Infection

doudou -  
 doudou -
Bonjour,
le pc de mon ami est infecte
je peu aller sur internet mais curieusement pas sur ce site car je suis redirigé sur n'importe quel site

donc j'ecris depuis un autre pc

je me suis debarrassé de plusieur saloperis avec MalwareBytes' Anti-Malware "sans echec"
puis j'ai essaye combofix mais il me dit qu'il y a un rootkit et il redemarre le pc
avec ou sans echec c'est pareil

en image de fond il y avait une image du style "vous etes infecté veuillez telecharger ...ect.."
ca c'est parti et le pc se comporte bien , "sauf sur internet"

voici un rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:14:54, on 15/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
H:\Windows.old\Windows\system32\ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\UPHClean\uphclean.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\Iexplore.exe
D:\WINDOWS\system32\Notepad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail?u=http://webmail.orange.fr/webmail/fr_FR/inbox.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = H:\Windows.old\Windows\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = H:\Windows.old\Windows\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.club-internet.fr:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?4a05577529a849279da8f77e075acec
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?4a05577529a849279da8f77e075acec
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bing.com/?cc=fr&toHttps=1&redig=8E4340E974D84321BBA663104F635D75
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {02CA9974-B6AC-497E-A371-73580432B0F6} - https://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {10000001-1001-1001-1000-000000000000} -
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sherred.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip/RdxIE601_fr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8ED577E0-25F4-4477-866B-3C572B7FB603} - http://viout.com/downloader/ViOutActive.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\Windows.old\Windows\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - D:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Unknown owner - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 11759 bytes

30 réponses

  • 1
  • 2
Résumé de la discussion

Une infection informatique complexe affecte un PC sous Windows XP, se manifestant par une redirection des sites Internet et un affichage d'un message d'infection à l'arrière-plan, malgré la présence d'antivirus. Des outils tels que Malwarebytes, ComboFix et HijackThis ont été employés pour diagnostiquer et nettoyer, révélant des redirections proxy, des barres d’outils et des services hostiles dans les éléments de démarrage. Des remèdes complémentaires comme FindyKill et OTMoveIt ont été préconisés, avec nettoyage des clés Run et des éléments potentiellement associés sur supports amovibles. En parallèle, des symptômes techniques et des paramètres Proxy restent mentionnés dans les rapports, indiquant qu’une vérification complète du système et des sauvegardes est nécessaire pour éviter une réinfection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    --> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir

    --> Double-clique sur le raccourci FindyKill sur ton bureau

    --> Au menu principal, choisis l'option 2 (Suppression)

    /!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

    --> Ensuite, poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
    1
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Sur un PC, un SEUL antivirus et un SEUL antispyware.

    Tu as payé BitDefender ?
    1
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Garde celui-là alors.
    1
    1. doudou
       
      ok je desinstalle le reste
      et je considere comme resolu ?
      0
  4. doudou
     
    dabord merci de me repondre
    desole je n 'ai pas eu la patience j'avais deja fait un smitfraud et j'ai refait un MBAM (qui a bien bossé)
    je viens de refaire un smitfraud
    je te post la totalité
    dans l'ordre
    SmitFraudFix v2.350

