emcweb.com
127.0.0.1 ads.filez.com
127.0.0.1 ads.imagine-inc.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.mirrormedia.co.uk
127.0.0.1 ads.msn.com
127.0.0.1 ads.narrowline.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 adserv.newcentury.net
127.0.0.1 adservant.guj.de
127.0.0.1 adservant.mediapoint.de
127.0.0.1 adserver-espnet.sportszone.com
127.0.0.1 advert.heise.de
127.0.0.1 banners.internetextra.com
127.0.0.1 bannerswap.com
127.0.0.1 dino.mainz.ibm.de
127.0.0.1 ganges.imagine-inc.com
127.0.0.1 globaltrack.com
127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 garden.ngadcenter.net
127.0.0.1 ogilvy.ngadcenter.net
127.0.0.1 responsemedia-ad.flycast.com
127.0.0.1 suissa-ad.flycast.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 vnu.eu-adcenter.net
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.postmasterbannernet.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.admex.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.eads.com
127.0.0.1 www.freestats.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 ads.forbes.net
127.0.0.1 ads.newcity.com
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 ads.scifi.com
127.0.0.1 adengine.theglobe.com
127.0.0.1 ads.tucows.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads4.advance.net
127.0.0.1 ads1.advance.net
127.0.0.1 eur.yimg.com
127.0.0.1 us.a1.yimg.com
127.0.0.1 ad.harmony-central.com
127.0.0.1 sg.yimg.com
127.0.0.1 adverity.adverity.com
127.0.0.1 ads.bloomberg.com
127.0.0.1 mojofarm.mediaplex.com
127.0.0.1 ads.mysimon.com
127.0.0.1 ad.img.yahoo.co.kr
127.0.0.1 adimages.go.com
127.0.0.1 kr-adimage.lycos.co.kr
127.0.0.1 ad.kimo.com.tw
127.0.0.1 ads.paxnet.co.kr
127.0.0.1 ads.paxnet.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.admonitor.net
127.0.0.1 wwa.hitbox.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.erotism.com
127.0.0.1 banner.rootsweb.com
127.0.0.1 ads.ole.com
127.0.0.1 adimg1.chosun.com
127.0.0.1 ss.mtree.com
127.0.0.1 adpulse.ads.targetnet.com
127.0.0.1 adserver.ugo.com
127.0.0.1 ad.sales.olympics.com
127.0.0.1 m2.doubleclick.net
127.0.0.1 ph-ad21.focalink.com
127.0.0.1 focusin.ads.targetnet.com
127.0.0.1 www.datais.com
127.0.0.1 oas.mmd.ch
127.0.0.1 pub-g.ifrance.com
127.0.0.1 ads.bianca.com
127.0.0.1 wap.adlink.de
127.0.0.1 click.adlink.de
127.0.0.1 banner.adlink.de
127.0.0.1 hurricane.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 scand.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 direct.adlink.de
127.0.0.1 classic.adlink.de
127.0.0.1 adlui001.adlink.de
127.0.0.1 banner1.adlink.de
127.0.0.1 click.mp3.com
127.0.0.1 adcodes.bla-bla.com
127.0.0.1 icover.realmedia.com
127.0.0.1 ca.fp.sandpiper.net
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 ads.tmcs.net
127.0.0.1 amedia.techies.com
127.0.0.1 www.exchange-it.com
127.0.0.1 www.ad.tomshardware.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 ads.currantbun.com
127.0.0.1 phoenix-adrunner.mycomputer.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 adserver.colleges.com
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.starnews.com
127.0.0.1 www.linksynergy.com
127.0.0.1 ieee-images.adbureau.net
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 ads.newsdigital.net
127.0.0.1 arc5.msn.com
127.0.0.1 arc4.msn.com
127.0.0.1 arc3.msn.com
127.0.0.1 arc2.msn.com
127.0.0.1 arc1.msn.com
127.0.0.1 ads.discovery.com
127.0.0.1 im.800.com
127.0.0.1 img.cmpnet.com
127.0.0.1 ad7.internetadserver.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.cbc.ca
127.0.0.1 www75.valueclick.com
127.0.0.1 ads.clearbluemedia.com
127.0.0.1 ti.click2net.com
127.0.0.1 www.onresponse.com
127.0.0.1 ads.list-universe.com
127.0.0.1 advert.bayarea.com
127.0.0.1 www3.pagecount.com
127.0.0.1 www.netsponsors.com
