Virtumonde et autres problèmes

Résolu

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention -
dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention - 12 avril 2008 à 19:27

Bonjour,

Qelqu'un saurait-il m'aider ?

J'ai un soucis sur ma machine depuis ce matin.

J'ai un message de demande d'installation d'anti spyware.

Spyboot détecte virtualmonde.dll et d'autre éléments qu'il ne peut supprimé.

J'ai lancé hijackthis et j'ai le log suivant.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:35:57, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
D:\SuperCopier2\SuperCopier2.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\yannick\Bureau\HiJackThis_v2.exe
C:\Program Files\UltraEdit\UEDIT32.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
D:\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {271A4DDA-ACC9-4FE7-B856-930FF482DCEF} - C:\WINDOWS\system32\geBssRlk.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4EC361C3-7F5C-4B3E-A370-E9B3222E19DC} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: geneanetx Class - {81CAB1B5-6895-4DD4-84C5-DDA7311277FF} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O2 - BHO: (no name) - {A19CDA83-DE79-4B3A-AC9B-8B15F77C2222} - C:\WINDOWS\system32\ljJcbyyX.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - C:\WINDOWS\system32\jkkIaAPg.dll
O2 - BHO: DVA Media - {D226FE2F-ED31-47B9-A435-5C2B54AF6C96} - C:\WINDOWS\temlxopqdrf.dll
O3 - Toolbar: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: vnbptxlf - {2765DD3A-7AB1-4813-9612-C14A5981728A} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\RunOnce: [SpybotDeletingA2736] command /c del "C:\WINDOWS\system32\ljJcbyyX.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2987] cmd /c del "C:\WINDOWS\system32\ljJcbyyX.dll"
O4 - HKCU\..\Run: [SuperCopier2.exe] d:\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1687] command /c del "C:\WINDOWS\system32\ljJcbyyX.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9236] cmd /c del "C:\WINDOWS\system32\ljJcbyyX.dll"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk.disabled
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra 'Tools' menuitem: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer = 10.0.1.1
O20 - Winlogon Notify: jkkIaAPg - C:\WINDOWS\SYSTEM32\jkkIaAPg.dll
O21 - SSODL: mgsvflkw - {816FF815-1C39-47E8-9DB6-C2DEBC5C6EBB} - C:\WINDOWS\mgsvflkw.dll
O21 - SSODL: qdnkewfa - {5DC70AA1-8B34-465B-A849-37D82AD3AF4F} - C:\WINDOWS\qdnkewfa.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Hid Switch Service - Cambridge Silicon Radio - C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Publication World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\CONNEXION_DISTANTE\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Afficher la suite

23 réponses

1
2

Suivant

Réponse 1 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

slt plusieurs problème :

Pour commencer :

télécharge smitfraudfix: smitfraudfix

# Double clique sur l'icone de smitfraud pui choisis l'option 1 et poste le rapport.

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

SmitFraudFix v2.311

Rapport fait à 16:53:57,00, 11/04/2008
Executé à partir de C:\Documents and Settings\yannick\Bureau\Nouveau dossier (2)\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
D:\SuperCopier2\SuperCopier2.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yannick

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yannick\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\yannick\Favoris

C:\DOCUME~1\yannick\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\yannick\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\yannick\Favoris\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\yannick\Bureau\Privacy Protector.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: temlxopqdrf.dll
BHO: DVA Media - {D226FE2F-ED31-47B9-A435-5C2B54AF6C96}
TypeLib: {0455A078-B1F5-4E39-992A-7865D7E30004}
Interface: {0AEB85EF-A931-4C01-9217-292594E10AFA}
Interface: {6E36BF1C-C587-475B-A1EE-6393E0D46CC5}

[!] Suspicious: vnbptxlf.dll
Toolbar: vnbptxlf - {2765DD3A-7AB1-4813-9612-C14A5981728A}
TypeLib: {77ECF945-2592-41EE-8DCB-ECAC3CB628FB}
Interface: {8AE7F4AF-B041-4923-8BB4-33E0F8E3BEB1}
Classe: vnbptxlf.beps
Classe: vnbptxlf.ToolBar.1

[!] Suspicious: mgsvflkw.dll
SSODL: mgsvflkw - {816FF815-1C39-47E8-9DB6-C2DEBC5C6EBB}

[!] Suspicious: qdnkewfa.dll
SSODL: qdnkewfa - {5DC70AA1-8B34-465B-A849-37D82AD3AF4F}

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.1.1

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer=10.0.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F33BF26F-9C41-479F-B25D-5BB25D877DE6}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer=10.0.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F33BF26F-9C41-479F-B25D-5BB25D877DE6}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer=10.0.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 2 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

On continue,

Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SmitfraudFix
Double clic sur Smitfraud.cm choisis l'option 2 et Entrée
Réponds O aux deux questions suivantes:
-Voulez-vous nettoyer le registre ?
-Corriger le fichier infecté ?
Un rapport.txt sera généré et tu le postes pour contrôle.

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

voici le log
SmitFraudFix v2.311

Rapport fait à 17:31:29,76, 11/04/2008
Executé à partir de C:\Documents and Settings\yannick\Bureau\Nouveau dossier (2)\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
10.0.1.12 black
10.0.1.13 terre
10.0.1.14 mars
10.0.1.87 lune
10.0.1.15 sinope
10.0.1.3 d2r2
10.0.1.20 pilote
10.0.1.83 libellule
10.0.1.21 kirikou
10.0.1.107 kteam
10.0.1.11 cispeo
10.0.1.8 maltesse
10.0.1.31 soleil2
10.0.1.32 pluton
10.0.1.33 saturne
10.0.1.34 uranus
10.0.4.83 intranet
10.0.4.83 intra
10.0.4.56 media
10.0.7.98 sefas-vm