    Rapport fait à 6:37:54,60, 15/09/2008
    Executé à partir de D:\Documents and Settings\admin\Bureau\Nouveau dossier
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 ad1.adcept.net
    127.0.0.1 ad3.adcept.net
    127.0.0.1 adres.internet.com
    127.0.0.1 ads.beguide.net
    127.0.0.1 ads.i12.de
    127.0.0.1 ads.indya.com
    127.0.0.1 ads.rediff.com
    127.0.0.1 ads.satyamonline.com
    127.0.0.1 afservant.guj.de
    127.0.0.1 ant.guj.de
    127.0.0.1 badservant.guj.de
    127.0.0.1 banner.de
    127.0.0.1 bannerads.de
    127.0.0.1 cash4banner.com
    127.0.0.1 cash4banner.de
    127.0.0.1 clickagents.com
    127.0.0.1 ct.iac-online.de
    127.0.0.1 exchange-it.com
    127.0.0.1 fragmentserv.iac-online.de
    127.0.0.1 linkbuddies.com
    127.0.0.1 maximumcash.com
    127.0.0.1 megacash.de
    127.0.0.1 n24.de
    127.0.0.1 rd.yahoo.com
    127.0.0.1 redirect.iac-online.de
    127.0.0.1 rs.webmasterplan.com
    127.0.0.1 secserv.imgis.com
    127.0.0.1 sh4banner.de
    127.0.0.1 spezialreporte.de
    127.0.0.1 srv1.bannercommunity.de
    127.0.0.1 srv2.bannercommunity.de
    127.0.0.1 srv3.bannercommunity.de
    127.0.0.1 vant.guj.de
    127.0.0.1 www.bannerads.de
    127.0.0.1 www.cash4banner.com
    127.0.0.1 www.cash4banner.de
    127.0.0.1 www.megacash.de
    127.0.0.1 www.money4exit.de
    127.0.0.1 www.nic.co.il
    127.0.0.1 www.sponsor2002.de
    127.0.0.1 www.win24.de
    127.0.0.1 pop3.norton.antivirus
    127.0.0.1 pop3.spa.norton.antivirus
    127.0.0.1 new #ad
    127.0.0.1 new #ad
    127.0.0.1 www.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.preferances.com #SpySweeperCASS
    127.0.0.1 ad.doubleclick.com #SpySweeperCASS
    127.0.0.1 ads.web.aol.com #SpySweeperCASS
    127.0.0.1 ad.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.preferences.com #SpySweeperCASS
    127.0.0.1 ad.washingtonpost.com #SpySweeperCASS
    127.0.0.1 adpick.switchboard.com #SpySweeperCASS
    127.0.0.1 ads.doubleclick.com #SpySweeperCASS
    127.0.0.1 ads.infospace.com #SpySweeperCASS
    127.0.0.1 ads.msn.com #SpySweeperCASS
    127.0.0.1 ads.switchboard.com #SpySweeperCASS
    127.0.0.1 ads.enliven.com #SpySweeperCASS
    127.0.0.1 oz.valueclick.com #SpySweeperCASS
    127.0.0.1 doubleclick.net #SpySweeperCASS
    127.0.0.1 ads.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad2.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad3.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad4.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad5.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad6.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad7.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad8.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad9.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad10.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad11.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad12.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad13.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad14.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad15.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad16.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad17.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad18.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad19.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad20.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.linkexchange.com #SpySweeperCASS
    127.0.0.1 banner.linkexchange.com #SpySweeperCASS
    127.0.0.1 ads*.focalink.com #SpySweeperCASS
    127.0.0.1 ads.imdb.com #SpySweeperCASS
    127.0.0.1 commonwealth.riddler.com #SpySweeperCASS
    127.0.0.1 globaltrak.net #SpySweeperCASS
    127.0.0.1 nrsite.com #SpySweeperCASS
    127.0.0.1 www.nrsite.com #SpySweeperCASS
    127.0.0.1 ad-up.com #SpySweeperCASS
    127.0.0.1 ad.adsmart.net #SpySweeperCASS
    127.0.0.1 ad.atlas.cz #SpySweeperCASS
    127.0.0.1 ad.blm.net #SpySweeperCASS
    127.0.0.1 ad.dogpile.com #SpySweeperCASS
    127.0.0.1 ad.infoseek.com #SpySweeperCASS
    127.0.0.1 ad.net-service.de #SpySweeperCASS
    127.0.0.1 ad.preferences.com #SpySweeperCASS
    127.0.0.1 ad.vol.at #SpySweeperCASS
    127.0.0.1 adbot.com #SpySweeperCASS
    127.0.0.1 adbureau.net #SpySweeperCASS
    127.0.0.1 adcount.hollywood.com #SpySweeperCASS
    127.0.0.1 add.yaho.com #SpySweeperCASS
    127.0.0.1 adex3.flycast.com #SpySweeperCASS
    127.0.0.1 adforce.adtech.de #SpySweeperCASS
    127.0.0.1 adforce.imgis.com #SpySweeperCASS
    127.0.0.1 adimage.blm.net #SpySweeperCASS
    127.0.0.1 adlink.deh.de #SpySweeperCASS
    127.0.0.1 ads.criticalmass.com #SpySweeperCASS
    127.0.0.1 ads.csi.emcweb.com #SpySweeperCASS
    127.0.0.1 ads.filez.com #SpySweeperCASS
    127.0.0.1 ads.imagine-inc.com #SpySweeperCASS
    127.0.0.1 ads.imdb.com #SpySweeperCASS
    127.0.0.1 ads.infospace.com #SpySweeperCASS
    127.0.0.1 ads.jwtt3.com #SpySweeperCASS
    127.0.0.1 ads.mirrormedia.co.uk #SpySweeperCASS
    127.0.0.1 ads.msn.com #SpySweeperCASS
    127.0.0.1 ads.narrowline.com #SpySweeperCASS
    127.0.0.1 ads.newcitynet.com #SpySweeperCASS
    127.0.0.1 ads.realcities.com #SpySweeperCASS
    127.0.0.1 ads.realmedia.com #SpySweeperCASS
    127.0.0.1 ads.switchboard.com #SpySweeperCASS
    127.0.0.1 ads.tripod.com #SpySweeperCASS
    127.0.0.1 ads.usatoday.com #SpySweeperCASS
    127.0.0.1 ads.washingtonpost.com #SpySweeperCASS
    127.0.0.1 ads.web.de #SpySweeperCASS
    127.0.0.1 ads.web21.com #SpySweeperCASS
    127.0.0.1 adserv.newcentury.net #SpySweeperCASS
    127.0.0.1 adservant.guj.de #SpySweeperCASS
    127.0.0.1 adservant.mediapoint.de #SpySweeperCASS
    127.0.0.1 adserver-espnet.sportszone.com #SpySweeperCASS
    127.0.0.1 advert.heise.de #SpySweeperCASS
    127.0.0.1 banners.internetextra.com #SpySweeperCASS
    127.0.0.1 bannerswap.com #SpySweeperCASS
    127.0.0.1 dino.mainz.ibm.de #SpySweeperCASS
    127.0.0.1 ganges.imagine-inc.com #SpySweeperCASS
    127.0.0.1 globaltrack.com #SpySweeperCASS
    127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
    127.0.0.1 garden.ngadcenter.net #SpySweeperCASS
    127.0.0.1 ogilvy.ngadcenter.net #SpySweeperCASS
    127.0.0.1 responsemedia-ad.flycast.com #SpySweeperCASS
    127.0.0.1 suissa-ad.flycast.com #SpySweeperCASS
    127.0.0.1 ugo.eu-adcenter.net #SpySweeperCASS
    127.0.0.1 vnu.eu-adcenter.net #SpySweeperCASS
    127.0.0.1 ad-adex3.flycast.com #SpySweeperCASS
    127.0.0.1 ad.adsmart.net #SpySweeperCASS
    127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.jp.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.linkexchange.com #SpySweeperCASS
    127.0.0.1 ad.linksynergy.com #SpySweeperCASS
    127.0.0.1 ad.nl.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.no.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.sma.punto.net #SpySweeperCASS
    127.0.0.1 ad.uk.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.webprovider.com #SpySweeperCASS
    127.0.0.1 ad08.focalink.com #SpySweeperCASS
    127.0.0.1 adcontroller.unicast.com #SpySweeperCASS
    127.0.0.1 adcreatives.imaginemedia.com #SpySweeperCASS
    127.0.0.1 adforce.ads.imgis.com #SpySweeperCASS
    127.0.0.1 adforce.imgis.com #SpySweeperCASS
    127.0.0.1 adfu.blockstackers.com #SpySweeperCASS
    127.0.0.1 adimages.earthweb.com #SpySweeperCASS
    127.0.0.1 adimg.egroups.com #SpySweeperCASS
    127.0.0.1 admedia.xoom.com #SpySweeperCASS
    127.0.0.1 adremote.pathfinder.com #SpySweeperCASS
    127.0.0.1 ads.admaximize.com #SpySweeperCASS
    127.0.0.1 ads.bfast.com #SpySweeperCASS
    127.0.0.1 ads.clickhouse.com #SpySweeperCASS
    127.0.0.1 ads.fairfax.com.au #SpySweeperCASS
    127.0.0.1 ads.fool.com #SpySweeperCASS
    127.0.0.1 ads.freshmeat.net #SpySweeperCASS
    127.0.0.1 ads.hollywood.com #SpySweeperCASS
    127.0.0.1 ads.i33.com #SpySweeperCASS
    127.0.0.1 ads.infi.net #SpySweeperCASS
    127.0.0.1 ads.link4ads.com #SpySweeperCASS
    127.0.0.1 ads.lycos.com #SpySweeperCASS
    127.0.0.1 ads.madison.com #SpySweeperCASS
    127.0.0.1 ads.mediaodyssey.com #SpySweeperCASS
    127.0.0.1 ads.msn.com #SpySweeperCASS
    127.0.0.1 ads.ninemsn.com.au #SpySweeperCASS
    127.0.0.1 ads.seattletimes.com #SpySweeperCASS
    127.0.0.1 ads.smartclicks.com #SpySweeperCASS
    127.0.0.1 ads.smartclicks.net #SpySweeperCASS
    127.0.0.1 ads.sptimes.com #SpySweeperCASS
    127.0.0.1 ads.web.aol.com #SpySweeperCASS
    127.0.0.1 ads.x10.com #SpySweeperCASS
    127.0.0.1 ads.xtra.co.nz #SpySweeperCASS
    127.0.0.1 ads.zdnet.com #SpySweeperCASS
    127.0.0.1 ads01.focalink.com #SpySweeperCASS
    127.0.0.1 ads02.focalink.com #SpySweeperCASS
    127.0.0.1 ads03.focalink.com #SpySweeperCASS
    127.0.0.1 ads04.focalink.com #SpySweeperCASS
    127.0.0.1 ads05.focalink.com #SpySweeperCASS
    127.0.0.1 ads06.focalink.com #SpySweeperCASS
    127.0.0.1 ads08.focalink.com #SpySweeperCASS
    127.0.0.1 ads09.focalink.com #SpySweeperCASS
    127.0.0.1 ads1.activeagent.at #SpySweeperCASS
    127.0.0.1 ads10.focalink.com #SpySweeperCASS
    127.0.0.1 ads11.focalink.com #SpySweeperCASS
    127.0.0.1 ads12.focalink.com #SpySweeperCASS
    127.0.0.1 ads14.focalink.com #SpySweeperCASS
    127.0.0.1 ads16.focalink.com #SpySweeperCASS
    127.0.0.1 ads17.focalink.com #SpySweeperCASS
    127.0.0.1 ads18.focalink.com #SpySweeperCASS
    127.0.0.1 ads19.focalink.com #SpySweeperCASS
    127.0.0.1 ads2.zdnet.com #SpySweeperCASS
    127.0.0.1 ads20.focalink.com #SpySweeperCASS
    127.0.0.1 ads21.focalink.com #SpySweeperCASS
    127.0.0.1 ads22.focalink.com #SpySweeperCASS
    127.0.0.1 ads23.focalink.com #SpySweeperCASS
    127.0.0.1 ads24.focalink.com #SpySweeperCASS
    127.0.0.1 ads25.focalink.com #SpySweeperCASS
    127.0.0.1 ads3.zdnet.com #SpySweeperCASS
    127.0.0.1 ads5.gamecity.net #SpySweeperCASS
    127.0.0.1 adserv.iafrica.com #SpySweeperCASS
    127.0.0.1 adserv.quality-channel.de #SpySweeperCASS
    127.0.0.1 adserver.dbusiness.com #SpySweeperCASS
    127.0.0.1 adserver.garden.com #SpySweeperCASS
    127.0.0.1 adserver.janes.com #SpySweeperCASS
    127.0.0.1 adserver.merc.com #SpySweeperCASS
    127.0.0.1 adserver.monster.com #SpySweeperCASS
    127.0.0.1 adserver.track-star.com #SpySweeperCASS
    127.0.0.1 adserver1.ogilvy-interactive.de #SpySweeperCASS
    127.0.0.1 adtegrity.spinbox.net #SpySweeperCASS
    127.0.0.1 antfarm-ad.flycast.com #SpySweeperCASS
    127.0.0.1 au.ads.link4ads.com #SpySweeperCASS
    127.0.0.1 banner.media-system.de #SpySweeperCASS
    127.0.0.1 banner.orb.net #SpySweeperCASS
    127.0.0.1 banner.relcom.ru #SpySweeperCASS
    127.0.0.1 banners.easydns.com #SpySweeperCASS
    127.0.0.1 banners.looksmart.com #SpySweeperCASS
    127.0.0.1 banners.wunderground.com #SpySweeperCASS
    127.0.0.1 barnesandnoble.bfast.com #SpySweeperCASS
    127.0.0.1 beseenad.looksmart.com #SpySweeperCASS
    127.0.0.1 bizad.nikkeibp.co.jp #SpySweeperCASS
    127.0.0.1 bn.bfast.com #SpySweeperCASS
    127.0.0.1 c3.xxxcounter.com #SpySweeperCASS
    127.0.0.1 califia.imaginemedia.com #SpySweeperCASS
    127.0.0.1 cds.mediaplex.com #SpySweeperCASS
    127.0.0.1 click.avenuea.com #SpySweeperCASS
    127.0.0.1 click.go2net.com #SpySweeperCASS
    127.0.0.1 click.linksynergy.com #SpySweeperCASS
    127.0.0.1 cookies.cmpnet.com #SpySweeperCASS
    127.0.0.1 cornflakes.pathfinder.com #SpySweeperCASS
    127.0.0.1 counter.hitbox.com #SpySweeperCASS
    127.0.0.1 crux.songline.com #SpySweeperCASS
    127.0.0.1 erie.smartage.com #SpySweeperCASS
    127.0.0.1 etad.telegraph.co.uk #SpySweeperCASS
    127.0.0.1 fp.valueclick.com #SpySweeperCASS
    127.0.0.1 gadgeteer.pdamart.com #SpySweeperCASS
    127.0.0.1 gm.preferences.com #SpySweeperCASS
    127.0.0.1 gp.dejanews.com #SpySweeperCASS
    127.0.0.1 hg1.hitbox.com #SpySweeperCASS
    127.0.0.1 image.click2net.com #SpySweeperCASS
    127.0.0.1 image.eimg.com #SpySweeperCASS
    127.0.0.1 images2.nytimes.com #SpySweeperCASS
    127.0.0.1 jobkeys.ngadcenter.net #SpySweeperCASS
    127.0.0.1 kansas.valueclick.com #SpySweeperCASS
    127.0.0.1 leader.linkexchange.com #SpySweeperCASS
    127.0.0.1 liquidad.narrowcastmedia.com #SpySweeperCASS
    127.0.0.1 ln.doubleclick.net #SpySweeperCASS
    127.0.0.1 m.doubleclick.net #SpySweeperCASS
    127.0.0.1 macaddictads.snv.futurenet.com #SpySweeperCASS
    127.0.0.1 maximumpcads.imaginemedia.com #SpySweeperCASS
    127.0.0.1 media.preferences.com #SpySweeperCASS
    127.0.0.1 mercury.rmuk.co.uk #SpySweeperCASS
    127.0.0.1 mojofarm.sjc.mediaplex.com #SpySweeperCASS
    127.0.0.1 nbc.adbureau.net #SpySweeperCASS
    127.0.0.1 newads.cmpnet.com #SpySweeperCASS
    127.0.0.1 ng3.ads.warnerbros.com #SpySweeperCASS
    127.0.0.1 ngads.smartage.com #SpySweeperCASS
    127.0.0.1 nsads.hotwired.com #SpySweeperCASS
    127.0.0.1 ntbanner.digitalriver.com #SpySweeperCASS
    127.0.0.1 ph-ad05.focalink.com #SpySweeperCASS
    127.0.0.1 ph-ad07.focalink.com #SpySweeperCASS
    127.0.0.1 ph-ad16.focalink.com #SpySweeperCASS
    127.0.0.1 ph-ad17.focalink.com #SpySweeperCASS
    127.0.0.1 ph-ad18.focalink.com #SpySweeperCASS
    127.0.0.1 realads.realmedia.com #SpySweeperCASS
    127.0.0.1 redherring.ngadcenter.net #SpySweeperCASS
    127.0.0.1 redirect.click2net.com #SpySweeperCASS
    127.0.0.1 retaildirect.realmedia.com #SpySweeperCASS
    127.0.0.1 s2.focalink.com #SpySweeperCASS
    127.0.0.1 sh4sure-images.adbureau.net #SpySweeperCASS
    127.0.0.1 spin.spinbox.net #SpySweeperCASS
    127.0.0.1 static.admaximize.com #SpySweeperCASS
    127.0.0.1 stats.superstats.com #SpySweeperCASS
    127.0.0.1 sview.avenuea.com #SpySweeperCASS
    127.0.0.1 thinknyc.eu-adcenter.net #SpySweeperCASS
    127.0.0.1 tracker.clicktrade.com #SpySweeperCASS
    127.0.0.1 tsms-ad.tsms.com #SpySweeperCASS
    127.0.0.1 v0.extreme-dm.com #SpySweeperCASS
    127.0.0.1 v1.extreme-dm.com #SpySweeperCASS
    127.0.0.1 van.ads.link4ads.com #SpySweeperCASS
    127.0.0.1 view.accendo.com #SpySweeperCASS
    127.0.0.1 view.avenuea.com #SpySweeperCASS
    127.0.0.1 w113.hitbox.com #SpySweeperCASS
    127.0.0.1 w25.hitbox.com #SpySweeperCASS
    127.0.0.1 web2.deja.com #SpySweeperCASS
    127.0.0.1 webads.bizservers.com #SpySweeperCASS
    127.0.0.1 www.postmasterbannernet.com #SpySweeperCASS
    127.0.0.1 www.ad-up.com #SpySweeperCASS
    127.0.0.1 www.admex.com #SpySweeperCASS
    127.0.0.1 www.alladvantage.com #SpySweeperCASS
    127.0.0.1 www.burstnet.com #SpySweeperCASS
    127.0.0.1 www.commission-junction.com #SpySweeperCASS
    127.0.0.1 www.eads.com #SpySweeperCASS
    127.0.0.1 www.freestats.com #SpySweeperCASS
    127.0.0.1 www.imaginemedia.com #SpySweeperCASS
    127.0.0.1 www.netdirect.nl #SpySweeperCASS
    127.0.0.1 www.oneandonlynetwork.com #SpySweeperCASS
    127.0.0.1 www.targetshop.com #SpySweeperCASS
    127.0.0.1 www.teknosurf2.com #SpySweeperCASS
    127.0.0.1 www.teknosurf3.com #SpySweeperCASS
    127.0.0.1 www.valueclick.com #SpySweeperCASS
    127.0.0.1 www.websitefinancing.com #SpySweeperCASS
    127.0.0.1 www2.burstnet.com #SpySweeperCASS
    127.0.0.1 www4.trix.net #SpySweeperCASS
    127.0.0.1 www80.valueclick.com #SpySweeperCASS
    127.0.0.1 z.extreme-dm.com #SpySweeperCASS
    127.0.0.1 z0.extreme-dm.com #SpySweeperCASS
    127.0.0.1 z1.extreme-dm.com #SpySweeperCASS
    127.0.0.1 ads.forbes.net #SpySweeperCASS
    127.0.0.1 ads.newcity.com #SpySweeperCASS
    127.0.0.1 ads.ign.com #SpySweeperCASS
    127.0.0.1 adserver.ign.com #SpySweeperCASS
    127.0.0.1 ads.scifi.com #SpySweeperCASS
    127.0.0.1 adengine.theglobe.com #SpySweeperCASS
    127.0.0.1 ads.tucows.com #SpySweeperCASS
    127.0.0.1 adcontent.gamespy.com #SpySweeperCASS
    127.0.0.1 ads4.advance.net #SpySweeperCASS
    127.0.0.1 ads1.advance.net #SpySweeperCASS
    127.0.0.1 eur.yimg.com #SpySweeperCASS
    127.0.0.1 us.a1.yimg.com #SpySweeperCASS
    127.0.0.1 ad.harmony-central.com #SpySweeperCASS
    127.0.0.1 sg.yimg.com #SpySweeperCASS
    127.0.0.1 adverity.adverity.com #SpySweeperCASS
    127.0.0.1 ads.bloomberg.com #SpySweeperCASS
    127.0.0.1 mojofarm.mediaplex.com #SpySweeperCASS
    127.0.0.1 ads.mysimon.com #SpySweeperCASS
    127.0.0.1 ad.img.yahoo.co.kr #SpySweeperCASS
    127.0.0.1 adimages.go.com #SpySweeperCASS
    127.0.0.1 kr-adimage.lycos.co.kr #SpySweeperCASS
    127.0.0.1 ad.kimo.com.tw #SpySweeperCASS
    127.0.0.1 ads.paxnet.co.kr #SpySweeperCASS
    127.0.0.1 ads.paxnet.com #SpySweeperCASS
    127.0.0.1 ads.eu.msn.com #SpySweeperCASS
    127.0.0.1 ads.admonitor.net #SpySweeperCASS
    127.0.0.1 wwa.hitbox.com #SpySweeperCASS
    127.0.0.1 ads.nytimes.com #SpySweeperCASS
    127.0.0.1 ads.erotism.com #SpySweeperCASS
    127.0.0.1 banner.rootsweb.com #SpySweeperCASS
    127.0.0.1 ads.ole.com #SpySweeperCASS
    127.0.0.1 adimg1.chosun.com #SpySweeperCASS
    127.0.0.1 ss.mtree.com #SpySweeperCASS
    127.0.0.1 adpulse.ads.targetnet.com #SpySweeperCASS
    127.0.0.1 adserver.ugo.com #SpySweeperCASS
    127.0.0.1 ad.sales.olympics.com #SpySweeperCASS
    127.0.0.1 m2.doubleclick.net #SpySweeperCASS
    127.0.0.1 ph-ad21.focalink.com #SpySweeperCASS
    127.0.0.1 focusin.ads.targetnet.com #SpySweeperCASS
    127.0.0.1 www.datais.com #SpySweeperCASS
    127.0.0.1 oas.mmd.ch #SpySweeperCASS
    127.0.0.1 pub-g.ifrance.com #SpySweeperCASS
    127.0.0.1 ads.bianca.com #SpySweeperCASS
    127.0.0.1 wap.adlink.de #SpySweeperCASS
    127.0.0.1 click.adlink.de #SpySweeperCASS
    127.0.0.1 banner.adlink.de #SpySweeperCASS
    127.0.0.1 hurricane.adlink.de #SpySweeperCASS
    127.0.0.1 west.adlink.de #SpySweeperCASS
    127.0.0.1 scand.adlink.de #SpySweeperCASS
    127.0.0.1 regio.adlink.de #SpySweeperCASS
    127.0.0.1 direct.adlink.de #SpySweeperCASS
    127.0.0.1 classic.adlink.de #SpySweeperCASS
    127.0.0.1 adlui001.adlink.de #SpySweeperCASS
    127.0.0.1 banner1.adlink.de #SpySweeperCASS
    127.0.0.1 click.mp3.com #SpySweeperCASS
    127.0.0.1 adcodes.bla-bla.com #SpySweeperCASS