127.0.0.1 adthru.com
127.0.0.1 ads.newtimes.com
127.0.0.1 ads.ugo.com
127.0.0.1 ads.belointeractive.com
127.0.0.1 wwb.hitbox.com
127.0.0.1 comtrack.comclick.com
127.0.0.1 www.24pm-affiliation.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.cibleclick.com
127.0.0.1 reply.mediatris.net
127.0.0.1 cgi.declicnet.com
127.0.0.1 pubs.mgn.net
127.0.0.1 ads.mcafee.com
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ad.be.doubleclick.net
127.0.0.1 ad.adtraq.com
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 adpop.theglobe.com
127.0.0.1 ads-03.tor.focusin.ads.targetnet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.detelefoongids.nl
127.0.0.1 ads.ecircles.com
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.hyperbanner.net
127.0.0.1 ads.jpost.com
127.0.0.1 ads.netmechanic.com
127.0.0.1 ads.webcash.nl
127.0.0.1 adserver.netcast.nl
127.0.0.1 adserver.webads.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.realtracker.com
127.0.0.1 adserver2.realtracker.com
127.0.0.1 adserver3.realtracker.com
127.0.0.1 delivery1.ads.telegraaf.nl
127.0.0.1 holland.hyperbanner.net
127.0.0.1 images.webads.nl
127.0.0.1 sc.clicksupply.com
127.0.0.1 service.bfast.com
127.0.0.1 www.ad4ex.com
127.0.0.1 www.bannercampaign.com
127.0.0.1 www.cyberbounty.com
127.0.0.1 www.netvertising.be
127.0.0.1 www.speedyclick.com
127.0.0.1 www.webads.nl
127.0.0.1 ads.snowball.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 www10.valueclick.com
127.0.0.1 js1.hitbox.com
127.0.0.1 rd1.hitbox.com
127.0.0.1 mt37.mtree.com
127.0.0.1 ads.gameanswers.com
127.0.0.1 ads7.udc.advance.net
127.0.0.1 www23.valueclick.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 banners.nextcard.com
127.0.0.1 ads.iwon.com
127.0.0.1 www.qksrv.net
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 ads-b.focalink.com
127.0.0.1 ad2.peel.com
127.0.0.1 ads.floridatoday.com
127.0.0.1 stats.adultrevenueservice.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ph-ad06.focalink.com
127.0.0.1 global.msads.net
127.0.0.1 pluto1.iserver.net
127.0.0.1 ads1.intelliads.com
127.0.0.1 primetime.ad.asap-asp.net
127.0.0.1 ads.stileproject.com
127.0.0.1 di.image.eshop.msn.com
127.0.0.1 www.blissnet.net
127.0.0.1 www.consumerinfo.com
127.0.0.1 ads.rottentomatoes.com
127.0.0.1 k5ads.osdn.com
127.0.0.1 actionsplash.com
127.0.0.1 campaigns.f2.com.au
127.0.0.1 adserver.news.com.au
127.0.0.1 servedby.advertising.com
127.0.0.1 java.yahoo.com
127.0.0.1 ad.howstuffworks.com
127.0.0.1 ads.1for1.com
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 ads.devx.com
127.0.0.1 utils.mediageneral.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 www.dnps.com
127.0.0.1 creative.whi.co.nz
127.0.0.1 rmedia.boston.com
127.0.0.1 webaffiliate.covad.com
127.0.0.1 ad.iwin.com
127.0.0.1 www.nailitonline2.com
127.0.0.1 mds.centrport.net
127.0.0.1 oas.dispatch.com
127.0.0.1 adserver.ads360.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 ads.as4x.tmcs.net
127.0.0.1 ads.clickagents.com
127.0.0.1 banners.chek.com
127.0.0.1 zi.r.tv.com
127.0.0.1 ph-ad19.focalink.com
127.0.0.1 ads.greensboro.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ads.colo.kiva.net
127.0.0.1 adsrv.iol.co.za
127.0.0.1 mjxads.internet.com
127.0.0.1 adimage.asiaone.com.sg
127.0.0.1 ads.vnuemedia.com
127.0.0.1 affiliate.doteasy.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 oas.lee.net
127.0.0.1 www.banneroverdrive.com
127.0.0.1 ad3.peel.com
127.0.0.1 ad1.peel.comwww.xbn.ru
127.0.0.1 adserver.snowball.com
127.0.0.1 media15.fastclick.net
127.0.0.1 ads5.advance.net
127.0.0.1 ads3.advance.net
127.0.0.1 ads2.advance.net
127.0.0.1 ads.advance.net
127.0.0.1 usbytecom.orbitcycle.com
127.0.0.1 adbanner.sweepsclub.com
127.0.0.1 oas.villagevoice.com