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 1001-search.info
127.0.0.1 www.1001-search.info
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 139mm.com
127.0.0.1 www.139mm.com
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 181.365soft.info
127.0.0.1 www.181.365soft.info
127.0.0.1 1987324.com
127.0.0.1 www.1987324.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1-extreme.biz
127.0.0.1 www.1-extreme.biz
127.0.0.1 1sexparty.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 2.82211.net
127.0.0.1 www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 2020search.com
127.0.0.1 www.2020search.com
127.0.0.1 20x2p.com
127.0.0.1 24.365soft.info
127.0.0.1 www.24.365soft.info
127.0.0.1 24-7pharmacy.info
127.0.0.1 www.24-7pharmacy.info
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 24teen.com
127.0.0.1 www.24teen.com
127.0.0.1 2every.net
127.0.0.1 www.2every.net
127.0.0.1 2ndpower.com
127.0.0.1 2search.com
127.0.0.1 www.2search.com
127.0.0.1 2search.org
127.0.0.1 www.2search.org
127.0.0.1 2squared.com
127.0.0.1 www.2squared.com
127.0.0.1 3322.org
127.0.0.1 www.3322.org
127.0.0.1 365soft.info
127.0.0.1 36site.com
127.0.0.1 www.36site.com
127.0.0.1 3721.com
127.0.0.1 39-93.com
127.0.0.1 3abetterinternet.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 3bay.it
127.0.0.1 www.3bay.it
127.0.0.1 3ebay.it
127.0.0.1 www.3ebay.it
127.0.0.1 3xclipsonline.com
127.0.0.1 www.3xclipsonline.com
127.0.0.1 3xcurves.com
127.0.0.1 www.3xcurves.com
127.0.0.1 3xfestival.com
127.0.0.1 www.3xfestival.com
127.0.0.1 3x-festival.com
127.0.0.1 www.3x-festival.com
127.0.0.1 3x-galls.com
127.0.0.1 www.3x-galls.com
127.0.0.1 3xmiracle.com
127.0.0.1 www.3xmiracle.com
127.0.0.1 3xmoviesblog.com
127.0.0.1 www.3xmoviesblog.com
127.0.0.1 404dns.com
127.0.0.1 www.404dns.com
127.0.0.1 4199.com
127.0.0.1 www.4199.com
127.0.0.1 4corn.net
127.0.0.1 www.4corn.net
127.0.0.1 4ebay.it
127.0.0.1 www.4ebay.it
127.0.0.1 4klm.com
127.0.0.1 4mpg.com
127.0.0.1 www.4mpg.com
127.0.0.1 4repubblica.it
127.0.0.1 www.4repubblica.it
127.0.0.1 4softget.com
127.0.0.1 www.4softget.com
127.0.0.1 5iscali.it
127.0.0.1 www.5iscali.it
127.0.0.1 5repubblica.it
127.0.0.1 www.5repubblica.it
127.0.0.1 5starvideos.com
127.0.0.1 www.5starvideos.com
127.0.0.1 5tiscali.it
127.0.0.1 www.5tiscali.it
127.0.0.1 5zgmu7o20kt5d8yq.com
127.0.0.1 www.5zgmu7o20kt5d8yq.com
127.0.0.1 680180.net
127.0.0.1 www.680180.net
127.0.0.1 6iscali.it
127.0.0.1 www.6iscali.it
127.0.0.1 6njaga.com
127.0.0.1 www.6njaga.com
127.0.0.1 6sek.com
127.0.0.1 www.6sek.com
127.0.0.1 6tiscali.it
127.0.0.1 www.6tiscali.it
127.0.0.1 70-music.com
127.0.0.1 www.70-music.com
127.0.0.1 7322.com
127.0.0.1 www.7322.com
127.0.0.1 75tz.com
127.0.0.1 777search.com
127.0.0.1 www.777search.com
127.0.0.1 777top.com
127.0.0.1 www.777top.com
127.0.0.1 7939.com
127.0.0.1 www.7939.com
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
127.0.0.1 80-music.com
127.0.0.1 www.80-music.com
127.0.0.1 82211.net
127.0.0.1 8866.org
127.0.0.1 888.com
127.0.0.1 www.888.com
127.0.0.1 8ad.com
127.0.0.1 www.8ad.com
127.0.0.1 90-music.com
127.0.0.1 www.90-music.com
127.0.0.1 9505.com
127.0.0.1 www.9505.com
127.0.0.1 971searchbox.com
127.0.0.1 www.971searchbox.com
127.0.0.1 a.bestmanage.org
127.0.0.1 aaabesthomepage.com
127.0.0.1 www.aaabesthomepage.com
127.0.0.1 aaasexypics.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 aaqadarsztriv.com
127.0.0.1 www.aaqadarsztriv.com
127.0.0.1 aaqada-rsztriv.com
127.0.0.1 www.aaqada-rsztriv.com
127.0.0.1 aaqadaueorn.com
127.0.0.1 www.aaqadaueorn.com
127.0.0.1 aaqada-ueorn.com
127.0.0.1 www.aaqada-ueorn.com
127.0.0.1 aaqada-ygco.com
127.0.0.1 www.aaqada-ygco.com
127.0.0.1 aaqada-ymct.com
127.0.0.1 www.aaqada-ymct.com
127.0.0.1 aavc.com
127.0.0.1 abcdperformance.com
127.0.0.1 www.abcdperformance.com
127.0.0.1 abc-find.info
127.0.0.1 www.abc-find.info
127.0.0.1 abcsearch.com
127.0.0.1 www.abcsearch.com
127.0.0.1 abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 abnetsoft.info
127.0.0.1 www.abnetsoft.info
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 absolutee.com
127.0.0.1 www.absolutee.com
127.0.0.1 abyssmedia.com
127.0.0.1 www.abyssmedia.com
127.0.0.1 ac66.cn
127.0.0.1 www.ac66.cn
127.0.0.1 access.Navinetwork.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 accessactivexvideo.com
127.0.0.1 www.accessactivexvideo.com
127.0.0.1 accessclips.com
127.0.0.1 www.accessclips.com
127.0.0.1 access-dvd.com
127.0.0.1 www.access-dvd.com
127.0.0.1 accesskeygenerator.com
127.0.0.1 www.accesskeygenerator.com
127.0.0.1 accessorygeeks.com
127.0.0.1 www.accessorygeeks.com
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessthefuture.net
127.0.0.1 accessvid.net
127.0.0.1 www.accessvid.net
127.0.0.1 acemedic.com
127.0.0.1 www.acemedic.com
127.0.0.1 ace-webmaster.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 acjp.com
127.0.0.1 acrobat-2007.com
127.0.0.1 www.acrobat-2007.com
127.0.0.1 acrobat-8.com
127.0.0.1 www.acrobat-8.com
127.0.0.1 acrobat-center.com
127.0.0.1 www.acrobat-center.com
127.0.0.1 acrobat-hq.com
127.0.0.1 www.acrobat-hq.com
127.0.0.1 acrobatreader-8.com
127.0.0.1 www.acrobatreader-8.com
127.0.0.1 acrobat-reader-8.de
127.0.0.1 www.acrobat-reader-8.de
127.0.0.1 acrobat-stop.com
127.0.0.1 www.acrobat-stop.com
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 activesearcher.info
127.0.0.1 www.activesearcher.info
127.0.0.1 activexaccessobject.com
127.0.0.1 www.activexaccessobject.com
127.0.0.1 activexaccessvideo.com
127.0.0.1 www.activexaccessvideo.com
127.0.0.1 activexemedia.com
127.0.0.1 www.activexemedia.com
127.0.0.1 activexmediaobject.com
127.0.0.1 www.activexmediaobject.com
127.0.0.1 activexmediapro.com
127.0.0.1 www.activexmediapro.com
127.0.0.1 activexmediasite.com
127.0.0.1 www.activexmediasite.com
127.0.0.1 activexmediasoftware.com
127.0.0.1 www.activexmediasoftware.com
127.0.0.1 activexmediasource.com
127.0.0.1 www.activexmediasource.com
127.0.0.1 activexmediatool.com
127.0.0.1 www.activexmediatool.com
127.0.0.1 activexmediatour.com
127.0.0.1 www.activexmediatour.com
127.0.0.1 activexsoftwares.com
127.0.0.1 www.activexsoftwares.com
127.0.0.1 activexsource.com
127.0.0.1 www.activexsource.com
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 activexvideo.com
127.0.0.1 www.activexvideo.com
127.0.0.1 activexvideotool.com
127.0.0.1 www.activexvideotool.com
127.0.0.1 ad.marketingsector.com
127.0.0.1 www.ad.marketingsector.com
127.0.0.1 ad.mokead.com
127.0.0.1 www.ad.mokead.com
127.0.0.1 ad.oinadserver.com
127.0.0.1 ad.outerinfoads.com
127.0.0.1 ad25.com
127.0.0.1 www.ad25.com
127.0.0.1 ad45.com
127.0.0.1 www.ad45.com
127.0.0.1 ad77.com
127.0.0.1 www.ad77.com
127.0.0.1 ad86.com
127.0.0.1 www.ad86.com
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adarmor.com
127.0.0.1 www.adarmor.com
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adaware.cc
127.0.0.1 adawarenow.com
127.0.0.1 www.adawarenow.com
127.0.0.1 adchannel.contextplus.net
127.0.0.1 addetect.com
127.0.0.1 www.addetect.com
127.0.0.1 add-hhh.info
127.0.0.1 www.add-hhh.info
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 addioerrori.com
127.0.0.1 www.addioerrori.com
127.0.0.1 add-manager.com
127.0.0.1 www.add-manager.com
127.0.0.1 adgate.info
127.0.0.1 www.adgate.info
127.0.0.1 adintelligence.net
127.0.0.1 www.adintelligence.net
127.0.0.1 adioserrores.com
127.0.0.1 www.adioserrores.com
127.0.0.1 adipics.com
127.0.0.1 www.adipics.com
127.0.0.1 adlogix.com
127.0.0.1 www.adlogix.com
127.0.0.1 admin2cash.biz
127.0.0.1 www.admin2cash.biz
127.0.0.1 adnet-plus.com
127.0.0.1 adnetserver.com
127.0.0.1 www.adnetserver.com
127.0.0.1 adobe-download-now.com
127.0.0.1 adobe-downloads.com
127.0.0.1 www.adobe-downloads.com
127.0.0.1 adobe-reader-8.fr
127.0.0.1 www.adobe-reader-8.fr
127.0.0.1 adprotect.com
127.0.0.1 www.adprotect.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 ads.k8l.info
127.0.0.1 ads.kmpads.com
127.0.0.1 ads.kw.revenue.net
127.0.0.1 ads.marketingsector.com
127.0.0.1 ads.searchingbooth.com
127.0.0.1 ads.z-quest.com
127.0.0.1 ads1.revenue.net
127.0.0.1 ads183.com
127.0.0.1 www.ads183.com
127.0.0.1 adscontex.com
127.0.0.1 www.adscontex.com
127.0.0.1 adservices1.enhance.com
127.0.0.1 www.adservices1.enhance.com
127.0.0.1 adservs.com
127.0.0.1 adsextend.net
127.0.0.1 www.adsextend.net
127.0.0.1 adshttp.com
127.0.0.1 www.adshttp.com
127.0.0.1 adsniffer.com
127.0.0.1 www.adsniffer.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adsonwww.com
127.0.0.1 adspics.com
127.0.0.1 www.adspics.com
127.0.0.1 adsrevenue.net
127.0.0.1 www.adsrevenue.net
127.0.0.1 adtrak.net
127.0.0.1 www.adtrak.net
127.0.0.1 adtrgt.com
127.0.0.1 adult777search.info
127.0.0.1 www.adult777search.info
127.0.0.1 adultan.com
127.0.0.1 www.adultan.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adultfilmsite.com
127.0.0.1 www.adultfilmsite.com
127.0.0.1 adult-friends-finder.net
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adultgambling.org
127.0.0.1 adult-host.org
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adultmovieplus.com
127.0.0.1 www.adultmovieplus.com
127.0.0.1 adult-mpg.net
127.0.0.1 www.adult-mpg.net
127.0.0.1 adult-personal.us
127.0.0.1 adultsgames.net
127.0.0.1 adultsonlyvids.com
127.0.0.1 www.adultsonlyvids.com
127.0.0.1 adultsper.com
127.0.0.1 www.adultsper.com
127.0.0.1 adulttds.com
127.0.0.1 www.adulttds.com
127.0.0.1 adultzoneworld.com
127.0.0.1 www.adultzoneworld.com
127.0.0.1 advcash.biz
127.0.0.1 www.advcash.biz
127.0.0.1 advert.exaccess.ru
127.0.0.1 advertisemoney.info
127.0.0.1 www.advertisemoney.info
127.0.0.1 advertising.paltalk.com
127.0.0.1 advertising-money.info
127.0.0.1 www.advertising-money.info
127.0.0.1 ad-ware.cc
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 a-d-w-a-r-e.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 adware.pro
127.0.0.1 www.adware.pro
127.0.0.1 adwarealert.com
127.0.0.1 www.adwarealert.com
127.0.0.1 ad-warealert.com
127.0.0.1 www.ad-warealert.com
127.0.0.1 adwarearrest.com
127.0.0.1 www.adwarearrest.com