    127.0.0.1 icover.realmedia.com #SpySweeperCASS
    127.0.0.1 ca.fp.sandpiper.net #SpySweeperCASS
    127.0.0.1 adfarm.mediaplex.com #SpySweeperCASS
    127.0.0.1 ads.tmcs.net #SpySweeperCASS
    127.0.0.1 amedia.techies.com #SpySweeperCASS
    127.0.0.1 www.exchange-it.com #SpySweeperCASS
    127.0.0.1 www.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 ads.currantbun.com #SpySweeperCASS
    127.0.0.1 phoenix-adrunner.mycomputer.com #SpySweeperCASS
    127.0.0.1 ads15.focalink.com #SpySweeperCASS
    127.0.0.1 ads13.focalink.com #SpySweeperCASS
    127.0.0.1 adserver.colleges.com #SpySweeperCASS
    127.0.0.1 ads.nwsource.com #SpySweeperCASS
    127.0.0.1 ads.guardianunlimited.co.uk #SpySweeperCASS
    127.0.0.1 ads.newsint.co.uk #SpySweeperCASS
    127.0.0.1 ads.starnews.com #SpySweeperCASS
    127.0.0.1 www.linksynergy.com #SpySweeperCASS
    127.0.0.1 ieee-images.adbureau.net #SpySweeperCASS
    127.0.0.1 connect.247media.ads.link4ads.com #SpySweeperCASS
    127.0.0.1 ads.newsdigital.net #SpySweeperCASS
    127.0.0.1 arc5.msn.com #SpySweeperCASS
    127.0.0.1 arc4.msn.com #SpySweeperCASS
    127.0.0.1 arc3.msn.com #SpySweeperCASS
    127.0.0.1 arc2.msn.com #SpySweeperCASS
    127.0.0.1 arc1.msn.com #SpySweeperCASS
    127.0.0.1 ads.discovery.com #SpySweeperCASS
    127.0.0.1 im.800.com #SpySweeperCASS
    127.0.0.1 img.cmpnet.com #SpySweeperCASS
    127.0.0.1 ad7.internetadserver.com #SpySweeperCASS
    127.0.0.1 ads.dai.net #SpySweeperCASS
    127.0.0.1 ads.cbc.ca #SpySweeperCASS
    127.0.0.1 www75.valueclick.com #SpySweeperCASS
    127.0.0.1 ads.clearbluemedia.com #SpySweeperCASS
    127.0.0.1 ti.click2net.com #SpySweeperCASS
    127.0.0.1 www.onresponse.com #SpySweeperCASS
    127.0.0.1 ads.list-universe.com #SpySweeperCASS
    127.0.0.1 advert.bayarea.com #SpySweeperCASS
    127.0.0.1 www3.pagecount.com #SpySweeperCASS
    127.0.0.1 www.netsponsors.com #SpySweeperCASS
    127.0.0.1 adthru.com #SpySweeperCASS
    127.0.0.1 ads.newtimes.com #SpySweeperCASS
    127.0.0.1 ads.ugo.com #SpySweeperCASS
    127.0.0.1 ads.belointeractive.com #SpySweeperCASS
    127.0.0.1 wwb.hitbox.com #SpySweeperCASS
    127.0.0.1 comtrack.comclick.com #SpySweeperCASS
    127.0.0.1 www.24pm-affiliation.com #SpySweeperCASS
    127.0.0.1 www.click-fr.com #SpySweeperCASS
    127.0.0.1 www.cibleclick.com #SpySweeperCASS
    127.0.0.1 reply.mediatris.net #SpySweeperCASS
    127.0.0.1 cgi.declicnet.com #SpySweeperCASS
    127.0.0.1 pubs.mgn.net #SpySweeperCASS
    127.0.0.1 ads.mcafee.com #SpySweeperCASS
    127.0.0.1 ads1.ad-flow.com #SpySweeperCASS
    127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.adtraq.com #SpySweeperCASS
    127.0.0.1 ad.sg.doubleclick.net #SpySweeperCASS
    127.0.0.1 adpop.theglobe.com #SpySweeperCASS
    127.0.0.1 ads-03.tor.focusin.ads.targetnet.com #SpySweeperCASS
    127.0.0.1 ads.adflight.com #SpySweeperCASS
    127.0.0.1 ads.detelefoongids.nl #SpySweeperCASS
    127.0.0.1 ads.ecircles.com #SpySweeperCASS
    127.0.0.1 ads.god.co.uk #SpySweeperCASS
    127.0.0.1 ads.hyperbanner.net #SpySweeperCASS
    127.0.0.1 ads.jpost.com #SpySweeperCASS
    127.0.0.1 ads.netmechanic.com #SpySweeperCASS
    127.0.0.1 ads.webcash.nl #SpySweeperCASS
    127.0.0.1 adserver.netcast.nl #SpySweeperCASS
    127.0.0.1 adserver.webads.com #SpySweeperCASS
    127.0.0.1 adserver.webads.nl #SpySweeperCASS
    127.0.0.1 adserver1.realtracker.com #SpySweeperCASS
    127.0.0.1 adserver2.realtracker.com #SpySweeperCASS
    127.0.0.1 adserver3.realtracker.com #SpySweeperCASS
    127.0.0.1 delivery1.ads.telegraaf.nl #SpySweeperCASS
    127.0.0.1 holland.hyperbanner.net #SpySweeperCASS
    127.0.0.1 images.webads.nl #SpySweeperCASS
    127.0.0.1 sc.clicksupply.com #SpySweeperCASS
    127.0.0.1 service.bfast.com #SpySweeperCASS
    127.0.0.1 www.ad4ex.com #SpySweeperCASS
    127.0.0.1 www.bannercampaign.com #SpySweeperCASS
    127.0.0.1 www.cyberbounty.com #SpySweeperCASS
    127.0.0.1 www.netvertising.be #SpySweeperCASS
    127.0.0.1 www.speedyclick.com #SpySweeperCASS
    127.0.0.1 www.webads.nl #SpySweeperCASS
    127.0.0.1 ads.snowball.com #SpySweeperCASS
    127.0.0.1 ads.amazingmedia.com #SpySweeperCASS
    127.0.0.1 www10.valueclick.com #SpySweeperCASS
    127.0.0.1 js1.hitbox.com #SpySweeperCASS
    127.0.0.1 rd1.hitbox.com #SpySweeperCASS
    127.0.0.1 mt37.mtree.com #SpySweeperCASS
    127.0.0.1 ads.gameanswers.com #SpySweeperCASS
    127.0.0.1 ads7.udc.advance.net #SpySweeperCASS
    127.0.0.1 www23.valueclick.com #SpySweeperCASS
    127.0.0.1 ads.fortunecity.com #SpySweeperCASS
    127.0.0.1 banners.nextcard.com #SpySweeperCASS
    127.0.0.1 ads.iwon.com #SpySweeperCASS
    127.0.0.1 www.qksrv.net #SpySweeperCASS
    127.0.0.1 clickserve.cc-dt.com #SpySweeperCASS
    127.0.0.1 ads-b.focalink.com #SpySweeperCASS
    127.0.0.1 ad2.peel.com #SpySweeperCASS
    127.0.0.1 ads.floridatoday.com #SpySweeperCASS
    127.0.0.1 stats.adultrevenueservice.com #SpySweeperCASS
    127.0.0.1 ads18.bpath.com #SpySweeperCASS
    127.0.0.1 ph-ad06.focalink.com #SpySweeperCASS
    127.0.0.1 global.msads.net #SpySweeperCASS
    127.0.0.1 pluto1.iserver.net #SpySweeperCASS
    127.0.0.1 ads1.intelliads.com #SpySweeperCASS
    127.0.0.1 primetime.ad.asap-asp.net #SpySweeperCASS
    127.0.0.1 ads.stileproject.com #SpySweeperCASS
    127.0.0.1 di.image.eshop.msn.com #SpySweeperCASS
    127.0.0.1 www.blissnet.net #SpySweeperCASS
    127.0.0.1 www.consumerinfo.com #SpySweeperCASS
    127.0.0.1 ads.rottentomatoes.com #SpySweeperCASS
    127.0.0.1 k5ads.osdn.com #SpySweeperCASS
    127.0.0.1 actionsplash.com #SpySweeperCASS
    127.0.0.1 campaigns.f2.com.au #SpySweeperCASS
    127.0.0.1 adserver.news.com.au #SpySweeperCASS
    127.0.0.1 servedby.advertising.com #SpySweeperCASS
    127.0.0.1 java.yahoo.com #SpySweeperCASS
    127.0.0.1 ad.howstuffworks.com #SpySweeperCASS
    127.0.0.1 ads.1for1.com #SpySweeperCASS
    127.0.0.1 images.ads.fairfax.com.au #SpySweeperCASS
    127.0.0.1 ads.devx.com #SpySweeperCASS
    127.0.0.1 utils.mediageneral.com #SpySweeperCASS
    127.0.0.1 banners.friendfinder.com #SpySweeperCASS
    127.0.0.1 adserver.matchcraft.com #SpySweeperCASS
    127.0.0.1 www.dnps.com #SpySweeperCASS
    127.0.0.1 creative.whi.co.nz #SpySweeperCASS
    127.0.0.1 rmedia.boston.com #SpySweeperCASS
    127.0.0.1 webaffiliate.covad.com #SpySweeperCASS
    127.0.0.1 ad.iwin.com #SpySweeperCASS
    127.0.0.1 www.nailitonline2.com #SpySweeperCASS
    127.0.0.1 mds.centrport.net #SpySweeperCASS
    127.0.0.1 oas.dispatch.com #SpySweeperCASS
    127.0.0.1 adserver.ads360.com #SpySweeperCASS
    127.0.0.1 banners.adultfriendfinder.com #SpySweeperCASS
    127.0.0.1 ads.as4x.tmcs.net #SpySweeperCASS
    127.0.0.1 ads.clickagents.com #SpySweeperCASS
    127.0.0.1 banners.chek.com #SpySweeperCASS
    127.0.0.1 zi.r.tv.com #SpySweeperCASS
    127.0.0.1 ph-ad19.focalink.com #SpySweeperCASS
    127.0.0.1 ads.greensboro.com #SpySweeperCASS
    127.0.0.1 ad2.adcept.net #SpySweeperCASS
    127.0.0.1 ads.colo.kiva.net #SpySweeperCASS
    127.0.0.1 adsrv.iol.co.za #SpySweeperCASS
    127.0.0.1 mjxads.internet.com #SpySweeperCASS
    127.0.0.1 adimage.asiaone.com.sg #SpySweeperCASS
    127.0.0.1 ads.vnuemedia.com #SpySweeperCASS
    127.0.0.1 affiliate.doteasy.com #SpySweeperCASS
    127.0.0.1 m.tribalfusion.com #SpySweeperCASS
    127.0.0.1 oas.lee.net #SpySweeperCASS
    127.0.0.1 www.banneroverdrive.com #SpySweeperCASS
    127.0.0.1 ad3.peel.com #SpySweeperCASS
    127.0.0.1 ad1.peel.comwww.xbn.ru #SpySweeperCASS
    127.0.0.1 adserver.snowball.com #SpySweeperCASS
    127.0.0.1 media15.fastclick.net #SpySweeperCASS
    127.0.0.1 ads5.advance.net #SpySweeperCASS
    127.0.0.1 ads3.advance.net #SpySweeperCASS
    127.0.0.1 ads2.advance.net #SpySweeperCASS
    127.0.0.1 ads.advance.net #SpySweeperCASS
    127.0.0.1 usbytecom.orbitcycle.com #SpySweeperCASS
    127.0.0.1 adbanner.sweepsclub.com #SpySweeperCASS
    127.0.0.1 oas.villagevoice.com #SpySweeperCASS
    127.0.0.1 www.ad-flow.com #SpySweeperCASS
    127.0.0.1 ads.guardian.co.uk #SpySweeperCASS
    127.0.0.1 ads.hitcents.com #SpySweeperCASS
    127.0.0.1 media19.fastclick.net #SpySweeperCASS
    127.0.0.1 a.tribalfusion.com #SpySweeperCASS
    127.0.0.1 ads.nypost.com #SpySweeperCASS
    127.0.0.1 ads.premiumnetwork.com #SpySweeperCASS
    127.0.0.1 ads.ad-flow.com #SpySweeperCASS
    127.0.0.1 adserver.hispavista.com #SpySweeperCASS
    127.0.0.1 ads.musiccity.com #SpySweeperCASS
    127.0.0.1 banners.revenuelink.com #SpySweeperCASS
    127.0.0.1 ads1.sptimes.com #SpySweeperCASS
    127.0.0.1 adserver.bizland-inc.net #SpySweeperCASS
    127.0.0.1 ads.adtegrity.net #SpySweeperCASS
    127.0.0.1 media13.fastclick.net #SpySweeperCASS
    127.0.0.1 adserver.ukplus.co.uk #SpySweeperCASS
    127.0.0.1 ads.live365.com #SpySweeperCASS
    127.0.0.1 ads.fredericksburg.com #SpySweeperCASS
    127.0.0.1 banners.affiliatefuel.com #SpySweeperCASS
    127.0.0.1 ar.atwola.com #SpySweeperCASS
    127.0.0.1 ads.bigcitytools.com #SpySweeperCASS
    127.0.0.1 netshelter.adtrix.com #SpySweeperCASS
    127.0.0.1 y.ibsys.com #SpySweeperCASS
    127.0.0.1 adserver.nydailynews.com #SpySweeperCASS
    127.0.0.1 s0b.bluestreak.com #SpySweeperCASS
    127.0.0.1 images.scripps.com #SpySweeperCASS
    127.0.0.1 images.cybereps.com #SpySweeperCASS
    127.0.0.1 altfarm.mediaplex.com #SpySweeperCASS
    127.0.0.1 krd.realcities.com #SpySweeperCASS
    127.0.0.1 www3.bannerspace.com #SpySweeperCASS
    127.0.0.1 view.atdmt.com #SpySweeperCASS
    127.0.0.1 ads7.advance.net #SpySweeperCASS
    127.0.0.1 ad.abcnews.com #SpySweeperCASS
    127.0.0.1 ads.newsquest.co.uk #SpySweeperCASS
    127.0.0.1 secure.webconnect.net #SpySweeperCASS
    127.0.0.1 ads.nandomedia.com #SpySweeperCASS
    127.0.0.1 banners.babylon-x.com #SpySweeperCASS
    127.0.0.1 media17.fastclick.net #SpySweeperCASS
    127.0.0.1 techreview-images.adbureau.net #SpySweeperCASS
    127.0.0.1 ads.exhedra.com #SpySweeperCASS
    127.0.0.1 ad.trafficmp.com #SpySweeperCASS
    127.0.0.1 realmedia-a800.d4p.net #SpySweeperCASS
    127.0.0.1 banner.northsky.com #SpySweeperCASS
    127.0.0.1 ftp.nacorp.com #SpySweeperCASS
    127.0.0.1 www.digitalbettingcasinos.com #SpySweeperCASS
    127.0.0.1 c1.zedo.com #SpySweeperCASS
    127.0.0.1 ads4.condenet.com #SpySweeperCASS
    127.0.0.1 www.brilliantdigital.com #SpySweeperCASS
    127.0.0.1 desktop.kazaa.com #SpySweeperCASS
    127.0.0.1 shop.kazaa.com #SpySweeperCASS
    127.0.0.1 www.bonzi.com #SpySweeperCASS
    127.0.0.1 www.b3d.com #SpySweeperCASS
    127.0.0.1 neighborhood.standard.net #SpySweeperCASS
    127.0.0.1 ads.telegraph.co.uk #SpySweeperCASS
    127.0.0.1 spinbox.techtracker.com #SpySweeperCASS
    127.0.0.1 toads.osdn.com #SpySweeperCASS
    127.0.0.1 ads.themes.org #SpySweeperCASS
    127.0.0.1 adserver.trb.com #SpySweeperCASS
    127.0.0.1 media.fastclick.net #SpySweeperCASS
    127.0.0.1 banner.easyspace.com #SpySweeperCASS
    127.0.0.1 www.banner2u.com #SpySweeperCASS
    127.0.0.1 ads.thestar.com #SpySweeperCASS
    127.0.0.1 ads.digitalmedianet.com #SpySweeperCASS
    127.0.0.1 www.fineclicks.com #SpySweeperCASS
    127.0.0.1 ads.mdchoice.com #SpySweeperCASS
    127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS
    127.0.0.1 adtegrity.thruport.com #SpySweeperCASS
    127.0.0.1 a.mktw.net #SpySweeperCASS
    127.0.0.1 ads.pennyweb.com #SpySweeperCASS
    127.0.0.1 www3.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 www4.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 www6.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 www8.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 www15.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 ads.forbes.com #SpySweeperCASS
    127.0.0.1 ads.desmoinesregister.com #SpySweeperCASS
    127.0.0.1 adserver.tribuneinteractive.com #SpySweeperCASS
    127.0.0.1 bannerads.anytimenews.com #SpySweeperCASS
    127.0.0.1 ads1.condenet.com #SpySweeperCASS
    127.0.0.1 adserver.anm.co.uk #SpySweeperCASS
    127.0.0.1 zrap.zdnet.com.com #SpySweeperCASS
    127.0.0.1 bidclix.net #SpySweeperCASS
    127.0.0.1 media.popuptraffic.com #SpySweeperCASS
    127.0.0.1 coreg.flashtrack.net #SpySweeperCASS
    127.0.0.1 rmads.msn.com #SpySweeperCASS
    127.0.0.1 ads.icq.com #SpySweeperCASS
    127.0.0.1 cb.icq.com #SpySweeperCASS
    127.0.0.1 cf.icq.com #SpySweeperCASS
    127.0.0.1 www2.newtopsites.com #SpySweeperCASS
    127.0.0.1 adserv.internetfuel.com #SpySweeperCASS
    127.0.0.1 images.fastclick.net #SpySweeperCASS
    127.0.0.1 adserver.securityfocus.com #SpySweeperCASS
    127.0.0.1 www.avsads.com #SpySweeperCASS
    127.0.0.1 banners.moviegoods.com #SpySweeperCASS
    127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS
    127.0.0.1 ads.iambic.com #SpySweeperCASS
    127.0.0.1 sfads.osdn.com #SpySweeperCASS
    127.0.0.1 fl01.ct2.comclick.com #SpySweeperCASS
    127.0.0.1 adserver.phillyburbs.com #SpySweeperCASS
    127.0.0.1 marketing.nyi.net #SpySweeperCASS
    127.0.0.1 www.netflip.com #SpySweeperCASS
    127.0.0.1 image.imgfarm.com #SpySweeperCASS
    127.0.0.1 ads.viaarena.com #SpySweeperCASS
    127.0.0.1 phpads2.cnpapers.com #SpySweeperCASS
    127.0.0.1 ads.astalavista.us #SpySweeperCASS
    127.0.0.1 banner.coza.com #SpySweeperCASS
    127.0.0.1 adcreative.tribuneinteractive.com #SpySweeperCASS
    127.0.0.1 ads.democratandchronicle.com #SpySweeperCASS
    127.0.0.1 adlog.com.com #SpySweeperCASS
    127.0.0.1 adimg.com.com #SpySweeperCASS
    127.0.0.1 adimage.bankrate.com #SpySweeperCASS
    127.0.0.1 ads.mediadevil.com #SpySweeperCASS
    127.0.0.1 imageserv.adtech.de #SpySweeperCASS
    127.0.0.1 ad.se.doubleclick.net #SpySweeperCASS
    127.0.0.1 ads.cashsurfers.com #SpySweeperCASS
    127.0.0.1 ads.specificpop.com #SpySweeperCASS
    127.0.0.1 z1.adserver.com #SpySweeperCASS
    127.0.0.1 images.bizrate.com #SpySweeperCASS
    127.0.0.1 q.pni.com #SpySweeperCASS
    127.0.0.1 ad01.mediacorpsingapore.com #SpySweeperCASS
    127.0.0.1 adimage.asia1.com.sg #SpySweeperCASS
    127.0.0.1 images.newsx.cc #SpySweeperCASS
    127.0.0.1 www.adireland.com #SpySweeperCASS
    127.0.0.1 ads.iafrica.com #SpySweeperCASS
    127.0.0.1 ads.nyi.net #SpySweeperCASS
    127.0.0.1 geoads.osdn.com #SpySweeperCASS
    127.0.0.1 www.crisscross.com #SpySweeperCASS
    127.0.0.1 netcomm.spinbox.net #SpySweeperCASS
    127.0.0.1 ads.videoaxs.com #SpySweeperCASS
    127.0.0.1 mediamgr.ugo.com #SpySweeperCASS
    127.0.0.1 adserver.pollstar.com #SpySweeperCASS
    127.0.0.1 information.gopher.com #SpySweeperCASS
    127.0.0.1 ads.adviva.net #SpySweeperCASS
    127.0.0.1 adsrv.bankrate.com #SpySweeperCASS
    127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS
    127.0.0.1 ehg-bestbuy.hitbox.com #SpySweeperCASS
    127.0.0.1 ehg-intel.hitbox.com #SpySweeperCASS
    127.0.0.1 ehg-espn.hitbox.com #SpySweeperCASS
    127.0.0.1 ehg-macromedia.hitbox.com #SpySweeperCASS
    127.0.0.1 ehg-dig.hitbox.com #SpySweeperCASS
    127.0.0.1 speed.pointroll.com #SpySweeperCASS
    127.0.0.1 amch.questionmarket.com #SpySweeperCASS
    127.0.0.1 ads.gamespy.com #SpySweeperCASS
    127.0.0.1 spd.atdmt.com #SpySweeperCASS
    127.0.0.1 ads.columbian.com #SpySweeperCASS
    127.0.0.1 clickit.go2net.com #SpySweeperCASS
    127.0.0.1 vpdc.ru4.com #SpySweeperCASS
    127.0.0.1 ads.developershed.com #SpySweeperCASS
    127.0.0.1 ads.globeandmail.com #SpySweeperCASS
    127.0.0.1 ads.nerve.com #SpySweeperCASS
    127.0.0.1 iv.doubleclick.net #SpySweeperCASS
    127.0.0.1 ads2.condenet.com #SpySweeperCASS
    127.0.0.1 www.burstnet.com #SpySweeperCASS
    127.0.0.1 ads5.canoe.ca #SpySweeperCASS
    127.0.0.1 askmen.thruport.com #SpySweeperCASS
    127.0.0.1 adsrv2.gainesvillesun.com #SpySweeperCASS
    127.0.0.1 ads.theolympian.com #SpySweeperCASS
    127.0.0.1 ads.courierpostonline.com #SpySweeperCASS
    127.0.0.1 i.timeinc.net #SpySweeperCASS
    127.0.0.1 oasads.whitepages.com #SpySweeperCASS
    127.0.0.1 rad.msn.com #SpySweeperCASS
    127.0.0.1 serve.thisbanner.com #SpySweeperCASS
    127.0.0.1 images.trafficmp.com #SpySweeperCASS
    127.0.0.1 www.kaplanindex.com #SpySweeperCASS
    127.0.0.1 kaplanindex.com #SpySweeperCASS
    127.0.0.1 1.httpdads.com #SpySweeperCASS
    127.0.0.1 spinbox.maccentral.com #SpySweeperCASS
    127.0.0.1 akaads-abc.starwave.com #SpySweeperCASS
    127.0.0.1 webad.ajeeb.com #SpySweeperCASS
    127.0.0.1 ads.granadamedia.com #SpySweeperCASS
    127.0.0.1 oas.uniontrib.com #SpySweeperCASS
    127.0.0.1 ads.wnd.com #SpySweeperCASS
    127.0.0.1 a3.suntimes.com #SpySweeperCASS
    127.0.0.1 tmsads.tribune.com #SpySweeperCASS
    127.0.0.1 ads.peel.com #SpySweeperCASS
    127.0.0.1 ads.mh5.com #SpySweeperCASS
    127.0.0.1 ad.usatoday.com #SpySweeperCASS
    127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS
    127.0.0.1 ads.mediaturf.net #SpySweeperCASS
    127.0.0.1 ads4.clearchannel.com #SpySweeperCASS
    127.0.0.1 ads.clearchannel.com #SpySweeperCASS
    127.0.0.1 ads2.clearchannel.com #SpySweeperCASS
    127.0.0.1 ads.jacksonsun.com #SpySweeperCASS
    127.0.0.1 servads.aip.org #SpySweeperCASS
    127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS
    127.0.0.1 adng.ascii24.com #SpySweeperCASS
    127.0.0.1 engage.speedera.net #SpySweeperCASS
    127.0.0.1 ads.msn-ppe.com #SpySweeperCASS
    127.0.0.1 ad.openfind.com.tw #SpySweeperCASS
    127.0.0.1 adi.mainichi.co.jp #SpySweeperCASS
    127.0.0.1 ads.northjersey.com #SpySweeperCASS
    127.0.0.1 ad.moscowtimes.ru #SpySweeperCASS
    127.0.0.1 banners.valuead.com #SpySweeperCASS
    127.0.0.1 ad1.aaddzz.com #SpySweeperCASS
    127.0.0.1 ds.eyeblaster.com #SpySweeperCASS
    127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS
    127.0.0.1 oas.uniontrib.com #SpySweeperCASS
    127.0.0.1 ads.statesmanjournal.com #SpySweeperCASS
    127.0.0.1 ads.centralohio.com #SpySweeperCASS