127.0.0.1 www.ad-flow.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 media19.fastclick.net
127.0.0.1 a.tribalfusion.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.premiumnetwork.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 adserver.hispavista.com
127.0.0.1 ads.musiccity.com
127.0.0.1 banners.revenuelink.com
127.0.0.1 ads1.sptimes.com
127.0.0.1 adserver.bizland-inc.net
127.0.0.1 ads.adtegrity.net
127.0.0.1 media13.fastclick.net
127.0.0.1 adserver.ukplus.co.uk
127.0.0.1 ads.live365.com
127.0.0.1 ads.fredericksburg.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 ar.atwola.com
127.0.0.1 ads.bigcitytools.com
127.0.0.1 netshelter.adtrix.com
127.0.0.1 y.ibsys.com
127.0.0.1 adserver.nydailynews.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 images.scripps.com
127.0.0.1 images.cybereps.com
127.0.0.1 altfarm.mediaplex.com
127.0.0.1 krd.realcities.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 view.atdmt.com
127.0.0.1 ads7.advance.net
127.0.0.1 ad.abcnews.com
127.0.0.1 ads.newsquest.co.uk
127.0.0.1 secure.webconnect.net
127.0.0.1 ads.nandomedia.com
127.0.0.1 banners.babylon-x.com
127.0.0.1 media17.fastclick.net
127.0.0.1 techreview-images.adbureau.net
127.0.0.1 ads.exhedra.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 realmedia-a800.d4p.net
127.0.0.1 banner.northsky.com
127.0.0.1 ftp.nacorp.com
127.0.0.1 www.digitalbettingcasinos.com
127.0.0.1 c1.zedo.com
127.0.0.1 ads4.condenet.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 desktop.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.b3d.com
127.0.0.1 neighborhood.standard.net
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 spinbox.techtracker.com
127.0.0.1 toads.osdn.com
127.0.0.1 ads.themes.org
127.0.0.1 adserver.trb.com
127.0.0.1 media.fastclick.net
127.0.0.1 banner.easyspace.com
127.0.0.1 www.banner2u.com
127.0.0.1 ads.thestar.com
127.0.0.1 ads.digitalmedianet.com
127.0.0.1 www.fineclicks.com
127.0.0.1 ads.mdchoice.com
127.0.0.1 ad.horvitznewspapers.net
127.0.0.1 adtegrity.thruport.com
127.0.0.1 a.mktw.net
127.0.0.1 ads.pennyweb.com
127.0.0.1 www3.ad.tomshardware.com
127.0.0.1 www4.ad.tomshardware.com
127.0.0.1 www6.ad.tomshardware.com
127.0.0.1 www8.ad.tomshardware.com
127.0.0.1 www15.ad.tomshardware.com
127.0.0.1 ads.forbes.com
127.0.0.1 ads.desmoinesregister.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 bannerads.anytimenews.com
127.0.0.1 ads1.condenet.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 zrap.zdnet.com.com
127.0.0.1 bidclix.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 coreg.flashtrack.net
127.0.0.1 rmads.msn.com
127.0.0.1 ads.icq.com
127.0.0.1 cb.icq.com
127.0.0.1 cf.icq.com
127.0.0.1 www2.newtopsites.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 images.fastclick.net
127.0.0.1 adserver.securityfocus.com
127.0.0.1 www.avsads.com
127.0.0.1 banners.moviegoods.com
127.0.0.1 ads.bitsonthewire.com
127.0.0.1 ads.iambic.com
127.0.0.1 sfads.osdn.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 adserver.phillyburbs.com
127.0.0.1 marketing.nyi.net
127.0.0.1 www.netflip.com
127.0.0.1 image.imgfarm.com
127.0.0.1 ads.viaarena.com
127.0.0.1 phpads2.cnpapers.com
127.0.0.1 ads.astalavista.us
127.0.0.1 banner.coza.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 ads.democratandchronicle.com
127.0.0.1 adlog.com.com
127.0.0.1 adimg.com.com
127.0.0.1 adimage.bankrate.com
127.0.0.1 ads.mediadevil.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ads.cashsurfers.com
127.0.0.1 ads.specificpop.com
127.0.0.1 z1.adserver.com
127.0.0.1 images.bizrate.com
127.0.0.1 q.pni.com
127.0.0.1 ad01.mediacorpsingapore.com
127.0.0.1 adimage.asia1.com.sg
127.0.0.1 images.newsx.cc
127.0.0.1 www.adireland.com
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.nyi.net
127.0.0.1 geoads.osdn.com