127.0.0.1 adwarebazooka.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 adwarecommander.com
127.0.0.1 www.adwarecommander.com
127.0.0.1 adwarefinder.com
127.0.0.1 www.adwarefinder.com
127.0.0.1 adwaregold.com
127.0.0.1 www.adwaregold.com
127.0.0.1 adwarepatrol.com
127.0.0.1 www.adwarepatrol.com
127.0.0.1 adwareplatinum.com
127.0.0.1 www.adwareplatinum.com
127.0.0.1 adwareprotectionsite.com
127.0.0.1 www.adwareprotectionsite.com
127.0.0.1 adwarepunisher.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 adwareremover.ws
127.0.0.1 www.adwareremover.ws
127.0.0.1 adwaresafety.com
127.0.0.1 www.adwaresafety.com
127.0.0.1 adwarexp.com
127.0.0.1 www.adwarexp.com
127.0.0.1 affiliate.idownload.com
127.0.0.1 aflgate.com
127.0.0.1 www.aflgate.com
127.0.0.1 africaspromise.org
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 agentstudio.com
127.0.0.1 aginegialle.it
127.0.0.1 www.aginegialle.it
127.0.0.1 www.aifind.info
127.0.0.1 aifind.info
127.0.0.1 airtleworld.com
127.0.0.1 www.airtleworld.com
127.0.0.1 aitalia.it
127.0.0.1 www.aitalia.it
127.0.0.1 akamai.downloadv3.com
127.0.0.1 aklitalia.it
127.0.0.1 www.aklitalia.it
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 alertspy.com
127.0.0.1 www.alertspy.com
127.0.0.1 alfacleaner.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 alfa-search.com
127.0.0.1 alialia.it
127.0.0.1 www.alialia.it
127.0.0.1 aliotalia.it
127.0.0.1 www.aliotalia.it
127.0.0.1 alirtalia.it
127.0.0.1 www.alirtalia.it
127.0.0.1 alitaia.it
127.0.0.1 www.alitaia.it
127.0.0.1 alitaklia.it
127.0.0.1 www.alitaklia.it
127.0.0.1 alitala.it
127.0.0.1 www.alitala.it
127.0.0.1 alitali.it
127.0.0.1 www.alitali.it
127.0.0.1 alitaliaq.it
127.0.0.1 www.alitaliaq.it
127.0.0.1 alitalias.it
127.0.0.1 www.alitalias.it
127.0.0.1 alitaliaz.it
127.0.0.1 www.alitaliaz.it
127.0.0.1 alitalioa.it
127.0.0.1 www.alitalioa.it
127.0.0.1 alitalisa.it
127.0.0.1 www.alitalisa.it
127.0.0.1 alitaliua.it
127.0.0.1 www.alitaliua.it
127.0.0.1 alitalkia.it
127.0.0.1 www.alitalkia.it
127.0.0.1 alitaloia.it
127.0.0.1 www.alitaloia.it
127.0.0.1 alitaluia.it
127.0.0.1 www.alitaluia.it
127.0.0.1 alitaslia.it
127.0.0.1 www.alitaslia.it
127.0.0.1 alitlia.it
127.0.0.1 www.alitlia.it
127.0.0.1 alitralia.it
127.0.0.1 www.alitralia.it
127.0.0.1 alitsalia.it
127.0.0.1 www.alitsalia.it
127.0.0.1 aliutalia.it
127.0.0.1 www.aliutalia.it
127.0.0.1 ALL1COUNT.NET
127.0.0.1 www.ALL1COUNT.NET
127.0.0.1 all4internet.com
127.0.0.1 www.all4internet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 all-bittorrent.com
127.0.0.1 www.all-bittorrent.com
127.0.0.1 allcollisions.com
127.0.0.1 www.allcollisions.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 allcybersearch.com
127.0.0.1 alldnserrors.com
127.0.0.1 www.alldnserrors.com
127.0.0.1 all-downloads-now.com
127.0.0.1 www.all-downloads-now.com
127.0.0.1 all-edonkey.com
127.0.0.1 www.all-edonkey.com
127.0.0.1 allertaminacce.com
127.0.0.1 www.allertaminacce.com
127.0.0.1 allforadult.com
127.0.0.1 allhyperlinks.com
127.0.0.1 alliesecurity.com
127.0.0.1 www.alliesecurity.com
127.0.0.1 all-inet.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 all-limewire.com
127.0.0.1 www.all-limewire.com
127.0.0.1 allmegabucks.com
127.0.0.1 www.allmegabucks.com
127.0.0.1 allprotections.com
127.0.0.1 www.allprotections.com
127.0.0.1 allresultz.net
127.0.0.1 www.allresultz.net
127.0.0.1 allsearch.us
127.0.0.1 www.allsearch.us
127.0.0.1 allsecuritynotes.com
127.0.0.1 www.allsecuritynotes.com
127.0.0.1 allsecuritysite.com
127.0.0.1 www.allsecuritysite.com
127.0.0.1 allstarsvideos.net
127.0.0.1 www.allstarsvideos.net
127.0.0.1 alltiettantivirus.com
127.0.0.1 www.alltiettantivirus.com
127.0.0.1 alltruesoftware.com
127.0.0.1 www.alltruesoftware.com
127.0.0.1 allvideoactivex.com
127.0.0.1 www.allvideoactivex.com
127.0.0.1 almanah.biz
127.0.0.1 www.almanah.biz
127.0.0.1 almarvideos.com
127.0.0.1 aloitalia.it
127.0.0.1 www.aloitalia.it
127.0.0.1 aluitalia.it
127.0.0.1 www.aluitalia.it
127.0.0.1 amaena.com
127.0.0.1 www.amaena.com
127.0.0.1 amandamountains.com
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 amediasoftware.com
127.0.0.1 www.amediasoftware.com
127.0.0.1 amediasource.com
127.0.0.1 www.amediasource.com
127.0.0.1 americanautobargains.com
127.0.0.1 www.americanautobargains.com
127.0.0.1 americancarbargains.com
127.0.0.1 www.americancarbargains.com
127.0.0.1 american-teens.net
127.0.0.1 amigeek.com
127.0.0.1 amigobore.com
127.0.0.1 www.amigobore.com
127.0.0.1 amisbusiness.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 analcord.com
127.0.0.1 www.analcord.com
127.0.0.1 analmovi.com
127.0.0.1 anarchylolita.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 andromedical.com
127.0.0.1 www.andromedical.com
127.0.0.1 animepornmag.com
127.0.0.1 www.animepornmag.com
127.0.0.1 anin.org
127.0.0.1 anjpn-avxiz.biz
127.0.0.1 www.anjpn-avxiz.biz
127.0.0.1 anjpnzqav.biz
127.0.0.1 www.anjpnzqav.biz
127.0.0.1 anjpn-zqav.biz
127.0.0.1 www.anjpn-zqav.biz
127.0.0.1 annaromeo.com
127.0.0.1 antiddos.us
127.0.0.1 www.antiddos.us
127.0.0.1 Antiespiadorado.com
127.0.0.1 www.Antiespiadorado.com
127.0.0.1 Antiespionspack.com
127.0.0.1 www.Antiespionspack.com
127.0.0.1 Antigusanos2008.com
127.0.0.1 www.Antigusanos2008.com
127.0.0.1 antispamassistant.com
127.0.0.1 www.antispamassistant.com
127.0.0.1 antispamdeluxe.com
127.0.0.1 www.antispamdeluxe.com
127.0.0.1 Antispionage.com
127.0.0.1 www.Antispionage.com
127.0.0.1 Antispionagepro.com
127.0.0.1 www.Antispionagepro.com
127.0.0.1 antispyadvanced.com
127.0.0.1 www.antispyadvanced.com
127.0.0.1 antispydns.biz
127.0.0.1 www.antispydns.biz
127.0.0.1 antispykit.com
127.0.0.1 www.antispykit.com
127.0.0.1 antispylab.com
127.0.0.1 www.antispylab.com
127.0.0.1 antispyshield.com
127.0.0.1 www.antispyshield.com
127.0.0.1 antispysolutions.com
127.0.0.1 www.antispysolutions.com
127.0.0.1 antispyware.com
127.0.0.1 www.antispyware.com
127.0.0.1 antispywareboot.com
127.0.0.1 www.antispywareboot.com
127.0.0.1 antispywarebot.com
127.0.0.1 www.antispywarebot.com
127.0.0.1 antispywarebox.com
127.0.0.1 www.antispywarebox.com
127.0.0.1 antispywaredownloads.com
127.0.0.1 www.antispywaredownloads.com
127.0.0.1 antispywaresuite.com
127.0.0.1 www.Antispywaresuite.com
127.0.0.1 antispywareupdates.net
127.0.0.1 www.antispywareupdates.net
127.0.0.1 antispywarexp.com
127.0.0.1 www.antispywarexp.com
127.0.0.1 Antispyweb.net
127.0.0.1 www.Antispyweb.net
127.0.0.1 Antiver2008.com
127.0.0.1 www.Antiver2008.com
127.0.0.1 antivermins.com
127.0.0.1 www.antivermins.com
127.0.0.1 anti-vermins.com
127.0.0.1 www.anti-vermins.com
127.0.0.1 antivir2007.com
127.0.0.1 www.antivir2007.com
127.0.0.1 antivirgear.com
127.0.0.1 www.antivirgear.com
127.0.0.1 antivirus.fastfreedownload.com
127.0.0.1 www.antivirus.fastfreedownload.com
127.0.0.1 antivirusadvance.com
127.0.0.1 www.antivirusadvance.com
127.0.0.1 antivirusaskeladd.com
127.0.0.1 www.antivirusaskeladd.com
127.0.0.1 antivirusgereedschap.com
127.0.0.1 www.antivirusgereedschap.com
127.0.0.1 antivirusgolden.com
127.0.0.1 www.antivirusgolden.com
127.0.0.1 antivirus-hq.net
127.0.0.1 www.antivirus-hq.net
127.0.0.1 antiviruspcsuite.com
127.0.0.1 www.antiviruspcsuite.com
127.0.0.1 antiviruspremium.com
127.0.0.1 www.antiviruspremium.com
127.0.0.1 anti-virus-pro.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 antivirusprotector.com
127.0.0.1 www.antivirusprotector.com
127.0.0.1 antivirusscherm.com
127.0.0.1 www.antivirusscherm.com
127.0.0.1 antivirussecuritypro.com
127.0.0.1 www.antivirussecuritypro.com
127.0.0.1 antivirus-stop.com
127.0.0.1 www.antivirus-stop.com
127.0.0.1 antiworm2008.com
127.0.0.1 www.antiworm2008.com
127.0.0.1 Antiwurm2008.com
127.0.0.1 www.Antiwurm2008.com
127.0.0.1 antrocity.com
127.0.0.1 anyofus.com
127.0.0.1 www.anyofus.com
127.0.0.1 anysn.seproger.com
127.0.0.1 www.anysn.seproger.com
127.0.0.1 anything4health.com
127.0.0.1 apicpreview.com
127.0.0.1 www.apicpreview.com
127.0.0.1 appealcircuit.com
127.0.0.1 www.appealcircuit.com
127.0.0.1 approvedlinks.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 apps.deskwizz.com
127.0.0.1 apps.webservicehost.com
127.0.0.1 aprotectedpage.com
127.0.0.1 www.aprotectedpage.com
127.0.0.1 apsua.com
127.0.0.1 archivioadulti.com
127.0.0.1 www.archivioadulti.com
127.0.0.1 archiviosex.net
127.0.0.1 www.archiviosex.net
127.0.0.1 aregay.com
127.0.0.1 ares.click-new-download.com
127.0.0.1 www.ares.click-new-download.com
127.0.0.1 ares-freebie.com
127.0.0.1 www.ares-freebie.com
127.0.0.1 arespro2007.com
127.0.0.1 www.arespro2007.com
127.0.0.1 aresultra.com
127.0.0.1 www.aresultra.com
127.0.0.1 ares-usa.com
127.0.0.1 www.ares-usa.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 arquivojpgs.smtp.ru
127.0.0.1 www.arquivojpgs.smtp.ru
127.0.0.1 artachnid.com
127.0.0.1 art-func.com
127.0.0.1 art-xxx.com
127.0.0.1 asafebrowser.com
127.0.0.1 www.asafebrowser.com
127.0.0.1 asafetyalways.com
127.0.0.1 www.asafetyalways.com
127.0.0.1 asafetynotice.com
127.0.0.1 www.asafetynotice.com
127.0.0.1 asafetypage.com
127.0.0.1 www.asafetypage.com
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdbiz.biz
127.0.0.1 asdeykuddq.com
127.0.0.1 www.asdeykuddq.com
127.0.0.1 asecurebar.com
127.0.0.1 www.asecurebar.com
127.0.0.1 asecureboard.com
127.0.0.1 www.asecureboard.com
127.0.0.1 asecurevalue.com
127.0.0.1 www.asecurevalue.com
127.0.0.1 asecurityissue.com
127.0.0.1 www.asecurityissue.com
127.0.0.1 asecuritynotice.com
127.0.0.1 www.asecuritynotice.com
127.0.0.1 asecuritypaper.com
127.0.0.1 www.asecuritypaper.com
127.0.0.1 asecuritystuff.com
127.0.0.1 www.asecuritystuff.com
127.0.0.1 asiankingkong.com
127.0.0.1 asianpornmag.com
127.0.0.1 www.asianpornmag.com
127.0.0.1 asiantoolbar.com
127.0.0.1 www.asiantoolbar.com
127.0.0.1 asidseiupc.com
127.0.0.1 www.asidseiupc.com
127.0.0.1 aslitalia.it
127.0.0.1 www.aslitalia.it
127.0.0.1 ass-gals.com
127.0.0.1 assureprotection.com
127.0.0.1 www.assureprotection.com
127.0.0.1 asta-killer.com
127.0.0.1 asupereva.it
127.0.0.1 www.asupereva.it
127.0.0.1 ataprogram.com
127.0.0.1 www.ataprogram.com