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: DhcpNameServer=194.117.200.10 194.117.200.15
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    ENSUITE

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 3

    15/09/2008 13:15:21
    mbam-log-2008-09-15 (13-15-21).txt

    Type de recherche: Examen rapide
    Eléments examinés: 24350
    Temps écoulé: 4 minute(s), 3 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    puis RE MBAM

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 3

    15/09/2008 13:27:35
    mbam-log-2008-09-15 (13-27-35).txt

    Type de recherche: Examen rapide
    Eléments examinés: 49284
    Temps écoulé: 5 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    D:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

    et enfin
    SmitFraudFix v2.351

    Rapport fait à 6:35:28,00, 16/09/2008
    Executé à partir de D:\Documents and Settings\admin\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    H:\Windows.old\Windows\system32\ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\UPHClean\uphclean.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\Program Files\Alwil Software\Avast4\setup\avast.setup
    D:\Documents and Settings\admin\Bureau\SmitfraudFix\Policies.exe
    D:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» D:\

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\admin

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\admin\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\admin\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: DhcpNameServer=194.117.200.10 194.117.200.15
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. doudou
     
    dabord merci de me repondre
    desole je n 'ai pas eu la patience j'avais deja fait un smitfraud et j'ai refait un MBAM (qui a bien bossé)
    je viens de refaire un smitfraud
    je te post la totalité
    dans l'ordre
    SmitFraudFix v2.350