127.0.0.1 www.crisscross.com
127.0.0.1 netcomm.spinbox.net
127.0.0.1 i.i.com.com
127.0.0.1 ads.videoaxs.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 adserver.pollstar.com
127.0.0.1 information.gopher.com
127.0.0.1 ads.adviva.net
127.0.0.1 adsrv.bankrate.com
127.0.0.1 a207.p.f.qz3.net
127.0.0.1 ehg-bestbuy.hitbox.com
127.0.0.1 ehg-intel.hitbox.com
127.0.0.1 ehg-espn.hitbox.com
127.0.0.1 ehg-macromedia.hitbox.com
127.0.0.1 ehg-dig.hitbox.com
127.0.0.1 speed.pointroll.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ads.gamespy.com
127.0.0.1 spd.atdmt.com
127.0.0.1 ads.columbian.com
127.0.0.1 clickit.go2net.com
127.0.0.1 vpdc.ru4.com
127.0.0.1 ads.developershed.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.nerve.com
127.0.0.1 iv.doubleclick.net
127.0.0.1 ads2.condenet.com
127.0.0.1 www.burstnet.com
127.0.0.1 ads5.canoe.ca
127.0.0.1 askmen.thruport.com
127.0.0.1 adsrv2.gainesvillesun.com
127.0.0.1 ads.theolympian.com
127.0.0.1 ads.courierpostonline.com
127.0.0.1 i.timeinc.net
127.0.0.1 oasads.whitepages.com
127.0.0.1 rad.msn.com
127.0.0.1 serve.thisbanner.com
127.0.0.1 images.trafficmp.com
127.0.0.1 www.kaplanindex.com
127.0.0.1 kaplanindex.com
127.0.0.1 1.httpdads.com
127.0.0.1 spinbox.maccentral.com
127.0.0.1 akaads-abc.starwave.com
127.0.0.1 webad.ajeeb.com
127.0.0.1 ads.granadamedia.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.wnd.com
127.0.0.1 a3.suntimes.com
127.0.0.1 tmsads.tribune.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.mh5.com
127.0.0.1 ad.usatoday.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads.clearchannel.com
127.0.0.1 ads2.clearchannel.com
127.0.0.1 ads.jacksonsun.com
127.0.0.1 servads.aip.org
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 adng.ascii24.com
127.0.0.1 engage.speedera.net
127.0.0.1 ads.msn-ppe.com
127.0.0.1 ad.openfind.com.tw
127.0.0.1 adi.mainichi.co.jp
127.0.0.1 ads.northjersey.com
127.0.0.1 ad.moscowtimes.ru
127.0.0.1 banners.valuead.com
127.0.0.1 ad1.aaddzz.com
127.0.0.1 ds.eyeblaster.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.statesmanjournal.com
127.0.0.1 ads.centralohio.com
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
D:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
D:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
D:\Program Files\iVideoCodec\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
En tout cas j'ai fais le premier log que voici :
SmitFraudFix v2.181
Rapport fait à 22:46:40,45, 12/05/2007
Executé à partir de D:\Documents and Settings\Seb\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"
[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="D:\WINDOWS\System32\okkmtv.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="D:\WINDOWS\System32\okkmtv.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.enliven.com
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 banner.linkexchange.com
127.0.0.1 ads*.focalink.com
127.0.0.1 ads.imdb.com
127.0.0.1 commonwealth.riddler.com
127.0.0.1 globaltrak.net
127.0.0.1 nrsite.com
127.0.0.1 www.nrsite.com
127.0.0.1 ad-up.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.atlas.cz
127.0.0.1 ad.blm.net
127.0.0.1 ad.dogpile.com
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.net-service.de
127.0.0.1 ad.preferences.com
127.0.0.1 ad.vol.at
127.0.0.1 adbot.com
127.0.0.1 adbureau.net
127.0.0.1 adcount.hollywood.com
127.0.0.1 add.yaho.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adimage.blm.net
127.0.0.1 adlink.deh.de
127.0.0.1 ads.criticalmass.com
127.0.0.1 ads.csi.emcweb.com
127.0.0.1 ads.filez.com
127.0.0.1 ads.imagine-inc.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.mirrormedia.co.uk
127.0.0.1 ads.msn.com
127.0.0.1 ads.narrowline.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 adserv.newcentury.net