127.0.0.1 athenrye.com
127.0.0.1 atotalsafety.com
127.0.0.1 www.atotalsafety.com
127.0.0.1 atrueprotection.com
127.0.0.1 www.atrueprotection.com
127.0.0.1 atruesecurity.com
127.0.0.1 www.atruesecurity.com
127.0.0.1 attackware.com
127.0.0.1 www.attackware.com
127.0.0.1 attrezzi.biz
127.0.0.1 www.attrezzi.biz
127.0.0.1 aucunsvirus.com
127.0.0.1 www.aucunsvirus.com
127.0.0.1 aulde.net
127.0.0.1 www.aulde.net
127.0.0.1 aupereva.it
127.0.0.1 www.aupereva.it
127.0.0.1 autobargains.org
127.0.0.1 www.autobargains.org
127.0.0.1 autobargainsnetwork.com
127.0.0.1 www.autobargainsnetwork.com
127.0.0.1 autocontext.begun.ru
127.0.0.1 www.autocontext.begun.ru
127.0.0.1 autoescrowpay.com
127.0.0.1 avadvance.com
127.0.0.1 www.avadvance.com
127.0.0.1 avast.free-software-center.com
127.0.0.1 www.avast.free-software-center.com
127.0.0.1 avast-2007.com
127.0.0.1 www.avast-2007.com
127.0.0.1 avast-downloads.com
127.0.0.1 www.avast-downloads.com
127.0.0.1 avast-hq.com
127.0.0.1 www.avast-hq.com
127.0.0.1 avforce.com
127.0.0.1 www.avforce.com
127.0.0.1 avg.grab-it-today.net
127.0.0.1 www.avg.grab-it-today.net
127.0.0.1 avg.softwarecenterz.com
127.0.0.1 www.avg.softwarecenterz.com
127.0.0.1 avg-secure.com
127.0.0.1 www.avg-secure.com
127.0.0.1 aviadaptation.com
127.0.0.1 www.aviadaptation.com
127.0.0.1 avian-ads.com
127.0.0.1 avicoupler.com
127.0.0.1 www.avicoupler.com
127.0.0.1 avideoaxaccess.com
127.0.0.1 www.avideoaxaccess.com
127.0.0.1 avideosurfer.com
127.0.0.1 www.avideosurfer.com
127.0.0.1 aviewersoft.com
127.0.0.1 www.aviewersoft.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avsmanufacture.com
127.0.0.1 www.avsmanufacture.com
127.0.0.1 avsystemcare.com
127.0.0.1 www.avsystemcare.com
127.0.0.1 avxizaaqada.biz
127.0.0.1 www.avxizaaqada.biz
127.0.0.1 avxiz-anjpn.biz
127.0.0.1 www.avxiz-anjpn.biz
127.0.0.1 avxizueorn.biz
127.0.0.1 www.avxizueorn.biz
127.0.0.1 avxiz-ueorn.biz
127.0.0.1 www.avxiz-ueorn.biz
127.0.0.1 avxiz-vtvcp.biz
127.0.0.1 www.avxiz-vtvcp.biz
127.0.0.1 avxiz-ygco.biz
127.0.0.1 www.avxiz-ygco.biz
127.0.0.1 avxiz-zqav.biz
127.0.0.1 www.avxiz-zqav.biz
127.0.0.1 awarenesstech.com
127.0.0.1 www.awarenesstech.com
127.0.0.1 awarninglist.com
127.0.0.1 www.awarninglist.com
127.0.0.1 awbeta.net-nucleus.com
127.0.0.1 awesomehomepage.com
127.0.0.1 www.awesomehomepage.com
127.0.0.1 awmcash.biz
127.0.0.1 awmdabest.com
127.0.0.1 axemediasoftware.com
127.0.0.1 www.axemediasoftware.com
127.0.0.1 aximageobject.com
127.0.0.1 www.aximageobject.com
127.0.0.1 axmediaproject.com
127.0.0.1 www.axmediaproject.com
127.0.0.1 axmediasoftware.com
127.0.0.1 www.axmediasoftware.com
127.0.0.1 axmediasolutions.com
127.0.0.1 www.axmediasolutions.com
127.0.0.1 axobjectpage.com
127.0.0.1 www.axobjectpage.com
127.0.0.1 axobjectsource.com
127.0.0.1 www.axobjectsource.com
127.0.0.1 axsoftwaretool.com
127.0.0.1 www.axsoftwaretool.com
127.0.0.1 axvideoproject.com
127.0.0.1 www.axvideoproject.com
127.0.0.1 axvideosetup.com
127.0.0.1 www.axvideosetup.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayb.dns-look-up.com
127.0.0.1 ayb.netbios-wait.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 azebar.com
127.0.0.1 azureusclub.com
127.0.0.1 www.azureusclub.com
127.0.0.1 azureus-freebie.com
127.0.0.1 www.azureus-freebie.com
127.0.0.1 azzetta.it
127.0.0.1 www.azzetta.it
127.0.0.1 b.casalemedia.com
127.0.0.1 b122.mcboo.com
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babenet.com
127.0.0.1 www.babenet.com
127.0.0.1 babespornmag.com
127.0.0.1 www.babespornmag.com
127.0.0.1 babeweb.de
127.0.0.1 www.babeweb.de
127.0.0.1 baccarat-other.info
127.0.0.1 www.baccarat-other.info
127.0.0.1 Backstripgirls.com
127.0.0.1 www.Backstripgirls.com
127.0.0.1 backup.mabou.org
127.0.0.1 balotierra.com
127.0.0.1 www.balotierra.com
127.0.0.1 bannedhost.net
127.0.0.1 barbudafarms.com
127.0.0.1 bardownload.com
127.0.0.1 www.bardownload.com
127.0.0.1 barnandfence.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bbbsearch.com
127.0.0.1 bb-search.com
127.0.0.1 bcnproduction.com
127.0.0.1 www.bcnproduction.com
127.0.0.1 bdsmlibrary.net
127.0.0.1 bdsmpornmag.com
127.0.0.1 www.bdsmpornmag.com
127.0.0.1 bearshare.click-new-download.com
127.0.0.1 www.bearshare.click-new-download.com
127.0.0.1 bearshare.download-me.info
127.0.0.1 www.bearshare.download-me.info
127.0.0.1 bearshare.mp3-muzic.com
127.0.0.1 www.bearshare.mp3-muzic.com
127.0.0.1 bearshare-download.org
127.0.0.1 www.bearshare-download.org
127.0.0.1 bearshare-downloads.net
127.0.0.1 www.bearshare-downloads.net
127.0.0.1 bearsharelive.co.uk
127.0.0.1 www.bearsharelive.co.uk
127.0.0.1 bearshare-music-downloads.com
127.0.0.1 www.bearshare-music-downloads.com
127.0.0.1 bearsharepro2007.com
127.0.0.1 www.bearsharepro2007.com
127.0.0.1 bearshare-usa.com
127.0.0.1 www.bearshare-usa.com
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 beebappyy.biz
127.0.0.1 www.beebappyy.biz
127.0.0.1 begin2search.com
127.0.0.1 www.begin2search.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 beruijindegunhadesun.com
127.0.0.1 www.beruijindegunhadesun.com
127.0.0.1 best3xclips.com
127.0.0.1 www.best3xclips.com
127.0.0.1 bestadults.com
127.0.0.1 www.bestadults.com
127.0.0.1 best-counter.com
127.0.0.1 bestcrawler.com
127.0.0.1 bestdailyvids.com
127.0.0.1 www.bestdailyvids.com
127.0.0.1 bestfor.ru
127.0.0.1 bestfuckvids.com
127.0.0.1 www.bestfuckvids.com
127.0.0.1 best-hardpics.com
127.0.0.1 bestmanage.org
127.0.0.1 www.bestmanage.org
127.0.0.1 bestmanage0.org
127.0.0.1 www.bestmanage0.org
127.0.0.1 bestmanage1.org
127.0.0.1 www.bestmanage1.org
127.0.0.1 bestmanage2.org
127.0.0.1 www.bestmanage2.org
127.0.0.1 bestmanage3.org
127.0.0.1 www.bestmanage3.org
127.0.0.1 bestmanage4.org
127.0.0.1 www.bestmanage4.org
127.0.0.1 bestmanage5.org
127.0.0.1 www.bestmanage5.org
127.0.0.1 bestmanage6.org
127.0.0.1 www.bestmanage6.org
127.0.0.1 bestmanage7.org
127.0.0.1 www.bestmanage7.org
127.0.0.1 bestmanage8.org
127.0.0.1 www.bestmanage8.org
127.0.0.1 bestmanage9.org
127.0.0.1 www.bestmanage9.org
127.0.0.1 bestoffersnetworks.com
127.0.0.1 www.bestoffersnetworks.com
127.0.0.1 bestporngate.com
127.0.0.1 bestsafetyguide.net
127.0.0.1 www.bestsafetyguide.net
127.0.0.1 bestsearch.cc
127.0.0.1 www.bestsearch.cc
127.0.0.1 best-spyware.info
127.0.0.1 www.best-spyware.info
127.0.0.1 best-targeted-traffic.com
127.0.0.1 www.best-targeted-traffic.com
127.0.0.1 best-voyeur.info
127.0.0.1 www.best-voyeur.info
127.0.0.1 bestweblinks.com
127.0.0.1 best-winning-casino.com
127.0.0.1 bestworldgirls-for-u.net
127.0.0.1 www.bestworldgirls-for-u.net
127.0.0.1 bestxclips.com
127.0.0.1 www.bestxclips.com
127.0.0.1 bestxporno.com
127.0.0.1 bestxxxmpegs.com
127.0.0.1 www.bestxxxmpegs.com
127.0.0.1 bettersearch.biz
127.0.0.1 www.bettersearch.biz
127.0.0.1 bgazzetta.it
127.0.0.1 www.bgazzetta.it
127.0.0.1 bgoogle.it
127.0.0.1 www.bgoogle.it
127.0.0.1 bigtrafficnetwork.com
127.0.0.1 www.bigtrafficnetwork.com
127.0.0.1 bigwww.com
127.0.0.1 www.bigwww.com
127.0.0.1 bin.errorprotector.com
127.0.0.1 bins.media-motor.net
127.0.0.1 bins2.media-motor.net
127.0.0.1 bis.180solutions.com
127.0.0.1 bitchesonline.net
127.0.0.1 bitcomet-freebie.com
127.0.0.1 www.bitcomet-freebie.com
127.0.0.1 bittorrent.click-new-download.com
127.0.0.1 www.bittorrent.click-new-download.com
127.0.0.1 biz.biz
127.0.0.1 bkvcompany.com
127.0.0.1 www.bkvcompany.com
127.0.0.1 blackblues00.com
127.0.0.1 www.blackblues00.com
127.0.0.1 blackcodec.com
127.0.0.1 www.blackcodec.com
127.0.0.1 blackcodec.net
127.0.0.1 www.blackcodec.net
127.0.0.1 blackhats.tc
127.0.0.1 www.blackhats.tc
127.0.0.1 blackhawksoftware.com
127.0.0.1 www.blackhawksoftware.com
127.0.0.1 blackjack-free.net
127.0.0.1 blacklegion.info
127.0.0.1 www.blacklegion.info
127.0.0.1 blazefind.com
127.0.0.1 blender.xu.pl
127.0.0.1 blockcheckercontrol.com
127.0.0.1 www.blockcheckercontrol.com
127.0.0.1 blondetgp.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com
127.0.0.1 bm.theaimonline.com
127.0.0.1 www.bm.theaimonline.com
127.0.0.1 bnmgate.com
127.0.0.1 www.bnmgate.com
127.0.0.1 bodaciousbabette.com
127.0.0.1 bonzi.com
127.0.0.1 www.bonzi.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 bookedspace.com
127.0.0.1 www.bookedspace.com
127.0.0.1 boom.com.vn
127.0.0.1 www.boom.com.vn
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 bpfq02.com
127.0.0.1 www.bpfq02.com
127.0.0.1 bqgate.com
127.0.0.1 www.bqgate.com
127.0.0.1 br.errorsafe.com
127.0.0.1 br.winantivirus.com
127.0.0.1 br.winfixer.com
127.0.0.1 bradcoem.org
127.0.0.1 braincodec.com
127.0.0.1 www.braincodec.com
127.0.0.1 brandiyoung.com
127.0.0.1 bravesentry.com
127.0.0.1 www.bravesentry.com
127.0.0.1 breenten.biz
127.0.0.1 www.breenten.biz
127.0.0.1 brodbfm.net
127.0.0.1 www.brodbfm.net
127.0.0.1 brookeburn.com
127.0.0.1 browserwise.com
127.0.0.1 www.browserwise.com
127.0.0.1 bsa.safetydownload.com
127.0.0.1 bsplaycodec.com
127.0.0.1 www.bsplaycodec.com
127.0.0.1 bucps.com
127.0.0.1 buhartes.info
127.0.0.1 buldog-stats.com
127.0.0.1 bullseye-network.com
127.0.0.1 www.bullseye-network.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 burningsite.com
127.0.0.1 www.burningsite.com
127.0.0.1 burnsrecyclinginc.com
127.0.0.1 www.burnsrecyclinginc.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 busysearch.net
127.0.0.1 www.busysearch.net
127.0.0.1 buttejazz.org
127.0.0.1 buy-find.info
127.0.0.1 www.buy-find.info
127.0.0.1 buyselldomain.net
127.0.0.1 buytraff.biz
127.0.0.1 www.buytraff.biz
127.0.0.1 buz.ru
127.0.0.1 bvdtechinque.com
127.0.0.1 www.bvdtechinque.com
127.0.0.1 bvirgilio.it
127.0.0.1 www.bvirgilio.it
127.0.0.1 c.centralmedia.ws
127.0.0.1 c.enhance.com
127.0.0.1 www.c.enhance.com
127.0.0.1 c.goclick.com
127.0.0.1 c4tdownload.com
127.0.0.1 www.c4tdownload.com
127.0.0.1 c5.www4free.info
127.0.0.1 www.c5.www4free.info
127.0.0.1 cache.surfaccuracy.com
127.0.0.1 www.cache.surfaccuracy.com
127.0.0.1 cache.ysbweb.com
127.0.0.1 cadesfinjeriokas.com
127.0.0.1 www.cadesfinjeriokas.com
127.0.0.1 calcioturris.com
127.0.0.1 calendaralerts.net
127.0.0.1 www.calendaralerts.net