    Rapport fait à 6:37:54,60, 15/09/2008
    Executé à partir de D:\Documents and Settings\admin\Bureau\Nouveau dossier
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 ad1.adcept.net
    127.0.0.1 ad3.adcept.net
    127.0.0.1 adres.internet.com
    127.0.0.1 ads.beguide.net
    127.0.0.1 ads.i12.de
    127.0.0.1 ads.indya.com
    127.0.0.1 ads.rediff.com
    127.0.0.1 ads.satyamonline.com
    127.0.0.1 afservant.guj.de
    127.0.0.1 ant.guj.de
    127.0.0.1 badservant.guj.de
    127.0.0.1 banner.de
    127.0.0.1 bannerads.de
    127.0.0.1 cash4banner.com
    127.0.0.1 cash4banner.de
    127.0.0.1 clickagents.com
    127.0.0.1 ct.iac-online.de
    127.0.0.1 exchange-it.com
    127.0.0.1 fragmentserv.iac-online.de
    127.0.0.1 linkbuddies.com
    127.0.0.1 maximumcash.com
    127.0.0.1 megacash.de
    127.0.0.1 n24.de
    127.0.0.1 rd.yahoo.com
    127.0.0.1 redirect.iac-online.de
    127.0.0.1 rs.webmasterplan.com
    127.0.0.1 secserv.imgis.com
    127.0.0.1 sh4banner.de
    127.0.0.1 spezialreporte.de
    127.0.0.1 srv1.bannercommunity.de
    127.0.0.1 srv2.bannercommunity.de
    127.0.0.1 srv3.bannercommunity.de
    127.0.0.1 vant.guj.de
    127.0.0.1 www.bannerads.de
    127.0.0.1 www.cash4banner.com
    127.0.0.1 www.cash4banner.de
    127.0.0.1 www.megacash.de
    127.0.0.1 www.money4exit.de
    127.0.0.1 www.nic.co.il
    127.0.0.1 www.sponsor2002.de
    127.0.0.1 www.win24.de
    127.0.0.1 pop3.norton.antivirus
    127.0.0.1 pop3.spa.norton.antivirus
    127.0.0.1 new #ad
    127.0.0.1 new #ad
    127.0.0.1 www.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.preferances.com #SpySweeperCASS
    127.0.0.1 ad.doubleclick.com #SpySweeperCASS
    127.0.0.1 ads.web.aol.com #SpySweeperCASS
    127.0.0.1 ad.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.preferences.com #SpySweeperCASS
    127.0.0.1 ad.washingtonpost.com #SpySweeperCASS
    127.0.0.1 adpick.switchboard.com #SpySweeperCASS
    127.0.0.1 ads.doubleclick.com #SpySweeperCASS
    127.0.0.1 ads.infospace.com #SpySweeperCASS
    127.0.0.1 ads.msn.com #SpySweeperCASS
    127.0.0.1 ads.switchboard.com #SpySweeperCASS
    127.0.0.1 ads.enliven.com #SpySweeperCASS
    127.0.0.1 oz.valueclick.com #SpySweeperCASS
    127.0.0.1 doubleclick.net #SpySweeperCASS
    127.0.0.1 ads.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad2.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad3.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad4.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad5.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad6.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad7.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad8.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad9.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad10.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad11.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad12.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad13.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad14.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad15.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad16.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad17.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad18.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad19.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad20.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.linkexchange.com #SpySweeperCASS
    127.0.0.1 banner.linkexchange.com #SpySweeperCASS
    127.0.0.1 ads*.focalink.com #SpySweeperCASS
    127.0.0.1 ads.imdb.com #SpySweeperCASS
    127.0.0.1 commonwealth.riddler.com #SpySweeperCASS
    127.0.0.1 globaltrak.net #SpySweeperCASS
    127.0.0.1 nrsite.com #SpySweeperCASS
    127.0.0.1 www.nrsite.com #SpySweeperCASS
    127.0.0.1 ad-up.com #SpySweeperCASS
    127.0.0.1 ad.adsmart.net #SpySweeperCASS
    127.0.0.1 ad.atlas.cz #SpySweeperCASS
    127.0.0.1 ad.blm.net #SpySweeperCASS
    127.0.0.1 ad.dogpile.com #SpySweeperCASS
    127.0.0.1 ad.infoseek.com #SpySweeperCASS
    127.0.0.1 ad.net-service.de #SpySweeperCASS
    127.0.0.1 ad.preferences.com #SpySweeperCASS
    127.0.0.1 ad.vol.at #SpySweeperCASS
    127.0.0.1 adbot.com #SpySweeperCASS
    127.0.0.1 adbureau.net #SpySweeperCASS
    127.0.0.1 adcount.hollywood.com #SpySweeperCASS
    127.0.0.1 add.yaho.com #SpySweeperCASS
    127.0.0.1 adex3.flycast.com #SpySweeperCASS
    127.0.0.1 adforce.adtech.de #SpySweeperCASS
    127.0.0.1 adforce.imgis.com #SpySweeperCASS
    127.0.0.1 adimage.blm.net #SpySweeperCASS
    127.0.0.1 adlink.deh.de #SpySweeperCASS
    127.0.0.1 ads.criticalmass.com #SpySweeperCASS
    127.0.0.1 ads.csi.emcweb.com #SpySweeperCASS
    127.0.0.1 ads.filez.com #SpySweeperCASS
    127.0.0.1 ads.imagine-inc.com #SpySweeperCASS
    127.0.0.1 ads.imdb.com #SpySweeperCASS
    127.0.0.1 ads.infospace.com #SpySweeperCASS
    127.0.0.1 ads.jwtt3.com #SpySweeperCASS
    127.0.0.1 ads.mirrormedia.co.uk #SpySweeperCASS
    127.0.0.1 ads.msn.com #SpySweeperCASS
    127.0.0.1 ads.narrowline.com #SpySweeperCASS
    127.0.0.1 ads.newcitynet.com #SpySweeperCASS
    127.0.0.1 ads.realcities.com #SpySweeperCASS
    127.0.0.1 ads.realmedia.com #SpySweeperCASS
    127.0.0.1 ads.switchboard.com #SpySweeperCASS
    127.0.0.1 ads.tripod.com #SpySweeperCASS
    127.0.0.1 ads.usatoday.com #SpySweeperCASS
    127.0.0.1 ads.washingtonpost.com #SpySweeperCASS
    127.0.0.1 ads.web.de #SpySweeperCASS
    127.0.0.1 ads.web21.com #SpySweeperCASS
    127.0.0.1 adserv.newcentury.net #SpySweeperCASS
    127.0.0.1 adservant.guj.de #SpySweeperCASS
    127.0.0.1 adservant.mediapoint.de #SpySweeperCASS
    127.0.0.1 adserver-espnet.sportszone.com #SpySweeperCASS
    127.0.0.1 advert.heise.de #SpySweeperCASS
    127.0.0.1 banners.internetextra.com #SpySweeperCASS
    127.0.0.1 bannerswap.com #SpySweeperCASS
    127.0.0.1 dino.mainz.ibm.de #SpySweeperCASS
    127.0.0.1 ganges.imagine-inc.com #SpySweeperCASS
    127.0.0.1 globaltrack.com #SpySweeperCASS
    127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
    127.0.0.1 garden.ngadcenter.net #SpySweeperCASS
    127.0.0.1 ogilvy.ngadcenter.net #SpySweeperCASS
    127.0.0.1 responsemedia-ad.flycast.com #SpySweeperCASS
    127.0.0.1 suissa-ad.flycast.com #SpySweeperCASS
    127.0.0.1 ugo.eu-adcenter.net #SpySweeperCASS
    127.0.0.1 vnu.eu-adcenter.net #SpySweeperCASS
    127.0.0.1 ad-adex3.flycast.com #SpySweeperCASS
    127.0.0.1 ad.adsmart.net #SpySweeperCASS
    127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.jp.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.linkexchange.com #SpySweeperCASS
    127.0.0.1 ad.linksynergy.com #SpySweeperCASS
    127.0.0.1 ad.nl.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.no.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.sma.punto.net #SpySweeperCASS
    127.0.0.1 ad.uk.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.webprovider.com #SpySweeperCASS
    127.0.0.1 ad08.focalink.com #SpySweeperCASS
    127.0.0.1 adcontroller.unicast.com #SpySweeperCASS
    127.0.0.1 adcreatives.imaginemedia.com #SpySweeperCASS
    127.0.0.1 adforce.ads.imgis.com #SpySweeperCASS
    127.0.0.1 adforce.imgis.com #SpySweeperCASS
    127.0.0.1 adfu.blockstackers.com #SpySweeperCASS
    127.0.0.1 adimages.earthweb.com #SpySweeperCASS
    127.0.0.1 adimg.egroups.com #SpySweeperCASS
    127.0.0.1 admedia.xoom.com #SpySweeperCASS
    127.0.0.1 adremote.pathfinder.com #SpySweeperCASS
    127.0.0.1 ads.admaximize.com #SpySweeperCASS
    127.0.0.1 ads.bfast.com #SpySweeperCASS
    127.0.0.1 ads.clickhouse.com #SpySweeperCASS
    127.0.0.1 ads.fairfax.com.au #SpySweeperCASS
    127.0.0.1 ads.fool.com #SpySweeperCASS
    127.0.0.1 ads.freshmeat.net #SpySweeperCASS
    127.0.0.1 ads.hollywood.com #SpySweeperCASS
    127.0.0.1 ads.i33.com #SpySweeperCASS
    127.0.0.1 ads.infi.net #SpySweeperCASS
    127.0.0.1 ads.link4ads.com #SpySweeperCASS
    127.0.0.1 ads.lycos.com #SpySweeperCASS
    127.0.0.1 ads.madison.com #SpySweeperCASS
    127.0.0.1 ads.mediaodyssey.com #SpySweeperCASS
    127.0.0.1 ads.msn.com #SpySweeperCASS
    127.0.0.1 ads.ninemsn.com.au #SpySweeperCASS
    127.0.0.1 ads.seattletimes.com #SpySweeperCASS
    127.0.0.1 ads.smartclicks.com #SpySweeperCASS
    127.0.0.1 ads.smartclicks.net #SpySweeperCASS
    127.0.0.1 ads.sptimes.com #SpySweeperCASS
    127.0.0.1 ads.web.aol.com #SpySweeperCASS
    127.0.0.1 ads.x10.com #SpySweeperCASS
    127.0.0.1 ads.xtra.co.nz #SpySweeperCASS
    127.0.0.1 ads.zdnet.com #SpySweeperCASS
    127.0.0.1 ads01.focalink.com #SpySweeperCASS
    127.0.0.1 ads02.focalink.com #SpySweeperCASS
    127.0.0.1 ads03.focalink.com #SpySweeperCASS
    127.0.0.1 ads04.focalink.com #SpySweeperCASS
    127.0.0.1 ads05.focalink.com #SpySweeperCASS
    127.0.0.1 ads06.focalink.com #SpySweeperCASS
    127.0.0.1 ads08.focalink.com #SpySweeperCASS
    127.0.0.1 ads09.focalink.com #SpySweeperCASS
    127.0.0.1 ads1.activeagent.at #SpySweeperCASS
    127.0.0.1 ads10.focalink.com #SpySweeperCASS
    127.0.0.1 ads11.focalink.com #SpySweeperCASS
    127.0.0.1 ads12.focalink.com #SpySweeperCASS
    127.0.0.1 ads14.focalink.com #SpySweeperCASS
    127.0.0.1 ads16.focalink.com #SpySweeperCASS
    127.0.0.1 ads17.focalink.com #SpySweeperCASS
    127.0.0.1 ads18.focalink.com #SpySweeperCASS
    127.0.0.1 ads19.focalink.com #SpySweeperCASS
    127.0.0.1 ads2.zdnet.com #SpySweeperCASS
    127.0.0.1 ads20.focalink.com #SpySweeperCASS
    127.0.0.1 ads21.focalink.com #SpySweeperCASS
    127.0.0.1 ads22.focalink.com #SpySweeperCASS
    127.0.0.1 ads23.focalink.com #SpySweeperCASS
    127.0.0.1 ads24.focalink.com #SpySweeperCASS
    127.0.0.1 ads25.focalink.com #SpySweeperCASS
    127.0.0.1 ads3.zdnet.com #SpySweeperCASS
    127.0.0.1 ads5.gamecity.net #SpySweeperCASS
    127.0.0.1 adserv.iafrica.com #SpySweeperCASS
    127.0.0.1 adserv.quality-channel.de #SpySweeperCASS
    127.0.0.1 adserver.dbusiness.com #SpySweeperCASS
    127.0.0.1 adserver.garden.com #SpySweeperCASS
    127.0.0.1 adserver.janes.com #SpySweeperCASS
    127.0.0.1 adserver.merc.com #SpySweeperCASS
    127.0.0.1 adserver.monster.com #SpySweeperCASS
    127.0.0.1 adserver.track-star.com #SpySweeperCASS
    127.0.0.1 adserver1.ogilvy-interactive.de #SpySweeperCASS
    127.0.0.1 adtegrity.spinbox.net #SpySweeperCASS
    127.0.0.1 antfarm-ad.flycast.com #SpySweeperCASS
    127.0.0.1 au.ads.link4ads.com #SpySweeperCASS
    127.0.0.1 banner.media-system.de #SpySweeperCASS
    127.0.0.1 banner.orb.net #SpySweeperCASS
    127.0.0.1 banner.relcom.ru #SpySweeperCASS
    127.0.0.1 banners.easydns.com #SpySweeperCASS
    127.0.0.1 banners.looksmart.com #SpySweeperCASS
    127.0.0.1 banners.wunderground.com #SpySweeperCASS
    127.0.0.1 barnesandnoble.bfast.com #SpySweeperCASS
    127.0.0.1 beseenad.looksmart.com #SpySweeperCASS
    127.0.0.1 bizad.nikkeibp.co.jp #SpySweeperCASS
    127.0.0.1 bn.bfast.com #SpySweeperCASS
    127.0.0.1 c3.xxxcounter.com #SpySweeperCASS
    127.0.0.1 califia.imaginemedia.com #SpySweeperCASS
    127.0.0.1 cds.mediaplex.com #SpySweeperCASS
    127.0.0.1 click.avenuea.com #SpySweeperCASS
    127.0.0.1 click.go2net.com #SpySweeperCASS
    127.0.0.1 click.linksynergy.com #SpySweeperCASS
    127.0.0.1 cookies.cmpnet.com #SpySweeperCASS
    127.0.0.1 cornflakes.pathfinder.com #SpySweeperCASS
    127.0.0.1 counter.hitbox.com #SpySweeperCASS
    127.0.0.1 crux.songline.com #SpySweeperCASS
    127.0.0.1 erie.smartage.com #SpySweeperCASS
    127.0.0.1 etad.telegraph.co.uk #SpySweeperCASS
    127.0.0.1 fp.valueclick.com #SpySweeperCASS
    127.0.0.1 gadgeteer.pdamart.com #SpySweeperCASS
    127.0.0.1 gm.preferences.com #SpySweeperCASS
    127.0.0.1 gp.dejanews.com #SpySweeperCASS
    127.0.0.1 hg1.hitbox.com #SpySweeperCASS
    127.0.0.1 image.click2net.com #SpySweeperCASS
    127.0.0.1 image.eimg.com #SpySweeperCASS
    127.0.0.1 images2.nytimes.com #SpySweeperCASS
    127.0.0.1 jobkeys.ngadcenter.net #SpySweeperCASS
    127.0.0.1 kansas.valueclick.com #SpySweeperCASS
    127.0.0.1 leader.linkexchange.com #SpySweeperCASS
    127.0.0.1 liquidad.narrowcastmedia.com #SpySweeperCASS
    127.0.0.1 ln.doubleclick.net #SpySweeperCASS
    127.0.0.1 m.doubleclick.net #SpySweeperCASS
    127.0.0.1 macaddictads.snv.futurenet.com #SpySweeperCASS
    127.0.0.1 maximumpcads.imaginemedia.com #SpySweeperCASS
    127.0.0.1 media.preferences.com #SpySweeperCASS
    127.0.0.1 mercury.rmuk.co.uk #SpySweeperCASS
    127.0.0.1 mojofarm.sjc.mediaplex.com #SpySweeperCASS
    127.0.0.1 nbc.adbureau.net #SpySweeperCASS
    127.0.0.1 newads.cmpnet.com #SpySweeperCASS
    127.0.0.1 ng3.ads.warnerbros.com #SpySweeperCASS
    127.0.0.1 ngads.smartage.com #SpySweeperCASS
    127.0.0.1 nsads.hotwired.com #SpySweeperCASS
    127.0.0.1 ntbanner.digitalriver.com #SpySweeperCASS
    127.0.0.1 ph-ad05.focalink.com #SpySweeperCASS
    127.0.0.1 ph-ad07.focalink.com #SpySweeperCASS
    127.0.0.1 ph-ad16.focalink.com #SpySweeperCASS
    127.0.0.1 ph-ad17.focalink.com #SpySweeperCASS
    127.0.0.1 ph-ad18.focalink.com #SpySweeperCASS
    127.0.0.1 realads.realmedia.com #SpySweeperCASS
    127.0.0.1 redherring.ngadcenter.net #SpySweeperCASS
    127.0.0.1 redirect.click2net.com #SpySweeperCASS
    127.0.0.1 retaildirect.realmedia.com #SpySweeperCASS
    127.0.0.1 s2.focalink.com #SpySweeperCASS
    127.0.0.1 sh4sure-images.adbureau.net #SpySweeperCASS
    127.0.0.1 spin.spinbox.net #SpySweeperCASS
    127.0.0.1 static.admaximize.com #SpySweeperCASS
    127.0.0.1 stats.superstats.com #SpySweeperCASS
    127.0.0.1 sview.avenuea.com #SpySweeperCASS
    127.0.0.1 thinknyc.eu-adcenter.net #SpySweeperCASS
    127.0.0.1 tracker.clicktrade.com #SpySweeperCASS
    127.0.0.1 tsms-ad.tsms.com #SpySweeperCASS
    127.0.0.1 v0.extreme-dm.com #SpySweeperCASS
    127.0.0.1 v1.extreme-dm.com #SpySweeperCASS
    127.0.0.1 van.ads.link4ads.com #SpySweeperCASS
    127.0.0.1 view.accendo.com #SpySweeperCASS
    127.0.0.1 view.avenuea.com #SpySweeperCASS
    127.0.0.1 w113.hitbox.com #SpySweeperCASS
    127.0.0.1 w25.hitbox.com #SpySweeperCASS
    127.0.0.1 web2.deja.com #SpySweeperCASS
    127.0.0.1 webads.bizservers.com #SpySweeperCASS
    127.0.0.1 www.postmasterbannernet.com #SpySweeperCASS
    127.0.0.1 www.ad-up.com #SpySweeperCASS
    127.0.0.1 www.admex.com #SpySweeperCASS
    127.0.0.1 www.alladvantage.com #SpySweeperCASS
    127.0.0.1 www.burstnet.com #SpySweeperCASS
    127.0.0.1 www.commission-junction.com #SpySweeperCASS
    127.0.0.1 www.eads.com #SpySweeperCASS
    127.0.0.1 www.freestats.com #SpySweeperCASS
    127.0.0.1 www.imaginemedia.com #SpySweeperCASS
    127.0.0.1 www.netdirect.nl #SpySweeperCASS
    127.0.0.1 www.oneandonlynetwork.com #SpySweeperCASS
    127.0.0.1 www.targetshop.com #SpySweeperCASS
    127.0.0.1 www.teknosurf2.com #SpySweeperCASS
    127.0.0.1 www.teknosurf3.com #SpySweeperCASS
    127.0.0.1 www.valueclick.com #SpySweeperCASS
    127.0.0.1 www.websitefinancing.com #SpySweeperCASS
    127.0.0.1 www2.burstnet.com #SpySweeperCASS
    127.0.0.1 www4.trix.net #SpySweeperCASS
    127.0.0.1 www80.valueclick.com #SpySweeperCASS
    127.0.0.1 z.extreme-dm.com #SpySweeperCASS
    127.0.0.1 z0.extreme-dm.com #SpySweeperCASS
    127.0.0.1 z1.extreme-dm.com #SpySweeperCASS
    127.0.0.1 ads.forbes.net #SpySweeperCASS
    127.0.0.1 ads.newcity.com #SpySweeperCASS
    127.0.0.1 ads.ign.com #SpySweeperCASS
    127.0.0.1 adserver.ign.com #SpySweeperCASS
    127.0.0.1 ads.scifi.com #SpySweeperCASS
    127.0.0.1 adengine.theglobe.com #SpySweeperCASS
    127.0.0.1 ads.tucows.com #SpySweeperCASS
    127.0.0.1 adcontent.gamespy.com #SpySweeperCASS
    127.0.0.1 ads4.advance.net #SpySweeperCASS
    127.0.0.1 ads1.advance.net #SpySweeperCASS
    127.0.0.1 eur.yimg.com #SpySweeperCASS
    127.0.0.1 us.a1.yimg.com #SpySweeperCASS
    127.0.0.1 ad.harmony-central.com #SpySweeperCASS
    127.0.0.1 sg.yimg.com #SpySweeperCASS
    127.0.0.1 adverity.adverity.com #SpySweeperCASS
    127.0.0.1 ads.bloomberg.com #SpySweeperCASS
    127.0.0.1 mojofarm.mediaplex.com #SpySweeperCASS
    127.0.0.1 ads.mysimon.com #SpySweeperCASS
    127.0.0.1 ad.img.yahoo.co.kr #SpySweeperCASS
    127.0.0.1 adimages.go.com #SpySweeperCASS
    127.0.0.1 kr-adimage.lycos.co.kr #SpySweeperCASS
    127.0.0.1 ad.kimo.com.tw #SpySweeperCASS
    127.0.0.1 ads.paxnet.co.kr #SpySweeperCASS
    127.0.0.1 ads.paxnet.com #SpySweeperCASS
    127.0.0.1 ads.eu.msn.com #SpySweeperCASS
    127.0.0.1 ads.admonitor.net #SpySweeperCASS
    127.0.0.1 wwa.hitbox.com #SpySweeperCASS
    127.0.0.1 ads.nytimes.com #SpySweeperCASS
    127.0.0.1 ads.erotism.com #SpySweeperCASS
    127.0.0.1 banner.rootsweb.com #SpySweeperCASS
    127.0.0.1 ads.ole.com #SpySweeperCASS
    127.0.0.1 adimg1.chosun.com #SpySweeperCASS
    127.0.0.1 ss.mtree.com #SpySweeperCASS
    127.0.0.1 adpulse.ads.targetnet.com #SpySweeperCASS
    127.0.0.1 adserver.ugo.com #SpySweeperCASS
    127.0.0.1 ad.sales.olympics.com #SpySweeperCASS
    127.0.0.1 m2.doubleclick.net #SpySweeperCASS
    127.0.0.1 ph-ad21.focalink.com #SpySweeperCASS
    127.0.0.1 focusin.ads.targetnet.com #SpySweeperCASS
    127.0.0.1 www.datais.com #SpySweeperCASS
    127.0.0.1 oas.mmd.ch #SpySweeperCASS
    127.0.0.1 pub-g.ifrance.com #SpySweeperCASS
    127.0.0.1 ads.bianca.com #SpySweeperCASS
    127.0.0.1 wap.adlink.de #SpySweeperCASS
    127.0.0.1 click.adlink.de #SpySweeperCASS
    127.0.0.1 banner.adlink.de #SpySweeperCASS
    127.0.0.1 hurricane.adlink.de #SpySweeperCASS
    127.0.0.1 west.adlink.de #SpySweeperCASS
    127.0.0.1 scand.adlink.de #SpySweeperCASS
    127.0.0.1 regio.adlink.de #SpySweeperCASS
    127.0.0.1 direct.adlink.de #SpySweeperCASS
    127.0.0.1 classic.adlink.de #SpySweeperCASS
    127.0.0.1 adlui001.adlink.de #SpySweeperCASS
    127.0.0.1 banner1.adlink.de #SpySweeperCASS
    127.0.0.1 click.mp3.com #SpySweeperCASS
    127.0.0.1 adcodes.bla-bla.com #SpySweeperCASS
    127.0.0.1 icover.realmedia.com #SpySweeperCASS
    127.0.0.1 ca.fp.sandpiper.net #SpySweeperCASS
    127.0.0.1 adfarm.mediaplex.com #SpySweeperCASS
    127.0.0.1 ads.tmcs.net #SpySweeperCASS
    127.0.0.1 amedia.techies.com #SpySweeperCASS
    127.0.0.1 www.exchange-it.com #SpySweeperCASS
    127.0.0.1 www.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 ads.currantbun.com #SpySweeperCASS
    127.0.0.1 phoenix-adrunner.mycomputer.com #SpySweeperCASS
    127.0.0.1 ads15.focalink.com #SpySweeperCASS
    127.0.0.1 ads13.focalink.com #SpySweeperCASS
    127.0.0.1 adserver.colleges.com #SpySweeperCASS
    127.0.0.1 ads.nwsource.com #SpySweeperCASS
    127.0.0.1 ads.guardianunlimited.co.uk #SpySweeperCASS
    127.0.0.1 ads.newsint.co.uk #SpySweeperCASS
    127.0.0.1 ads.starnews.com #SpySweeperCASS
    127.0.0.1 www.linksynergy.com #SpySweeperCASS
    127.0.0.1 ieee-images.adbureau.net #SpySweeperCASS
    127.0.0.1 connect.247media.ads.link4ads.com #SpySweeperCASS
    127.0.0.1 ads.newsdigital.net #SpySweeperCASS
    127.0.0.1 arc5.msn.com #SpySweeperCASS
    127.0.0.1 arc4.msn.com #SpySweeperCASS
    127.0.0.1 arc3.msn.com #SpySweeperCASS
    127.0.0.1 arc2.msn.com #SpySweeperCASS
    127.0.0.1 arc1.msn.com #SpySweeperCASS
    127.0.0.1 ads.discovery.com #SpySweeperCASS
    127.0.0.1 im.800.com #SpySweeperCASS
    127.0.0.1 img.cmpnet.com #SpySweeperCASS
    127.0.0.1 ad7.internetadserver.com #SpySweeperCASS
    127.0.0.1 ads.dai.net #SpySweeperCASS
    127.0.0.1 ads.cbc.ca #SpySweeperCASS
    127.0.0.1 www75.valueclick.com #SpySweeperCASS
    127.0.0.1 ads.clearbluemedia.com #SpySweeperCASS
    127.0.0.1 ti.click2net.com #SpySweeperCASS
    127.0.0.1 www.onresponse.com #SpySweeperCASS
    127.0.0.1 ads.list-universe.com #SpySweeperCASS
    127.0.0.1 advert.bayarea.com #SpySweeperCASS
    127.0.0.1 www3.pagecount.com #SpySweeperCASS
    127.0.0.1 www.netsponsors.com #SpySweeperCASS
    127.0.0.1 adthru.com #SpySweeperCASS
    127.0.0.1 ads.newtimes.com #SpySweeperCASS
    127.0.0.1 ads.ugo.com #SpySweeperCASS
    127.0.0.1 ads.belointeractive.com #SpySweeperCASS
    127.0.0.1 wwb.hitbox.com #SpySweeperCASS
    127.0.0.1 comtrack.comclick.com #SpySweeperCASS
    127.0.0.1 www.24pm-affiliation.com #SpySweeperCASS
    127.0.0.1 www.click-fr.com #SpySweeperCASS
    127.0.0.1 www.cibleclick.com #SpySweeperCASS
    127.0.0.1 reply.mediatris.net #SpySweeperCASS
    127.0.0.1 cgi.declicnet.com #SpySweeperCASS
    127.0.0.1 pubs.mgn.net #SpySweeperCASS
    127.0.0.1 ads.mcafee.com #SpySweeperCASS
    127.0.0.1 ads1.ad-flow.com #SpySweeperCASS
    127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS
    127.0.0.1 ad.adtraq.com #SpySweeperCASS
    127.0.0.1 ad.sg.doubleclick.net #SpySweeperCASS
    127.0.0.1 adpop.theglobe.com #SpySweeperCASS
    127.0.0.1 ads-03.tor.focusin.ads.targetnet.com #SpySweeperCASS
    127.0.0.1 ads.adflight.com #SpySweeperCASS
    127.0.0.1 ads.detelefoongids.nl #SpySweeperCASS
    127.0.0.1 ads.ecircles.com #SpySweeperCASS
    127.0.0.1 ads.god.co.uk #SpySweeperCASS
    127.0.0.1 ads.hyperbanner.net #SpySweeperCASS
    127.0.0.1 ads.jpost.com #SpySweeperCASS
    127.0.0.1 ads.netmechanic.com #SpySweeperCASS
    127.0.0.1 ads.webcash.nl #SpySweeperCASS
    127.0.0.1 adserver.netcast.nl #SpySweeperCASS
    127.0.0.1 adserver.webads.com #SpySweeperCASS
    127.0.0.1 adserver.webads.nl #SpySweeperCASS
    127.0.0.1 adserver1.realtracker.com #SpySweeperCASS
    127.0.0.1 adserver2.realtracker.com #SpySweeperCASS
    127.0.0.1 adserver3.realtracker.com #SpySweeperCASS
    127.0.0.1 delivery1.ads.telegraaf.nl #SpySweeperCASS
    127.0.0.1 holland.hyperbanner.net #SpySweeperCASS
    127.0.0.1 images.webads.nl #SpySweeperCASS
    127.0.0.1 sc.clicksupply.com #SpySweeperCASS
    127.0.0.1 service.bfast.com #SpySweeperCASS
    127.0.0.1 www.ad4ex.com #SpySweeperCASS
    127.0.0.1 www.bannercampaign.com #SpySweeperCASS
    127.0.0.1 www.cyberbounty.com #SpySweeperCASS
    127.0.0.1 www.netvertising.be #SpySweeperCASS
    127.0.0.1 www.speedyclick.com #SpySweeperCASS
    127.0.0.1 www.webads.nl #SpySweeperCASS
    127.0.0.1 ads.snowball.com #SpySweeperCASS
    127.0.0.1 ads.amazingmedia.com #SpySweeperCASS
    127.0.0.1 www10.valueclick.com #SpySweeperCASS
    127.0.0.1 js1.hitbox.com #SpySweeperCASS
    127.0.0.1 rd1.hitbox.com #SpySweeperCASS
    127.0.0.1 mt37.mtree.com #SpySweeperCASS
    127.0.0.1 ads.gameanswers.com #SpySweeperCASS
    127.0.0.1 ads7.udc.advance.net #SpySweeperCASS
    127.0.0.1 www23.valueclick.com #SpySweeperCASS
    127.0.0.1 ads.fortunecity.com #SpySweeperCASS
    127.0.0.1 banners.nextcard.com #SpySweeperCASS
    127.0.0.1 ads.iwon.com #SpySweeperCASS
    127.0.0.1 www.qksrv.net #SpySweeperCASS
    127.0.0.1 clickserve.cc-dt.com #SpySweeperCASS
    127.0.0.1 ads-b.focalink.com #SpySweeperCASS
    127.0.0.1 ad2.peel.com #SpySweeperCASS
    127.0.0.1 ads.floridatoday.com #SpySweeperCASS
    127.0.0.1 stats.adultrevenueservice.com #SpySweeperCASS
    127.0.0.1 ads18.bpath.com #SpySweeperCASS
    127.0.0.1 ph-ad06.focalink.com #SpySweeperCASS
    127.0.0.1 global.msads.net #SpySweeperCASS
    127.0.0.1 pluto1.iserver.net #SpySweeperCASS
    127.0.0.1 ads1.intelliads.com #SpySweeperCASS
    127.0.0.1 primetime.ad.asap-asp.net #SpySweeperCASS
    127.0.0.1 ads.stileproject.com #SpySweeperCASS
    127.0.0.1 di.image.eshop.msn.com #SpySweeperCASS
    127.0.0.1 www.blissnet.net #SpySweeperCASS
    127.0.0.1 www.consumerinfo.com #SpySweeperCASS
    127.0.0.1 ads.rottentomatoes.com #SpySweeperCASS
    127.0.0.1 k5ads.osdn.com #SpySweeperCASS
    127.0.0.1 actionsplash.com #SpySweeperCASS
    127.0.0.1 campaigns.f2.com.au #SpySweeperCASS
    127.0.0.1 adserver.news.com.au #SpySweeperCASS
    127.0.0.1 servedby.advertising.com #SpySweeperCASS
    127.0.0.1 java.yahoo.com #SpySweeperCASS
    127.0.0.1 ad.howstuffworks.com #SpySweeperCASS
    127.0.0.1 ads.1for1.com #SpySweeperCASS
    127.0.0.1 images.ads.fairfax.com.au #SpySweeperCASS
    127.0.0.1 ads.devx.com #SpySweeperCASS
    127.0.0.1 utils.mediageneral.com #SpySweeperCASS
    127.0.0.1 banners.friendfinder.com #SpySweeperCASS
    127.0.0.1 adserver.matchcraft.com #SpySweeperCASS
    127.0.0.1 www.dnps.com #SpySweeperCASS
    127.0.0.1 creative.whi.co.nz #SpySweeperCASS
    127.0.0.1 rmedia.boston.com #SpySweeperCASS
    127.0.0.1 webaffiliate.covad.com #SpySweeperCASS
    127.0.0.1 ad.iwin.com #SpySweeperCASS
    127.0.0.1 www.nailitonline2.com #SpySweeperCASS
    127.0.0.1 mds.centrport.net #SpySweeperCASS
    127.0.0.1 oas.dispatch.com #SpySweeperCASS
    127.0.0.1 adserver.ads360.com #SpySweeperCASS
    127.0.0.1 banners.adultfriendfinder.com #SpySweeperCASS
    127.0.0.1 ads.as4x.tmcs.net #SpySweeperCASS
    127.0.0.1 ads.clickagents.com #SpySweeperCASS
    127.0.0.1 banners.chek.com #SpySweeperCASS
    127.0.0.1 zi.r.tv.com #SpySweeperCASS
    127.0.0.1 ph-ad19.focalink.com #SpySweeperCASS
    127.0.0.1 ads.greensboro.com #SpySweeperCASS
    127.0.0.1 ad2.adcept.net #SpySweeperCASS
    127.0.0.1 ads.colo.kiva.net #SpySweeperCASS
    127.0.0.1 adsrv.iol.co.za #SpySweeperCASS
    127.0.0.1 mjxads.internet.com #SpySweeperCASS
    127.0.0.1 adimage.asiaone.com.sg #SpySweeperCASS
    127.0.0.1 ads.vnuemedia.com #SpySweeperCASS
    127.0.0.1 affiliate.doteasy.com #SpySweeperCASS
    127.0.0.1 m.tribalfusion.com #SpySweeperCASS
    127.0.0.1 oas.lee.net #SpySweeperCASS
    127.0.0.1 www.banneroverdrive.com #SpySweeperCASS
    127.0.0.1 ad3.peel.com #SpySweeperCASS
    127.0.0.1 ad1.peel.comwww.xbn.ru #SpySweeperCASS
    127.0.0.1 adserver.snowball.com #SpySweeperCASS
    127.0.0.1 media15.fastclick.net #SpySweeperCASS
    127.0.0.1 ads5.advance.net #SpySweeperCASS
    127.0.0.1 ads3.advance.net #SpySweeperCASS
    127.0.0.1 ads2.advance.net #SpySweeperCASS
    127.0.0.1 ads.advance.net #SpySweeperCASS
    127.0.0.1 usbytecom.orbitcycle.com #SpySweeperCASS
    127.0.0.1 adbanner.sweepsclub.com #SpySweeperCASS
    127.0.0.1 oas.villagevoice.com #SpySweeperCASS
    127.0.0.1 www.ad-flow.com #SpySweeperCASS
    127.0.0.1 ads.guardian.co.uk #SpySweeperCASS
    127.0.0.1 ads.hitcents.com #SpySweeperCASS
    127.0.0.1 media19.fastclick.net #SpySweeperCASS
    127.0.0.1 a.tribalfusion.com #SpySweeperCASS
    127.0.0.1 ads.nypost.com #SpySweeperCASS
    127.0.0.1 ads.premiumnetwork.com #SpySweeperCASS
    127.0.0.1 ads.ad-flow.com #SpySweeperCASS
    127.0.0.1 adserver.hispavista.com #SpySweeperCASS
    127.0.0.1 ads.musiccity.com #SpySweeperCASS
    127.0.0.1 banners.revenuelink.com #SpySweeperCASS
    127.0.0.1 ads1.sptimes.com #SpySweeperCASS
    127.0.0.1 adserver.bizland-inc.net #SpySweeperCASS
    127.0.0.1 ads.adtegrity.net #SpySweeperCASS
    127.0.0.1 media13.fastclick.net #SpySweeperCASS
    127.0.0.1 adserver.ukplus.co.uk #SpySweeperCASS
    127.0.0.1 ads.live365.com #SpySweeperCASS
    127.0.0.1 ads.fredericksburg.com #SpySweeperCASS
    127.0.0.1 banners.affiliatefuel.com #SpySweeperCASS
    127.0.0.1 ar.atwola.com #SpySweeperCASS
    127.0.0.1 ads.bigcitytools.com #SpySweeperCASS
    127.0.0.1 netshelter.adtrix.com #SpySweeperCASS
    127.0.0.1 y.ibsys.com #SpySweeperCASS
    127.0.0.1 adserver.nydailynews.com #SpySweeperCASS
    127.0.0.1 s0b.bluestreak.com #SpySweeperCASS
    127.0.0.1 images.scripps.com #SpySweeperCASS
    127.0.0.1 images.cybereps.com #SpySweeperCASS
    127.0.0.1 altfarm.mediaplex.com #SpySweeperCASS
    127.0.0.1 krd.realcities.com #SpySweeperCASS
    127.0.0.1 www3.bannerspace.com #SpySweeperCASS
    127.0.0.1 view.atdmt.com #SpySweeperCASS
    127.0.0.1 ads7.advance.net #SpySweeperCASS
    127.0.0.1 ad.abcnews.com #SpySweeperCASS
    127.0.0.1 ads.newsquest.co.uk #SpySweeperCASS
    127.0.0.1 secure.webconnect.net #SpySweeperCASS
    127.0.0.1 ads.nandomedia.com #SpySweeperCASS
    127.0.0.1 banners.babylon-x.com #SpySweeperCASS
    127.0.0.1 media17.fastclick.net #SpySweeperCASS
    127.0.0.1 techreview-images.adbureau.net #SpySweeperCASS
    127.0.0.1 ads.exhedra.com #SpySweeperCASS
    127.0.0.1 ad.trafficmp.com #SpySweeperCASS
    127.0.0.1 realmedia-a800.d4p.net #SpySweeperCASS
    127.0.0.1 banner.northsky.com #SpySweeperCASS
    127.0.0.1 ftp.nacorp.com #SpySweeperCASS
    127.0.0.1 www.digitalbettingcasinos.com #SpySweeperCASS
    127.0.0.1 c1.zedo.com #SpySweeperCASS
    127.0.0.1 ads4.condenet.com #SpySweeperCASS
    127.0.0.1 www.brilliantdigital.com #SpySweeperCASS
    127.0.0.1 desktop.kazaa.com #SpySweeperCASS
    127.0.0.1 shop.kazaa.com #SpySweeperCASS
    127.0.0.1 www.bonzi.com #SpySweeperCASS
    127.0.0.1 www.b3d.com #SpySweeperCASS
    127.0.0.1 neighborhood.standard.net #SpySweeperCASS
    127.0.0.1 ads.telegraph.co.uk #SpySweeperCASS
    127.0.0.1 spinbox.techtracker.com #SpySweeperCASS
    127.0.0.1 toads.osdn.com #SpySweeperCASS
    127.0.0.1 ads.themes.org #SpySweeperCASS
    127.0.0.1 adserver.trb.com #SpySweeperCASS
    127.0.0.1 media.fastclick.net #SpySweeperCASS
    127.0.0.1 banner.easyspace.com #SpySweeperCASS
    127.0.0.1 www.banner2u.com #SpySweeperCASS
    127.0.0.1 ads.thestar.com #SpySweeperCASS
    127.0.0.1 ads.digitalmedianet.com #SpySweeperCASS
    127.0.0.1 www.fineclicks.com #SpySweeperCASS
    127.0.0.1 ads.mdchoice.com #SpySweeperCASS
    127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS
    127.0.0.1 adtegrity.thruport.com #SpySweeperCASS
    127.0.0.1 a.mktw.net #SpySweeperCASS
    127.0.0.1 ads.pennyweb.com #SpySweeperCASS
    127.0.0.1 www3.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 www4.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 www6.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 www8.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 www15.ad.tomshardware.com #SpySweeperCASS
    127.0.0.1 ads.forbes.com #SpySweeperCASS
    127.0.0.1 ads.desmoinesregister.com #SpySweeperCASS
    127.0.0.1 adserver.tribuneinteractive.com #SpySweeperCASS
    127.0.0.1 bannerads.anytimenews.com #SpySweeperCASS
    127.0.0.1 ads1.condenet.com #SpySweeperCASS
    127.0.0.1 adserver.anm.co.uk #SpySweeperCASS
    127.0.0.1 zrap.zdnet.com.com #SpySweeperCASS
    127.0.0.1 bidclix.net #SpySweeperCASS
    127.0.0.1 media.popuptraffic.com #SpySweeperCASS
    127.0.0.1 coreg.flashtrack.net #SpySweeperCASS
    127.0.0.1 rmads.msn.com #SpySweeperCASS
    127.0.0.1 ads.icq.com #SpySweeperCASS
    127.0.0.1 cb.icq.com #SpySweeperCASS
    127.0.0.1 cf.icq.com #SpySweeperCASS
    127.0.0.1 www2.newtopsites.com #SpySweeperCASS
    127.0.0.1 adserv.internetfuel.com #SpySweeperCASS
    127.0.0.1 images.fastclick.net #SpySweeperCASS
    127.0.0.1 adserver.securityfocus.com #SpySweeperCASS
    127.0.0.1 www.avsads.com #SpySweeperCASS
    127.0.0.1 banners.moviegoods.com #SpySweeperCASS
    127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS
    127.0.0.1 ads.iambic.com #SpySweeperCASS
    127.0.0.1 sfads.osdn.com #SpySweeperCASS
    127.0.0.1 fl01.ct2.comclick.com #SpySweeperCASS
    127.0.0.1 adserver.phillyburbs.com #SpySweeperCASS
    127.0.0.1 marketing.nyi.net #SpySweeperCASS
    127.0.0.1 www.netflip.com #SpySweeperCASS
    127.0.0.1 image.imgfarm.com #SpySweeperCASS
    127.0.0.1 ads.viaarena.com #SpySweeperCASS
    127.0.0.1 phpads2.cnpapers.com #SpySweeperCASS
    127.0.0.1 ads.astalavista.us #SpySweeperCASS
    127.0.0.1 banner.coza.com #SpySweeperCASS
    127.0.0.1 adcreative.tribuneinteractive.com #SpySweeperCASS
    127.0.0.1 ads.democratandchronicle.com #SpySweeperCASS
    127.0.0.1 adlog.com.com #SpySweeperCASS
    127.0.0.1 adimg.com.com #SpySweeperCASS
    127.0.0.1 adimage.bankrate.com #SpySweeperCASS
    127.0.0.1 ads.mediadevil.com #SpySweeperCASS
    127.0.0.1 imageserv.adtech.de #SpySweeperCASS
    127.0.0.1 ad.se.doubleclick.net #SpySweeperCASS
    127.0.0.1 ads.cashsurfers.com #SpySweeperCASS
    127.0.0.1 ads.specificpop.com #SpySweeperCASS
    127.0.0.1 z1.adserver.com #SpySweeperCASS
    127.0.0.1 images.bizrate.com #SpySweeperCASS
    127.0.0.1 q.pni.com #SpySweeperCASS
    127.0.0.1 ad01.mediacorpsingapore.com #SpySweeperCASS
    127.0.0.1 adimage.asia1.com.sg #SpySweeperCASS
    127.0.0.1 images.newsx.cc #SpySweeperCASS
    127.0.0.1 www.adireland.com #SpySweeperCASS
    127.0.0.1 ads.iafrica.com #SpySweeperCASS
    127.0.0.1 ads.nyi.net #SpySweeperCASS
    127.0.0.1 geoads.osdn.com #SpySweeperCASS
    127.0.0.1 www.crisscross.com #SpySweeperCASS
    127.0.0.1 netcomm.spinbox.net #SpySweeperCASS
    127.0.0.1 ads.videoaxs.com #SpySweeperCASS
    127.0.0.1 mediamgr.ugo.com #SpySweeperCASS
    127.0.0.1 adserver.pollstar.com #SpySweeperCASS
    127.0.0.1 information.gopher.com #SpySweeperCASS
    127.0.0.1 ads.adviva.net #SpySweeperCASS
    127.0.0.1 adsrv.bankrate.com #SpySweeperCASS
    127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS
    127.0.0.1 ehg-bestbuy.hitbox.com #SpySweeperCASS
    127.0.0.1 ehg-intel.hitbox.com #SpySweeperCASS
    127.0.0.1 ehg-espn.hitbox.com #SpySweeperCASS
    127.0.0.1 ehg-macromedia.hitbox.com #SpySweeperCASS
    127.0.0.1 ehg-dig.hitbox.com #SpySweeperCASS
    127.0.0.1 speed.pointroll.com #SpySweeperCASS
    127.0.0.1 amch.questionmarket.com #SpySweeperCASS
    127.0.0.1 ads.gamespy.com #SpySweeperCASS
    127.0.0.1 spd.atdmt.com #SpySweeperCASS
    127.0.0.1 ads.columbian.com #SpySweeperCASS
    127.0.0.1 clickit.go2net.com #SpySweeperCASS
    127.0.0.1 vpdc.ru4.com #SpySweeperCASS
    127.0.0.1 ads.developershed.com #SpySweeperCASS
    127.0.0.1 ads.globeandmail.com #SpySweeperCASS
    127.0.0.1 ads.nerve.com #SpySweeperCASS
    127.0.0.1 iv.doubleclick.net #SpySweeperCASS
    127.0.0.1 ads2.condenet.com #SpySweeperCASS
    127.0.0.1 www.burstnet.com #SpySweeperCASS
    127.0.0.1 ads5.canoe.ca #SpySweeperCASS
    127.0.0.1 askmen.thruport.com #SpySweeperCASS
    127.0.0.1 adsrv2.gainesvillesun.com #SpySweeperCASS
    127.0.0.1 ads.theolympian.com #SpySweeperCASS
    127.0.0.1 ads.courierpostonline.com #SpySweeperCASS
    127.0.0.1 i.timeinc.net #SpySweeperCASS
    127.0.0.1 oasads.whitepages.com #SpySweeperCASS
    127.0.0.1 rad.msn.com #SpySweeperCASS
    127.0.0.1 serve.thisbanner.com #SpySweeperCASS
    127.0.0.1 images.trafficmp.com #SpySweeperCASS
    127.0.0.1 www.kaplanindex.com #SpySweeperCASS
    127.0.0.1 kaplanindex.com #SpySweeperCASS
    127.0.0.1 1.httpdads.com #SpySweeperCASS
    127.0.0.1 spinbox.maccentral.com #SpySweeperCASS
    127.0.0.1 akaads-abc.starwave.com #SpySweeperCASS
    127.0.0.1 webad.ajeeb.com #SpySweeperCASS
    127.0.0.1 ads.granadamedia.com #SpySweeperCASS
    127.0.0.1 oas.uniontrib.com #SpySweeperCASS
    127.0.0.1 ads.wnd.com #SpySweeperCASS
    127.0.0.1 a3.suntimes.com #SpySweeperCASS
    127.0.0.1 tmsads.tribune.com #SpySweeperCASS
    127.0.0.1 ads.peel.com #SpySweeperCASS
    127.0.0.1 ads.mh5.com #SpySweeperCASS
    127.0.0.1 ad.usatoday.com #SpySweeperCASS
    127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS
    127.0.0.1 ads.mediaturf.net #SpySweeperCASS
    127.0.0.1 ads4.clearchannel.com #SpySweeperCASS
    127.0.0.1 ads.clearchannel.com #SpySweeperCASS
    127.0.0.1 ads2.clearchannel.com #SpySweeperCASS
    127.0.0.1 ads.jacksonsun.com #SpySweeperCASS
    127.0.0.1 servads.aip.org #SpySweeperCASS
    127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS
    127.0.0.1 adng.ascii24.com #SpySweeperCASS
    127.0.0.1 engage.speedera.net #SpySweeperCASS
    127.0.0.1 ads.msn-ppe.com #SpySweeperCASS
    127.0.0.1 ad.openfind.com.tw #SpySweeperCASS
    127.0.0.1 adi.mainichi.co.jp #SpySweeperCASS
    127.0.0.1 ads.northjersey.com #SpySweeperCASS
    127.0.0.1 ad.moscowtimes.ru #SpySweeperCASS
    127.0.0.1 banners.valuead.com #SpySweeperCASS
    127.0.0.1 ad1.aaddzz.com #SpySweeperCASS
    127.0.0.1 ds.eyeblaster.com #SpySweeperCASS
    127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS
    127.0.0.1 oas.uniontrib.com #SpySweeperCASS
    127.0.0.1 ads.statesmanjournal.com #SpySweeperCASS
    127.0.0.1 ads.centralohio.com #SpySweeperCASS

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: DhcpNameServer=194.117.200.10 194.117.200.15
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    ENSUITE

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 3

    15/09/2008 13:15:21
    mbam-log-2008-09-15 (13-15-21).txt

    Type de recherche: Examen rapide
    Eléments examinés: 24350
    Temps écoulé: 4 minute(s), 3 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    puis RE MBAM

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 3

    15/09/2008 13:27:35
    mbam-log-2008-09-15 (13-27-35).txt

    Type de recherche: Examen rapide
    Eléments examinés: 49284
    Temps écoulé: 5 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    D:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    D:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

    et enfin
    SmitFraudFix v2.351

    Rapport fait à 6:35:28,00, 16/09/2008
    Executé à partir de D:\Documents and Settings\admin\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    H:\Windows.old\Windows\system32\ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\UPHClean\uphclean.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\Program Files\Alwil Software\Avast4\setup\avast.setup
    D:\Documents and Settings\admin\Bureau\SmitfraudFix\Policies.exe
    D:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» D:\

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\admin

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\admin\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\admin\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: DhcpNameServer=194.117.200.10 194.117.200.15
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  7. doudou
     
    voici le rapport

    [b]SDFix: Version 1.225 [/b]
    Run by admin on 17/09/2008 at 06:07

    Microsoft Windows XP [version 5.1.2600]
    Running From: D:\Documents and Settings\admin\Bureau\SDFix

    [b]Checking Services [/b]:

    Rootkit Found :
    D:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku

    [b]Name [/b]:
    tdssserv

    [b]Path [/b]:
    \systemroot\system32\drivers\TDSSserv.sys

    tdssserv - Deleted

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    D:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
    D:\WINDOWS\system32\TFTP1008 - Deleted
    D:\WINDOWS\system32\TFTP1272 - Deleted
    D:\WINDOWS\system32\TFTP160 - Deleted
    D:\WINDOWS\system32\TFTP1708 - Deleted
    D:\WINDOWS\system32\TFTP252 - Deleted
    D:\WINDOWS\system32\TFTP2660 - Deleted
    D:\WINDOWS\system32\TFTP2688 - Deleted
    D:\WINDOWS\system32\TFTP2804 - Deleted
    D:\WINDOWS\system32\TFTP2940 - Deleted
    D:\WINDOWS\system32\TFTP3548 - Deleted
    D:\WINDOWS\system32\TFTP4548 - Deleted
    D:\WINDOWS\system32\TFTP4656 - Deleted
    D:\WINDOWS\system32\TFTP480 - Deleted
    D:\WINDOWS\system32\TFTP4832 - Deleted
    D:\WINDOWS\system32\TFTP7788 - Deleted
    D:\WINDOWS\system32\TFTP7928 - Deleted
    D:\WINDOWS\system32\TFTP7944 - Deleted
    D:\WINDOWS\system32\TFTP860 - Deleted
    D:\WINDOWS\system32\TFTP868 - Deleted
    D:\WINDOWS\system32\drivers\tdssserv.sys - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-17 06:28:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
    "ujdew"=hex:20,02,00,00,b6,b5,98,c5,76,06,55,59,92,2d,2b,3b,d7,88,b3,07,9d,..
    "ljej40"=hex:3b,ef,cf,15,2d,71,3d,4f,dd,d4,a4,73,02,e6,24,b9,c2,42,19,fa,39,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120% (Trial Version)"

    scanning hidden files ...

    D:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData_10685.xml 59206 bytes
    D:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData_10687.xml 1444 bytes
    D:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData_10689.xml 30628 bytes
    D:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData_10691.xml 3592 bytes
    D:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData_10693.xml 15574 bytes
    D:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData_10695.xml 11298 bytes
    D:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData_10697.xml 1576 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 7

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "D:\\WINDOWS\\system32\\sessmgr.exe"="D:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
    "D:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="D:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:Enabled:SoF2MP"
    "D:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_2_6.EXE"="D:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_2_6.EXE:*:Enabled:LiveUpdate Engine COM Module"
    "D:\\Program Files\\ABC\\abc.exe"="D:\\Program Files\\ABC\\abc.exe:*:Enabled:abc"
    "D:\\Program Files\\NetMeeting\\conf.exe"="D:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
    "D:\\Program Files\\Azureus\\Azureus.exe"="D:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "D:\\WINDOWS\\system32\\dplaysvr.exe"="D:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
    "D:\\Program Files\\Pumpkin Studios\\Warzone2100\\warzone.exe"="D:\\Program Files\\Pumpkin Studios\\Warzone2100\\warzone.exe:*:Enabled:Warzone 2100"
    "D:\\WINDOWS\\system32\\mmc.exe"="D:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
    "D:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"="D:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
    "D:\\WINDOWS\\system32\\dpvsetup.exe"="D:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "D:\\WINDOWS\\system32\\rundll32.exe"="D:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "D:\\WINDOWS\\system32\\svchost.exe"="D:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
    "D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:LocalSubNet:Enabled:Internet Explorer"
    "D:\\WINDOWS\\system32\\dpnsvr.exe"="D:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "D:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="D:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
    "D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "D:\\Program Files\\uTorrent\\utorrent.exe"="D:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
    "D:\\Program Files\\Orbitdownloader\\orbitdm.exe"="D:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
    "D:\\Program Files\\Orbitdownloader\\orbitnet.exe"="D:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
    "D:\\Program Files\\Shareaza\\Shareaza.exe"="D:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
    "D:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="D:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - D:\DOCUME~1\admin\Bureau\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Thu 5 Jun 2003 24,576 ...H. --- "D:\Program Files\RamBoost XP\StopRam.exe"
    Sun 21 Jan 2007 1,004 ..SH. --- "D:\WINDOWS\system32\KGyGaAvL.sys"
    Tue 7 Sep 2004 4,348 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 6 Apr 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 15 May 2003 43,008 ...H. --- "D:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
    Sat 21 Jun 2003 377,344 ...H. --- "D:\Program Files\Smart Projects\IsoBuster\Help\AHlp.exe"

    [b]Finished![/b]
    0
    1. doudou
       
      et maintenant ? c'est bon ?
      0
  8. doudou
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:19:36, on 20/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    H:\Windows.old\Windows\system32\ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\Spyware Terminator\sp_rsser.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\Program Files\UPHClean\uphclean.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.club-internet.fr:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?4a05577529a849279da8f77e075acec
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?4a05577529a849279da8f77e075acec
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.bing.com/?cc=fr&toHttps=1&redig=8E4340E974D84321BBA663104F635D75
    O15 - Trusted Zone: https://www.orange.fr/portail
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: {02CA9974-B6AC-497E-A371-73580432B0F6} - https://imlive.com/ChatSource/gVideoContol.cab
    O16 - DPF: {10000001-1001-1001-1000-000000000000} -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sherred.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8ED577E0-25F4-4477-866B-3C572B7FB603} - http://viout.com/downloader/ViOutActive.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer = 192.168.1.1
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - H:\Windows.old\Windows\system32\ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - D:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sophos AutoUpdate Service - Unknown owner - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  9. doudou
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:19:36, on 20/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    H:\Windows.old\Windows\system32\ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\Spyware Terminator\sp_rsser.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\Program Files\UPHClean\uphclean.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.club-internet.fr:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?4a05577529a849279da8f77e075acec
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?4a05577529a849279da8f77e075acec
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.bing.com/?cc=fr&toHttps=1&redig=8E4340E974D84321BBA663104F635D75
    O15 - Trusted Zone: https://www.orange.fr/portail
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: {02CA9974-B6AC-497E-A371-73580432B0F6} - https://imlive.com/ChatSource/gVideoContol.cab
    O16 - DPF: {10000001-1001-1001-1000-000000000000} -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sherred.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8ED577E0-25F4-4477-866B-3C572B7FB603} - http://viout.com/downloader/ViOutActive.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer = 192.168.1.1
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - H:\Windows.old\Windows\system32\ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - D:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sophos AutoUpdate Service - Unknown owner - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  10. doudou
     
    pour info il n'y a pas (ou plus) d'installation et donc de raccourci pour toolbar
    voici le rapport merci
    -----------\\ ToolBar S&D 1.2.0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.60GHz )
    BIOS : Award Modular BIOS v6.0
    USER : admin ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1201 [VPS 080920-0] 4.8.1201 (Activated)
    Firewall : Sunbelt Kerio Personal Firewall 4.3.268 T (Activated)
    A:\ (USB)
    C:\ (Local Disk) - FAT32 - Total : 6 Go Free : 5 Go
    D:\ (Local Disk) - NTFS - Total : 40 Go Free : 1 Go
    E:\ (Local Disk) - FAT32 - Total : 3 Go Free : 2 Go
    F:\ (Local Disk) - NTFS - Total : 92 Go Free : 22 Go
    G:\ (Local Disk) - NTFS - Total : 48 Go Free : 7 Go
    H:\ (Local Disk) - NTFS - Total : 34 Go Free : 9 Go
    I:\ (Local Disk) - NTFS - Total : 92 Go Free : 1 Go
    K:\ (CD or DVD)
    L:\ (CD or DVD)
    M:\ (CD or DVD)

    "D:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
    Option : [1] ( 21/09/2008| 6:51 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    D:\Program Files\Crawler
    D:\Program Files\Crawler\Download
    D:\Program Files\Crawler\Toolbar
    D:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
    D:\DOCUME~1\admin\Cookies\admin@dnl.crawler[1].txt
    D:\WINDOWS\iun6002.exe

    -----------\\ Extensions

    (admin) - {84b24861-62f6-364b-eba5-2e5e2061d7e6} => mediaplayerconnectivity
    (admin) - {25A1388B-6B18-46c3-BEBA-A81915D0DE8F} => qls
    (admin) - {34274bf4-1d97-a289-e984-17e546307e4f} => adblock
    (admin) - {55041010-54F1-412e-8177-2E411719162D} => Torpark%20Theme
    (admin) - {65f3d609-18c1-4f62-bcef-1973b6abeab4} => restartfirefox
    (admin) - {73a6fe31-595d-460b-a920-fcc0f8843232} => noscript
    (admin) - {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} => torbutton
    (admin) - {e411bb40-b04c-11d8-92e7-00d09e0179f2} => firesomething

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="D:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.google.com/search?q=reglage+bios++DD+hitachi+HDT+sata&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&gws_rd=ssl"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Url"="http://www.microsoft.com/athome/community/rss.xml"
    "Url"="http://www.microsoft.com/atwork/community/rss.xml"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
    "Local Page"="D:\\windows\\system32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    D:\WINDOWS\exefnd
    [b]==> BAGLE <==/b

    --------------------\\ ROGUES ..

    D:\PROGRA~1\Privacy Guardian

    --------------------\\ Cracks & Keygens ..

    D:\DOCUME~1\admin\Bureau\UTILITAIRES de copies nettoyages securit‚\COPIER\isobuster keygen.exe
    D:\DOCUME~1\admin\Bureau\video\RealPlayer10GOLD KeyGen.exe
    D:\DOCUME~1\admin\Favoris\Gaetan\Crack-hack
    D:\DOCUME~1\admin\Favoris\Gaetan\Crack-hack\Cocoenforce hacking.url
    D:\DOCUME~1\admin\Favoris\Gaetan\Crack-hack\TorrentResource.com Votre r‚f‚rence en matiŠre de Torrent!.url
    D:\DOCUME~1\admin\Favoris\pirate\CRACKMANWORLD PARCHES - DESCARGAR PARCHE Singles v1.2 Alex_DjRoman.url
    D:\DOCUME~1\admin\Favoris\pirate\CRACKMANWORLD PARCHES - PC.url
    D:\DOCUME~1\admin\Favoris\pirate\partition magic 8 - CrackYard.com - Crack, Serials, Keygens, Patches.url
    D:\DOCUME~1\admin\Favoris\pirate\ AstaLaVista.US - kapere - unlock software with cracks - serials - keygens - loaders.url
    D:\DOCUME~1\admin\Favoris\pirate\ code crack La liste des sites pour code crack.url
    D:\DOCUME~1\admin\Favoris\TELEcharger\crack no cd jeu pc, tout sur crack no cd jeu pc.url

    1 - "D:\ToolBar SD\TB_1.txt" - 21/09/2008| 6:57 - Option : [1]

    -----------\\ Fin du rapport a 6:57:24,12
    0
  11. doudou
     
    je pensais que tu voulais comparer apres
    voici le rapport
    -----------\\ ToolBar S&D 1.2.0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.60GHz )
    BIOS : Award Modular BIOS v6.0
    USER : admin ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1201 [VPS 080920-0] 4.8.1201 (Activated)
    Firewall : Sunbelt Kerio Personal Firewall 4.3.268 T (Activated)
    A:\ (USB)
    C:\ (Local Disk) - FAT32 - Total : 6 Go Free : 5 Go
    D:\ (Local Disk) - NTFS - Total : 40 Go Free : 1 Go
    E:\ (Local Disk) - FAT32 - Total : 3 Go Free : 2 Go
    F:\ (Local Disk) - NTFS - Total : 92 Go Free : 22 Go
    G:\ (Local Disk) - NTFS - Total : 48 Go Free : 7 Go
    H:\ (Local Disk) - NTFS - Total : 34 Go Free : 9 Go
    I:\ (Local Disk) - NTFS - Total : 92 Go Free : 1 Go
    K:\ (CD or DVD)
    L:\ (CD or DVD)
    M:\ (CD or DVD)

    "D:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
    Option : [2] ( 21/09/2008| 8:36 )

    -----------\\ SUPPRESSION

    Supprime! - D:\Program Files\Crawler\Download
    Supprime! - D:\Program Files\Crawler\Toolbar
    Supprime! - D:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
    Supprime! - D:\DOCUME~1\admin\Cookies\admin@dnl.crawler[1].txt
    Supprime! - D:\WINDOWS\iun6002.exe
    Supprime! - D:\Program Files\Crawler

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (admin) - {84b24861-62f6-364b-eba5-2e5e2061d7e6} => mediaplayerconnectivity
    (admin) - {25A1388B-6B18-46c3-BEBA-A81915D0DE8F} => qls
    (admin) - {34274bf4-1d97-a289-e984-17e546307e4f} => adblock
    (admin) - {55041010-54F1-412e-8177-2E411719162D} => Torpark%20Theme
    (admin) - {65f3d609-18c1-4f62-bcef-1973b6abeab4} => restartfirefox
    (admin) - {73a6fe31-595d-460b-a920-fcc0f8843232} => noscript
    (admin) - {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} => torbutton
    (admin) - {e411bb40-b04c-11d8-92e7-00d09e0179f2} => firesomething

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="D:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.google.com/search?q=reglage+bios++DD+hitachi+HDT+sata&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&gws_rd=ssl"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Url"="http://www.microsoft.com/athome/community/rss.xml"
    "Url"="http://www.microsoft.com/atwork/community/rss.xml"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Local Page"="D:\\windows\\system32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    D:\WINDOWS\exefnd
    [b]==> BAGLE <==/b

    --------------------\\ ROGUES ..

    D:\PROGRA~1\Privacy Guardian

    --------------------\\ Cracks & Keygens ..

    D:\DOCUME~1\admin\Bureau\UTILITAIRES de copies nettoyages securit‚\COPIER\isobuster keygen.exe
    D:\DOCUME~1\admin\Bureau\video\RealPlayer10GOLD KeyGen.exe
    D:\DOCUME~1\admin\Favoris\Gaetan\Crack-hack
    D:\DOCUME~1\admin\Favoris\Gaetan\Crack-hack\Cocoenforce hacking.url
    D:\DOCUME~1\admin\Favoris\Gaetan\Crack-hack\TorrentResource.com Votre r‚f‚rence en matiŠre de Torrent!.url
    D:\DOCUME~1\admin\Favoris\pirate\CRACKMANWORLD PARCHES - DESCARGAR PARCHE Singles v1.2 Alex_DjRoman.url
    D:\DOCUME~1\admin\Favoris\pirate\CRACKMANWORLD PARCHES - PC.url
    D:\DOCUME~1\admin\Favoris\pirate\partition magic 8 - CrackYard.com - Crack, Serials, Keygens, Patches.url
    D:\DOCUME~1\admin\Favoris\pirate\ AstaLaVista.US - kapere - unlock software with cracks - serials - keygens - loaders.url
    D:\DOCUME~1\admin\Favoris\pirate\ code crack La liste des sites pour code crack.url
    D:\DOCUME~1\admin\Favoris\TELEcharger\crack no cd jeu pc, tout sur crack no cd jeu pc.url

    1 - "D:\ToolBar SD\TB_1.txt" - 21/09/2008| 6:57 - Option : [1]
    2 - "D:\ToolBar SD\TB_2.txt" - 21/09/2008| 8:46 - Option : [2]

    -----------\\ Fin du rapport a 8:46:21,29
    0
  12. doudou
     
    ----------------- FindyKill V3.O95 -----------------

    * User : admin Platform : Windows XP
    * Suppression effectuée à 17:53:42 le 22/09/2008
    * Emplacement : D:\Program Files\FindyKill\FindyKill.exe
    * Outils Mis a jours le 20/09/08 par Chiquitine29

    »»»» Suppression des fichiers dans D:

    »»»» Suppression des fichiers dans D:\WINDOWS

    Supprimé ! - "D:\WINDOWS\exefnd"

    »»»» Suppression des fichiers dans D:\WINDOWS\system32

    »»»» Suppression des fichiers dans D:\WINDOWS\system32\drivers

    »»»» Suppression des fichiers dans D:\Documents and Settings\admin\Application Data

    »»»» Suppression des fichiers dans D:\WINDOWS\Prefetch

    »»»» Suppression des fichiers dans D:\DOCUME~1\admin\LOCALS~1\Temp

    Supprimé ! - "D:\DOCUME~1\admin\LOCALS~1\Temp\jusched.log"
    Supprimé ! - "D:\DOCUME~1\admin\LOCALS~1\Temp\swt-gdip-win32-3430.dll"
    Supprimé ! - "D:\DOCUME~1\admin\LOCALS~1\Temp\swt-win32-3430.dll"

    -----------------*** Verification ***----------------

    »»»» Suppression des fichiers dans D:

    »»»» Presence des fichiers dans D:

    »»»» Presence des fichiers dans D:\WINDOWS

    »»»» Presence des fichiers dans D:\WINDOWS\Prefetch

    »»»» Presence des fichiers dans D:\WINDOWS\system32

    »»»» Presence des fichiers dans D:\WINDOWS\system32\drivers

    »»»» Presence des fichiers dans D:\Documents and Settings\admin\Application Data

    »»»» Suppression des clefs du registre..

    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA " - Supprimé !
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA " - Supprimé !

    »»»» Suppression des clefs du registre effectuée !

    »»»» Affichage des fichiers cachés réparé !

    »»»» Services de securité Windows redemarré !

    »»»» Suppression des fichiers temporaires :

    »»»»»»»»»»»»»»»»»»»» OK!

    »»»» Suppression des fichiers dans Support amovible :

    ----------- ! Nettoyage realisé avec succès ! -----------

    »»»» Recherche d autres infections :

    D:\Documents and Settings\admin\Bureau\JEUX ODILE\belwed-deluxe edition\sounds\cached_firecrackle.wav
    D:\Documents and Settings\admin\Bureau\JEUX ODILE\belwed-deluxe edition\sounds\firecrackle.ogg
    D:\Documents and Settings\admin\Bureau\UTILITAIRES de copies nettoyages securit‚\COPIER\isobuster keygen.exe
    D:\Documents and Settings\admin\Bureau\video\RealPlayer10GOLD KeyGen.exe
    D:\Documents and Settings\admin\Favoris\Gaetan\Crack-hack
    D:\Documents and Settings\admin\Favoris\Gaetan\Crack-hack\Cocoenforce hacking.url
    D:\Documents and Settings\admin\Favoris\Gaetan\Crack-hack\TorrentResource.com Votre r‚f‚rence en matiŠre de Torrent!.url
    D:\Documents and Settings\admin\Favoris\pirate\CRACKMANWORLD PARCHES - DESCARGAR PARCHE Singles v1.2 Alex_DjRoman.url
    D:\Documents and Settings\admin\Favoris\pirate\CRACKMANWORLD PARCHES - PC.url
    D:\Documents and Settings\admin\Favoris\pirate\partition magic 8 - CrackYard.com - Crack, Serials, Keygens, Patches.url
    D:\Documents and Settings\admin\Favoris\pirate\ AstaLaVista.US - kapere - unlock software with cracks - serials - keygens - loaders.url
    D:\Documents and Settings\admin\Favoris\pirate\ code crack La liste des sites pour code crack.url
    D:\Documents and Settings\admin\Favoris\TELEcharger\crack no cd jeu pc, tout sur crack no cd jeu pc.url
    D:\Documents and Settings\admin\Favoris\video upskirt\Crackle - Stream On.url
    D:\Documents and Settings\admin\Menu D‚marrer\Programmes\Ultimate ZIP Cracker
    D:\Documents and Settings\admin\Menu D‚marrer\Programmes\Ultimate ZIP Cracker\Ultimate ZIP Cracker release notes.html
    D:\Documents and Settings\admin\Menu D‚marrer\Programmes\Ultimate ZIP Cracker\Ultimate ZIP Cracker.lnk

    ------------------ ! Fin du rapport ! --------------------
    0
  13. doudou
     
    comme je le dit plus haut , ce pc n'est pas a moi, c'est un pote qui me la confié
    qui conait un copain qui conait un mec qui si connait super bien LOL
    donc , ya plein de n'importe quoi sur ce pc, et ca m'etonerais qu'il est paye bitedefender
    d'ailleur je ne l'avait pas vu, il n'apparait pas dans la barre des taches il y a juste avast
    et j'ai rajouté moi meme spyware terminator dernierement
    le mieu serai de le desinstallé ?
    0
  14. doudou
     
    bon j'ai desinstalle un max et meme un peu plus

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:36:25, on 25/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    H:\Windows.old\Windows\system32\ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\Spyware Terminator\sp_rsser.exe
    D:\Program Files\UPHClean\uphclean.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.club-internet.fr:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?4a05577529a849279da8f77e075acec
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?4a05577529a849279da8f77e075acec
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.bing.com/?cc=fr&toHttps=1&redig=8E4340E974D84321BBA663104F635D75
    O15 - Trusted Zone: https://www.orange.fr/portail
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: {02CA9974-B6AC-497E-A371-73580432B0F6} - https://imlive.com/ChatSource/gVideoContol.cab
    O16 - DPF: {10000001-1001-1001-1000-000000000000} -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://sherred.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8ED577E0-25F4-4477-866B-3C572B7FB603} - http://viout.com/downloader/ViOutActive.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer = 192.168.1.1
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - H:\Windows.old\Windows\system32\ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    0
  15. doudou
     
    bon j'ai desinstalle un max et meme un peu plus

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:36:25, on 25/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    H:\Windows.old\Windows\system32\ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\Spyware Terminator\sp_rsser.exe
    D:\Program Files\UPHClean\uphclean.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.club-internet.fr:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?4a05577529a849279da8f77e075acec
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?4a05577529a849279da8f77e075acec
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - D:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.bing.com/?cc=fr&toHttps=1&redig=8E4340E974D84321BBA663104F635D75
    O15 - Trusted Zone: https://www.orange.fr/portail
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: {02CA9974-B6AC-497E-A371-73580432B0F6} - https://imlive.com/ChatSource/gVideoContol.cab
    O16 - DPF: {10000001-1001-1001-1000-000000000000} -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://sherred.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8ED577E0-25F4-4477-866B-3C572B7FB603} - http://viout.com/downloader/ViOutActive.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD905C33-1463-4529-AE48-173685199FBF}: NameServer = 192.168.1.1
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - H:\Windows.old\Windows\system32\ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    0
  16. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    - Enregistre-le sur le bureau

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

    - Un rapport sera généré, poste-le dans ta prochaine réponse stp.

    Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php

    -1
  17. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Juste pour dire que SDFix est efficace contre le rootkit qu'il a.
    -1
  18. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    D'accord, merci Destrio :)

    Doudou :

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.

    • Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur une touche pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !

    -1
  19. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Je vais m'occuper de toi.

    Poste un nouveau rapport HijackThis.
    -1
  20. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Excuse moi pour le délai de réponse, je n'ai pas pu revenir depuis 2 jours.

    Je laisse Destrio continuer de t'aider ;)

    -1
  21. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ok anthony5151.
    -1
    1. doudou
       
      ok la je ne peu pas , j'y retourne demain et je vous envoye ca
      0
  • 1
  • 2