127.0.0.1 adservant.guj.de
127.0.0.1 adservant.mediapoint.de
127.0.0.1 adserver-espnet.sportszone.com
127.0.0.1 advert.heise.de
127.0.0.1 banners.internetextra.com
127.0.0.1 bannerswap.com
127.0.0.1 dino.mainz.ibm.de
127.0.0.1 ganges.imagine-inc.com
127.0.0.1 globaltrack.com
127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 garden.ngadcenter.net
127.0.0.1 ogilvy.ngadcenter.net
127.0.0.1 responsemedia-ad.flycast.com
127.0.0.1 suissa-ad.flycast.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 vnu.eu-adcenter.net
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.postmasterbannernet.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.admex.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.eads.com
127.0.0.1 www.freestats.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 ads.forbes.net
127.0.0.1 ads.newcity.com
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 ads.scifi.com
127.0.0.1 adengine.theglobe.com
127.0.0.1 ads.tucows.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads4.advance.net
127.0.0.1 ads1.advance.net
127.0.0.1 eur.yimg.com
127.0.0.1 us.a1.yimg.com
127.0.0.1 ad.harmony-central.com
127.0.0.1 sg.yimg.com
127.0.0.1 adverity.adverity.com
127.0.0.1 ads.bloomberg.com
127.0.0.1 mojofarm.mediaplex.com
127.0.0.1 ads.mysimon.com
127.0.0.1 ad.img.yahoo.co.kr
127.0.0.1 adimages.go.com
127.0.0.1 kr-adimage.lycos.co.kr
127.0.0.1 ad.kimo.com.tw
127.0.0.1 ads.paxnet.co.kr
127.0.0.1 ads.paxnet.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.admonitor.net
127.0.0.1 wwa.hitbox.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.erotism.com
127.0.0.1 banner.rootsweb.com
127.0.0.1 ads.ole.com
127.0.0.1 adimg1.chosun.com
127.0.0.1 ss.mtree.com
127.0.0.1 adpulse.ads.targetnet.com
127.0.0.1 adserver.ugo.com
127.0.0.1 ad.sales.olympics.com
127.0.0.1 m2.doubleclick.net
127.0.0.1 ph-ad21.focalink.com
127.0.0.1 focusin.ads.targetnet.com
127.0.0.1 www.datais.com
127.0.0.1 oas.mmd.ch
127.0.0.1 pub-g.ifrance.com
127.0.0.1 ads.bianca.com
127.0.0.1 wap.adlink.de
127.0.0.1 click.adlink.de
127.0.0.1 banner.adlink.de
127.0.0.1 hurricane.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 scand.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 direct.adlink.de
127.0.0.1 classic.adlink.de
127.0.0.1 adlui001.adlink.de
127.0.0.1 banner1.adlink.de
127.0.0.1 click.mp3.com
127.0.0.1 adcodes.bla-bla.com
127.0.0.1 icover.realmedia.com
127.0.0.1 ca.fp.sandpiper.net
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 ads.tmcs.net
127.0.0.1 amedia.techies.com
127.0.0.1 www.exchange-it.com
127.0.0.1 www.ad.tomshardware.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 ads.currantbun.com
127.0.0.1 phoenix-adrunner.mycomputer.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 adserver.colleges.com
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.starnews.com
127.0.0.1 www.linksynergy.com
127.0.0.1 ieee-images.adbureau.net
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 ads.newsdigital.net
127.0.0.1 arc5.msn.com
127.0.0.1 arc4.msn.com
127.0.0.1 arc3.msn.com
127.0.0.1 arc2.msn.com
127.0.0.1 arc1.msn.com
127.0.0.1 ads.discovery.com
127.0.0.1 im.800.com
127.0.0.1 img.cmpnet.com
127.0.0.1 ad7.internetadserver.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.cbc.ca
127.0.0.1 www75.valueclick.com
127.0.0.1 ads.clearbluemedia.com
127.0.0.1 ti.click2net.com
127.0.0.1 www.onresponse.com
127.0.0.1 ads.list-universe.com
127.0.0.1 advert.bayarea.com
127.0.0.1 www3.pagecount.com
127.0.0.1 www.netsponsors.com
127.0.0.1 adthru.com
127.0.0.1 ads.newtimes.com
127.0.0.1 ads.ugo.com
127.0.0.1 ads.belointeractive.com
127.0.0.1 wwb.hitbox.com
127.0.0.1 comtrack.comclick.com
127.0.0.1 www.24pm-affiliation.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.cibleclick.com