127.0.0.1 callinghome.biz
127.0.0.1 www.callinghome.biz
127.0.0.1 cameouk.co.uk
127.0.0.1 www.cameouk.co.uk
127.0.0.1 cameup.com
127.0.0.1 camouflageclothingonline.net
127.0.0.1 www.camouflageclothingonline.net
127.0.0.1 campaigns.outerinfo.net
127.0.0.1 camup.net
127.0.0.1 canberracricketcoaching.com
127.0.0.1 candycantaloupes.com
127.0.0.1 canidetect.org
127.0.0.1 www.canidetect.org
127.0.0.1 cantfind.com
127.0.0.1 www.cantfind.com
127.0.0.1 careers.dulcineasystems.net
127.0.0.1 carsands.com
127.0.0.1 carsrentals.net
127.0.0.1 cartoes.uol.com.br
127.0.0.1 casalemedia.com
127.0.0.1 www.casalemedia.com
127.0.0.1 cashdeluxe.net
127.0.0.1 www.cashdeluxe.net
127.0.0.1 cashengines.com
127.0.0.1 www.cashengines.com
127.0.0.1 cashsearch.biz
127.0.0.1 cashsurfers.com
127.0.0.1 www.cashsurfers.com
127.0.0.1 CashUnlim.com
127.0.0.1 www.CashUnlim.com
127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
127.0.0.1 casino2win.net
127.0.0.1 casino-gambling-1.net
127.0.0.1 casino-gambling-2.net
127.0.0.1 casinomidas.net
127.0.0.1 casinonline.net
127.0.0.1 casino-onlines.net
127.0.0.1 castingsamateur.com
127.0.0.1 www.castingsamateur.com
127.0.0.1 catallogue.com
127.0.0.1 catch-dc.info
127.0.0.1 www.catch-dc.info
127.0.0.1 categories.mygeek.com
127.0.0.1 catsss.da.ru
127.0.0.1 caxa.ru
127.0.0.1 cc.panet.org
127.0.0.1 ccecaedbebfcaf.com
127.0.0.1 www.ccecaedbebfcaf.com
127.0.0.1 cclebali.org
127.0.0.1 ccorriere.it
127.0.0.1 www.ccorriere.it
127.0.0.1 cdcopysite.com
127.0.0.1 www.cdcopysite.com
127.0.0.1 cdegate.com
127.0.0.1 www.cdegate.com
127.0.0.1 cdn.drivecleaner.com
127.0.0.1 cdn.errorsafe.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 cdn.winsoftware.com
127.0.0.1 cdn2.movies-etc.com
127.0.0.1 cdorriere.it
127.0.0.1 www.cdorriere.it
127.0.0.1 ceewawires.org
127.0.0.1 centralmedia.ws
127.0.0.1 certumgroup.com
127.0.0.1 cforriere.it
127.0.0.1 www.cforriere.it
127.0.0.1 check.jupitersatellites.biz
127.0.0.1 www.check.jupitersatellites.biz
127.0.0.1 checkin100.com
127.0.0.1 www.checkin100.com
127.0.0.1 checkssecurity.com
127.0.0.1 www.checkssecurity.com
127.0.0.1 chelancatering.com
127.0.0.1 chenshijituan.com
127.0.0.1 www.chenshijituan.com
127.0.0.1 childrenvilla.com
127.0.0.1 chilly3xvids.com
127.0.0.1 www.chilly3xvids.com
127.0.0.1 chillymovs.com
127.0.0.1 www.chillymovs.com
127.0.0.1 chips-4-free.com
127.0.0.1 chrisswasey.com
127.0.0.1 chriswallace.net
127.0.0.1 cia-trjn.myvnc.com
127.0.0.1 www.cia-trjn.myvnc.com
127.0.0.1 cinemadownload.com
127.0.0.1 www.cinemadownload.com
127.0.0.1 ciorriere.it
127.0.0.1 www.ciorriere.it
127.0.0.1 cirriere.it
127.0.0.1 www.cirriere.it
127.0.0.1 citycodec.com
127.0.0.1 www.citycodec.com
127.0.0.1 ckick4thumbs.com
127.0.0.1 cl55.biz
127.0.0.1 clackamasliteraryreview.com
127.0.0.1 clckm.com
127.0.0.1 www.clckm.com
127.0.0.1 cleancodec.com
127.0.0.1 www.cleancodec.com
127.0.0.1 cleansoftwares.com
127.0.0.1 www.cleansoftwares.com
127.0.0.1 clearsearch.cc
127.0.0.1 clearsearch.net
127.0.0.1 clickaire.com
127.0.0.1 click-codec.com
127.0.0.1 www.click-codec.com
127.0.0.1 clickhere4search.com
127.0.0.1 www.clickhere4search.com
127.0.0.1 click-new-download.com
127.0.0.1 www.click-new-download.com
127.0.0.1 click-now.net
127.0.0.1 clickspring.net
127.0.0.1 www.clickspring.net
127.0.0.1 click-to-download.com
127.0.0.1 www.click-to-download.com
127.0.0.1 clicktomakeasearch.com
127.0.0.1 www.clicktomakeasearch.com
127.0.0.1 clickyestoenter.net
127.0.0.1 client.exeupdate.com
127.0.0.1 client.myadultexplorer.com
127.0.0.1 cliks.org
127.0.0.1 www.cliks.org
127.0.0.1 clipsfestival.com
127.0.0.1 www.clipsfestival.com
127.0.0.1 clipsreality.com
127.0.0.1 www.clipsreality.com
127.0.0.1 clorriere.it
127.0.0.1 www.clorriere.it
127.0.0.1 clrsch.com
127.0.0.1 clubxxxvideo.com
127.0.0.1 www.clubxxxvideo.com
127.0.0.1 clusif.free.fr
127.0.0.1 cmtapestry.com
127.0.0.1 cnetadd.com
127.0.0.1 www.cnetadd.com
127.0.0.1 cnomy.com
127.0.0.1 www.cnomy.com
127.0.0.1 cnzz.com
127.0.0.1 www.cnzz.com
127.0.0.1 code.ignphrases.com
127.0.0.1 codec.ninoa.com
127.0.0.1 codecbsplay.com
127.0.0.1 www.codecbsplay.com
127.0.0.1 codecdvd.net
127.0.0.1 www.codecdvd.net
127.0.0.1 codecdvi.com
127.0.0.1 www.codecdvi.com
127.0.0.1 codec-fun.com
127.0.0.1 www.codec-fun.com
127.0.0.1 codechard.com
127.0.0.1 www.codechard.com
127.0.0.1 codechot.net
127.0.0.1 www.codechot.net
127.0.0.1 codechq.net
127.0.0.1 www.codechq.net
127.0.0.1 codecmeg.net
127.0.0.1 www.codecmeg.net
127.0.0.1 codecmega.net
127.0.0.1 www.codecmega.net
127.0.0.1 codecmoon.com
127.0.0.1 www.codecmoon.com
127.0.0.1 codecmpg.com
127.0.0.1 www.codecmpg.com
127.0.0.1 codecnice.net
127.0.0.1 www.codecnice.net
127.0.0.1 codecops.net
127.0.0.1 www.codecops.net
127.0.0.1 codecplay.com
127.0.0.1 www.codecplay.com
127.0.0.1 codecpretty.net
127.0.0.1 www.codecpretty.net
127.0.0.1 codecpro.net
127.0.0.1 www.codecpro.net
127.0.0.1 codecsoft.net
127.0.0.1 www.codecsoft.net
127.0.0.1 codectime.com
127.0.0.1 www.codectime.com
127.0.0.1 codecultra.net
127.0.0.1 www.codecultra.net
127.0.0.1 codecvids.com
127.0.0.1 www.codecvids.com
127.0.0.1 codecvip.com
127.0.0.1 www.codecvip.com
127.0.0.1 codecviva.com
127.0.0.1 www.codecviva.com
127.0.0.1 codeczang.net
127.0.0.1 www.codeczang.net
127.0.0.1 codrriere.it
127.0.0.1 www.codrriere.it
127.0.0.1 coeriere.it
127.0.0.1 www.coeriere.it
127.0.0.1 coerriere.it
127.0.0.1 www.coerriere.it
127.0.0.1 cofrriere.it
127.0.0.1 www.cofrriere.it
127.0.0.1 cogrriere.it
127.0.0.1 www.cogrriere.it
127.0.0.1 coirriere.it
127.0.0.1 www.coirriere.it
127.0.0.1 command.adservs.com
127.0.0.1 www.commonname.com
127.0.0.1 computerpcgames.net
127.0.0.1 www.computerpcgames.net
127.0.0.1 computerrecover.com
127.0.0.1 www.computerrecover.com
127.0.0.1 config.180solutions.com
127.0.0.1 content.dollarrevenue.com
127.0.0.1 www.content.dollarrevenue.com
127.0.0.1 content.ireit.com
127.0.0.1 www.content.ireit.com
127.0.0.1 content.onerateld.com
127.0.0.1 contentmatch.net
127.0.0.1 www.contentmatch.net
127.0.0.1 contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 contra-virus.com
127.0.0.1 www.contra-virus.com
127.0.0.1 controlmeh.com
127.0.0.1 www.controlmeh.com
127.0.0.1 convenient-search.com
127.0.0.1 www.convenient-search.com
127.0.0.1 cookingluck.com
127.0.0.1 www.cookingluck.com
127.0.0.1 cooldeskalert.com
127.0.0.1 www.cooldeskalert.com
127.0.0.1 coolfetishsite.com
127.0.0.1 coolfreehost.com
127.0.0.1 coolfreepage.com
127.0.0.1 coolfreepages.com
127.0.0.1 cool-homepage.co
127.0.0.1 cool-homepage.com
127.0.0.1 coolmoneysearch.com
127.0.0.1 coolpornsearch.com
127.0.0.1 cool-search.net
127.0.0.1 cool-search.netfartpost.com
127.0.0.1 coolsearcher.info
127.0.0.1 coolservecorp.net
127.0.0.1 www.coolservecorp.net
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 cool-web-search.com
127.0.0.1 coolwebsearsh.com
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 cool-xxx.net
127.0.0.1 coorriere.it
127.0.0.1 www.coorriere.it
127.0.0.1 copmtraine.com
127.0.0.1 coprriere.it
127.0.0.1 www.coprriere.it
127.0.0.1 core.psyche-evolution.com
127.0.0.1 www.core.psyche-evolution.com
127.0.0.1 coreiere.it
127.0.0.1 www.coreiere.it
127.0.0.1 coreriere.it
127.0.0.1 www.coreriere.it
127.0.0.1 corrdiere.it
127.0.0.1 www.corrdiere.it
127.0.0.1 correiere.it
127.0.0.1 www.correiere.it
127.0.0.1 corrfiere.it
127.0.0.1 www.corrfiere.it
127.0.0.1 corrgiere.it
127.0.0.1 www.corrgiere.it
127.0.0.1 corridere.it
127.0.0.1 www.corridere.it
127.0.0.1 corriedre.it
127.0.0.1 www.corriedre.it
127.0.0.1 corriee.it
127.0.0.1 www.corriee.it
127.0.0.1 corrieere.it
127.0.0.1 www.corrieere.it
127.0.0.1 corriefre.it
127.0.0.1 www.corriefre.it
127.0.0.1 corriegre.it
127.0.0.1 www.corriegre.it
127.0.0.1 corrierde.it
127.0.0.1 www.corrierde.it
127.0.0.1 corriered.it
127.0.0.1 www.corriered.it
127.0.0.1 corrieree.it
127.0.0.1 www.corrieree.it
127.0.0.1 corrieref.it
127.0.0.1 www.corrieref.it
127.0.0.1 corrierer.it
127.0.0.1 www.corrierer.it
127.0.0.1 corrieres.it
127.0.0.1 www.corrieres.it
127.0.0.1 corrierew.it
127.0.0.1 www.corrierew.it
127.0.0.1 corrierfe.it
127.0.0.1 www.corrierfe.it
127.0.0.1 corrierge.it
127.0.0.1 www.corrierge.it
127.0.0.1 corrierr.it
127.0.0.1 www.corrierr.it
127.0.0.1 corrierre.it
127.0.0.1 www.corrierre.it
127.0.0.1 corrierse.it
127.0.0.1 www.corrierse.it
127.0.0.1 corrierte.it
127.0.0.1 www.corrierte.it
127.0.0.1 corrierw.it
127.0.0.1 www.corrierw.it
127.0.0.1 corrierwe.it
127.0.0.1 www.corrierwe.it
127.0.0.1 corriesre.it
127.0.0.1 www.corriesre.it
127.0.0.1 corriete.it
127.0.0.1 www.corriete.it
127.0.0.1 corrietre.it
127.0.0.1 www.corrietre.it
127.0.0.1 corriewre.it
127.0.0.1 www.corriewre.it
127.0.0.1 corrifere.it
127.0.0.1 www.corrifere.it
127.0.0.1 corriiere.it
127.0.0.1 www.corriiere.it
127.0.0.1 corrilere.it
127.0.0.1 www.corrilere.it
127.0.0.1 corrioere.it
127.0.0.1 www.corrioere.it
127.0.0.1 corrire.it
127.0.0.1 www.corrire.it
127.0.0.1 corrirere.it
127.0.0.1 www.corrirere.it
127.0.0.1 corrirre.it
127.0.0.1 www.corrirre.it
127.0.0.1 corrisere.it
127.0.0.1 www.corrisere.it
127.0.0.1 corriuere.it
127.0.0.1 www.corriuere.it
127.0.0.1 corriwere.it
127.0.0.1 www.corriwere.it
127.0.0.1 corriwre.it
127.0.0.1 www.corriwre.it
127.0.0.1 corrliere.it
127.0.0.1 www.corrliere.it
127.0.0.1 corroere.it
127.0.0.1 www.corroere.it
127.0.0.1 corroiere.it
127.0.0.1 www.corroiere.it
127.0.0.1 corrriere.it
127.0.0.1 www.corrriere.it
127.0.0.1 corrtiere.it
127.0.0.1 www.corrtiere.it
127.0.0.1 corruere.it
127.0.0.1 www.corruere.it
127.0.0.1 corruiere.it
127.0.0.1 www.corruiere.it
127.0.0.1 cortiere.it
127.0.0.1 www.cortiere.it
127.0.0.1 cortriere.it
127.0.0.1 www.cortriere.it
127.0.0.1 costrike.com
127.0.0.1 www.costrike.com
127.0.0.1 cotriere.it
127.0.0.1 www.cotriere.it
127.0.0.1 cotrriere.it
127.0.0.1 www.cotrriere.it
127.0.0.1 couldnotfind.com
127.0.0.1 count.cc
127.0.0.1 count.hitscount.net
127.0.0.1 count-all.com
127.0.0.1 countdutycall.info
127.0.0.1 www.countdutycall.info
127.0.0.1 counter.sexmaniack.com
127.0.0.1 courtrecordslookup.com
127.0.0.1 www.courtrecordslookup.com