127.0.0.1 reply.mediatris.net
127.0.0.1 cgi.declicnet.com
127.0.0.1 pubs.mgn.net
127.0.0.1 ads.mcafee.com
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ad.be.doubleclick.net
127.0.0.1 ad.adtraq.com
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 adpop.theglobe.com
127.0.0.1 ads-03.tor.focusin.ads.targetnet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.detelefoongids.nl
127.0.0.1 ads.ecircles.com
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.hyperbanner.net
127.0.0.1 ads.jpost.com
127.0.0.1 ads.netmechanic.com
127.0.0.1 ads.webcash.nl
127.0.0.1 adserver.netcast.nl
127.0.0.1 adserver.webads.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.realtracker.com
127.0.0.1 adserver2.realtracker.com
127.0.0.1 adserver3.realtracker.com
127.0.0.1 delivery1.ads.telegraaf.nl
127.0.0.1 holland.hyperbanner.net
127.0.0.1 images.webads.nl
127.0.0.1 sc.clicksupply.com
127.0.0.1 service.bfast.com
127.0.0.1 www.ad4ex.com
127.0.0.1 www.bannercampaign.com
127.0.0.1 www.cyberbounty.com
127.0.0.1 www.netvertising.be
127.0.0.1 www.speedyclick.com
127.0.0.1 www.webads.nl
127.0.0.1 ads.snowball.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 www10.valueclick.com
127.0.0.1 js1.hitbox.com
127.0.0.1 rd1.hitbox.com
127.0.0.1 mt37.mtree.com
127.0.0.1 ads.gameanswers.com
127.0.0.1 ads7.udc.advance.net
127.0.0.1 www23.valueclick.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 banners.nextcard.com
127.0.0.1 ads.iwon.com
127.0.0.1 www.qksrv.net
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 ads-b.focalink.com
127.0.0.1 ad2.peel.com
127.0.0.1 ads.floridatoday.com
127.0.0.1 stats.adultrevenueservice.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ph-ad06.focalink.com
127.0.0.1 global.msads.net
127.0.0.1 pluto1.iserver.net
127.0.0.1 ads1.intelliads.com
127.0.0.1 primetime.ad.asap-asp.net
127.0.0.1 ads.stileproject.com
127.0.0.1 di.image.eshop.msn.com
127.0.0.1 www.blissnet.net
127.0.0.1 www.consumerinfo.com
127.0.0.1 ads.rottentomatoes.com
127.0.0.1 k5ads.osdn.com
127.0.0.1 actionsplash.com
127.0.0.1 campaigns.f2.com.au
127.0.0.1 adserver.news.com.au
127.0.0.1 servedby.advertising.com
127.0.0.1 java.yahoo.com
127.0.0.1 ad.howstuffworks.com
127.0.0.1 ads.1for1.com
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 ads.devx.com
127.0.0.1 utils.mediageneral.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 www.dnps.com
127.0.0.1 creative.whi.co.nz
127.0.0.1 rmedia.boston.com
127.0.0.1 webaffiliate.covad.com
127.0.0.1 ad.iwin.com
127.0.0.1 www.nailitonline2.com
127.0.0.1 mds.centrport.net
127.0.0.1 oas.dispatch.com
127.0.0.1 adserver.ads360.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 ads.as4x.tmcs.net
127.0.0.1 ads.clickagents.com
127.0.0.1 banners.chek.com
127.0.0.1 zi.r.tv.com
127.0.0.1 ph-ad19.focalink.com
127.0.0.1 ads.greensboro.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ads.colo.kiva.net
127.0.0.1 adsrv.iol.co.za
127.0.0.1 mjxads.internet.com
127.0.0.1 adimage.asiaone.com.sg
127.0.0.1 ads.vnuemedia.com
127.0.0.1 affiliate.doteasy.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 oas.lee.net
127.0.0.1 www.banneroverdrive.com
127.0.0.1 ad3.peel.com
127.0.0.1 ad1.peel.comwww.xbn.ru
127.0.0.1 adserver.snowball.com
127.0.0.1 media15.fastclick.net
127.0.0.1 ads5.advance.net
127.0.0.1 ads3.advance.net
127.0.0.1 ads2.advance.net
127.0.0.1 ads.advance.net
127.0.0.1 usbytecom.orbitcycle.com
127.0.0.1 adbanner.sweepsclub.com
127.0.0.1 oas.villagevoice.com
127.0.0.1 www.ad-flow.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 media19.fastclick.net
127.0.0.1 a.tribalfusion.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.premiumnetwork.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 adserver.hispavista.com