127.0.0.1 cporriere.it
127.0.0.1 www.cporriere.it
127.0.0.1 cprriere.it
127.0.0.1 www.cprriere.it
127.0.0.1 cpvfeed.com
127.0.0.1 cracks.me.uk
127.0.0.1 cracks4all.com
127.0.0.1 www.cracks4all.com
127.0.0.1 crapsgold.info
127.0.0.1 www.crapsgold.info
127.0.0.1 Crazygirls-world.com
127.0.0.1 crazywinnings.com
127.0.0.1 www.crazywinnings.com
127.0.0.1 creamedcutties.com
127.0.0.1 createaccesskey.com
127.0.0.1 www.createaccesskey.com
127.0.0.1 creatonsoft.com
127.0.0.1 www.creatonsoft.com
127.0.0.1 creditsearchonline.com
127.0.0.1 crestring.com
127.0.0.1 crooder.com
127.0.0.1 crriere.it
127.0.0.1 www.crriere.it
127.0.0.1 cryptdrive.com
127.0.0.1 www.cryptdrive.com
127.0.0.1 crystalysmedia.com
127.0.0.1 www.crystalysmedia.com
127.0.0.1 csx.adservs.com
127.0.0.1 www.csx.adservs.com
127.0.0.1 cts.180solutions.com
127.0.0.1 cuisinartoven.com
127.0.0.1 www.cuisinartoven.com
127.0.0.1 curedc.info
127.0.0.1 www.curedc.info
127.0.0.1 curepcsolutions.com
127.0.0.1 www.curepcsolutions.com
127.0.0.1 curvedspaces.com
127.0.0.1 cutadult.com
127.0.0.1 www.cutadult.com
127.0.0.1 cvirgilio.it
127.0.0.1 www.cvirgilio.it
127.0.0.1 cvorriere.it
127.0.0.1 www.cvorriere.it
127.0.0.1 cvs.jps.ru
127.0.0.1 cvsymphony.com
127.0.0.1 cxorriere.it
127.0.0.1 www.cxorriere.it
127.0.0.1 cyberrape.com
127.0.0.1 www.cyberrape.com
127.0.0.1 cydom.com
127.0.0.1 cydoor.com
127.0.0.1 www.cydoor.com
127.0.0.1 daily3xlinks.com
127.0.0.1 www.daily3xlinks.com
127.0.0.1 dailybestclips.com
127.0.0.1 www.dailybestclips.com
127.0.0.1 daily-gals.com
127.0.0.1 dailyhugemovs.com
127.0.0.1 www.dailyhugemovs.com
127.0.0.1 dailykeys.com
127.0.0.1 www.dailykeys.com
127.0.0.1 dailypornmag.com
127.0.0.1 www.dailypornmag.com
127.0.0.1 dailyteenspic.com
127.0.0.1 dailytoolbar.com
127.0.0.1 www.dailytoolbar.com
127.0.0.1 dailyxvids.com
127.0.0.1 www.dailyxvids.com
127.0.0.1 dancingbabycd.com
127.0.0.1 dapsol.com
127.0.0.1 www.dapsol.com
127.0.0.1 dapsolution.com
127.0.0.1 www.dapsolution.com
127.0.0.1 data-hoster.com
127.0.0.1 www.data-hoster.com
127.0.0.1 datanotary.com
127.0.0.1 datareco.com
127.0.0.1 dateanybabe.com
127.0.0.1 www.dateanybabe.com
127.0.0.1 dateanychick.com
127.0.0.1 www.dateanychick.com
127.0.0.1 datingdoctorsite.com
127.0.0.1 www.datingdoctorsite.com
127.0.0.1 dating-galaxy.info
127.0.0.1 www.dating-galaxy.info
127.0.0.1 dating-search.net
127.0.0.1 davemarshall.org
127.0.0.1 db105.com
127.0.0.1 dbdecicated.com
127.0.0.1 www.dbdecicated.com
127.0.0.1 dbxcompany.com
127.0.0.1 www.dbxcompany.com
127.0.0.1 dcdl.dmcast.com
127.0.0.1 dcfitusa.com
127.0.0.1 dcorriere.it
127.0.0.1 www.dcorriere.it
127.0.0.1 dcurtis.com
127.0.0.1 www.dcurtis.com
127.0.0.1 dcww.dmcast.com
127.0.0.1 de.ag
127.0.0.1 de.drivecleaner.com
127.0.0.1 de.errorsafe.com
127.0.0.1 de.winantivirus.com
127.0.0.1 de98.remsys.org
127.0.0.1 debay.it
127.0.0.1 www.debay.it
127.0.0.1 decknews.com
127.0.0.1 www.decknews.com
127.0.0.1 dedmazay.3322.org
127.0.0.1 dedsearch.com
127.0.0.1 www.dedsearch.com
127.0.0.1 defaultsearch.net
127.0.0.1 Defensaantimalware.com
127.0.0.1 www.Defensaantimalware.com
127.0.0.1 deja-rue.com
127.0.0.1 www.deja-rue.com
127.0.0.1 delficodec.com
127.0.0.1 www.delficodec.com
127.0.0.1 democodec.com
127.0.0.1 www.democodec.com
127.0.0.1 derklaif.biz
127.0.0.1 www.derklaif.biz
127.0.0.1 derrari.it
127.0.0.1 www.derrari.it
127.0.0.1 desarrollocreativo.com
127.0.0.1 deskbar.worldtostart.com
127.0.0.1 www.deskbar.worldtostart.com
127.0.0.1 deskwizz.com
127.0.0.1 www.deskwizz.com
127.0.0.1 destruktor.to.pl
127.0.0.1 www.destruktor.to.pl
127.0.0.1 detectivehound.com
127.0.0.1 www.detectivehound.com
127.0.0.1 detectivesearches.com
127.0.0.1 www.detectivesearches.com
127.0.0.1 dev.ntcor.com
127.0.0.1 develip.com
127.0.0.1 dewis.spb.ru
127.0.0.1 dewis.us
127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
127.0.0.1 dgbusiness.com
127.0.0.1 www.dgbusiness.com
127.0.0.1 dialer2004.com
127.0.0.1 dialerclub.com
127.0.0.1 www.dialerclub.com
127.0.0.1 dialer-shop.com
127.0.0.1 www.dialer-shop.com
127.0.0.1 dialoff.com
127.0.0.1 www.dialoff.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 dietpills4free.com
127.0.0.1 dietpussy.com
127.0.0.1 digikeygen.com
127.0.0.1 www.digikeygen.com
127.0.0.1 digistreamsa.com
127.0.0.1 digitalcoders.net
127.0.0.1 www.digitalcoders.net
127.0.0.1 www.digitalfan.com
127.0.0.1 digital-pornography.com
127.0.0.1 dionforvalleycouncil.org
127.0.0.1 directdvdpro.com
127.0.0.1 www.directdvdpro.com
127.0.0.1 directporta.info
127.0.0.1 www.directporta.info
127.0.0.1 directsearchzone.com
127.0.0.1 www.directsearchzone.com
127.0.0.1 diskretter.com
127.0.0.1 www.diskretter.com
127.0.0.1 dist.checkin100.com
127.0.0.1 dl.ad-ware.cc
127.0.0.1 dl.malwarewipe.com
127.0.0.1 dl.mcboo.com
127.0.0.1 dl.targetsaver.com
127.0.0.1 www.dl.targetsaver.com
127.0.0.1 dl.web-nexus.net
127.0.0.1 dl1.antivermins.com
127.0.0.1 dl1.antivirgear.com
127.0.0.1 dl1.spydawn.com
127.0.0.1 dl1.virusprotectpro.com
127.0.0.1 dl10.spyfalcon.com
127.0.0.1 dl16.spyfalcon.com
127.0.0.1 dl2.spyfalcon.com
127.0.0.1 dl2.spyheal.com
127.0.0.1 dl2.spywarestrike.com
127.0.0.1 dl3.spyfalcon.com
127.0.0.1 dl3.spyheal.com
127.0.0.1 dl3.spywarestrike.com
127.0.0.1 dl4.spyfalcon.com
127.0.0.1 dl4.spywarestrike.com
127.0.0.1 dl5.spyfalcon.com
127.0.0.1 dl5.spywarestrike.com
127.0.0.1 dl6.spywarestrike.com
127.0.0.1 dl7.spywarestrike.com
127.0.0.1 dl8.spyheal.com
127.0.0.1 dl8.spywarestrike.com
127.0.0.1 dl9.spyfalcon.com
127.0.0.1 dload.contextplus.net
127.0.0.1 dltsolution.com
127.0.0.1 www.dltsolution.com
127.0.0.1 dmcast.com
127.0.0.1 www.dmcast.com
127.0.0.1 dmqfirm.com
127.0.0.1 www.dmqfirm.com
127.0.0.1 dnaads.com
127.0.0.1 www.dnaads.com
127.0.0.1 dnl.mabou.org
127.0.0.1 dns-look-up.com
127.0.0.1 www.dns-look-up.com
127.0.0.1 doctorwaldron.com
127.0.0.1 document-not-found.pornpic.org
127.0.0.1 doggyaction.com
127.0.0.1 dogproblemswebsite.com
127.0.0.1 www.dogproblemswebsite.com
127.0.0.1 doktorxxx.com
127.0.0.1 dollarrevenue.com
127.0.0.1 domaincar.com
127.0.0.1 www.domaincar.com
127.0.0.1 domains2003.net
127.0.0.1 domains-for-you-online.com
127.0.0.1 domain-your-registration.com
127.0.0.1 domkrat.com
127.0.0.1 doofo.com
127.0.0.1 www.doofo.com
127.0.0.1 dotcomtoolbar.com
127.0.0.1 www.dotcomtoolbar.com
127.0.0.1 down.136136.net
127.0.0.1 download.abetterinternet.com
127.0.0.1 download.adintelligence.net
127.0.0.1 download.antispywarebot.com
127.0.0.1 www.download.antispywarebot.com
127.0.0.1 download.bardownload.com
127.0.0.1 www.download.bardownload.com
127.0.0.1 download.bravesentry.com
127.0.0.1 www.download.bravesentry.com
127.0.0.1 download.cdn.drivecleaner.com
127.0.0.1 download.cdn.errorsafe.com
127.0.0.1 download.cdn.winsoftware.com
127.0.0.1 download.contextplus.net
127.0.0.1 download.errorsafe.com
127.0.0.1 download.jupitersatellites.biz
127.0.0.1 www.download.jupitersatellites.biz
127.0.0.1 download.MalwareAlarm.com
127.0.0.1 download.searchtabs.net
127.0.0.1 download.secureyournet.biz
127.0.0.1 www.download.secureyournet.biz
127.0.0.1 download.spyonthis.net
127.0.0.1 download.spy-shredder.com
127.0.0.1 download.systemdoctor.com
127.0.0.1 download.winantispyware.com
127.0.0.1 download.winantivirus.com
127.0.0.1 download.windrivecleaner.com
127.0.0.1 download.winfixer.com
127.0.0.1 download10.spywarequake.com
127.0.0.1 download11.spywarequake.com
127.0.0.1 download12.spywarequake.com
127.0.0.1 download13.spywarequake.com
127.0.0.1 download15.spywarequake.com
127.0.0.1 download2.spywarequake.com
127.0.0.1 download-2007.com
127.0.0.1 www.download-2007.com
127.0.0.1 download3.spyaxe.com
127.0.0.1 download3.spywarequake.com
127.0.0.1 download3xpics.com
127.0.0.1 www.download3xpics.com
127.0.0.1 download4.spyaxe.com
127.0.0.1 download4.spywarequake.com
127.0.0.1 download5.spyaxe.com
127.0.0.1 download5.spywarequake.com
127.0.0.1 download6.spyaxe.com
127.0.0.1 download7.spywarequake.com
127.0.0.1 download8.spywarequake.com
127.0.0.1 download9.spywarequake.com
127.0.0.1 downloadacceleratorsite.com
127.0.0.1 www.downloadacceleratorsite.com
127.0.0.1 download-ad-aware.com
127.0.0.1 www.download-ad-aware.com
127.0.0.1 download-all-4-free.com
127.0.0.1 www.download-all-4-free.com
127.0.0.1 download-all-area.com
127.0.0.1 www.download-all-area.com
127.0.0.1 download-antivir.com
127.0.0.1 www.download-antivir.com
127.0.0.1 downloadanysong.com
127.0.0.1 www.downloadanysong.com
127.0.0.1 downloadaresnow.com
127.0.0.1 www.downloadaresnow.com
127.0.0.1 download-avast.com
127.0.0.1 www.download-avast.com
127.0.0.1 downloadcorporation.com
127.0.0.1 www.downloadcorporation.com
127.0.0.1 download-dvdshrink.com
127.0.0.1 www.download-dvdshrink.com
127.0.0.1 download-for-free.net
127.0.0.1 www.download-for-free.net
127.0.0.1 downloadfreesoft.com
127.0.0.1 www.downloadfreesoft.com
127.0.0.1 downloadfreeway.com
127.0.0.1 www.downloadfreeway.com
127.0.0.1 downloadimesh.com
127.0.0.1 www.downloadimesh.com
127.0.0.1 download-itunes-now.com
127.0.0.1 www.download-itunes-now.com
127.0.0.1 download-limewire.org
127.0.0.1 www.download-limewire.org
127.0.0.1 downloadlost.tv
127.0.0.1 www.downloadlost.tv
127.0.0.1 downloadmax.net
127.0.0.1 www.downloadmax.net
127.0.0.1 download-mcafee.com
127.0.0.1 www.download-mcafee.com
127.0.0.1 download-me.info
127.0.0.1 downloadmediaax.com
127.0.0.1 www.downloadmediaax.com
127.0.0.1 downloadpics.net
127.0.0.1 www.downloadpics.net
127.0.0.1 downloadprovider.net
127.0.0.1 www.downloadprovider.net
127.0.0.1 download-real-player.com
127.0.0.1 www.download-real-player.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 downloads.adaware.cc
127.0.0.1 downloadservicearea.com
127.0.0.1 www.downloadservicearea.com
127.0.0.1 downloads-free.org
127.0.0.1 www.downloads-free.org
127.0.0.1 downloadsglobe.com
127.0.0.1 www.downloadsglobe.com
127.0.0.1 download-this.us
127.0.0.1 www.download-this.us
127.0.0.1 download-trillian.com
127.0.0.1 www.download-trillian.com
127.0.0.1 downloadv3.com
127.0.0.1 www.downloadv3.com
127.0.0.1 downloadvax.com
127.0.0.1 www.downloadvax.com
127.0.0.1 download-windvd