127.0.0.1 ads.musiccity.com
127.0.0.1 banners.revenuelink.com
127.0.0.1 ads1.sptimes.com
127.0.0.1 adserver.bizland-inc.net
127.0.0.1 ads.adtegrity.net
127.0.0.1 media13.fastclick.net
127.0.0.1 adserver.ukplus.co.uk
127.0.0.1 ads.live365.com
127.0.0.1 ads.fredericksburg.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 ar.atwola.com
127.0.0.1 ads.bigcitytools.com
127.0.0.1 netshelter.adtrix.com
127.0.0.1 y.ibsys.com
127.0.0.1 adserver.nydailynews.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 images.scripps.com
127.0.0.1 images.cybereps.com
127.0.0.1 altfarm.mediaplex.com
127.0.0.1 krd.realcities.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 view.atdmt.com
127.0.0.1 ads7.advance.net
127.0.0.1 ad.abcnews.com
127.0.0.1 ads.newsquest.co.uk
127.0.0.1 secure.webconnect.net
127.0.0.1 ads.nandomedia.com
127.0.0.1 banners.babylon-x.com
127.0.0.1 media17.fastclick.net
127.0.0.1 techreview-images.adbureau.net
127.0.0.1 ads.exhedra.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 realmedia-a800.d4p.net
127.0.0.1 banner.northsky.com
127.0.0.1 ftp.nacorp.com
127.0.0.1 www.digitalbettingcasinos.com
127.0.0.1 c1.zedo.com
127.0.0.1 ads4.condenet.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 desktop.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.b3d.com
127.0.0.1 neighborhood.standard.net
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 spinbox.techtracker.com
127.0.0.1 toads.osdn.com
127.0.0.1 ads.themes.org
127.0.0.1 adserver.trb.com
127.0.0.1 media.fastclick.net
127.0.0.1 banner.easyspace.com
127.0.0.1 www.banner2u.com
127.0.0.1 ads.thestar.com
127.0.0.1 ads.digitalmedianet.com
127.0.0.1 www.fineclicks.com
127.0.0.1 ads.mdchoice.com
127.0.0.1 ad.horvitznewspapers.net
127.0.0.1 adtegrity.thruport.com
127.0.0.1 a.mktw.net
127.0.0.1 ads.pennyweb.com
127.0.0.1 www3.ad.tomshardware.com
127.0.0.1 www4.ad.tomshardware.com
127.0.0.1 www6.ad.tomshardware.com
127.0.0.1 www8.ad.tomshardware.com
127.0.0.1 www15.ad.tomshardware.com
127.0.0.1 ads.forbes.com
127.0.0.1 ads.desmoinesregister.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 bannerads.anytimenews.com
127.0.0.1 ads1.condenet.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 zrap.zdnet.com.com
127.0.0.1 bidclix.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 coreg.flashtrack.net
127.0.0.1 rmads.msn.com
127.0.0.1 ads.icq.com
127.0.0.1 cb.icq.com
127.0.0.1 cf.icq.com
127.0.0.1 www2.newtopsites.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 images.fastclick.net
127.0.0.1 adserver.securityfocus.com
127.0.0.1 www.avsads.com
127.0.0.1 banners.moviegoods.com
127.0.0.1 ads.bitsonthewire.com
127.0.0.1 ads.iambic.com
127.0.0.1 sfads.osdn.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 adserver.phillyburbs.com
127.0.0.1 marketing.nyi.net
127.0.0.1 www.netflip.com
127.0.0.1 image.imgfarm.com
127.0.0.1 ads.viaarena.com
127.0.0.1 phpads2.cnpapers.com
127.0.0.1 ads.astalavista.us
127.0.0.1 banner.coza.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 ads.democratandchronicle.com
127.0.0.1 adlog.com.com
127.0.0.1 adimg.com.com
127.0.0.1 adimage.bankrate.com
127.0.0.1 ads.mediadevil.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ads.cashsurfers.com
127.0.0.1 ads.specificpop.com
127.0.0.1 z1.adserver.com
127.0.0.1 images.bizrate.com
127.0.0.1 q.pni.com
127.0.0.1 ad01.mediacorpsingapore.com
127.0.0.1 adimage.asia1.com.sg
127.0.0.1 images.newsx.cc
127.0.0.1 www.adireland.com
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.nyi.net
127.0.0.1 geoads.osdn.com
127.0.0.1 www.crisscross.com
127.0.0.1 netcomm.spinbox.net
127.0.0.1 i.i.com.com
127.0.0.1 ads.videoaxs.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 adserver.pollstar.com
127.0.0.1 information.gopher.com
127.0.0.1 ads.adviva.net
127.0.0.1 adsrv.bankrate.com
127.0.0.1 a207.p.f.qz3.net
127.0.0.1 ehg-bestbuy.hitbox.com
127.0.0.1 ehg-intel.hitbox.com
127.0.0.1 ehg-espn.hitbox.com
127.0.0.1 ehg-macromedia.hitbox.com
127.0.0.1 ehg-dig.hitbox.com
127.0.0.1 speed.pointroll.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ads.gamespy.com
127.0.0.1 spd.atdmt.com
127.0.0.1 ads.columbian.com
127.0.0.1 clickit.go2net.com
127.0.0.1 vpdc.ru4.com
127.0.0.1 ads.developershed.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.nerve.com
127.0.0.1 iv.doubleclick.net
127.0.0.1 ads2.condenet.com
127.0.0.1 www.burstnet.com
127.0.0.1 ads5.canoe.ca
127.0.0.1 askmen.thruport.com
127.0.0.1 adsrv2.gainesvillesun.com
127.0.0.1 ads.theolympian.com
127.0.0.1 ads.courierpostonline.com
127.0.0.1 i.timeinc.net
127.0.0.1 oasads.whitepages.com
127.0.0.1 rad.msn.com
127.0.0.1 serve.thisbanner.com
127.0.0.1 images.trafficmp.com
127.0.0.1 www.kaplanindex.com
127.0.0.1 kaplanindex.com
127.0.0.1 1.httpdads.com
127.0.0.1 spinbox.maccentral.com
127.0.0.1 akaads-abc.starwave.com
127.0.0.1 webad.ajeeb.com
127.0.0.1 ads.granadamedia.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.wnd.com
127.0.0.1 a3.suntimes.com
127.0.0.1 tmsads.tribune.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.mh5.com
127.0.0.1 ad.usatoday.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads.clearchannel.com
127.0.0.1 ads2.clearchannel.com
127.0.0.1 ads.jacksonsun.com
127.0.0.1 servads.aip.org
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 adng.ascii24.com
127.0.0.1 engage.speedera.net
127.0.0.1 ads.msn-ppe.com
127.0.0.1 ad.openfind.com.tw
127.0.0.1 adi.mainichi.co.jp
127.0.0.1 ads.northjersey.com
127.0.0.1 ad.moscowtimes.ru
127.0.0.1 banners.valuead.com
127.0.0.1 ad1.aaddzz.com
127.0.0.1 ds.eyeblaster.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.statesmanjournal.com
127.0.0.1 ads.centralohio.com
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
D:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
D:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
D:\Program Files\iVideoCodec\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{30056DAF-671C-42DF-9327-5B93C3F8E63E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Voila le deuxieme log :
Search Navipromo version 2.0.1 commencé le 12/05/2007 à 23:59:07,96
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis D:\Program Files\navilog1
Mise a jour le 10.05.2007 a 22h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans D:\WINDOWS ***
*** Recherche dossiers dans D:\Program Files ***
*** Recherche dossiers dans D:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans D:\Documents and Settings\Seb\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 05/12/07 at 23:59:08.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .....................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 05/13/07 at 00:04:36 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
*** Analyse Terminé le 13/05/2007 à 0:05:54,84 ***
Search Navipromo version 2.0.1 commencé le 12/05/2007 à 23:59:07,96
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis D:\Program Files\navilog1
Mise a jour le 10.05.2007 a 22h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans D:\WINDOWS ***
*** Recherche dossiers dans D:\Program Files ***
*** Recherche dossiers dans D:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans D:\Documents and Settings\Seb\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 05/12/07 at 23:59:08.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .....................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 05/13/07 at 00:04:36 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
*** Analyse Terminé le 13/05/2007 à 0:05:54,84 ***