Réponse 3 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

Télécharge Zeb-Restore : http://telechargement.zebulon.fr/zeb-restore.html

- Mets le dans un dossier, sur ton bureau par exemple.
- Lance Zebrestore et coche la/les case(s) suivante(s) :

Réinitialiser Fichier Hosts

- Ne coche que la/les case(s) indiquée(s).
- Clique sur le bouton Restaurer.
- Quitte le programme puis refait un smitfraudfix option 1 en mode normal stp .

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

Voici, j'ai eu des pb avec ZEB et le médecin.
Execuse pour cette attente

SmitFraudFix v2.311

Rapport fait à 19:32:23,28, 11/04/2008
Executé à partir de C:\Documents and Settings\yannick\Bureau\Nouveau dossier (2)\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
D:\SuperCopier2\SuperCopier2.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
D:\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yannick

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yannick\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\yannick\Favoris

C:\DOCUME~1\yannick\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\yannick\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\yannick\Favoris\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\yannick\Bureau\Error Cleaner.url PRESENT !
C:\DOCUME~1\yannick\Bureau\Privacy Protector.url PRESENT !
C:\DOCUME~1\yannick\Bureau\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer=10.0.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer=10.0.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer=10.0.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 4 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

On continue,

Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SmitfraudFix
Double clic sur Smitfraud.cm choisis l'option 2 et Entrée
Réponds O aux deux questions suivantes:
-Voulez-vous nettoyer le registre ?
-Corriger le fichier infecté ?
Un rapport.txt sera généré et tu le postes pour contrôle.

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

SmitFraudFix v2.311

Rapport fait à 20:22:40,01, 11/04/2008
Executé à partir de C:\Documents and Settings\yannick\Bureau\Nouveau dossier (2)\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer=10.0.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer=10.0.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer=10.0.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

Refait un rapport hijackthis stp

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:09:57, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
D:\SuperCopier2\SuperCopier2.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\UltraEdit\UEDIT32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\yannick\Bureau\Nouveau dossier (2)\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1742B73D-8BE7-4E62-B38C-E5352CF75755} - C:\WINDOWS\system32\ljJcbyyX.dll (file missing)
O2 - BHO: (no name) - {271A4DDA-ACC9-4FE7-B856-930FF482DCEF} - C:\WINDOWS\system32\geBssRlk.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4C31468D-44AB-4CDE-85D9-4CE5FDB89135} - C:\WINDOWS\system32\jkkKcdbA.dll
O2 - BHO: (no name) - {4EC361C3-7F5C-4B3E-A370-E9B3222E19DC} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: geneanetx Class - {81CAB1B5-6895-4DD4-84C5-DDA7311277FF} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - C:\WINDOWS\system32\jkkIaAPg.dll
O2 - BHO: DVA Media - {D226FE2F-ED31-47B9-A435-5C2B54AF6C96} - C:\WINDOWS\temlxopqdrf.dll (file missing)
O3 - Toolbar: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKCU\..\Run: [SuperCopier2.exe] d:\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-57989841-1364589140-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk.disabled
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra 'Tools' menuitem: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer = 10.0.1.1
O20 - Winlogon Notify: jkkIaAPg - C:\WINDOWS\SYSTEM32\jkkIaAPg.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Hid Switch Service - Cambridge Silicon Radio - C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Publication World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\CONNEXION_DISTANTE\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Réponse 6 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

vire ta version hijackthis que t'as et télécharge celle ci et fait un scan et poste le rapport

hijackthis

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:07, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
D:\SuperCopier2\SuperCopier2.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\UltraEdit\UEDIT32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\yannick\Bureau\Nouveau dossier (2)\HiJackThis_v2.exe
C:\Program Files\UltraEdit\UEDIT32.EXE
C:\WINDOWS\system32\rundll32.exe
d:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKCU\..\Run: [SuperCopier2.exe] d:\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-57989841-1364589140-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk.disabled
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra 'Tools' menuitem: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer = 10.0.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Hid Switch Service - Cambridge Silicon Radio - C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\CONNEXION_DISTANTE\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Réponse 7 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

T'as bien du Vundo comme indiqué dans ton message !

# Télécharge l'utilitaire VundoFix.exe (Atribune).

# Lance "VundoFix" en double-cliquant sur son icône.

# Démarre l'analyse en Cliquant sur "Scan for Vundo". Une ligne "Searching for files" montre les processus et ressources analysées.
# A la fin de l'analyse , clique sur "Remove Vundo" pour démarrer l'éradication.
# Confirme la suppression des fichiers.
# Confirme le redémarrage du système.
# A la fin, un rapport d'analyse "C:\vundofix.txt" est disponible sous la racine "C:\". poste le!

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

Il na rien tuvé ??

VundoFix V7.0.3

Scan started at 21:24:46 11/04/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 21:34:59 11/04/2008

Listing files found while scanning....

Réponse 8 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

Non il n'a rien trouvé :(

télécharge : symantec vundo remove total: https://www.broadcom.com/support/security-center

# Lancer "FixVundo" en double-cliquant sur son icône. La fenêtre suivante apparaît :
# Démarrer l'analyse en Cliquant sur "Start".
# A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire. poste le

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

voici le rapport et j'ai refais un hijack

Symantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.
The process "iexplore.exe" might be affected by the threat. It has been terminated.

C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
E:\System Volume Information: (not scanned)
F:\System Volume Information: (not scanned)

Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 363831
The number of deleted files: 0
The number of viral processes terminated: 2
The number of viral processes suspended: 2
The number of viral threads terminated: 0
The number of registry entries fixed: 0
_____________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:31:33, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\UltraEdit\UEDIT32.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Bluetooth Manager.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra 'Tools' menuitem: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer = 10.0.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Hid Switch Service - Cambridge Silicon Radio - C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\CONNEXION_DISTANTE\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Réponse 9 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

et dit tes soucis !!

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

J'ai supprimé IE 7 avant ta réponse, il est en cours de ré installation.

antivirus à trouvé Trojan.KillAV

j'ai des pages qui s'ouvent seules ad.bannerconect.net

Demande de connexion à adnetserver.com avec login et mot de passe

Je n'avais plus accès aux options internet de IE

IE7 à terminer l'installation. Je reboot

Que dois je faire ensuite

Cordialement

Réponse 10 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

Télécharge Navilog

-Choisis Enregistrer et enregistre-le sur ton bureau.

- Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

-Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message " Analyse Termine le ....."

-Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie/colle l'intégralité du rapport dans ta réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

-Si ton antivirus detecte un virus ou un cheval de troie durant l'analyse ignore le.

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

Search Navipromo version 3.5.3 commencé le 12/04/2008 à 11:11:11,26

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "yannick"

Mise à jour le 09.04.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\yannick\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\yannick\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\yannick\menudm~1\progra~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\yannick\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\pedro\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\yannick\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\pedro\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\AbdcKkkj.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\klRssBeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\sAybcMoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\XyybcJjl.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 12/04/2008 à 11:13:48,37 ***

Réponse 11 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

bon il y en a encore :

Télécharge Combofix de sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

attention desactive tes protections (antivirus, anti sypware etc) pendant la durée du scan et ne fais rien avec le PC n'oublie pas de réactiver apres l'analyse ^^

Réponse 12 / 23

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

ComboFix 08-04-11.5 - yannick 2008-04-12 11:36:36.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1425 [GMT 2:00]
Endroit: F:\PRODUITS_INSTALLES\2008_04_11\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\yannick\Bureau\Privacy Protector.url
C:\Documents and Settings\yannick\Bureaublackbird.jpg
C:\Documents and Settings\yannick\BureauEditorFKWP1.5.exe
C:\Documents and Settings\yannick\BureauEditorFKWP2.0.exe
C:\Documents and Settings\yannick\Bureaufilemanagerclient.exe
C:\Documents and Settings\yannick\Bureaufkwp1.5.exe
C:\Documents and Settings\yannick\Bureaufkwp2.0.exe
C:\Documents and Settings\yannick\Bureaufwebd.exe
C:\Documents and Settings\yannick\BureauFWebdEditor.exe
C:\Documents and Settings\yannick\BureauTrojan.Win32.BlackBird.exe
C:\Program Files\PC-Cleaner
C:\WINDOWS\apoxqwfv.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\AbdcKkkj.ini
C:\WINDOWS\system32\AbdcKkkj.ini2
C:\WINDOWS\system32\bbegnodc.ini
C:\WINDOWS\system32\byXRHXRH.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cbXRKDTK.dll
C:\WINDOWS\system32\cdongebb.dll
C:\WINDOWS\system32\fcccbcBQ.dll
C:\WINDOWS\system32\iifdbApM.dll
C:\WINDOWS\system32\jkkIaAPg.dll
C:\WINDOWS\system32\klRssBeg.ini
C:\WINDOWS\system32\klRssBeg.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJCSijj.dll
C:\WINDOWS\system32\qoMcbyAs.dll
C:\WINDOWS\system32\sAybcMoq.ini
C:\WINDOWS\system32\sAybcMoq.ini2
C:\WINDOWS\system32\XyybcJjl.ini
C:\WINDOWS\system32\XyybcJjl.ini2
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32VBIEWER.OCX

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTMGR
-------\Service_ccEvtMgr
-------\Service_ccPwdSvc

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 11:08 . 2008-04-12 11:13 <REP> d-------- C:\Program Files\Navilog1
2008-04-12 10:40 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-12 10:40 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-12 10:40 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-12 10:40 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-12 10:40 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-12 10:40 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-12 10:40 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-12 10:40 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 10:40 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-12 10:20 . 2008-04-12 10:20 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-12 09:53 . 2008-04-12 10:43 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-11 21:24 . 2008-04-11 21:24 <REP> d-------- C:\VundoFix Backups
2008-04-11 17:17 . 2008-01-22 14:36 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-11 17:17 . 2008-01-22 14:36 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-11 17:17 . 2008-01-22 15:09 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-11 17:17 . 2008-04-11 20:54 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-11 17:17 . 2008-01-22 14:36 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-11 17:17 . 2008-04-11 20:53 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-04-11 17:17 . 2008-01-22 14:36 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-11 17:17 . 2008-04-11 17:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-04-11 16:54 . 2008-04-11 20:22 2,130 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-11 11:55 . 2008-04-11 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-11 11:38 . 2008-04-11 11:38 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-11 11:23 . 2008-04-11 11:23 <REP> d-------- C:\Documents and Settings\yannick\Application Data\TmpRecentIcons
2008-04-11 11:18 . 2008-04-11 11:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 10:35 . 2008-04-11 10:35 <REP> d--h----- C:\WINDOWS\PIF
2008-04-11 10:15 . 2008-04-11 13:46 <REP> d-------- C:\Program Files\Enigma Software Group
2008-04-11 09:59 . 2008-04-11 09:59 <REP> d-------- C:\Documents and Settings\yannick\Application Data\PC Tools
2008-04-11 09:59 . 2008-04-11 13:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 09:59 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-11 09:59 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-11 09:59 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-11 09:59 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-11 09:36 . 2008-04-11 09:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tersnsfc
2008-04-11 09:35 . 2008-04-11 09:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\zcpmhgdi
2008-04-11 09:35 . 2008-04-11 09:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\uxubyvmr
2008-04-11 09:35 . 2008-04-11 09:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\lgjehubo
2008-04-11 09:34 . 2008-04-11 09:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\wrmdyxep
2008-04-11 09:33 . 2008-04-11 09:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tctczixu
2008-04-11 09:32 . 2008-04-11 09:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\rcxefgte
2008-04-03 12:10 . 2008-04-03 12:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-04-03 12:08 . 2008-04-03 12:08 <REP> d-------- C:\Documents and Settings\yannick\Application Data\HotSync
2008-04-02 13:27 . 2008-04-02 13:27 48 --a------ C:\WINDOWS\FileNamesinQueue.ini
2008-04-02 13:11 . 2008-04-02 13:11 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-02 13:08 . 2008-04-02 13:08 <REP> d-------- C:\Program Files\Google
2008-04-02 13:00 . 2008-04-02 13:00 25 --a------ C:\WINDOWS\cdplayer.ini
2008-04-02 12:53 . 2008-04-02 13:11 <REP> d-------- C:\Program Files\Real
2008-04-02 12:49 . 2008-04-02 13:11 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-04-02 12:45 . 2008-04-02 12:45 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2008-04-02 12:45 . 2008-04-02 12:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2008-04-02 08:44 . 2008-04-03 12:08 94 --a------ C:\WINDOWS\family.ini
2008-03-30 15:50 . 2008-03-30 15:50 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-03-30 15:24 . 2008-03-30 15:24 <REP> d-------- C:\Documents and Settings\yannick\Application Data\Ashampoo Photo Commander 4
2008-03-20 19:00 . 2008-03-20 19:00 0 --a------ C:\Documents
2008-03-19 09:36 . 2008-03-19 09:36 <REP> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-03-19 09:34 . 2004-08-05 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-18 19:39 . 2003-09-05 15:35 139,604 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-03-18 19:39 . 2003-11-06 18:50 114,000 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-03-18 19:39 . 2001-12-14 17:26 36,188 --a------ C:\WINDOWS\system32\drivers\vap.sys
2008-03-18 19:38 . 2008-03-18 19:43 <REP> d-------- C:\temp
2008-03-18 12:42 . 2008-04-10 18:29 <REP> d-------- C:\Documents and Settings\yannick\Application Data\VMware
2008-03-18 12:28 . 2008-04-12 11:42 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-03-18 12:28 . 2007-04-12 21:05 9,600 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-03-18 12:28 . 2007-04-12 21:05 5,120 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-03-18 12:27 . 2008-04-12 11:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-03-18 12:27 . 2007-04-12 21:05 364,631 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-03-18 12:27 . 2007-04-12 21:05 135,168 --a------ C:\WINDOWS\system32\vmnat.exe
2008-03-18 12:27 . 2007-04-12 21:05 106,496 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-03-18 12:27 . 2007-04-12 21:05 15,616 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-03-18 12:27 . 2007-04-12 21:05 10,240 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-03-18 12:26 . 2008-03-18 12:26 1,024 --a------ C:\.rnd
2008-03-18 12:21 . 2008-03-18 12:21 <REP> d-------- C:\Virtual Machines
2008-03-18 12:21 . 2008-03-18 12:21 <REP> d-------- C:\Program Files\Fichiers communs\VMware
2008-03-18 12:11 . 2008-03-19 09:37 <REP> d-------- C:\Inetpub
2008-03-12 13:10 . 2008-03-12 13:10 633,344 --------- C:\WINDOWS\system32\gpprefcl.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 09:29 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-12 07:44 --------- d-----w C:\Program Files\Yahoo!
2008-04-10 16:08 --------- d-----w C:\Documents and Settings\yannick\Application Data\FileZilla
2008-03-30 13:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-22 12:59 --------- d-----w C:\Program Files\UltraEdit
2008-03-18 17:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\BSD Concept
2008-03-02 16:11 --------- d-----w C:\Program Files\Fichiers communs\Borland Shared
2008-03-02 14:47 --------- d-----w C:\Documents and Settings\yannick\Application Data\BSD Concept
2008-03-02 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\BSD
2008-02-20 17:08 --------- d-----w C:\Documents and Settings\yannick\Application Data\AlertInfo
2008-02-19 11:41 --------- d-----w C:\Program Files\Samsung
2008-02-19 08:52 --------- d-----w C:\Program Files\BlueTooth
2008-02-18 12:39 --------- d-----w C:\Documents and Settings\yannick\Application Data\Arcsoft
2008-02-18 08:45 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
2008-02-18 08:45 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B4CF086-5649-4CEB-A00F-D3BDF3740547}]
C:\WINDOWS\system32\jkkKcdbA.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{486E390A-7713-433F-A882-8B52263E595A}"= "D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll" [2007-10-15 15:59 2265088]

[HKEY_CLASSES_ROOT\clsid\{486e390a-7713-433f-a882-8b52263e595a}]
[HKEY_CLASSES_ROOT\geneanetx.geneanetx.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\geneanetx.geneanetx]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{486E390A-7713-433F-A882-8B52263E595A}"= D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll [2007-10-15 15:59 2265088]

[HKEY_CLASSES_ROOT\clsid\{486e390a-7713-433f-a882-8b52263e595a}]
[HKEY_CLASSES_ROOT\geneanetx.geneanetx.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\geneanetx.geneanetx]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-02 13:08 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 22:00 344064]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-18 17:02 48752]
"vspdfprsrv.exe"="D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 07:58 998912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIaAPg]
jkkIaAPg.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Gadwin PrintScreen"=D:\TRAITEMENT_IMAGES_SONS\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
"SuperCopier2.exe"=d:\SuperCopier2\SuperCopier2.exe
"SpybotSD TeaTimer"=d:\Spybot - Search & Destroy\TeaTimer.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"DiskeeperSystray"="D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkIcon.exe"
"RegInst1"=setopinst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\TRAITEMENT_IMAGES_SONS\\adslTV\\adsltv.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Contexte_GROUPAMA\\openprint\\bin\\opserver.exe"=
"E:\\Contexte_CNAM\\openprint\\bin\\opserver.exe"=
"E:\\___ICDC_REPRISE_AFP\\produit\\openprint\\bin\\opserver.exe"=
"D:\\oprint\\bin\\opserver.exe"=
"D:\\oprint\\opd\\OPdelivery.exe"=
"D:\\oprint\\opr\\OPremake.exe"=
"D:\\oprint\\ops\\OPstudio.exe"=
"D:\\TRAITEMENT_IMAGES_SONS\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 14:00]
R2 vmserverdWin32;VMware Registration Service;D:\VMware\VMware Server\vmserverdWin32.exe [2007-04-12 21:05]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 12:46]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S4 msvsmon80;Débogueur distant Visual Studio 2005;"D:\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-25 12:22:46 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 11:43:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\snmp.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
D:\CONNEXION_DISTANTE\VNC4\winvnc4.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-12 11:44:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 09:44:53
Pre-Run: 3,361,275,904 octets libres
Post-Run: 3,268,685,824 octets libres
.
2008-04-12 08:45:32 --- E O F ---

Réponse 13 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

Ok recolle un rapport hijackthis et dit tes soucis actuel

Réponse 14 / 23

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

pour le moment je ne vois pas de soucis.
Il y a t il des vérifications à effectuer ?

___

Voici le rapport

---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec AntiVirus\vptray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4C31468D-44AB-4CDE-85D9-4CE5FDB89135} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: geneanetx Class - {81CAB1B5-6895-4DD4-84C5-DDA7311277FF} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O2 - BHO: (no name) - {9B4CF086-5649-4CEB-A00F-D3BDF3740547} - C:\WINDOWS\system32\jkkKcdbA.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - (no file)
O2 - BHO: DVA Media - {D226FE2F-ED31-47B9-A435-5C2B54AF6C96} - C:\WINDOWS\temlxopqdrf.dll (file missing)
O3 - Toolbar: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Bluetooth Manager.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk.disabled
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra 'Tools' menuitem: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer = 10.0.1.1
O20 - Winlogon Notify: jkkIaAPg - jkkIaAPg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Hid Switch Service - Cambridge Silicon Radio - C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\CONNEXION_DISTANTE\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Réponse 15 / 23

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

pour le moment je ne vois pas de soucis.
Il y a t il des vérifications à effectuer ?

___

Voici le rapport

---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec AntiVirus\vptray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4C31468D-44AB-4CDE-85D9-4CE5FDB89135} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: geneanetx Class - {81CAB1B5-6895-4DD4-84C5-DDA7311277FF} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O2 - BHO: (no name) - {9B4CF086-5649-4CEB-A00F-D3BDF3740547} - C:\WINDOWS\system32\jkkKcdbA.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - (no file)
O2 - BHO: DVA Media - {D226FE2F-ED31-47B9-A435-5C2B54AF6C96} - C:\WINDOWS\temlxopqdrf.dll (file missing)
O3 - Toolbar: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Bluetooth Manager.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk.disabled
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra 'Tools' menuitem: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer = 10.0.1.1
O20 - Winlogon Notify: jkkIaAPg - jkkIaAPg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Hid Switch Service - Cambridge Silicon Radio - C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\CONNEXION_DISTANTE\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Réponse 16 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

Oui il reste pas mal de chose a faire:

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: (no name) - {4C31468D-44AB-4CDE-85D9-4CE5FDB89135} - (no file)
O2 - BHO: (no name) - {9B4CF086-5649-4CEB-A00F-D3BDF3740547} - C:\WINDOWS\system32\jkkKcdbA.dll (file missing)
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - (no file)
O2 - BHO: DVA Media - {D226FE2F-ED31-47B9-A435-5C2B54AF6C96} - C:\WINDOWS\temlxopqdrf.dll (file missing)

Si tu as déjà ces logiciels fait les mises à jour :

Télécharge et installe ccleaner : Utilie pour supprimer les traces de surf et réparer le registre

Comment s'en servir regarde le tuto ---> ici

Télécharge et installe avg antispyware:Fais un scan et supprime tout ce qu'il trouve !

Télécharge et installe spybot: Fais un scan et supprime tout ce qu'il trouve!

______________

Fait un scan bitdefender en ligne ---> ici poste le rapport (important)

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

voici le rapport de bidef8
---
BitDefender Online Scanner

Rapport d'analyse généré à: Sat, Apr 12, 2008 - 18:13:59

Voie d'analyse: C:\;D:\;E:\;F:\;G:\;

Statistiques

Temps
00:46:39

Fichiers
158706

Directoires
17690

Secteurs de boot
6

Archives
2965

Paquets programmes
11003

Résultats

Virus identifiés
2

Fichiers infectés
14

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
14

Info sur les moteurs

Définition virus
1142189

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
16

Archive des plugins
41

Unpack des plugins
7

E-mail plugins
6

Système plugins
5

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121721.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121721.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121721.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121802.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121802.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121802.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP108\A0121807.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP108\A0121807.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP108\A0121807.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121931.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121931.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121931.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121946.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121946.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121946.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121976.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121976.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121976.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121982.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121982.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121982.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122002.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122002.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122002.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122023.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122023.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122023.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122044.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122044.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122044.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP114\A0122063.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP114\A0122063.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP114\A0122063.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128388.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128388.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128388.ini
Supprimé

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128389.ini
Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128389.ini
Echec de la désinfection

C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128389.ini
Supprimé

F:\PRODUITS_INSTALLES\2008_04_11\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe
Infecté par: Backdoor.Vb.XB

F:\PRODUITS_INSTALLES\2008_04_11\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe
Supprimé

F:\PRODUITS_INSTALLES\2008_04_11\ComboFix.exe=>(RAR Sfx o)
Echec de la mise à jour

Réponse 17 / 23

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

en HTLM

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Sat, Apr 12, 2008 - 18:13:59</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">C:\;D:\;E:\;F:\;G:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">00:46:39</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">158706</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">17690</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2965</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">11003</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1142189</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">41</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121721.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121721.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121721.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121802.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121802.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP107\A0121802.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP108\A0121807.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP108\A0121807.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP108\A0121807.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121931.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121931.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121931.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121946.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121946.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121946.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121976.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121976.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121976.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121982.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121982.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0121982.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122002.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122002.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122002.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122023.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122023.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122023.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122044.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122044.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP113\A0122044.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP114\A0122063.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP114\A0122063.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP114\A0122063.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128388.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128388.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128388.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128389.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DVS</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128389.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9417EE06-A7E2-45E3-99F9-4160EB431E8B}\RP118\A0128389.ini</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">F:\PRODUITS_INSTALLES\2008_04_11\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Backdoor.Vb.XB</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">F:\PRODUITS_INSTALLES\2008_04_11\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">F:\PRODUITS_INSTALLES\2008_04_11\ComboFix.exe=>(RAR Sfx o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

</table>
<p> </p>

</body>
</html>

Réponse 18 / 23

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

il y a un simplifié
BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Sat, Apr 12, 2008 - 18:26:16

--------------------------------------------------------------------------------

Info d'analyse

Fichiers scannés
176410

Infectés Fichiers
14

Virus Détectés

Backdoor.Vb.XB
1

Trojan.Vundo.DVS
13

--------------------------------------------------------------------------------

Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.

Réponse 19 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

Ok ce qu'il reste c'est dans ta restuartion !!

Pour ca :

¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.

Puis,

¤Réactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu décoches la case « désactiver la restauration » et applique.

et remet un hijackthis et dit tes soucis !!

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

J'ai fait la manip, mais je ne sais quel problème je rencontre.
Cordialement
---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Microsoft Office\OFFICE11\WINWORD.EXE
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\SPYBOT~1\SDHelper.dll
O2 - BHO: geneanetx Class - {81CAB1B5-6895-4DD4-84C5-DDA7311277FF} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "D:\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Bluetooth Manager.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk.disabled
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra 'Tools' menuitem: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer = 10.0.1.1
O20 - Winlogon Notify: jkkIaAPg - jkkIaAPg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Hid Switch Service - Cambridge Silicon Radio - C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\CONNEXION_DISTANTE\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

yaLINUXNUL Messages postés 45 Date d'inscription Statut Membre Dernière intervention

J'ai fait la manip, mais je ne sais quel problème je rencontre.
Cordialement
---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Microsoft Office\OFFICE11\WINWORD.EXE
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\SPYBOT~1\SDHelper.dll
O2 - BHO: geneanetx Class - {81CAB1B5-6895-4DD4-84C5-DDA7311277FF} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Protocole_Viewer\PDF\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "D:\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Bluetooth Manager.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk.disabled
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra 'Tools' menuitem: GeneaBarre, la barre d'outils de GeneaNet - {486E390A-7713-433F-A882-8B52263E595A} - D:\GENEALOGIE\GeneaBarre\GeneaBarre, la barre d'outils de GeneaNet\geneabarre-fr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA56051B-F5BA-46F2-93D0-94A5F4FE892C}: NameServer = 10.0.1.1
O20 - Winlogon Notify: jkkIaAPg - jkkIaAPg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Hid Switch Service - Cambridge Silicon Radio - C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\DEFRAGMENTATION\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\CONNEXION_DISTANTE\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Réponse 20 / 23

dou-l Messages postés 2860 Date d'inscription Statut Membre Dernière intervention 61

Ok dit tes soucis actuel !!

Discussions similaires

Virtumonde.dll/.sci virus ?

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne