Votre question

Impossible de suprimmer le trojan !! [RESOLU]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Décembre 2007 00:59:20

bonjour

voila jai découvert un trojan grace a kaspersky a cette endroit :

c:\windows\system32\cmcfg3.dll

il me dit sa:

cheval de troie:
Trojan.Win32.BHO.agz

Mais il impossible de le suprimer !! jai éssayer en mode sans échec mais sa ne marche pas donc jai telecharger unlocker mes rien a faire il veut pas d'effacer.

si vous savier comment faire ?? je vous remercie

Autres pages sur : impossible suprimmer trojan resolu

31 Décembre 2007 19:53:06



voila le raport kill.cmd [/#c60038]:

C:\WINDOWS\system32\cmcfg3.dll - Trouve !

Et voila le raport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:03, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.249.93.99 www.google.fr
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [burn long] C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7806 bytes
Contenus similaires
a b 8 Sécurité
1 Janvier 2008 14:15:40

Re,

Télécharge Lop S&D.exe sur ton Bureau.
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    1 Janvier 2008 20:35:24

    Voila mon rapport :


    [#c60038]-----------------------------[ Lop S&D 2.0.2.b ]---------------------------

    Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

    "C:\Program Files\Lop SD"

    [ 01/01/2008 | 20:17:31,09 ] [ C156FA7ABCBB40A ]


    -------------[ Listing des dossiers dans Application Data ]------------

    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
    C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
    C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
    C:\Documents and Settings\All Users\APPLIC~1\avg7
    C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
    C:\Documents and Settings\All Users\APPLIC~1\Apple
    C:\Documents and Settings\All Users\APPLIC~1\CenerTCPMessenger
    C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
    C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
    C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
    C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
    C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
    C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft

    C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
    C:\Documents and Settings\Default User\APPLIC~1\Microsoft

    C:\Documents and Settings\joe\APPLIC~1\Microsoft
    C:\Documents and Settings\joe\APPLIC~1\AVG7
    C:\Documents and Settings\joe\APPLIC~1\teamspeak2
    C:\Documents and Settings\joe\APPLIC~1\Apple Computer
    C:\Documents and Settings\joe\APPLIC~1\BitTorrent
    C:\Documents and Settings\joe\APPLIC~1\FrostWire
    C:\Documents and Settings\joe\APPLIC~1\Media Player Classic
    C:\Documents and Settings\joe\APPLIC~1\Mozilla
    C:\Documents and Settings\joe\APPLIC~1\Participatory Culture Foundation
    C:\Documents and Settings\joe\APPLIC~1\LimeWire
    C:\Documents and Settings\joe\APPLIC~1\Newsbin
    C:\Documents and Settings\joe\APPLIC~1\Ahead
    C:\Documents and Settings\joe\APPLIC~1\Nero
    C:\Documents and Settings\joe\APPLIC~1\Lavasoft
    C:\Documents and Settings\joe\APPLIC~1\UnH Solutions
    C:\Documents and Settings\joe\APPLIC~1\WinRAR
    C:\Documents and Settings\joe\APPLIC~1\Avant Profiles
    C:\Documents and Settings\joe\APPLIC~1\Macromedia
    C:\Documents and Settings\joe\APPLIC~1\desktop.ini
    C:\Documents and Settings\joe\APPLIC~1\Xentient
    C:\Documents and Settings\joe\APPLIC~1\Styler
    C:\Documents and Settings\joe\APPLIC~1\Identities

    C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
    C:\Documents and Settings\LocalService\APPLIC~1\AVG7

    C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
    C:\Documents and Settings\NetworkService\APPLIC~1\AVG7

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [31/12/2007 23:00][--ah-----]C:\WINDOWS\tasks\A9C0666D91C01AFD.job
    [01/01/2008 20:10][--ah-----]C:\WINDOWS\tasks\SA.DAT
    [28/08/2004 14:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    C:\Program Files\Ad-Aware
    C:\Program Files\Adssite Games Collection
    C:\Program Files\Alwil Software
    C:\Program Files\AMD
    C:\Program Files\Apple Software Update
    C:\Program Files\AskSBar
    C:\Program Files\AusLogics Disk Defrag
    C:\Program Files\Avant Browser
    C:\Program Files\BitComet
    C:\Program Files\BitTorrent
    C:\Program Files\Cener Development
    C:\Program Files\Circle Developement
    C:\Program Files\Compare It!
    C:\Program Files\ComPlus Applications
    C:\Program Files\Crux Calculator v5
    C:\Program Files\Everest
    C:\Program Files\Fichiers communs
    C:\Program Files\Foreignword
    C:\Program Files\FoxitReader
    C:\Program Files\FrostWire
    C:\Program Files\Grisoft
    C:\Program Files\Hercules
    C:\Program Files\IE Privacy Keeper
    C:\Program Files\Internet Explorer
    C:\Program Files\iPod
    C:\Program Files\iTunes
    C:\Program Files\Java
    C:\Program Files\Kaspersky Lab
    C:\Program Files\K-Lite Codec Pack
    C:\Program Files\LimeWire
    C:\Program Files\Lop SD
    C:\Program Files\Messenger Plus! Live
    C:\Program Files\microsoft frontpage
    C:\Program Files\movie maker
    C:\Program Files\msn gaming zone
    C:\Program Files\MSN Messenger
    C:\Program Files\MSXML 4.0
    C:\Program Files\MSXML 6.0
    C:\Program Files\Nero
    C:\Program Files\Nero Portable 8.1.1.0
    C:\Program Files\netmeeting
    C:\Program Files\NewsBin
    C:\Program Files\Occtpt
    C:\Program Files\Outlook Express
    C:\Program Files\Paint.NET
    C:\Program Files\Participatory Culture Foundation
    C:\Program Files\PKR
    C:\Program Files\Prophet Soft
    C:\Program Files\QuickTime
    C:\Program Files\SAGEM
    C:\Program Files\Soft4Ever
    C:\Program Files\Spybot
    C:\Program Files\Spybot - Search & Destroy
    C:\Program Files\Styler
    C:\Program Files\Teamspeak2_RC2
    C:\Program Files\Trend Micro
    C:\Program Files\TweakRAM
    C:\Program Files\UberIcon
    C:\Program Files\Unlocker
    C:\Program Files\Windows Live
    C:\Program Files\Windows Media Connect 2
    C:\Program Files\Windows Media Player
    C:\Program Files\windows nt
    C:\Program Files\Windows Sidebar
    C:\Program Files\WinRAR
    C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    C:\Program Files\Fichiers communs\Ahead
    C:\Program Files\Fichiers communs\Apple
    C:\Program Files\Fichiers communs\InstallShield
    C:\Program Files\Fichiers communs\Java
    C:\Program Files\Fichiers communs\Logitech
    C:\Program Files\Fichiers communs\Microsoft Shared
    C:\Program Files\Fichiers communs\MSSoap
    C:\Program Files\Fichiers communs\ODBC
    C:\Program Files\Fichiers communs\Services
    C:\Program Files\Fichiers communs\SpeechEngines
    C:\Program Files\Fichiers communs\System

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\DOCUME~1\joe\LOCALS~1\Temp\bisB.exe
    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\WINDOWS\Tasks\A9C0666D91C01AFD.job

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 localhost
    ::1 localhost
    127.0.0.1 rad.msn.com
    127.0.0.1 rad.live.com
    127.0.0.1 ads1.msn.com
    127.0.0.1 adfarm.mediaplex.com
    66.249.93.99 www.google.fr
    # ********************************************************#
    # ------------------Updated: 07-31-07---------------------#
    # ********************************************************#
    #start of lines added by WinHelp2002
    # [Misc A - Z]
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
    127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
    127.0.0.1 abc-search.info
    127.0.0.1 abloga.info #[Spamdexing]
    127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
    127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
    127.0.0.1 phpadsnew.abac.com
    127.0.0.1 a.abnad.net
    127.0.0.1 b.abnad.net
    127.0.0.1 c.abnad.net #[IE-SpyAd]
    127.0.0.1 d.abnad.net
    127.0.0.1 e.abnad.net
    127.0.0.1 t.abnad.net
    127.0.0.1 adv.abv.bg
    127.0.0.1 bimg.abv.bg
    127.0.0.1 www2.a-counter.kiev.ua
    127.0.0.1 accuserveadsystem.com
    127.0.0.1 www.accuserveadsystem.com
    127.0.0.1 gtcc1.acecounter.com
    127.0.0.1 gtp1.acecounter.com
    127.0.0.1 acestats.com
    127.0.0.1 www.acestats.com
    127.0.0.1 ads.active.com
    127.0.0.1 am1.activemeter.com
    127.0.0.1 www.activemeter.com
    127.0.0.1 ads.activepower.net
    127.0.0.1 at.ad2click.nl
    127.0.0.1 cms.ad2click.nl
    127.0.0.1 banner.ad.nu
    127.0.0.1 ad-up.com
    127.0.0.1 www.ad-up.com
    127.0.0.1 www.adagencypro.com
    127.0.0.1 adbest.com #[IE-SpyAd]
    127.0.0.1 ad.adbest.com
    127.0.0.1 ad.pop1.adbn.ru
    127.0.0.1 adserv.adbonus.com #[IE-SpyAd]
    127.0.0.1 www.adbonus.com
    127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie]
    127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de]
    127.0.0.1 adcp.adcentriconline.com
    127.0.0.1 bell.adcentriconline.com #[Wildcard DNS]
    127.0.0.1 media.adcentriconline.com #[IE-SpyAd]
    127.0.0.1 adcomplete.com #[IE-SpyAd]
    127.0.0.1 www.adcomplete.com
    127.0.0.1 www.adcopy.info
    127.0.0.1 axa.addcontrol.net #[Ewido.TrackingCookie.Addcontrol]
    127.0.0.1 ads.addynamix.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 e13.media.addynamix.com
    127.0.0.1 www.adeos.eu
    127.0.0.1 adcode.adengage.com
    127.0.0.1 stats2.adengage.com
    127.0.0.1 www.adengage.com
    127.0.0.1 pt.server1.adexit.com
    127.0.0.1 www.adexit.com #[IE-SpyAd]
    127.0.0.1 www.ad4ever.com #[IE-SpyAd]
    127.0.0.1 track.adform.net
    127.0.0.1 www.adfusion.com
    127.0.0.1 harvest.adgardener.com
    127.0.0.1 harvest8.adgardener.com
    127.0.0.1 harvest11.adgardener.com
    127.0.0.1 harvest12.adgardener.com
    127.0.0.1 harvest13.adgardener.com
    127.0.0.1 harvest163.adgardener.com
    127.0.0.1 seeds.adgardener.com
    127.0.0.1 www.adgroups.net
    127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code]
    127.0.0.1 www.adgauge.com
    127.0.0.1 host1.adhese.be #[Adhese Datamine Tag]
    127.0.0.1 host2.adhese.be
    127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net]
    127.0.0.1 host4.adhese.be
    127.0.0.1 ssl3.adhost.com #[IE-SpyAd]
    127.0.0.1 www2.adhost.com
    127.0.0.1 ads.adhostingsolutions.com
    127.0.0.1 www.adimpact.com
    127.0.0.1 www.adinventoryrecorder.com
    127.0.0.1 adfarm1.adition.com
    127.0.0.1 imagesrv.adition.com
    127.0.0.1 ad.adition.net
    127.0.0.1 adsearch.adkontekst.pl
    127.0.0.1 community.adlandpro.com #[Ad-Aware Tracking Cookie]
    127.0.0.1 pk.adlandpro.com
    127.0.0.1 te.adlandpro.com #[IE-SpyAd]
    127.0.0.1 trafficex.adlandpro.com
    127.0.0.1 www.adlandpro.com #[Ad-Aware Tracking Cookie]
    127.0.0.1 engine.adland.ru
    127.0.0.1 publicidad.adlead.com
    127.0.0.1 ad.adlegend.com #[affects Webroot AlertNet]
    127.0.0.1 media.adlegend.com
    127.0.0.1 www.adlimg03.com
    127.0.0.1 classic.adlink.de #[IE-SpyAd]
    127.0.0.1 regio.adlink.de
    127.0.0.1 west.adlink.de
    127.0.0.1 rc.de.adlink.net
    127.0.0.1 tr.de.adlink.net
    127.0.0.1 www.adminder.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 rms.admeta.com #[admeta.basefarm.net]
    127.0.0.1 ads.admodus.com
    127.0.0.1 ad.adnet.biz
    127.0.0.1 engine.adnet.ru
    127.0.0.1 ad2.adnetinteractive.com
    127.0.0.1 ad.adnetwork.com.br
    127.0.0.1 www.adnetworkonline.com
    127.0.0.1 s1.ad.adocean.pl #[Ewido.Spyware.Cookie.Adocean]
    127.0.0.1 s2.ad.adocean.pl
    127.0.0.1 s1.centrumcz.adocean.pl
    127.0.0.1 s1.czgde.adocean.pl
    127.0.0.1 s1.skgde.adocean.pl
    127.0.0.1 ad01.adonspot.com #[IE-SpyAd]
    127.0.0.1 ad02.adonspot.com
    127.0.0.1 isohunt.adonspot.com
    127.0.0.1 ab.adpro.com.ua
    127.0.0.1 ac.adpro.com.ua
    127.0.0.1 system.adquick.nl
    127.0.0.1 www.adquest.nl
    127.0.0.1 adreactor.com
    127.0.0.1 adserver.adreactor.com #[Ad-Aware.Tracking Cookie]
    127.0.0.1 adx.adrenaline.cz
    127.0.0.1 www.adsforindians.com
    127.0.0.1 ad.adrefer.net
    127.0.0.1 www.adreporting.com #[SunBelt.Adreporting.com]
    127.0.0.1 gambling911.adrevolver.com
    127.0.0.1 media.adrevolver.com #[Ad-Aware.Tracking Cookie]
    127.0.0.1 track.adrevolver.com #[McAfee.Cookie-Adrevolver]
    127.0.0.1 cntr.adrime.com
    127.0.0.1 images.adrime.com
    127.0.0.1 ad.adriver.ru
    127.0.0.1 www.adrotate.net
    127.0.0.1 serv.ad-rotator.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 ad.ads8.com
    127.0.0.1 vip.ads8.com
    127.0.0.1 www.ads183.com
    127.0.0.1 antevenio.flux.ads-click.com
    127.0.0.1 ad.ads.dk #[IE-SpyAd]
    127.0.0.1 tdkads.ads.dk
    127.0.0.1 adservercentral.com
    127.0.0.1 banners.adservercentral.com
    127.0.0.1 www.adservercentral.com #[SunBelt.adservercentral.com]
    127.0.0.1 adservicedomain.info
    127.0.0.1 adsfac.net #[Facilitate Tracking Code][IE-SpyAd]
    127.0.0.1 images.adshuffle.com
    127.0.0.1 this.content.served.by.adshuffle.com
    127.0.0.1 ad-soft.net #[regfreeze.net][IE-SpyAd]
    127.0.0.1 adsaway.com #[HTML/TrojanDownloader.Agent.BP trojan]
    127.0.0.1 www.adsaway.com #[Google.Warning]
    127.0.0.1 www.adshot.de
    127.0.0.1 allchix.adsmax.com
    127.0.0.1 www2.adsmax.com
    127.0.0.1 www.adsodainteractive.com
    127.0.0.1 37.adsonar.com
    127.0.0.1 ads.adsonar.com
    127.0.0.1 foxnews.adsonar.com
    127.0.0.1 js.adsonar.com
    127.0.0.1 redir.adsonar.com
    127.0.0.1 www.adspace.be
    127.0.0.1 g.adspeed.net
    127.0.0.1 serv.adspeed.com
    127.0.0.1 ads.adsponse.de
    127.0.0.1 www.adsprve1.com #[IE-SpyAd]
    127.0.0.1 adserve.adster.com
    127.0.0.1 images.adster.com
    127.0.0.1 adsvert.com
    127.0.0.1 o.adtargeter.com
    127.0.0.1 ads.adtiger.de
    127.0.0.1 www.adtiger.de
    127.0.0.1 ads.adgoto.com
    127.0.0.1 adsrv.admindshare.com
    127.0.0.1 adtology.com
    127.0.0.1 adtology2.com
    127.0.0.1 ad.adtoma.com
    127.0.0.1 downldcl.adtoolsinc.com
    127.0.0.1 www.adtoolsinc.com #[IE-SpyAd]
    127.0.0.1 www.adtrade.net
    127.0.0.1 www.adtrader.com #[IE-SpyAd]
    127.0.0.1 netshelter.adtrix.com
    127.0.0.1 ads.advancedpcmedia.com
    127.0.0.1 survey.advantageresearch.com #[IE-SpyAd]
    127.0.0.1 ad.adver.com.tw
    127.0.0.1 www.adventideas.com #[Adcycle]
    127.0.0.1 www.adversal.com
    127.0.0.1 www.adversalservers.com
    127.0.0.1 austria1.adverserve.net #[Ad-Aware.Tracking Cookie]
    127.0.0.1 ads.advertise.net #[IE-SpyAd]
    127.0.0.1 www.advertisingspaces.net
    127.0.0.1 www.advertisingstats.com #[IE-SpyAd]
    127.0.0.1 advertisingpurchase.com
    127.0.0.1 ad.adverticum.net
    127.0.0.1 img.adverticum.net
    127.0.0.1 imgs.adverticum.net
    127.0.0.1 ads.advertisingz.com
    127.0.0.1 ad.advertstream.com
    127.0.0.1 adviva.com #[IE-SpyAd]
    127.0.0.1 www.adviva.com
    127.0.0.1 ads.adviva.net #[Panda.Spyware:Cookie/Adviva]
    127.0.0.1 de.ads.adviva.net
    127.0.0.1 adstats.adviva.net
    127.0.0.1 www.traf.advscripts.com
    127.0.0.1 ad.adworx.at
    127.0.0.1 www.ad-z.de
    127.0.0.1 banners.adzones.com
    127.0.0.1 clicks.adzones.com
    127.0.0.1 feeds.adzones.com
    127.0.0.1 www.adzones.com
    127.0.0.1 aeoworld.de
    127.0.0.1 www.aeoworld.de #[W32/WMF-exploit]
    127.0.0.1 banners.affilimatch.de
    127.0.0.1 tracker.affistats.com #[IE-SpyAd][msvrl.dll]
    127.0.0.1 adz.afterdawn.net
    127.0.0.1 ad.afy11.net
    127.0.0.1 stats.agent.co.il
    127.0.0.1 agentmediagroup.com #[Javascript.Exploit]
    127.0.0.1 www.agentmediagroup.com
    127.0.0.1 rmbannerserver.agestado.com.br
    127.0.0.1 stats.agentinteractive.com
    127.0.0.1 api.aggregateknowledge.com
    127.0.0.1 aams1.aim4media.com
    127.0.0.1 artwork.aim4media.com
    127.0.0.1 www.aim4media.com #[SunBelt.Adserver.aim4media]
    127.0.0.1 adlik.akavita.com
    127.0.0.1 adlik2.akavita.com
    127.0.0.1 adserver.akqa.net #[Ad-Aware Tracking Cookie]
    127.0.0.1 www.alaqiq.net #[Javascript.Exploit]
    127.0.0.1 download.alexa.com #[Trackware.Alexa][SPYW_ALEXA.A]
    127.0.0.1 download.china.alibaba.com #[Adware.AlibabaTB][AdWare.ToolBar.Alibabar.b]
    127.0.0.1 tracking.allposters.com
    127.0.0.1 ad.allstar.cz
    127.0.0.1 bokee.allyes.com
    127.0.0.1 demoafp.allyes.com
    127.0.0.1 eastmoney.allyes.com
    127.0.0.1 smarttrade.allyes.com
    127.0.0.1 taobaoafp.allyes.com
    127.0.0.1 tom.allyes.com
    127.0.0.1 uuseeafp.allyes.com
    127.0.0.1 www.almondnetworks.com
    127.0.0.1 www.almoso3h.com #[Trojan-PSW.Win32.VB.cl]
    127.0.0.1 www.alsaloumainvestment.com #[Win32/SpamTool.Gadina]
    127.0.0.1 ad.altervista.org
    127.0.0.1 marx2.altervista.org
    127.0.0.1 pqwaker.altervista.org
    127.0.0.1 bantam.ai.net #[IE-SpyAd]
    127.0.0.1 fiona.ai.net
    127.0.0.1 adimg.alice.it
    127.0.0.1 adv.alice.it
    127.0.0.1 count1.altastat.com
    127.0.0.1 altmedia101.com
    127.0.0.1 www.alldep.com #[Spamdexing]
    127.0.0.1 adserver.alt.com
    127.0.0.1 c0.amazingcounters.com
    127.0.0.1 c1.amazingcounters.com
    127.0.0.1 c2.amazingcounters.com
    127.0.0.1 c3.amazingcounters.com
    127.0.0.1 c4.amazingcounters.com
    127.0.0.1 c5.amazingcounters.com
    127.0.0.1 c6.amazingcounters.com
    127.0.0.1 c7.amazingcounters.com
    127.0.0.1 c8.amazingcounters.com
    127.0.0.1 www.amazingcounters.com
    127.0.0.1 banner.ambercoastcasino.com
    127.0.0.1 ads.amdmb.com
    127.0.0.1 whos.amung.us #[WebBug]
    127.0.0.1 advert.ananzi.co.za
    127.0.0.1 advert2.ananzi.co.za
    127.0.0.1 adserver.ancestry.com #[RealMedia]
    127.0.0.1 adserver04.ancestry.com #[RealMedia]
    127.0.0.1 andishecenter.com #[VBS/Envary.A]
    127.0.0.1 www.andyhoppe.com
    127.0.0.1 angpeu.info #[Win32/TrojanDownloader.Ani.Gen]
    127.0.0.1 ads.angryape.com
    127.0.0.1 banners.ads.angryape.com
    127.0.0.1 www.antarasystems.com
    127.0.0.1 www.anticlown.com
    127.0.0.1 ads.antionline.com
    127.0.0.1 junior.apk.net
    127.0.0.1 www.arcadebanners.com
    127.0.0.1 www.arcadebannerexchange.com
    127.0.0.1 ard114.info #[Spamdexing]
    127.0.0.1 areabuyreal.com
    127.0.0.1 act.areabuyreal.com #[Win32/TrojanDownloader.Zlob]
    127.0.0.1 click.areabuyreal.com #[WildCard DNS]
    127.0.0.1 www.areabuyreal.com
    127.0.0.1 demiurge.arstechnica.com
    127.0.0.1 artsklimited.info #[Win32/Padodor.NAQ]
    127.0.0.1 banner.arttoday.com
    127.0.0.1 ads.asia1.com.sg
    127.0.0.1 asimpleinternet.com #[Tenebril.SpecialOffers]
    127.0.0.1 www.asimpleinternet.com
    127.0.0.1 ads.ask.com #[sv-click.looksmart.com]
    127.0.0.1 www.askyaya.com #[SunBelt.AskYaya]
    127.0.0.1 ads.aspalliance.com
    127.0.0.1 ads.associatedcontent.com
    127.0.0.1 dist.atlas-ia.com #[ADW_ATLAST.A]
    127.0.0.1 www.atlas-ia.com #[Adware.OfferAgent][Adware-Atlas]
    127.0.0.1 elitegaming.ath.cx #[Adware.AdSupport]
    127.0.0.1 www.elitegaming.ath.cx
    127.0.0.1 ads.auctionads.com
    127.0.0.1 audiogalaxy.com
    127.0.0.1 www.audiogalaxy.com
    127.0.0.1 auto-search.org #[VicMan Search]
    127.0.0.1 ads.auctioncity.co.nz
    127.0.0.1 www.autosurfpro.com #[IE-SpyAd]
    127.0.0.1 ads.autotrader.co.za
    127.0.0.1 adserving.autotrader.com #[SunBelt.AdServing.AutoTrader.com]
    127.0.0.1 www.axill.com
    127.0.0.1 images.axill.in
    127.0.0.1 www.axill.in
    127.0.0.1 axload.to #[Adware.Webprefix][Trojan.Downloader.6588.E]
    127.0.0.1 valid.axload.to
    127.0.0.1 ayiosamvrosios.com #[Javascript.Exploit]
    127.0.0.1 www.azads.net #[IE-SpyAd]
    127.0.0.1 azresults.com #[Spamdexing]
    127.0.0.1 www.azresults.com
    127.0.0.1 azsearch.org
    #
    127.0.0.1 babla.info #[Spamdexing]
    127.0.0.1 adserver1.backbeatmedia.com
    127.0.0.1 adserver1-images.backbeatmedia.com
    127.0.0.1 bullseye.backbeatmedia.com
    127.0.0.1 www.badhyip.org #[Google.Warning]
    127.0.0.1 ads.badische-zeitung.de
    127.0.0.1 bar.baidu.com #[Win32/Adware.Toolbar.Baidu][Sophos.JS/BDHelper-A]
    127.0.0.1 ad.baiso.com.cn #[Trojan.Baiso][ADSPY/BaiduBar.P]
    127.0.0.1 balticaffiliate.com #[Spamdexing]
    127.0.0.1 www.baltictop.com
    127.0.0.1 adsrv.bankrate.com
    127.0.0.1 click.banneradv.com
    127.0.0.1 adserver.banneradministration.com
    127.0.0.1 www.bannerbox.cn
    127.0.0.1 bannerboxes.com #[BannerBoxes Ad Code]
    127.0.0.1 clicks.bannerboxes.com
    127.0.0.1 feeds.bannerboxes.com
    127.0.0.1 www.bannerboxes.com
    127.0.0.1 bannerbg.com
    127.0.0.1 www.banner-exchange.nl
    127.0.0.1 ad.bannerhost.ru
    127.0.0.1 banners.bannerlandia.com.ar
    127.0.0.1 www.bannermanagement.nl
    127.0.0.1 www.bannerout.com
    127.0.0.1 www.banneroverdrive.com
    127.0.0.1 www.bannerpromotion.it
    127.0.0.1 www.banner-mania.com
    127.0.0.1 www.bannerspace.com
    127.0.0.1 www3.bannerspace.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 www5.bannerspace.com
    127.0.0.1 www6.bannerspace.com
    127.0.0.1 www7.bannerspace.com #[Tenebril.Tracking Cookie]
    127.0.0.1 www.bannerswap.ca
    127.0.0.1 ads.vg.basefarm.net #[RealMedia]
    127.0.0.1 media.baventures.com
    127.0.0.1 ads.baz.ch
    127.0.0.1 ad2.bbmedia.cz
    127.0.0.1 bbeplayer.com #[WebBug]
    127.0.0.1 bc0.cn #[ANI.Exploit]
    127.0.0.1 www.beachtrash.com #[MHTMLRedir.Exploit]
    127.0.0.1 autocontext.begun.ru
    127.0.0.1 adlogger.bertgeens.be
    127.0.0.1 www.belstat.be
    127.0.0.1 www.belstat.com
    127.0.0.1 www.belstat.nl
    127.0.0.1 oas.benchmark.fr #[RealMedia]
    127.0.0.1 bengilani.com #[VBS/Envary.A]
    127.0.0.1 bestinfosearch.com
    127.0.0.1 www.bestinfosearch.com #[Malicious.Links]
    127.0.0.1 bestinshowjewelry.com #[HTML/TrojanDownloader.Agent.BP]
    127.0.0.1 webtrends.besite.be
    127.0.0.1 www.besttoolbars.net #[ADW_TBARWIN32.A]
    127.0.0.1 bestzarplata.info
    127.0.0.1 www.bestzarplata.info #[Javascript.Exploit.makemelaugh][server down?]
    127.0.0.1 ads.betanews.com
    127.0.0.1 banner.betfred.com
    127.0.0.1 download.baigoo.com #[AdWare.Win32.Baigoo.a][Trackware.Baigoo]
    127.0.0.1 big4top.com
    127.0.0.1 www.big4top.com #[IFrame.Exploit]
    127.0.0.1 ad0.bigmir.net
    127.0.0.1 ad1.bigmir.net
    127.0.0.1 ad4.bigmir.net
    127.0.0.1 ad5.bigmir.net
    127.0.0.1 ad6.bigmir.net
    127.0.0.1 ad7.bigmir.net
    127.0.0.1 adi.bigmir.net
    127.0.0.1 c.bigmir.net #[SecuritySpace.WebBug]
    127.0.0.1 i.bigmir.net
    127.0.0.1 bigtracker.com
    127.0.0.1 bighits.net
    127.0.0.1 bigticker.bighits.net
    127.0.0.1 bounty.bighits.net
    127.0.0.1 www.bighits.net
    127.0.0.1 counter.bigli.ru
    127.0.0.1 banex.bikers-engine.com
    127.0.0.1 ad2.billboard.cz
    127.0.0.1 adserver.bizhat.com
    127.0.0.1 counter.bizland.com
    127.0.0.1 dc.bizjournals.com
    127.0.0.1 webads.bizservers.com
    127.0.0.1 blackhatcrew.ru
    127.0.0.1 www.black-hole.co.uk
    127.0.0.1 ads2.blastro.com
    127.0.0.1 ads3.blastro.com
    127.0.0.1 ads4.blastro.com
    127.0.0.1 blaze-search.com
    127.0.0.1 ads.blick.ch
    127.0.0.1 streamstats1.blinkx.com
    127.0.0.1 ads.blizzard.com
    127.0.0.1 blogadswap.com
    127.0.0.1 tracker.blogbeat.net
    127.0.0.1 ads.blogdrive.com
    127.0.0.1 banners.blogexplosion.com
    127.0.0.1 counter.blogexplosion.com
    127.0.0.1 blogtextlinks.blogexplosion.com
    127.0.0.1 rentblog.blogexplosion.com
    127.0.0.1 mapstats.blogflux.com
    127.0.0.1 www.blogpatrol.com
    127.0.0.1 pcbutts1-therealtruth.blogspot.com
    127.0.0.1 t.blogreaderproject.com #[WebBug]
    127.0.0.1 ads1.prod.bluetape.com
    127.0.0.1 blogmark.bokee.com #[Adware.BocaiToolbar]
    127.0.0.1 count.blogscout.de
    127.0.0.1 track.blogcounter.de
    127.0.0.1 www.blogcounter.de
    127.0.0.1 adserver.bluewin.ch
    127.0.0.1 ads.boardtracker.com
    127.0.0.1 ranks.boardtracker.com
    127.0.0.1 adimage.bokee.com
    127.0.0.1 ad.bol.bg
    127.0.0.1 adv.bol.bg
    127.0.0.1 ads.bomis.com
    127.0.0.1 banners.bookmaker.com
    127.0.0.1 boolom.com #[Win32/Viking.DA]
    127.0.0.1 ccc.boolans.com #[Adware.Rugo]
    127.0.0.1 err.boom.ru
    127.0.0.1 www.borlander.cn #[Adware.Borlan]
    127.0.0.1 www.borlander.com.cn #[ADSPY/Boran.X.19.C]
    127.0.0.1 astalavista.box.sk #[SiteAdvisor.astalavista.box.sk]
    127.0.0.1 ads.brainiads.com
    127.0.0.1 download.bravesentry.com #[McAfee.BraveSentry]
    127.0.0.1 support.bravesentry.com
    127.0.0.1 www.bravesentry.com #[NOD32.Win32/Adware.SpySheriff.variant]
    127.0.0.1 bans.bride.ru #[IE-SpyAd]
    127.0.0.1 cc.bridgetrack.com
    127.0.0.1 citi.bridgetrack.com #[Ad-Aware.Tracking Cookie]
    127.0.0.1 citi.bridgetrack.com.edgesuite.net
    127.0.0.1 rccl.bridgetrack.com #[MVPS.Criteria]
    127.0.0.1 banners.broadwayworld.com
    127.0.0.1 www.browserplugin.com #[HJTH.EroticAccess][wobz.de]
    127.0.0.1 bsdpng.info
    127.0.0.1 btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
    127.0.0.1 www.btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
    127.0.0.1 www.bulletads.com
    127.0.0.1 redemption.bullseye-media.net
    127.0.0.1 users.bullseye-media.net
    127.0.0.1 www.bullseye-media.net
    127.0.0.1 bunnezone.com #[Win32/Jep.Russ]
    127.0.0.1 burnsrecyclinginc.com #[Win32/TrojanDropper.Agent.NBX]
    127.0.0.1 www.burnsrecyclinginc.com
    127.0.0.1 ad1.bustcash.com
    127.0.0.1 www.buy404s.com
    127.0.0.1 www.buzzclick.com
    127.0.0.1 tr.buzzlogic.com
    127.0.0.1 byet.org #[zedo.com]
    127.0.0.1 byindia.com #[Spamdexing]
    127.0.0.1 www.byip.cn #[Google.Warning]
    127.0.0.1 multi.byulcom.com #[Win32/TrojanDownloader.Small.BIV]
    # [C]
    127.0.0.1 ads.calgarystampede.com
    127.0.0.1 canadianhw.ca #[VBS/Envary.A]
    127.0.0.1 www.canadianhw.ca
    127.0.0.1 images.cashfiesta.com #[AdWare.CashFiesta.a]
    127.0.0.1 www.cashfiesta.com #[McAfee.Adware-CashFiesta]
    127.0.0.1 www.cashfiesta.net
    127.0.0.1 banner.casinoking.com #[AdWare.Win32.Casino.ae]
    127.0.0.1 www.cashventure.com
    127.0.0.1 ads.casino.com
    127.0.0.1 out.catchonlife.com #[lootseek.com]
    127.0.0.1 ad.caradisiac.com
    127.0.0.1 ads.cars.com
    127.0.0.1 blockbuster.com.7.ccg360.com
    127.0.0.1 blockbuster.med.ccg360.com
    127.0.0.1 www.cd321.com
    127.0.0.1 ads.cdfreaks.com #[eTrust.Ads.cdfreaks]
    127.0.0.1 ads.cdrinfo.com
    127.0.0.1 stats.cdrinfo.com #[WebBug]
    127.0.0.1 www.celebritypicturesarchive.com #[Trojan-Downloader.Win32.IstBar.nn]
    127.0.0.1 www.celebrity-pictures-world.com #[Trojan-Downloader.Win32.IstBar.nn]
    127.0.0.1 clicktracker.centrum.cz
    127.0.0.1 mds.centrport.net #[Ad-Aware.Tracking Cookie]
    127.0.0.1 cetrk.com
    127.0.0.1 cesp.be #[HTML/TrojanDownloader.Agent.NAB]
    127.0.0.1 adserver.cducinema.com
    127.0.0.1 counter.cgiworld.net
    127.0.0.1 tracker.cgiworld.net
    127.0.0.1 abc.checkm8.com
    127.0.0.1 rmm1u.checkm8.com
    127.0.0.1 web.checkm8.com #[CHECKM8 AD TAGS]
    127.0.0.1 web2.checkm8.com
    127.0.0.1 ads.checkm8.co.za
    127.0.0.1 ads.chellomedia.com
    127.0.0.1 ads.china.com
    127.0.0.1 www.china3q.com #[Trojan.Startpage.S]
    127.0.0.1 ad.chip.de
    127.0.0.1 www.chsniper.com #[Downloader.Sniper]
    127.0.0.1 ad.cibleclick.com #[eTrust.Cibleclick]
    127.0.0.1 www.cibleclick.com #[Ad-Aware.Tracking Cookie]
    127.0.0.1 cindyproject.info #[Spamdexing]
    127.0.0.1 www.classicequipment.com #[Google.Warning]
    127.0.0.1 board.classifieds1000.com
    127.0.0.1 xp.classifieds1000.com
    127.0.0.1 www.classifieds1000.com #[SiteAdvisor.classifieds1000.com]
    127.0.0.1 images.clckm.com
    127.0.0.1 pics.clckm.com #[Parking Service]
    127.0.0.1 cleanfeed.info #[Spamdexing]
    127.0.0.1 ads.clickad.com #[eTrust.Tracking Cookie]
    127.0.0.1 clickbank.net #[Ad-Aware.Tracking Cookie]
    127.0.0.1 hop.clickbank.net #[Adware.Clickbank][Adware.ClickDLoader]
    127.0.0.1 ssl.clickbank.net
    127.0.0.1 zzz.clickbank.net #[Ewido.TrackingCookie.Clickbank]
    127.0.0.1 publishers.clickbooth.com #[directleads.com]
    127.0.0.1 clickboothlnk.com
    127.0.0.1 www.clickboothlnk.com
    127.0.0.1 j.clickdensity.com
    127.0.0.1 r.clickdensity.com
    127.0.0.1 dsml.clickexperts.net
    127.0.0.1 www.clicks2you.com
    127.0.0.1 www.clickmanage.com
    127.0.0.1 clicktopsite.com #[Spamdexing]
    127.0.0.1 clicktracks.com #[McAfee.Cookie-Clicktracks]
    127.0.0.1 stats.clicktracks.com #[Tenebril.Tracking Cookie]
    127.0.0.1 stats1.clicktracks.com # [eTrust.Tracking Cookie]
    127.0.0.1 stats2.clicktracks.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 stats3.clicktracks.com
    127.0.0.1 stats4.clicktracks.com
    127.0.0.1 www.clicktracks.com #[SunBelt.ClickTracks]
    127.0.0.1 www.is1.clixgalore.com
    127.0.0.1 www.clixgalore.com
    127.0.0.1 hit.click2006.com
    127.0.0.1 www2.click-fr.com
    127.0.0.1 www3.click-fr.com
    127.0.0.1 www4.click-fr.com
    127.0.0.1 www.clickhouse.com #[SunBelt.ClickHouse]
    127.0.0.1 www.click-power.com #[Win32/TrojanDownloader.VB.JL][Win32.Virtumonde.by]
    127.0.0.1 www.clicks4u.com #[IE-SpyAd]
    127.0.0.1 www.clicksbroker.com
    127.0.0.1 ad1.clickhype.com #[Ewido.TrackingCookie.Clickhype]
    127.0.0.1 clickoly.com #[Spamdexing]
    127.0.0.1 redirect.clickshield.net
    127.0.0.1 clickthru.net
    127.0.0.1 ads.clickthru.net
    127.0.0.1 icon.clickthru.net
    127.0.0.1 clicktorrent.info
    127.0.0.1 static.clicktorrent.info
    127.0.0.1 www.clicktorrent.info #[phpAds]
    127.0.0.1 www1.clicktorrent.info
    127.0.0.1 norbert_sirot.club.fr #[Trojan-Spy.Win32.Banker.anv]
    127.0.0.1 banner.clubdicecasino.com
    127.0.0.1 adserver.clix.pt
    127.0.0.1 ad.cmfu.com
    127.0.0.1 www.cnstats.com
    127.0.0.1 ad.coas2.co.kr
    127.0.0.1 ads.cobrad.com
    127.0.0.1 collectiveads.net
    127.0.0.1 www.combimedia.nl
    127.0.0.1 bdx.comclick.com
    127.0.0.1 br.comclick.com
    127.0.0.1 ct2.comclick.com #[Tenebril.Tracking Cookie]
    127.0.0.1 fl01.ct2.comclick.com #[Ad-Aware.Tracking Cookie]
    127.0.0.1 ihm01.ct2.comclick.com
    127.0.0.1 www.comclick.com #[Ewido.TrackingCookie.Comclick]
    127.0.0.1 members.commissionmonster.com
    127.0.0.1 aa.connextra.com
    127.0.0.1 bb.connextra.com #[a22.g.akamai.net]
    127.0.0.1 cc.connextra.com
    127.0.0.1 dd.connextra.com
    127.0.0.1 ee.connextra.com
    127.0.0.1 ff.connextra.com #[a22.g.akamai.net]
    127.0.0.1 data.connextra.com
    127.0.0.1 linkexchange.consoleunderground.com
    127.0.0.1 www.consoleunderground.com #[Adware.Begin2search]
    127.0.0.1 ads.consumeraffairs.com
    127.0.0.1 ads.contactmusic.com #[AdvertPro]
    127.0.0.1 servedby.contextuad.org
    127.0.0.1 svp.contextuad.org #[SunBelt.ContextuAd]
    127.0.0.1 www.contextualclick.com #[Dynamic keywords analyser]
    127.0.0.1 ads.console.net
    127.0.0.1 su.copylouis.info #[SiteAdvisor.msiesettings.com]
    127.0.0.1 banners.copyscape.com
    127.0.0.1 www.countit.ch
    127.0.0.1 counter.co.kz
    127.0.0.1 www.counter-gratis.com #[Ad-Aware.Tracking Cookie]
    127.0.0.1 www.countercentral.com
    127.0.0.1 www.counterguide.com
    127.0.0.1 counter-shop.net
    127.0.0.1 htm-pop-ky.counterstat.net
    127.0.0.1 www.counting4free.com
    127.0.0.1 www.counter.cz
    127.0.0.1 www.counti.de
    127.0.0.1 www.countmypage.com
    127.0.0.1 log1.countomat.com
    127.0.0.1 connectionzone.com
    127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
    127.0.0.1 data.coremetrics.com
    127.0.0.1 test.coremetrics.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 twci.coremetrics.com #[Ad-Aware.Tracking Cookie]
    127.0.0.1 banner.coza.com
    127.0.0.1 www.cpaclicks.com #[Spamdexing]
    127.0.0.1 server.cpmstar.com #[ads.shizmoo.com]
    127.0.0.1 1.cq158.cn #[Win32/Agent.NAW]
    127.0.0.1 cracklab.info #[server down?]
    127.0.0.1 cracks.am #[eTrust.Cracks.am][ADW_CRAMTB.A]
    127.0.0.1 www.cracks.am #[fuck-portal.com][Adware.CramToolbar]
    127.0.0.1 ads.cracked.com
    127.0.0.1 track.cracked.com
    127.0.0.1 www.crackserver.com #[StopBadware.Report]
    127.0.0.1 new.crashextads.co.uk
    127.0.0.1 crawl.ws
    127.0.0.1 cont.crawl.ws #[AdWare.Win32.MegaKiss.b]
    127.0.0.1 www.crawl.ws
    127.0.0.1 counter.credo.ru
    127.0.0.1 www.cridem.org #[Win32/Spy.Banker.AHY]
    127.0.0.1 www.crispads.com
    127.0.0.1 ads.crosswinds.net
    127.0.0.1 megabyte.crosswinds.net
    127.0.0.1 ads.crucialparadigm.com
    127.0.0.1 crunet.info #[Win32/TrojanDownloader.Ani.Gen]
    127.0.0.1 cxss358.com #[HTML/TrojanDownloader.Agent.BP]
    127.0.0.1 cyberbounty.com
    127.0.0.1 clk.cyberbounty.com
    127.0.0.1 pop.cyberbounty.com
    127.0.0.1 serve.cyberbounty.com
    127.0.0.1 www.cyberbounty.com
    127.0.0.1 js.cybermonitor.com #[McAfee.Cookie-Cybermonitor]
    127.0.0.1 stat3.cybermonitor.com
    127.0.0.1 banner.cybertechdev.com
    127.0.0.1 cybertown.ru
    127.0.0.1 search.cygo.net
    127.0.0.1 www.cygo.net #[McAfee.Adware-Cygo]
    127.0.0.1 cytron.com #[DailyWinner][eTrust.Cytron]
    127.0.0.1 www.cytron.com
    # [D]
    127.0.0.1 www.d3m0n.biz
    127.0.0.1 dabestdomain.info #[SiteAdvisor.msiesettings.com]
    127.0.0.1 ads.dada.it
    127.0.0.1 mm.dalumm.com #[Win32/TrojanDownloader.Small.TZ]
    127.0.0.1 www.data-jpn.com #[Trojan.Pajatan]
    127.0.0.1 banner.date.com #[Tenebril.Tracking Cookie]
    127.0.0.1 www.dateclix.com #[DateClix.com Banner Exchange Code]
    127.0.0.1 datingbanners.net
    127.0.0.1 ads.datinggold.com
    127.0.0.1 ad.db3nf.com
    127.0.0.1 dcstat.com
    127.0.0.1 deansplanet.com #[Malicious.Links.Zango]
    127.0.0.1 www.deansplanet.com
    127.0.0.1 au.track.decideinteractive.com
    127.0.0.1 au.link.decideinteractive.com
    127.0.0.1 eu.link.decideinteractive.com
    127.0.0.1 link.decideinteractive.com
    127.0.0.1 www.decideinteractive.com
    127.0.0.1 www.decideinteractive.co.uk
    127.0.0.1 deepcom.com #[SiteAdvisor.deepcom.com]
    127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
    127.0.0.1 collector.deepmetrix.com
    127.0.0.1 geo.deepmetrix.com
    127.0.0.1 www.deepmetrix.com #[Microsoft]
    127.0.0.1 demsas-iran.com #[VBS/Envary.A]
    127.0.0.1 ads.dennisnet.co.uk
    127.0.0.1 ad.depositfiles.com
    127.0.0.1 ad.detik.com
    127.0.0.1 desire-search.com #[Spamdexing]
    127.0.0.1 ads.deviantart.com
    127.0.0.1 adsvr.deviantart.com
    127.0.0.1 phpadsnew.devstart.com
    127.0.0.1 banners.diariodelaltoaragon.es
    127.0.0.1 track.did-it.com #[Panda.Spyware:Cookie/did-it]
    127.0.0.1 digiwexonline.com #[W32/Kibik.a]
    127.0.0.1 www.digink.com #[PcTools.SysCheckBop32]
    127.0.0.1 ads.digitalpoint.com
    127.0.0.1 geo.digitalpoint.com
    127.0.0.1 hk.digitaltrends.com
    127.0.0.1 comm1.digits.com
    127.0.0.1 counter.digits.com #[IE-SpyAd]
    127.0.0.1 ads.dir.bg
    127.0.0.1 banners.dir.bg
    127.0.0.1 direct-ip.com #[Adware-DirectIP][SecurityRisk.DirectIP]
    127.0.0.1 www.direct-ip.com #[Adware-DirectIP][Adware-CommanderNET]
    127.0.0.1 ad.directconnect.se
    127.0.0.1 banners.directnic.com #[SecuritySpace.WebBug][MVPS.Criteria]
    127.0.0.1 dnads.directnic.com
    127.0.0.1 parked.directnic.com
    127.0.0.1 stats.directnic.com
    127.0.0.1 www.directnicparking.com
    127.0.0.1 cache.directorym.com #[c2.mii.instacontent.net]
    127.0.0.1 ads.directnetadvertising.net
    127.0.0.1 www.directnetadvertising.net #[Ad-Aware Tracking Cookie]
    127.0.0.1 ad.displayadsmedia.com
    127.0.0.1 agentq.ditto.com
    127.0.0.1 js.ditto.com
    127.0.0.1 matrix.ditto.com
    127.0.0.1 media.ditto.com #[a232.x.akamai.net]
    127.0.0.1 www.ditto.com #[AdWare.Win32.Softomate.c]
    127.0.0.1 cnads.dixcom.com
    127.0.0.1 dcww.dmcast.com #[Adware-DesktopMedia]
    127.0.0.1 ad1.dmcmedia.co.kr
    127.0.0.1 dmdl.dmcast.com
    127.0.0.1 install.dmcast.com #[Adware-DesktopMedia.dr]
    127.0.0.1 track.dmipartners.com
    127.0.0.1 ads.dmnews.com
    127.0.0.1 ad.dmpi.net
    127.0.0.1 ad2.dmpi.net
    127.0.0.1 ad3.dmpi.net
    127.0.0.1 ad4.dmpi.net
    127.0.0.1 ubnm.dmpi.net
    127.0.0.1 www.dnscaching.net #[SiteAdvisor.dnscaching.net]
    127.0.0.1 dnv-counter.com
    127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
    127.0.0.1 www.dodostats.com
    127.0.0.1 doorgen.com #[Spamdexing]
    127.0.0.1 www.doorgen.com
    127.0.0.1 ads.dotomi.com
    127.0.0.1 www.donotchangeme.com
    127.0.0.1 www.down988.cn #[Win32/TrojanDownloader.Ani.Gen]
    127.0.0.1 www.download-services.com #[VBA32.Trojan-Downloader.Agent.26]
    127.0.0.1 www.downseek.com #[SunBelt.DownSeek Search]
    127.0.0.1 downloa-d.com
    127.0.0.1 www.downloa-d.com #[Trojan-Clicker.Win32.Agent.ip]
    127.0.0.1 banners.dpnet.com.br
    127.0.0.1 drmx01.net #[Spamdexing]
    127.0.0.1 counter.dreamhost.com
    127.0.0.1 www.claus.drehteile-rieche.de #[Win32.Formglieder.B]
    127.0.0.1 www.dreamadvert.com #[SunBelt.Dreamadvert]
    127.0.0.1 www.dropthehammer.com #[Win32/Spy.Banker.AHY]
    127.0.0.1 ads.drugs.com
    127.0.0.1 b.ds1.nl
    127.0.0.1 ddd.dudu.com #[Tenebril.DuDu Accelerator]
    127.0.0.1 ulink4.dudu.com #[Adware.DDDClient][SunBelt.DuDuAccelerator]
    127.0.0.1 ulink13.dudu.com #[Win32/Adware.DM]
    127.0.0.1 www.dudu.com #[McAfee.Downloader-AVV]
    127.0.0.1 www.duenow.com
    127.0.0.1 www.dutty.de #[W32.Peerload.A]
    127.0.0.1 gfx.dvlabs.com
    127.0.0.1 klipads.dvlabs.com
    127.0.0.1 www.dzy520.com #[Google.Warning]
    # [E]
    127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
    127.0.0.1 www.e2give.com
    127.0.0.1 hits.e.cl
    127.0.0.1 blogads.ebanner.nl
    127.0.0.1 www.e-bannerx.com #[Ad-Aware.Tracking Cookie]
    127.0.0.1 www.earncashontheinternet.com #[SunBelt.OpinionBar]
    127.0.0.1 www.eash.info #[Spamdexing][Microsoft.Strider]
    127.0.0.1 click.easilyfound.com #[Tenebril.AdTraffic]
    127.0.0.1 www.easilyfound.com
    127.0.0.1 www.eastworldnetwork.com
    127.0.0.1 www.easycounter.com #[IE-SpyAd]
    127.0.0.1 banners.easydns.com
    127.0.0.1 easyerror.info #[Trojan-Downloader.Win32.Delf.agw]
    127.0.0.1 easyhitcounters.com
    127.0.0.1 beta.easyhitcounters.com
    127.0.0.1 www.ebannertraffic.com
    127.0.0.1 easy-web-stats.com
    127.0.0.1 adserv1.ebates.com #[WebSavings]
    127.0.0.1 mailer.ebates.com
    127.0.0.1 www.ebates.com #[Adware.MoeMoney]
    127.0.0.1 ads.eccentrix.com
    127.0.0.1 ads.ecrush.com #[AdvertPro]
    127.0.0.1 www.eden21.net #[Win32/Haxdoor][TR/Dldr.Botol.D.1]
    127.0.0.1 c6.edgesuite.net #[RealMedia]
    127.0.0.1 ads.edirectme.com
    127.0.0.1 qq.ee28.cn #[Javascript.Exploit]
    127.0.0.1 www.ejmx.com #[Adware.ElectroJMX]
    127.0.0.1 ad.e-kolay.net
    127.0.0.1 www.ek21.com #[Trojan.Chost.B]
    127.0.0.1 www.elancenet.org #[Worm/Eyeveg.CH]
    127.0.0.1 elitwarez.ru #[Javascript.Exploit]
    127.0.0.1 www.elitwarez.ru
    127.0.0.1 now.eloqua.com #[WebBug]
    127.0.0.1 ads.eluniversal.com.mx
    127.0.0.1 hits.eluniversal.com.mx
    127.0.0.1 publicidad.eluniversal.com.mx
    127.0.0.1 elwebsearch.info #[Malicious Links]
    127.0.0.1 wwv.elwebsearch.info
    127.0.0.1 www.elwebsearch.info
    127.0.0.1 ad1.emediate.dk
    127.0.0.1 ad1.emediate.se
    127.0.0.1 www.emoinstaller.com #[Win32/Adware.NdotNet][SiteAdvisor.emoinstaller.com]
    127.0.0.1 www.emusic.com #[McAfee.Adware-eMusic][F-Secure.Adware.eMusic]
    127.0.0.1 dotnet.endai.com
    127.0.0.1 stats.engineseeker.com
    127.0.0.1 entk.net
    127.0.0.1 log.enquisite.com
    127.0.0.1 adv.entercasino.com #[Adware.Casino.V]
    127.0.0.1 ads.eog.com
    127.0.0.1 ads.e-planning.net
    127.0.0.1 ads.us.e-planning.net
    127.0.0.1 adserving00.epi.es
    127.0.0.1 adserving03.epi.es
    127.0.0.1 launcheruk.escritorioactivo.com
    127.0.0.1 vipuk.escritorioactivo.com #[HJTH.123Messenger Hijacker]
    127.0.0.1 www.escorcher.com #[eTrust.EScorcher]
    127.0.0.1 www.eshopads2.com
    127.0.0.1 estat.com
    127.0.0.1 perso.estat.com #[Ewido.Spyware.Cookie.Estat]
    127.0.0.1 prof.estat.com #[SecuritySpace.WebBug]
    127.0.0.1 sky.estat.com
    127.0.0.1 www.estat.com
    127.0.0.1 gtb.etology.com
    127.0.0.1 pages.etology.com
    127.0.0.1 www.etracker.de
    127.0.0.1 www.etxh.com #[Win32/Prosti.C]
    127.0.0.1 ads.ero-advertising.com
    127.0.0.1 adopt.euroclick.com #[Ewido.TrackingCookie.Euroclick]
    127.0.0.1 cdn.euroclick.com
    127.0.0.1 www.euroklik.nl #[EasyBar][HJTH.SinCity Dialer]
    127.0.0.1 advert.eurotip.cz
    127.0.0.1 www.euros4click.de
    127.0.0.1 ad.eurosport.com #[oas.eurosport.com]
    127.0.0.1 www.eurowebstats.com
    127.0.0.1 www.everestpoker.com #[AdWare.Win32.Casino.t]
    127.0.0.1 advert.exaccess.ru
    127.0.0.1 dynamic.exaccess.ru
    127.0.0.1 static.exaccess.ru
    127.0.0.1 www.exchangead.com
    127.0.0.1 exchange.bg
    127.0.0.1 www.exchange.bg
    127.0.0.1 exit-ad.de #[Ad-Aware.Tracking Cookie]
    127.0.0.1 exitexchange.com #[IE-SpyAd][SiteAdvisor.exitexchange.com]
    127.0.0.1 ads.exitexchange.com
    127.0.0.1 count.exitexchange.com #[McAfee.Cookie-Exitexchange]
    127.0.0.1 images.exitexchange.com
    127.0.0.1 www.exitexchange.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 www.exittrade.com
    127.0.0.1 www.exittraffic.net #[SiteAdvisor.exittraffic.net]
    127.0.0.1 syndication.exoclick.com
    127.0.0.1 nyton.experclick.com #[p.mii.instacontent.net]
    127.0.0.1 www.experclick.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 ads.expressindia.com
    127.0.0.1 banners.expressindia.com
    127.0.0.1 cdn.eyewonder.com #[SunBelt.EyeWonder]
    127.0.0.1 pixel1097.everesttech.net
    127.0.0.1 pixel1324.everesttech.net
    127.0.0.1 pixel1370.everesttech.net
    127.0.0.1 www.evidence-eliminator.com
    127.0.0.1 evilman.cn #[Win32/TrojanDownloader.VB.APY]
    127.0.0.1 ads2.exhedra.com
    127.0.0.1 www.eyeget.com #[McAfee.Adware-EyeGet]
    127.0.0.1 feedback.eyereturn.com
    127.0.0.1 resources.eyereturn.com
    127.0.0.1 timespent.eyereturn.com
    127.0.0.1 voken.eyereturn.com
    127.0.0.1 ads.ezboard.com
    127.0.0.1 eziin.com #[Adware.Eziin]
    127.0.0.1 www.eziin.com
    127.0.0.1 www.ezurl.co.kr #[Spyware.Ezurl]
    # [F]
    127.0.0.1 ads.facebook.com #[facebook-ads.vo.llnwd.net]
    127.0.0.1 www.factorygames.com #[SiteAdvisor.factorygames.com]
    127.0.0.1 banner.fairpoker.com #[AdWare.Win32.Casino.w]
    127.0.0.1 www.fast-adv.it
    127.0.0.1 www.fastfind.org #[TROJ_STARTPAG.KF][Win32/Adware.MediaBack]
    127.0.0.1 fastonlineusers.com
    127.0.0.1 fasttrack.nu
    127.0.0.1 fastwebcounter.com
    127.0.0.1 counter.fateback.com
    127.0.0.1 counter1.fc2.com
    127.0.0.1 www.ffxiforums.net #[Trojan-PSW.Win32.OnLineGames.kw]
    127.0.0.1 alex.fileburst.com #[Win32/TrojanDropper.Agent.NBT]
    127.0.0.1 adserver.filefront.com #[Ad-Aware.Tracking Cookie]
    127.0.0.1 findover.org #[Spamdexing]
    127.0.0.1 search.findscout.com
    127.0.0.1 www.findscout.com #[W32/Delf.KPZ]
    127.0.0.1 ai.p.findology.com
    127.0.0.1 banner.finn.no
    127.0.0.1 ads.firingsquad.com
    127.0.0.1 ads2.firingsquad.com
    127.0.0.1 ads.firstgrand.com
    127.0.0.1 firstwolf.org #[Downloader-BAC]
    127.0.0.1 fishclix.com
    127.0.0.1 www.fishclix.com
    127.0.0.1 www.fish-screensaver.com #[AdWare.Win32.Gator.1008]
    127.0.0.1 www.fjordbergen.com #[Win32/Spy.Banker.BIG]
    127.0.0.1 www.fjjyjy.net #[Win32/Hipigon][W32.Fijjy]
    127.0.0.1 cdn.flashedmail.com #[Parked?]
    127.0.0.1 tracker1.flashedmail.com #[IE-SpyAd]
    127.0.0.1 adserver4.fluent.ltd.uk
    127.0.0.1 adserver.fmpub.net
    127.0.0.1 dynamic.fmpub.net
    127.0.0.1 static.fmpub.net
    127.0.0.1 ads.fmwinc.com
    127.0.0.1 www.foofle.net #[Backdoor.Foobot]
    127.0.0.1 adcycle.footymad.net
    127.0.0.1 www.forodeortodoncia.com #[Backdoor.IRC.Zapchast]
    127.0.0.1 js.forrestersurveys.com
    127.0.0.1 socratos.forrestersurveys.com
    127.0.0.1 user.france.net.in #[Javascript.Exploit]
    127.0.0.1 akcr.free.fr #[Win32/Spy.Bancos.U]
    127.0.0.1 googlelite.free.fr #[Spamdexing]
    127.0.0.1 ad.freecity.de
    127.0.0.1 ads05.freecity.de
    127.0.0.1 freecounters.xp.tl
    127.0.0.1 maurobb.freecounter.it
    127.0.0.1 www.freecounter.it
    127.0.0.1 securinews.free.fr #[Trojan.Hexem]
    127.0.0.1 www.freedownloadhq.com #[SiteAdvisor.freedownloadhq.com]
    127.0.0.1 ad.freefind.com
    127.0.0.1 www.freehitwebcounters.com
    127.0.0.1 adverts.freeloader.com
    127.0.0.1 freelogs.com
    127.0.0.1 bar.freelogs.com
    127.0.0.1 goo.freelogs.com
    127.0.0.1 htm.freelogs.com
    127.0.0.1 ico.freelogs.com
    127.0.0.1 joe.freelogs.com
    127.0.0.1 mom.freelogs.com
    127.0.0.1 xyz.freelogs.com
    127.0.0.1 adserver.freenet.de
    127.0.0.1 freeonlineusers.com
    127.0.0.1 www.free-ranking.de
    127.0.0.1 freescanpro.com
    127.0.0.1 www.freescanpro.com
    127.0.0.1 free-stats.com
    127.0.0.1 abbyssh.freestats.com
    127.0.0.1 insurancejournal.freestats.com
    127.0.0.1 www.freestat.ws
    127.0.0.1 www.freestats.ws
    127.0.0.1 banners.freett.com
    127.0.0.1 count.freett.com
    127.0.0.1 counters.freewebs.com
    127.0.0.1 ads.freeonlinegames.com
    127.0.0.1 stats.freeonlinegames.com
    127.0.0.1 error.freewebsites.com
    127.0.0.1 www.freewebsites.com
    127.0.0.1 media.ftv-publicite.fr #[RealMedia]
    127.0.0.1 fullddl.com
    127.0.0.1 www.fullddl.com #[HTML/TrojanDownloader.XXXToolbar]
    127.0.0.1 404.funpic.de
    127.0.0.1 funppc.com
    127.0.0.1 www.funppc.com
    127.0.0.1 ads.futurenetworkusa.com
    #
    127.0.0.1 ads.gad-network.com
    127.0.0.1 adserver.gadu-gadu.pl
    127.0.0.1 www.gamersbanner.com
    127.0.0.1 ads.gameservers.com
    127.0.0.1 ads.gamespy.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 adcontent.gamespy.com
    127.0.0.1 ads.gamespyid.com
    127.0.0.1 www.gameurdr.com #[Win32/TrojanDownloader.Ani.Gen]
    127.0.0.1 server.gamyun.net
    127.0.0.1 www.gamyun.net #[Adware.GamyunIeToolbar]
    127.0.0.1 ad.garantiarkadas.com
    127.0.0.1 ads.gather.com
    127.0.0.1 track.gawker.com #[WebBug]
    127.0.0.1 js.gbeb.cc #[Javascript.Exploit]
    127.0.0.1 haymarket-adserver.gcnpublishing.com
    127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
    127.0.0.1 sda.geek.com #[AdvertPro]
    127.0.0.1 adserver.geenstijl.nl
    127.0.0.1 kassa.geenstijl.nl
    127.0.0.1 adserver.geizkragen.de
    127.0.0.1 gd.geobytes.com #[obtains users location]
    127.0.0.1 geotarget.info #[Whois.Blacklisted]
    127.0.0.1 banners.geotarget.info
    127.0.0.1 www.geotarget.info
    127.0.0.1 www.geowhere.net #[SunBelt.GeoWhere Search]
    127.0.0.1 get-access.host.sk #[McAfee.StartPage-IR]
    127.0.0.1 getclicky.com
    127.0.0.1 static.getclicky.com
    127.0.0.1 www.getmusicvideocodes.com #[Malicious.Links.Zango]
    127.0.0.1 www.getsmart.com
    127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b][Adware.Getup]
    127.0.0.1 banner.giantvegas.com
    127.0.0.1 truehits.gits.net.th
    127.0.0.1 truehits1.gits.net.th
    127.0.0.1 ads.globo.com
    127.0.0.1 ads.img.globo.com
    127.0.0.1 glory-movy.net #[Javascript.Exploit]
    127.0.0.1 duke.gocomics.com #[ads.uclick.com]
    127.0.0.1 www.god74.com #[Trojan.Huanux]
    127.0.0.1 www.godesktop.com #[SiteAdvisor.godesktop.com]
    127.0.0.1 adserver2.goals365.com
    127.0.0.1 www.go-and-search.com #[Spamdexing]
    127.0.0.1 goglee.biz
    127.0.0.1 www.goglee.biz
    127.0.0.1 golden-keys.net #[Spamdexing]
    127.0.0.1 banner.goldenpalace.com #[Tenebril.Tracking Cookie]
    127.0.0.1 stage.goldkey.com #[Parking Service]
    127.0.0.1 goldstats.net
    127.0.0.1 www.goldstats.net
    127.0.0.1 www.goodhealth-search.com #[Spamdexing]
    127.0.0.1 www.qooqlesearch.com #[Spamdexing]
    127.0.0.1 www.goggle.com #[IE-SpyAd][typo squatter]
    127.0.0.1 google-counter.com #[Win32/Spy.Banker.CKW]
    127.0.0.1 www.google-counter.com #[Google.Warning]
    127.0.0.1 google-moogle.com #[Spamdexing]
    127.0.0.1 www.google-moogle.com
    127.0.0.1 show.googleadsenseagent.com #[Adware.Roogoo][server down?]
    127.0.0.1 www.google-hard.com #[Win32/TrojanProxy.Agent.LK]
    127.0.0.1 google-pharmacy.com #[Spamdexing]
    127.0.0.1 goooglegulp.com #[Spamdexing]
    127.0.0.1 www.gogogo.com #[PremiumTraffic.Parking Service]
    127.0.0.1 partner.gonamic.de
    127.0.0.1 www.goodsearchnow.com #[Trojan.Jakposh]
    127.0.0.1 googlus.com #[Spamdexing]
    127.0.0.1 adincl.gopher.com #[InfoSpace]
    127.0.0.1 goserv.com #[VBS/Exploit.Phel.A]
    127.0.0.1 stat.org.gosite.ws
    127.0.0.1 gostats.com
    127.0.0.1 as.gostats.com
    127.0.0.1 c1.gostats.com
    127.0.0.1 c2.gostats.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 c3.gostats.com
    127.0.0.1 c4.gostats.com #[Panda.Spyware:Cookie/GoStats]
    127.0.0.1 ded.gostats.com
    127.0.0.1 monster.gostats.com
    127.0.0.1 webcounter.goweb.de
    127.0.0.1 ads.goyk.com
    127.0.0.1 www.gpt-pal.com #[Javascript.Exploit]
    127.0.0.1 graffitifonts.com
    127.0.0.1 www.graffitifonts.com #[Malicious.Links.Zango]
    127.0.0.1 graficastrigo.com #[Trojan.Tabela.E]
    127.0.0.1 www.gratis-toplist.de
    127.0.0.1 adv.gratuito.st
    127.0.0.1 greatfog.com #[Javascript.Exploit]
    127.0.0.1 www.greasypalm.co.uk #[PcTools.GreasyPalm bar]
    127.0.0.1 greencunt.org #[Javascript.Exploit]
    127.0.0.1 grepblogs.net
    127.0.0.1 grigcnt.info #[Javascript.Exploit]
    127.0.0.1 adserver.gruprc.ro
    127.0.0.1 publi.grupocorreo.es #[RealMedia]
    127.0.0.1 ads.guru3d.com
    127.0.0.1 www.g-wizzads.net #[adbureau.net]
    # [H]
    127.0.0.1 www.h148.cn #[Google.Warning]
    127.0.0.1 ads2.haber3.com
    127.0.0.1 www.handyarchive.com #[SiteAdvisor.handyarchive.com]
    127.0.0.1 www.haogs.cn
    127.0.0.1 www.haosf128.com #[Google.Warning]
    127.0.0.1 streamit.hardwarezone.com
    127.0.0.1 ad1.hardware.no #[AdvertPro]
    127.0.0.1 adserver.hardwareanalysis.com
    127.0.0.1 www.harmonyhollow.net #[Adware Bundler]
    127.0.0.1 ads.harpers.org
    127.0.0.1 hartim.com
    127.0.0.1 ad0.haynet.com
    127.0.0.1 ad.hbv.de
    127.0.0.1 ads.heias.com
    127.0.0.1 www.helpdesignonline.com
    127.0.0.1 helpingfind.info #[SiteAdvisor.msiesettings.com]
    127.0.0.1 www.henbang.net #[Adware.Henbang][SPYW_HAP.A]
    127.0.0.1 www.hentaibanners.com
    127.0.0.1 www.hentaicashmachine.com
    127.0.0.1 www.hentaicounter.com
    127.0.0.1 www.hentaipop.com #[Electronic Group Dialer]
    127.0.0.1 www.hentaiseeker.com
    127.0.0.1 www.hentaitoonami.com
    127.0.0.1 ads.herbalsmokeshop.com
    127.0.0.1 www.herbalsmokeshops.com
    127.0.0.1 www2.hermoment.com
    127.0.0.1 www.hermoment.com
    127.0.0.1 ads.hexun.com
    127.0.0.1 www.hey.lt
    127.0.0.1 hiden.info #[Javascript.Exploit]
    127.0.0.1 pubs.hiddennetwork.com
    127.0.0.1 ads.highdefdigest.com
    127.0.0.1 www.hiperstat.com
    127.0.0.1 adserver.hispanoclick.com
    127.0.0.1 www.hitscount.com
    127.0.0.1 hits-counter.com
    127.0.0.1 www.hits-counter.com
    127.0.0.1 ctr.hitcounter-1.com
    127.0.0.1 www.hit-counter-download.com
    127.0.0.1 hithopper.com #[Adware.Hithopper]
    127.0.0.1 www.hithopper.com #[ADW_HITHOPPER.A]
    127.0.0.1 www.hitlogger.com
    127.0.0.1 rdr.hitmngr.com
    127.0.0.1 hitmodel.net
    127.0.0.1 www.hit-counts.com
    127.0.0.1 hit-now.com
    127.0.0.1 www.hitscreamer.com
    127.0.0.1 hitslog.com
    127.0.0.1 h1.hitslog.com
    127.0.0.1 s4.histats.com
    127.0.0.1 s10.histats.com
    127.0.0.1 s11.histats.com
    127.0.0.1 www.hitstats.co.uk
    127.0.0.1 hitstats.net
    127.0.0.1 www.hittracking.com
    127.0.0.1 images.hitwise.co.uk
    127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
    127.0.0.1 adserver.hostfinderguy.com
    127.0.0.1 www.gontijoamaral.hpg.com.br #[Adware.Diginum]
    127.0.0.1 www.adserver.home.pl
    127.0.0.1 www.homeoffun.com #[SiteAdvisor.homeoffun.com]
    127.0.0.1 counters.honesty.com
    127.0.0.1 cgi.honesty.com #[MVPS.Criteria]
    127.0.0.1 ad.hosting.pl
    127.0.0.1 ns1.hosting101.biz #[JS/Small.DN]
    127.0.0.1 hot8888.com #[Win32/TrojanDownloader.Ani.Gen]
    127.0.0.1 hot8888.cn #[Win32/TrojanDownloader.Ani.Gen]
    127.0.0.1 ad2.hotels.com
    127.0.0.1 www.hot-lindsay.com #[Zango][Parked?]
    127.0.0.1 cgi.hotstat.nl
    127.0.0.1 viewstat.hotstat.nl
    127.0.0.1 hotstream.info
    127.0.0.1 ad.howstuffworks.com #[RealMedia][SpySweeper.Spy.Cookie]
    127.0.0.1 hpod.com
    127.0.0.1 www.htmate2.com #[Cursor.MySpace]
    127.0.0.1 adserver.html.it
    127.0.0.1 click.html.it
    127.0.0.1 vip.huigezi.com #[Backdoor.Graybird.Q][W32.Looked.F]
    127.0.0.1 down.hunll.com #[BDS/Agent.ahj.701]
    127.0.0.1 www.huxley-online.net #[Win32/Spy.Elite.10.A]
    127.0.0.1 hyip-review.info #[Javascript.Exploit]
    127.0.0.1 www.hypercounter.com
    127.0.0.1 www.hypertracker.com #[SpySweeper.Spy.Cookie]
    #
    127.0.0.1 ads.iafrica.com
    127.0.0.1 ibm-ssl.com #[Trojan.DR.Cimuz.Gen.1]
    127.0.0.1 www.i-clicks.net
    127.0.0.1 hits.icdirect.com #[SunBelt.ICDirect.com]
    127.0.0.1 hitctr01.icdirect.com
    127.0.0.1 tracker.icerocket.com
    127.0.0.1 ads.idgnow.com.br
    127.0.0.1 banners.idg.com.br
    127.0.0.1 adidm07.idmnet.pl
    127.0.0.1 adidm.idmnet.pl
    127.0.0.1 ie-exe.com #[AdWare.Win32.Softomate.x]
    127.0.0.1 ad.ifrance.com
    127.0.0.1 ijk.cc #[JS/Downloader-BCP]
    127.0.0.1 image-catcher.com
    127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
    127.0.0.1 stats.surfaid.ihost.com #[IE-SpyAd]
    127.0.0.1 adserver.ig.com.br
    127.0.0.1 gate.ilogbox.com
    127.0.0.1 ads.imeem.com
    127.0.0.1 bbn.img.com.ua
    127.0.0.1 content-ads.impactengine.com
    127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
    127.0.0.1 ads.ims.nl
    127.0.0.1 s201.indexstats.com
    127.0.0.1 stats.indexstats.com #[Analytics Tracking Code]
    127.0.0.1 stats.indextools.com #[eTrust.Tracking Cookie]
    127.0.0.1 campaign.indieclick.com
    127.0.0.1 optimize.indieclick.com
    127.0.0.1 adcenter.in2.com
    127.0.0.1 get.inetbar.com #[SunBelt.INetBar]
    127.0.0.1 juggler.inetinteractive.com
    127.0.0.1 rotator.juggler.inetinteractive.com
    127.0.0.1 banners.inetfast.com
    127.0.0.1 adserving.infinite-ads.com
    127.0.0.1 www.infineo.de #[Win32/Spy.Banker.AWA]
    127.0.0.1 www.info--bits.com
    127.0.0.1 infospot.infocious.com
    127.0.0.1 ads.infospace.com #[ADW_DEALHELPER.C]
    127.0.0.1 msxml.infospace.com #[SpySweeper.Spy.Cookie]
    127.0.0.1 www.infotelsrl.com #[eTrust.Infotel srl]
    127.0.0.1 ads.injersey.com #[RealMedia]
    127.0.0.1 bimonline.insites.be
    127.0.0.1 ads.intellicast.com #[weather.com]
    127.0.0.1 strtt.interfree.it #[W32.Iberio]
    127.0.0.1 counter.internet.ge
    127.0.0.1 indiads.com
    127.0.0.1 images.indiads.com
    127.0.0.1 servedby.indiads.com #[RealMedia]
    127.0.0.1 popups.infostart.com #[eTrust.Popups.infostart.com]
    127.0.0.1 www.imiclk.com
    127.0.0.1 inexplorer.com
    127.0.0.1 toolbar.inexplorer.com #[Win32/Parite.B]
    127.0.0.1 www.inexplorer.com
    127.0.0.1 www.inpopo.com #[W32.Validin]
    127.0.0.1 oc.inspectorclick.com
    127.0.0.1 trax.inspectorclick.com
    127.0.0.1 v2.inspectorclick.com
    127.0.0.1 v3.inspectorclick.com
    127.0.0.1 instantbuzz.com #[NOD32.Win32/Adware.InstantBuzz]
    127.0.0.1 www2.instantbuzz.com
    127.0.0.1 www.instantbuzz.com #[Adware.ToolBar.InstantBuzz.a]
    127.0.0.1 media.intelia.it
    127.0.0.1 anm.intelli-direct.com #[IntelliTracker]
    127.0.0.1 info.intelli-direct.com
    127.0.0.1 oxfam.intelli-direct.com
    127.0.0.1 tui.intelli-direct.com
    127.0.0.1 www.intelli-tracker.com
    127.0.0.1 intraviewer.net
    127.0.0.1 www.intraviewer.net
    127.0.0.1 newadserver.interfree.it #[Adcycle]
    127.0.0.1 internet-explorer.name #[Trojan-Clicker.Win32.Agent.ip]
    127.0.0.1 www.internet-explorer.name
    127.0.0.1 www.interstats.nl
    127.0.0.1 www.intrastats.com
    127.0.0.1 channels.intwined.com #[Adware/ToolBar.ISearch.c]
    127.0.0.1 search.intwined.com
    127.0.0.1 www.intwined.com #[McAfee.Adware-SSF!Hosts]
    127.0.0.1 www.invinc.com #[Troj/Dloader-J]
    127.0.0.1 www.ipcounter.de
    127.0.0.1 ad2.ip.ro
    127.0.0.1 ads.ipowerweb.com
    127.0.0.1 www.ipqwe.com #[Exploit.ANI]
    127.0.0.1 content.ipro.com #[WebBug]
    127.0.0.1 www.ipstat.com
    127.0.0.1 adzones.ircspy.com
    127.0.0.1 isecurepages.net #[Google Warning]
    127.0.0.1 www.isecurepages.net #[IFrame.Exploit]
    127.0.0.1 www.istats.nl
    127.0.0.1 a.isohunt.com
    127.0.0.1 adserver1.isohunt.com
    127.0.0.1 ads.isoftmarketing.com
    127.0.0.1 banman.isoftmarketing.com
    127.0.0.1 ads1.itadnetwork.co.uk
    127.0.0.1 itcompany.com #[SunBelt.Family Cyber Alert]
    127.0.0.1 www.itcompany.com #[Symantec.Spyware.CyberAlert]
    127.0.0.1 www.itemgame.net #[W32/HLLP.Philis.ar][server down?]
    127.0.0.1 itisbest.info #[Spamdexing]
    127.0.0.1 itnos.info
    127.0.0.1 www.itrackpages.com
    127.0.0.1 ilead.itrack.it
    127.0.0.1 adserver.itsfogo.com
    127.0.0.1 partnerfeed.itsfogo.com
    127.0.0.1 www1.itsun.com
    127.0.0.1 www8.itsun.com
    127.0.0.1 ads.itv.com #[adbureau.net]
    127.0.0.1 barafranca.iwarp.com #[Win32/Spy.ProAgent]
    127.0.0.1 www.iwebmusic.com
    127.0.0.1 iwebtunes.com #[FTC Action]
    127.0.0.1 www.iwebtunes.com
    # [J]
    127.0.0.1 ad.jamba.de
    127.0.0.1 ad.jamba.net
    127.0.0.1 ad.jamster.com
    127.0.0.1 www.jcount.com
    127.0.0.1 www.jellycounter.com
    127.0.0.1 www.jethit.com
    127.0.0.1 t1.jfglass.net #[Trojan.Booha]
    127.0.0.1 dl.jiangmin.com #[Adware-BDSearch.dr]
    127.0.0.1 jimmybuttons.com #[eTrust.Win32/Nirbot]
    127.0.0.1 www.jm-my.com #[BackDoor-CXI]
    127.0.0.1 ad.joetec.net
    127.0.0.1 jointmediagroup.com #[Trojan-Spy.Win32.Delf.uc]
    127.0.0.1 ads.jokaroo.com
    127.0.0.1 jpedownload.joltid.com
    127.0.0.1 banners.joost.com
    127.0.0.1 ads.jossip.com
    127.0.0.1 pastorale.jpn.org #[Win32/Spy.Banker.AHY]
    127.0.0.1 www.joltid.com #[Adware.P2PNetworking][SPYW_PPNETWORK.B]
    127.0.0.1 promotion.jpds.com
    127.0.0.1 www.jprmthome.com #[Trojan-PSW.Win32.Maran.ei]
    127.0.0.1 www.jstracker.com
    127.0.0.1 ads.jt.org
    127.0.0.1 www.justfreegames.com #[AdWare.Win32.Relevant.a]
    127.0.0.1 925.vip.jx828.net #[HTML/Exploit.IframeBof]
    127.0.0.1 jxdoe.com #[Win32/TrojanDownloader.Ani.Gen]
    # [K]
    127.0.0.1 www.k265.com #[Adware.Borlan]
    127.0.0.1 stat.katalysatormedia.no
    127.0.0.1 kazantip-top.com
    127.0.0.1 www.kazantip-top.com #[HTML/Exploit.VMLFill]
    127.0.0.1 ads.webfever.kadserver.com
    127.0.0.1 ads.deblok.net.kadserver.com
    127.0.0.1 ads.zebest-3000.net.kadserver.com
    127.0.0.1 countus.get.kadserver.com
    127.0.0.1 geo113prod.kadserver.com
    127.0.0.1 get.kadserver.com
    127.0.0.1 scripts.kataweb.it
    127.0.0.1 kazaalite.pl
    127.0.0.1 www.kazaalite.pl #[MHTMLRedir.Exploit]
    127.0.0.1 gavzad.keenspot.com
    127.0.0.1 ad.kewlbox.com
    127.0.0.1 a.keyrun.com #[Adware-TargetAD]
    127.0.0.1 u.keyrun.com
    127.0.0.1 union.keyrun.com
    127.0.0.1 ww.keyrun.com
    127.0.0.1 www1.keyrun.com
    127.0.0.1 www.keyrun.com
    127.0.0.1 banner.kiev.ua
    127.0.0.1 kikclick.com #[Spamdexing]
    127.0.0.1 adserve.kikizo.com
    127.0.0.1 union.db.kingsoft.com #[PopupAds]
    127.0.0.1 www.kiss-search.net
    127.0.0.1 ebay.kisswin.com #[Adware.Kiswin]
    127.0.0.1 kjsc.org #[Win32/Spy.Banker.ANV]
    127.0.0.1 ads.kleinman.com #[Adcycle]
    127.0.0.1 www.klikvipresources.com #[Spamdexing]
    127.0.0.1 gfx.klipmart.com #[gfx.dvlabs.com]
    127.0.0.1 kt3.kliptracker.com
    127.0.0.1 kt4.kliptracker.com
    127.0.0.1 www.kliptracker.com
    127.0.0.1 ads.klixxx.com
    127.0.0.1 www.km-nyc.com #[W32.Lecna.A]
    127.0.0.1 click.kmindex.ru
    127.0.0.1 counter.kmindex.ru
    127.0.0.1 counting.kmindex.ru
    127.0.0.1 www.kmindex.ru
    127.0.0.1 www.knacads.com
    127.0.0.1 xx.ko51.com #[Google.Warning]
    127.0.0.1 images.kolmic.com
    127.0.0.1 pics.kolmic.com #[Parking Service]
    127.0.0.1 ads.komli.com
    127.0.0.1 www.kompass-intl.com #[Win32/Adware.Toolbar.PowerSearch]
    127.0.0.1 de.komtrack.com
    127.0.0.1 koolbar.net #[Adware Bundler][ADW_KOOLBAR.A]
    127.0.0.1 www.koolbar.net #[eTrust.AutoSearch]
    127.0.0.1 sitestat.kpn-is.nl
    127.0.0.1 kuaiso.com #[AdWare.Win32.Kuaiso.a]
    127.0.0.1 toolsbar.kuaiso.com #[Adware.Kuaiso]
    127.0.0.1 www.kuaiso.com
    127.0.0.1 kustusch.com #[Javascript.Exploit]
    127.0.0.1 www.kz163.net #[Win32/Virut]
    # [L]
    127.0.0.1 alwaysforfriend.land.ru #[Trojan-Downloader.Win32.Banload.bdp]
    127.0.0.1 www.animacoes.land.ru #[Downloader.Swif.B]
    127.0.0.1 landinghall.com #[Spamdexing]
    127.0.0.1 www.latinbusca.com #[Adware-CommanderNET]
    127.0.0.1 ads.lawnsite.com
    127.0.0.1 layer-ads.de
    127.0.0.1 www.layer-ads.de
    127.0.0.1 banner.lbs.km.ru
    127.0.0.1 iframe.leadacceptor.com
    127.0.0.1 leakedcelebvideos.com #[Win32/TrojanDownloader.Agent.BCZ]
    127.0.0.1 www.leakedcelebvideos.com
    127.0.0.1 lem0n.info
    127.0.0.1 pubs.lemonde.fr
    127.0.0.1 www.leopardsearch.com
    127.0.0.1 ads.letemps.ch
    127.0.0.1 www.letusearch.com #[Google.Warning]
    127.0.0.1 ts1.lexmark.com
    127.0.0.1 leythosthestalker.com
    127.0.0.1 www.leythosthestalker.com
    127.0.0.1 adserver.libero.it
    127.0.0.1 adv-banner.libero.it
    127.0.0.1 phpads.lime.com
    127.0.0.1 link.ru
    127.0.0.1 link.link.ru
    127.0.0.1 www.linkads.net #[IE-SpyAd]
    127.0.0.1 ads.linki.nl
    127.0.0.1 www.linkads.de
    127.0.0.1 linkbuddies.com
    127.0.0.1 banners.linkbuddies.com
    127.0.0.1 www.linkbuddies.com
    127.0.0.1 www.linkcounter.com
    127.0.0.1 linksexchange.net
    127.0.0.1 linkexchange.ru
    127.0.0.1 web.linkexchange.ru
    127.0.0.1 www.linkexchange.ru
    127.0.0.1 link4link.com
    127.0.0.1 plus.link4link.com
    127.0.0.1 www.links4trade.com
    127.0.0.1 escati.linkopp.net
    127.0.0.1 www.linkopp.net
    127.0.0.1 click.linkstattrack.com #[SiteAdvisor.linkstattrack.com]
    127.0.0.1 www.linkpal.biz #[Trojan.Win32.LowZones.dr]
    127.0.0.1 linktarget.com
    127.0.0.1 banner.linktech.cn
    127.0.0.1 www.linkworth.com
    127.0.0.1 ads.linuxjournal.com
    127.0.0.1 www.ligue13.com #[Win32/Spy.Banker.BIG]
    127.0.0.1 www.liveads.org
    127.0.0.1 livecounter.net
    127.0.0.1 www.livecounter.net
    127.0.0.1 image.adv.livedoor.com
    127.0.0.1 js.livehelper.com
    127.0.0.1 newbrowse.livehelper.com
    127.0.0.1 ads.livescore.com
    127.0.0.1 traffic.liveuniversenetwork.com
    127.0.0.1 traffic.livevideo.com
    127.0.0.1 broadent.vo.llnwd.net
    127.0.0.1 lw.lnkworld.com
    127.0.0.1 loadz.biz #[Javascript.Exploit]
    127.0.0.1 omnituretrack.local.com
    127.0.0.1 ads.locators.com
    127.0.0.1 toolbar.locators.com #[AdWare.Win32.Locator.f]
    127.0.0.1 www.lojastal.com.br #[Win32/Spy.Banker.ANV]
    127.0.0.1 lol.to #[HTML/Exploit.Mht]
    127.0.0.1 err.lolipop.jp
    127.0.0.1 www.lookde5.com #[W32.Looked]
    127.0.0.1 lookoutsoft.net #[SiteAdvisor.lookoutsoft.net]
    127.0.0.1 screensavers.lookoutsoft.net
    127.0.0.1 www.lookoutsoft.net #[AdWare.Win32.WinAD.b]
    127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
    127.0.0.1 lolteens.in #[Haxdoor.Exploit]
    127.0.0.1 lottery-news.info #[HTML/TrojanDownloader.Agent.NAB]
    127.0.0.1 hexusads.fluent.ltd.uk
    127.0.0.1 www.luxemil.com #[Google.Warning]
    127.0.0.1 ads-apsa.lvz-online.de
    127.0.0.1 www.lynxtrack.com
    127.0.0.1 counter.lyricsdownload.com
    127.0.0.1 www.lyricspy.com #[PluginAccess]
    127.0.0.1 666.lyzh.com #[Trojan-PSW.Win32.Lineage.aec][TSPY_LINEAGE.WK]
    # [M]
    127.0.0.1 m2k.ru
    127.0.0.1 ad.m5prod.net
    127.0.0.1 ad.m-adx.com
    127.0.0.1 media.m-adx.com
    127.0.0.1 www.macrcmedia.com #[Exploit.ANI]
    127.0.0.1 www.macrcmedia.net
    127.0.0.1 ads.madisonavenue.com
    127.0.0.1 resource.madisonavenue.com
    127.0.0.1 textads.madisonavenue.com
    127.0.0.1 www.madrascements.com #[Win32/Spy.Banker.Big]
    127.0.0.1 banner.magicboxcasino.com #[AdWare.Win32.Casino.w]
    127.0.0.1 msn-sexoweb.mail15.com #[Win32/Spy.Banker.ANV]
    127.0.0.1 humortadela.mail15.com #[Win32/Spy.Banker.ANV]
    127.0.0.1 www.novogerador.mail15.com
    127.0.0.1 www.uolcard.mail15.com #[Trojan-Spy.Win32.Banker.ark]
    127.0.0.1 voegol.mail15.com #[Win32/Spy.Banker.ANV]
    127.0.0.1 humortadela0.mail333.com #[Win32/Spy.Banker.AHY]
    127.0.0.1 destino-gol.mail333.com #[Win32/Spy.Banker.BCK]
    127.0.0.1 www.messengerbeta.mail333.com #[Win32/Spy.Banker.BCK]
    127.0.0.1 mair.net #[Re
    a b 8 Sécurité
    1 Janvier 2008 20:43:44

    Re,

    Télécharge R-Hosts.exe (de S!ri)
    Lance R-Hosts puis clique sur "Restaurer".
    Valide la modification en appuyant sur OK.

    Refais un scan LopS&D.
    1 Janvier 2008 20:52:07

    voila le rapport:




    -----------------------------[ Lop S&D 2.0.2.b ]---------------------------

    Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

    "C:\Program Files\Lop SD"

    [ 01/01/2008 | 20:50:07,46 ] [ C156FA7ABCBB40A ]


    -------------[ Listing des dossiers dans Application Data ]------------

    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
    C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
    C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
    C:\Documents and Settings\All Users\APPLIC~1\avg7
    C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
    C:\Documents and Settings\All Users\APPLIC~1\Apple
    C:\Documents and Settings\All Users\APPLIC~1\CenerTCPMessenger
    C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
    C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
    C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
    C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
    C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
    C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft

    C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
    C:\Documents and Settings\Default User\APPLIC~1\Microsoft

    C:\Documents and Settings\joe\APPLIC~1\Microsoft
    C:\Documents and Settings\joe\APPLIC~1\AVG7
    C:\Documents and Settings\joe\APPLIC~1\teamspeak2
    C:\Documents and Settings\joe\APPLIC~1\Apple Computer
    C:\Documents and Settings\joe\APPLIC~1\BitTorrent
    C:\Documents and Settings\joe\APPLIC~1\FrostWire
    C:\Documents and Settings\joe\APPLIC~1\Media Player Classic
    C:\Documents and Settings\joe\APPLIC~1\Mozilla
    C:\Documents and Settings\joe\APPLIC~1\Participatory Culture Foundation
    C:\Documents and Settings\joe\APPLIC~1\LimeWire
    C:\Documents and Settings\joe\APPLIC~1\Newsbin
    C:\Documents and Settings\joe\APPLIC~1\Ahead
    C:\Documents and Settings\joe\APPLIC~1\Nero
    C:\Documents and Settings\joe\APPLIC~1\Lavasoft
    C:\Documents and Settings\joe\APPLIC~1\UnH Solutions
    C:\Documents and Settings\joe\APPLIC~1\WinRAR
    C:\Documents and Settings\joe\APPLIC~1\Avant Profiles
    C:\Documents and Settings\joe\APPLIC~1\Macromedia
    C:\Documents and Settings\joe\APPLIC~1\desktop.ini
    C:\Documents and Settings\joe\APPLIC~1\Xentient
    C:\Documents and Settings\joe\APPLIC~1\Styler
    C:\Documents and Settings\joe\APPLIC~1\Identities

    C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
    C:\Documents and Settings\LocalService\APPLIC~1\AVG7

    C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
    C:\Documents and Settings\NetworkService\APPLIC~1\AVG7

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [31/12/2007 23:00][--ah-----]C:\WINDOWS\tasks\A9C0666D91C01AFD.job
    [01/01/2008 20:10][--ah-----]C:\WINDOWS\tasks\SA.DAT
    [28/08/2004 14:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    C:\Program Files\Ad-Aware
    C:\Program Files\Adssite Games Collection
    C:\Program Files\Alwil Software
    C:\Program Files\AMD
    C:\Program Files\Apple Software Update
    C:\Program Files\AskSBar
    C:\Program Files\AusLogics Disk Defrag
    C:\Program Files\Avant Browser
    C:\Program Files\BitComet
    C:\Program Files\BitTorrent
    C:\Program Files\Cener Development
    C:\Program Files\Circle Developement
    C:\Program Files\Compare It!
    C:\Program Files\ComPlus Applications
    C:\Program Files\Crux Calculator v5
    C:\Program Files\Everest
    C:\Program Files\Fichiers communs
    C:\Program Files\Foreignword
    C:\Program Files\FoxitReader
    C:\Program Files\FrostWire
    C:\Program Files\Grisoft
    C:\Program Files\Hercules
    C:\Program Files\IE Privacy Keeper
    C:\Program Files\Internet Explorer
    C:\Program Files\iPod
    C:\Program Files\iTunes
    C:\Program Files\Java
    C:\Program Files\Kaspersky Lab
    C:\Program Files\K-Lite Codec Pack
    C:\Program Files\LimeWire
    C:\Program Files\Lop SD
    C:\Program Files\Messenger Plus! Live
    C:\Program Files\microsoft frontpage
    C:\Program Files\movie maker
    C:\Program Files\msn gaming zone
    C:\Program Files\MSN Messenger
    C:\Program Files\MSXML 4.0
    C:\Program Files\MSXML 6.0
    C:\Program Files\Nero
    C:\Program Files\Nero Portable 8.1.1.0
    C:\Program Files\netmeeting
    C:\Program Files\NewsBin
    C:\Program Files\Occtpt
    C:\Program Files\Outlook Express
    C:\Program Files\Paint.NET
    C:\Program Files\Participatory Culture Foundation
    C:\Program Files\PKR
    C:\Program Files\Prophet Soft
    C:\Program Files\QuickTime
    C:\Program Files\SAGEM
    C:\Program Files\Soft4Ever
    C:\Program Files\Spybot
    C:\Program Files\Spybot - Search & Destroy
    C:\Program Files\Styler
    C:\Program Files\Teamspeak2_RC2
    C:\Program Files\Trend Micro
    C:\Program Files\TweakRAM
    C:\Program Files\UberIcon
    C:\Program Files\Unlocker
    C:\Program Files\Windows Live
    C:\Program Files\Windows Media Connect 2
    C:\Program Files\Windows Media Player
    C:\Program Files\windows nt
    C:\Program Files\Windows Sidebar
    C:\Program Files\WinRAR
    C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    C:\Program Files\Fichiers communs\Ahead
    C:\Program Files\Fichiers communs\Apple
    C:\Program Files\Fichiers communs\InstallShield
    C:\Program Files\Fichiers communs\Java
    C:\Program Files\Fichiers communs\Logitech
    C:\Program Files\Fichiers communs\Microsoft Shared
    C:\Program Files\Fichiers communs\MSSoap
    C:\Program Files\Fichiers communs\ODBC
    C:\Program Files\Fichiers communs\Services
    C:\Program Files\Fichiers communs\SpeechEngines
    C:\Program Files\Fichiers communs\System

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\DOCUME~1\joe\LOCALS~1\Temp\bisB.exe

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\WINDOWS\Tasks\A9C0666D91C01AFD.job

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-01 20:51:02
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    --------------------[ Fin du rapport a 20:51:07,65 ]----------------------

    a b 8 Sécurité
    1 Janvier 2008 20:55:05

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 (Suppression)
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    1 Janvier 2008 22:00:04

    voila:


    -----------------------------[ Lop S&D 2.0.2.b ]---------------------------

    Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

    "C:\Program Files\Lop SD"

    [ 01/01/2008 | 21:58:20,54 ] [ C156FA7ABCBB40A ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\WINDOWS\Tasks\A9C0666D91C01AFD.job
    Supprimé! - C:\DOCUME~1\joe\LOCALS~1\Temp\bisB.exe

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
    C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
    C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
    C:\Documents and Settings\All Users\APPLIC~1\avg7
    C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
    C:\Documents and Settings\All Users\APPLIC~1\Apple
    C:\Documents and Settings\All Users\APPLIC~1\CenerTCPMessenger
    C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
    C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
    C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
    C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
    C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
    C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft

    C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
    C:\Documents and Settings\Default User\APPLIC~1\Microsoft

    C:\Documents and Settings\joe\APPLIC~1\Microsoft
    C:\Documents and Settings\joe\APPLIC~1\AVG7
    C:\Documents and Settings\joe\APPLIC~1\teamspeak2
    C:\Documents and Settings\joe\APPLIC~1\Apple Computer
    C:\Documents and Settings\joe\APPLIC~1\BitTorrent
    C:\Documents and Settings\joe\APPLIC~1\FrostWire
    C:\Documents and Settings\joe\APPLIC~1\Media Player Classic
    C:\Documents and Settings\joe\APPLIC~1\Mozilla
    C:\Documents and Settings\joe\APPLIC~1\Participatory Culture Foundation
    C:\Documents and Settings\joe\APPLIC~1\LimeWire
    C:\Documents and Settings\joe\APPLIC~1\Newsbin
    C:\Documents and Settings\joe\APPLIC~1\Ahead
    C:\Documents and Settings\joe\APPLIC~1\Nero
    C:\Documents and Settings\joe\APPLIC~1\Lavasoft
    C:\Documents and Settings\joe\APPLIC~1\UnH Solutions
    C:\Documents and Settings\joe\APPLIC~1\WinRAR
    C:\Documents and Settings\joe\APPLIC~1\Avant Profiles
    C:\Documents and Settings\joe\APPLIC~1\Macromedia
    C:\Documents and Settings\joe\APPLIC~1\desktop.ini
    C:\Documents and Settings\joe\APPLIC~1\Xentient
    C:\Documents and Settings\joe\APPLIC~1\Styler
    C:\Documents and Settings\joe\APPLIC~1\Identities

    C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
    C:\Documents and Settings\LocalService\APPLIC~1\AVG7

    C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
    C:\Documents and Settings\NetworkService\APPLIC~1\AVG7

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [01/01/2008 20:10][--ah-----]C:\WINDOWS\tasks\SA.DAT
    [28/08/2004 14:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    C:\Program Files\Ad-Aware
    C:\Program Files\Adssite Games Collection
    C:\Program Files\Alwil Software
    C:\Program Files\AMD
    C:\Program Files\Apple Software Update
    C:\Program Files\AskSBar
    C:\Program Files\AusLogics Disk Defrag
    C:\Program Files\Avant Browser
    C:\Program Files\BitComet
    C:\Program Files\BitTorrent
    C:\Program Files\Cener Development
    C:\Program Files\Circle Developement
    C:\Program Files\Compare It!
    C:\Program Files\ComPlus Applications
    C:\Program Files\Crux Calculator v5
    C:\Program Files\Everest
    C:\Program Files\Fichiers communs
    C:\Program Files\Foreignword
    C:\Program Files\FoxitReader
    C:\Program Files\FrostWire
    C:\Program Files\Grisoft
    C:\Program Files\Hercules
    C:\Program Files\IE Privacy Keeper
    C:\Program Files\Internet Explorer
    C:\Program Files\iPod
    C:\Program Files\iTunes
    C:\Program Files\Java
    C:\Program Files\Kaspersky Lab
    C:\Program Files\K-Lite Codec Pack
    C:\Program Files\LimeWire
    C:\Program Files\Lop SD
    C:\Program Files\Messenger Plus! Live
    C:\Program Files\microsoft frontpage
    C:\Program Files\movie maker
    C:\Program Files\msn gaming zone
    C:\Program Files\MSN Messenger
    C:\Program Files\MSXML 4.0
    C:\Program Files\MSXML 6.0
    C:\Program Files\Nero
    C:\Program Files\Nero Portable 8.1.1.0
    C:\Program Files\netmeeting
    C:\Program Files\NewsBin
    C:\Program Files\Occtpt
    C:\Program Files\Outlook Express
    C:\Program Files\Paint.NET
    C:\Program Files\Participatory Culture Foundation
    C:\Program Files\PKR
    C:\Program Files\Prophet Soft
    C:\Program Files\QuickTime
    C:\Program Files\SAGEM
    C:\Program Files\Soft4Ever
    C:\Program Files\Spybot
    C:\Program Files\Spybot - Search & Destroy
    C:\Program Files\Styler
    C:\Program Files\Teamspeak2_RC2
    C:\Program Files\Trend Micro
    C:\Program Files\TweakRAM
    C:\Program Files\UberIcon
    C:\Program Files\Unlocker
    C:\Program Files\Windows Live
    C:\Program Files\Windows Media Connect 2
    C:\Program Files\Windows Media Player
    C:\Program Files\windows nt
    C:\Program Files\Windows Sidebar
    C:\Program Files\WinRAR
    C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    C:\Program Files\Fichiers communs\Ahead
    C:\Program Files\Fichiers communs\Apple
    C:\Program Files\Fichiers communs\InstallShield
    C:\Program Files\Fichiers communs\Java
    C:\Program Files\Fichiers communs\Logitech
    C:\Program Files\Fichiers communs\Microsoft Shared
    C:\Program Files\Fichiers communs\MSSoap
    C:\Program Files\Fichiers communs\ODBC
    C:\Program Files\Fichiers communs\Services
    C:\Program Files\Fichiers communs\SpeechEngines
    C:\Program Files\Fichiers communs\System

    ----------------------[ Recherche avec S_Lop ]---------------------


    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-01 21:59:20
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    --------------------[ Fin du rapport a 21:59:25,79 ]----------------------
    a b 8 Sécurité
    1 Janvier 2008 22:02:19

    Reposte un rapport Hijackthis :) 
    1 Janvier 2008 22:05:43

    voila:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:05:31, on 01/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    I:\program files\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [burn long] C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 7774 bytes
    a b 8 Sécurité
    1 Janvier 2008 22:23:43

    Désinstalle AskSBar puis reposte un rapport Hijackthis.
    1 Janvier 2008 22:32:09

    voila:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:31:59, on 01/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    I:\program files\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
    O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 7548 bytes
    1 Janvier 2008 22:49:02

    voila:

    C:\WINDOWS\system32\cmcfg3.dll - Trouve !
    C:\WINDOWS\system32\cmcfg3.dll - Trouve !
    C:\WINDOWS\system32\cmcfg3.dll - Trouve !
    C:\WINDOWS\system32\cmcfg3.dll - Trouve !
    C:\WINDOWS\system32\cmcfg3.dll - Trouve !
    C:\WINDOWS\system32\cmcfg3.dll - Erreur de Suppression !
    a b 8 Sécurité
    1 Janvier 2008 23:02:40

    Reposte un rapport Hijackthis.
    1 Janvier 2008 23:06:34

    voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:05:57, on 01/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    I:\program files\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
    O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 7441 bytes
    a b 8 Sécurité
    1 Janvier 2008 23:10:31

    Re,

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne l'emplacement dans le cadre ci-dessous :

    C:\WINDOWS\system32\cmcfg3.dll

    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-
    1 Janvier 2008 23:26:23

    LoadLibrary failed for C:\WINDOWS\system32\cmcfg3.dll
    C:\WINDOWS\system32\cmcfg3.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\cmcfg3.dll scheduled to be moved on reboot.

    Created on 01/01/2008 23:21:57
    a b 8 Sécurité
    2 Janvier 2008 13:43:33

    Reposte un rapport Hijackthis.
    Coriace comme fichier.
    2 Janvier 2008 14:34:06

    Le trojan n'est toujours pas supprimé.

    voila le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:33:56, on 02/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    I:\program files\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 7187 bytes
    a b 8 Sécurité
    2 Janvier 2008 16:34:29

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


    2 Janvier 2008 17:12:40

    voila:

    ComboFix 08-01-02.1 - joe 2008-01-02 17:05:00.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1223 [GMT 1:00]
    Running from: C:\Documents and Settings\joe\Bureau\outils virus\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\nsl3D.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_NWSAPAGENT
    -------\NwSapAgent


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-02 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-02 15:30 . 2008-01-02 15:30 <REP> d-------- C:\Program Files\Echovoice
    2008-01-02 15:26 . 2008-01-02 15:26 <REP> d-------- C:\Program Files\MSBuild
    2008-01-02 15:22 . 2008-01-02 15:22 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-01-02 15:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-01-02 15:20 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-01-01 23:39 . 2008-01-01 23:41 8 --a------ C:\WINDOWS\system32\nvModes.dat
    2008-01-01 20:16 . 2008-01-01 21:59 <REP> d-------- C:\Program Files\Lop SD
    2007-12-31 19:45 . 2007-12-31 19:45 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-30 19:33 . 2007-12-30 19:33 <REP> d-------- C:\Program Files\Crux Calculator v5
    2007-12-30 19:07 . 2007-12-30 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-12-29 23:59 . 2007-12-30 00:09 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-12-29 23:59 . 2007-12-30 00:09 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-12-29 23:57 . 2007-12-29 23:57 <REP> d-------- C:\Program Files\Kaspersky Lab
    2007-12-29 23:57 . 2008-01-02 17:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-29 23:57 . 2008-01-02 17:08 2,327,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-29 23:57 . 2008-01-02 17:07 36,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-29 23:57 . 2008-01-02 17:08 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-12-29 23:57 . 2008-01-02 17:07 4,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-12-29 23:48 . 2007-12-29 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2007-12-29 22:18 . 2007-12-29 22:18 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
    2007-12-29 21:35 . 2008-01-01 23:46 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
    2007-12-29 21:35 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2007-12-29 21:30 . 2007-12-29 21:30 <REP> d-------- C:\NVIDIA
    2007-12-29 19:50 . 2007-12-29 19:50 109 --a------ C:\WINDOWS\wininit.ini
    2007-12-29 19:11 . 2007-12-30 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-29 18:51 . 2007-12-29 18:51 24,973,198 --------- C:\AVG7QT.DAT
    2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-12-29 18:48 . 2007-12-29 22:22 <REP> d-------- C:\Documents and Settings\joe\Application Data\AVG7
    2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Circle Developement
    2007-12-28 23:55 . 2007-12-28 23:55 <REP> d-------- C:\Documents and Settings\joe\Application Data\teamspeak2
    2007-12-28 23:54 . 2007-12-28 23:55 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2007-12-28 23:54 . 2007-12-28 23:54 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
    2007-12-28 23:20 . 2007-12-28 23:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-12-28 22:49 . 2007-12-28 22:49 146 --a------ C:\WINDOWS\system32\del32.bat
    2007-12-26 17:59 . 19,456 C:\WINDOWS\system32\drivers\jrrgpkti.dat
    2007-12-26 17:57 . 2004-08-28 14:00 84,992 --a------ C:\WINDOWS\system32\cmcfg3.dll
    2007-12-26 17:56 . 2007-12-26 17:56 <REP> d-------- C:\Program Files\Adssite Games Collection
    2007-12-26 17:56 . 2007-12-26 17:56 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iTunes
    2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iPod
    2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\joe\Application Data\Apple Computer
    2007-12-20 21:41 . 2007-12-29 04:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-20 21:41 . 2007-12-20 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\QuickTime
    2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Apple Software Update
    2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-17 20:10 . 2007-12-17 20:10 209 --a------ C:\xmlin.ini
    2007-12-16 22:13 . 2007-12-16 22:13 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-12-16 22:10 . 2007-12-18 19:28 <REP> d-------- C:\Program Files\BitComet
    2007-12-16 21:47 . 2007-12-16 21:47 <REP> d-------- C:\Program Files\BitTorrent
    2007-12-16 21:47 . 2007-12-16 21:49 <REP> d-------- C:\Documents and Settings\joe\Application Data\BitTorrent
    2007-12-16 21:32 . 2007-12-16 21:32 <REP> d-------- C:\Program Files\Foreignword
    2007-12-16 21:32 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2007-12-16 20:59 . 2007-12-16 20:59 268 --ah----- C:\sqmdata00.sqm
    2007-12-16 20:59 . 2007-12-16 20:59 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-13 19:08 . 2007-12-23 13:44 <REP> d-------- C:\Program Files\PKR
    2007-12-11 22:27 . 2007-12-11 22:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Media Player Classic
    2007-12-11 22:26 . 2007-12-11 22:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2007-12-11 21:24 . 2007-12-11 21:24 <REP> d-------- C:\Poker
    2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Program Files\Participatory Culture Foundation
    2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Participatory Culture Foundation
    2007-12-11 20:01 . 2007-12-28 22:54 <REP> d-------- C:\Downloads
    2007-12-11 18:40 . 2008-01-02 17:02 <REP> d-------- C:\Documents and Settings\joe\Shared
    2007-12-11 18:39 . 2007-12-13 19:11 <REP> d-------- C:\Documents and Settings\joe\Application Data\FrostWire
    2007-12-11 18:38 . 2007-12-11 18:39 <REP> d-------- C:\Program Files\FrostWire
    2007-12-11 18:22 . 2007-12-11 18:22 <REP> d-------- C:\Program Files\NewsBin
    2007-12-11 18:22 . 2007-12-11 18:28 <REP> d-------- C:\Documents and Settings\joe\Application Data\Newsbin
    2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
    2007-12-09 21:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-12-09 21:49 . 2007-12-09 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2007-12-09 21:49 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
    2007-12-09 21:49 . 2004-10-08 12:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
    2007-12-09 21:49 . 2004-10-08 13:00 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2007-12-09 21:49 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
    2007-12-09 21:49 . 2004-10-08 12:56 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
    2007-12-09 21:49 . 2004-10-08 12:55 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
    2007-12-09 21:49 . 2004-10-08 12:52 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
    2007-12-09 21:49 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
    2007-12-09 21:49 . 2004-10-08 12:57 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2007-12-09 21:49 . 2004-10-08 11:52 6,812 --a------ C:\WINDOWS\system32\lvcoinst.ini
    2007-12-09 21:49 . 2007-12-09 21:49 252 --a------ C:\WINDOWS\_delis32.ini
    2007-12-09 21:26 . 2007-12-09 21:26 <REP> d-------- C:\Documents and Settings\joe\Application Data\Ahead
    2007-12-04 21:46 . 2007-12-04 21:46 69 --a------ C:\WINDOWS\ggfirst.ini
    2007-12-04 21:39 . 2007-12-11 17:29 373,760 --a------ C:\WINDOWS\system32\Msn Attack 2007.exe
    2007-12-04 21:12 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2007-12-04 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2007-12-04 21:12 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2007-12-02 20:19 . 2007-12-24 23:23 <REP> d-------- C:\Program Files\Nero Portable 8.1.1.0
    2007-12-02 20:18 . 2007-12-02 20:18 <REP> d-------- C:\Documents and Settings\joe\Application Data\Nero
    2007-12-02 20:15 . 2007-12-02 20:15 <REP> d-------- C:\Program Files\Alwil Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-29 18:12 --------- d-----w C:\Program Files\Spybot
    2007-12-29 18:03 --------- d-----w C:\Program Files\Ad-Aware
    2007-12-29 14:51 --------- d-----w C:\Program Files\Windows Live
    2007-12-29 14:51 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-16 20:05 --------- d-----w C:\Program Files\Avant Browser
    2007-12-11 17:38 --------- d-----w C:\Program Files\LimeWire
    2007-12-11 17:35 --------- d-----w C:\Documents and Settings\joe\Application Data\LimeWire
    2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-12-01 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\CenerTCPMessenger
    2007-11-30 23:58 --------- d-----w C:\Program Files\Java
    2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2007-11-30 23:38 --------- d-----w C:\Documents and Settings\joe\Application Data\Lavasoft
    2007-11-30 23:36 --------- d-----w C:\Program Files\Prophet Soft
    2007-11-30 23:32 --------- d-----w C:\Documents and Settings\joe\Application Data\UnH Solutions
    2007-11-30 23:10 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-30 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-30 22:53 --------- d-----w C:\Program Files\Hercules
    2007-11-30 22:32 --------- d-----w C:\Documents and Settings\joe\Application Data\Avant Profiles
    2007-11-30 22:01 --------- d-----w C:\Program Files\AMD
    2007-11-30 21:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-11-30 21:50 --------- d-----w C:\Program Files\SAGEM
    2007-11-30 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
    2007-11-30 21:07 --------- d-----w C:\Program Files\Styler
    2007-11-30 21:07 --------- d-----w C:\Documents and Settings\joe\Application Data\Xentient
    2007-11-30 21:07 --------- d-----w C:\Documents and Settings\joe\Application Data\Styler
    2007-11-30 21:06 --------- d-----w C:\Program Files\MSXML 6.0
    2007-11-30 21:04 --------- d-----w C:\Program Files\Cener Development
    2007-11-30 20:47 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-11-30 20:47 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-11-30 20:42 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-30 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
    2007-11-30 20:41 77,184 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
    2007-11-30 20:41 45,824 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
    2007-11-30 20:41 --------- d-----w C:\Program Files\Nero
    2007-11-30 20:41 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-11-30 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-30 20:41 --------- d-----r C:\Program Files\Windows Sidebar
    2007-11-30 20:40 --------- d-----w C:\Program Files\MSXML 4.0
    2007-11-30 20:31 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-11-30 20:29 --------- d-----w C:\Program Files\Windows Media Connect 2
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB2C9408-C7D6-42A2-8851-4D05FDC73CEB}]
    2004-08-28 14:00 84992 --a------ C:\WINDOWS\system32\cmcfg3.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="i:\program files\steam\steam.exe" [2007-12-30 20:58 1266936]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
    "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
    "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
    "C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 1216512 C:\WINDOWS\mixer.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 22:52 53248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
    "nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
    "nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
    "nltide_2"="regsvr32 /s /n /i:U shell32" []
    "nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    C:\Program Files\BitComet\BitComet.exe /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burn long]
    C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
    C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Data Bib.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-28 14:00 25088 --a------ C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
    C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
    C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2004-10-08 11:52 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RunDLL32.exe NvMCTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
    2006-05-03 11:48 307200 --a------ C:\Program Files\styler\Styler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
    C:\WINDOWS\system32\transbar.exe /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
    2002-08-14 17:26 819200 --a------ C:\Program Files\Foreignword\Xanadu\Xanadu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "burn long"=C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "nwiz"=nwiz.exe /install

    R0 kaftunru;kaftunru;C:\WINDOWS\system32\drivers\jrrgpkti.dat []
    R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
    R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
    R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
    R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
    R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-11-30 21:41]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279e7e7c-9f85-11dc-8a91-806d6172696f}]
    \Shell\AutoRun\command - E:\ASUSACPI.exe

    *Newly Created Service* - SENS
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-02 17:09:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\UberIcon\UberIcon.dll
    -> C:\Windows\System32\VttHooks.dll
    .
    Completion time: 2008-01-02 17:11:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-02 16:10:59
    2 Janvier 2008 17:22:17

    je sens bien que ta besoin d'un autre rapport hijackthis donc le voila:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:21, on 02/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
    I:\program files\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 7081 bytes
    a b 8 Sécurité
    2 Janvier 2008 18:18:53

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\cmcfg3.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB2C9408-C7D6-42A2-8851-4D05FDC73CEB}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    2 Janvier 2008 18:43:33

    voila le rapport Combofix:

    ComboFix 08-01-02.1 - joe 2008-01-02 18:35:11.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1270 [GMT 1:00]
    Running from: C:\Documents and Settings\joe\Bureau\outils virus\ComboFix.exe
    Command switches used :: C:\Documents and Settings\joe\Bureau\outils virus\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\cmcfg3.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\cmcfg3.dll . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-02 17:32 . 2008-01-02 17:36 <REP> d-------- C:\Program Files\LcdStudio
    2008-01-02 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-02 15:30 . 2008-01-02 15:30 <REP> d-------- C:\Program Files\Echovoice
    2008-01-02 15:26 . 2008-01-02 15:26 <REP> d-------- C:\Program Files\MSBuild
    2008-01-02 15:22 . 2008-01-02 15:22 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-01-02 15:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-01-02 15:20 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-01-01 23:39 . 2008-01-01 23:41 8 --a------ C:\WINDOWS\system32\nvModes.dat
    2008-01-01 20:16 . 2008-01-01 21:59 <REP> d-------- C:\Program Files\Lop SD
    2007-12-31 19:45 . 2007-12-31 19:45 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-30 19:33 . 2007-12-30 19:33 <REP> d-------- C:\Program Files\Crux Calculator v5
    2007-12-30 19:07 . 2007-12-30 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-12-29 23:59 . 2007-12-30 00:09 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-12-29 23:59 . 2007-12-30 00:09 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-12-29 23:57 . 2007-12-29 23:57 <REP> d-------- C:\Program Files\Kaspersky Lab
    2007-12-29 23:57 . 2008-01-02 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-29 23:57 . 2008-01-02 18:38 2,490,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-29 23:57 . 2008-01-02 18:37 38,588 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-29 23:57 . 2008-01-02 18:38 26,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-12-29 23:57 . 2008-01-02 18:37 4,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-12-29 23:48 . 2007-12-29 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2007-12-29 22:18 . 2007-12-29 22:18 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
    2007-12-29 21:35 . 2008-01-01 23:46 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
    2007-12-29 21:35 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2007-12-29 21:30 . 2007-12-29 21:30 <REP> d-------- C:\NVIDIA
    2007-12-29 19:50 . 2007-12-29 19:50 109 --a------ C:\WINDOWS\wininit.ini
    2007-12-29 19:11 . 2007-12-30 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-29 18:51 . 2007-12-29 18:51 24,973,198 --------- C:\AVG7QT.DAT
    2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-12-29 18:48 . 2007-12-29 22:22 <REP> d-------- C:\Documents and Settings\joe\Application Data\AVG7
    2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Circle Developement
    2007-12-28 23:55 . 2007-12-28 23:55 <REP> d-------- C:\Documents and Settings\joe\Application Data\teamspeak2
    2007-12-28 23:54 . 2007-12-28 23:55 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2007-12-28 23:54 . 2007-12-28 23:54 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
    2007-12-28 23:20 . 2007-12-28 23:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-12-28 22:49 . 2007-12-28 22:49 146 --a------ C:\WINDOWS\system32\del32.bat
    2007-12-26 17:59 . 19,456 C:\WINDOWS\system32\drivers\jrrgpkti.dat
    2007-12-26 17:57 . 2004-08-28 14:00 84,992 --a------ C:\WINDOWS\system32\cmcfg3.dll
    2007-12-26 17:56 . 2007-12-26 17:56 <REP> d-------- C:\Program Files\Adssite Games Collection
    2007-12-26 17:56 . 2007-12-26 17:56 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iTunes
    2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iPod
    2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\joe\Application Data\Apple Computer
    2007-12-20 21:41 . 2007-12-29 04:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-20 21:41 . 2007-12-20 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\QuickTime
    2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Apple Software Update
    2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-17 20:10 . 2007-12-17 20:10 209 --a------ C:\xmlin.ini
    2007-12-16 22:13 . 2007-12-16 22:13 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-12-16 22:10 . 2007-12-18 19:28 <REP> d-------- C:\Program Files\BitComet
    2007-12-16 21:47 . 2007-12-16 21:47 <REP> d-------- C:\Program Files\BitTorrent
    2007-12-16 21:47 . 2007-12-16 21:49 <REP> d-------- C:\Documents and Settings\joe\Application Data\BitTorrent
    2007-12-16 21:32 . 2007-12-16 21:32 <REP> d-------- C:\Program Files\Foreignword
    2007-12-16 21:32 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2007-12-16 20:59 . 2007-12-16 20:59 268 --ah----- C:\sqmdata00.sqm
    2007-12-16 20:59 . 2007-12-16 20:59 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-13 19:08 . 2007-12-23 13:44 <REP> d-------- C:\Program Files\PKR
    2007-12-11 22:27 . 2007-12-11 22:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Media Player Classic
    2007-12-11 22:26 . 2007-12-11 22:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2007-12-11 21:24 . 2007-12-11 21:24 <REP> d-------- C:\Poker
    2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Program Files\Participatory Culture Foundation
    2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Participatory Culture Foundation
    2007-12-11 20:01 . 2007-12-28 22:54 <REP> d-------- C:\Downloads
    2007-12-11 18:40 . 2008-01-02 17:02 <REP> d-------- C:\Documents and Settings\joe\Shared
    2007-12-11 18:39 . 2007-12-13 19:11 <REP> d-------- C:\Documents and Settings\joe\Application Data\FrostWire
    2007-12-11 18:38 . 2007-12-11 18:39 <REP> d-------- C:\Program Files\FrostWire
    2007-12-11 18:22 . 2007-12-11 18:22 <REP> d-------- C:\Program Files\NewsBin
    2007-12-11 18:22 . 2007-12-11 18:28 <REP> d-------- C:\Documents and Settings\joe\Application Data\Newsbin
    2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
    2007-12-09 21:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-12-09 21:49 . 2007-12-09 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2007-12-09 21:49 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
    2007-12-09 21:49 . 2004-10-08 12:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
    2007-12-09 21:49 . 2004-10-08 13:00 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2007-12-09 21:49 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
    2007-12-09 21:49 . 2004-10-08 12:56 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
    2007-12-09 21:49 . 2004-10-08 12:55 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
    2007-12-09 21:49 . 2004-10-08 12:52 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
    2007-12-09 21:49 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
    2007-12-09 21:49 . 2004-10-08 12:57 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2007-12-09 21:49 . 2004-10-08 11:52 6,812 --a------ C:\WINDOWS\system32\lvcoinst.ini
    2007-12-09 21:49 . 2007-12-09 21:49 252 --a------ C:\WINDOWS\_delis32.ini
    2007-12-09 21:26 . 2007-12-09 21:26 <REP> d-------- C:\Documents and Settings\joe\Application Data\Ahead
    2007-12-04 21:46 . 2007-12-04 21:46 69 --a------ C:\WINDOWS\ggfirst.ini
    2007-12-04 21:39 . 2007-12-11 17:29 373,760 --a------ C:\WINDOWS\system32\Msn Attack 2007.exe
    2007-12-04 21:12 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2007-12-04 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2007-12-04 21:12 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2007-12-02 20:19 . 2007-12-24 23:23 <REP> d-------- C:\Program Files\Nero Portable 8.1.1.0
    2007-12-02 20:18 . 2007-12-02 20:18 <REP> d-------- C:\Documents and Settings\joe\Application Data\Nero

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-29 18:12 --------- d-----w C:\Program Files\Spybot
    2007-12-29 18:03 --------- d-----w C:\Program Files\Ad-Aware
    2007-12-29 14:51 --------- d-----w C:\Program Files\Windows Live
    2007-12-29 14:51 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-16 20:05 --------- d-----w C:\Program Files\Avant Browser
    2007-12-11 17:38 --------- d-----w C:\Program Files\LimeWire
    2007-12-11 17:35 --------- d-----w C:\Documents and Settings\joe\Application Data\LimeWire
    2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
    2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
    2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
    2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
    2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
    2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
    2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
    2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
    2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
    2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
    2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
    2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
    2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
    2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
    2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
    2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
    2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
    2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
    2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
    2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
    2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
    2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
    2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
    2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
    2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
    2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
    2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
    2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
    2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
    2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
    2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
    2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
    2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
    2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
    2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
    2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
    2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
    2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
    2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
    2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
    2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
    2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
    2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
    2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
    2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
    2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
    2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
    2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
    2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
    2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-02_17.10.33.81 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-02 17:06:47 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a5b56f4c7a2a5f16f5a9fbb2179f3d3c\ComSvcConfig.ni.exe
    + 2008-01-02 17:06:49 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\19c63aca789291b780e26aed783defac\Microsoft.Transactions.Bridge.ni.dll
    + 2008-01-02 17:06:50 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\422912646394eb73d7b4d2a731dadf53\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2008-01-02 17:07:23 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a17aeb679d15d0e1c488a13f6e8bd8a8\PresentationBuildTasks.ni.dll
    + 2008-01-02 17:06:51 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\92a5e70978574364c83d1ef6e0a1923b\ServiceModelReg.ni.exe
    + 2008-01-02 17:06:51 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\82d28c1c7fb7ac615cffec84a8d5fd26\SMDiagnostics.ni.dll
    + 2008-01-02 17:06:52 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\0c3c39e29e410f9bf5dc8438d158bdf1\SMSvcHost.ni.exe
    + 2008-01-02 17:07:27 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\912475636fa22b7244eb929e249ca694\sysglobl.ni.dll
    + 2008-01-02 17:06:16 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5c0a1be893eae7a8d517a7f76737fb7f\System.IdentityModel.Selectors.ni.dll
    + 2008-01-02 17:06:15 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\62acbb854a56e1211702aa1628560e2a\System.IdentityModel.ni.dll
    + 2008-01-02 17:06:17 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\2adc2ea418b06f4c74c67633f1593cb5\System.IO.Log.ni.dll
    + 2008-01-02 17:06:20 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b4565792948b8651d432aec5a1208f14\System.Runtime.Serialization.ni.dll
    + 2008-01-02 17:06:46 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b67d6aa655134e9dca4566650641ad92\System.ServiceModel.ni.dll
    + 2008-01-02 17:07:26 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\60703045570818429e9a76215958e06c\System.Speech.ni.dll
    + 2008-01-02 17:07:28 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\44d8b6fe933dbb1523b0bdd6a78aae40\UIAutomationClient.ni.dll
    + 2008-01-02 17:07:29 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41b141af40a582666de2bba411d69f08\UIAutomationClientsideProviders.ni.dll
    + 2008-01-02 17:07:32 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\20a7fd28518ebf02a2ff34ffd5262922\WindowsFormsIntegration.ni.dll
    + 2008-01-02 17:06:53 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\d11bc589ce335a1886b6e2c84a096856\WsatConfig.ni.exe
    - 2008-01-02 14:26:35 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-02 16:12:48 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-02 14:26:35 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-02 16:12:48 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-01-02 14:26:35 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-02 16:12:48 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-02 14:26:35 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-02 16:12:48 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB2C9408-C7D6-42A2-8851-4D05FDC73CEB}]
    2004-08-28 14:00 84992 --a------ C:\WINDOWS\system32\cmcfg3.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="i:\program files\steam\steam.exe" [2007-12-30 20:58 1266936]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
    "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
    "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
    "C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 1216512 C:\WINDOWS\mixer.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 22:52 53248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
    "nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
    "nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
    "nltide_2"="regsvr32 /s /n /i:U shell32" []
    "nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    C:\Program Files\BitComet\BitComet.exe /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burn long]
    C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
    C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Data Bib.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-28 14:00 25088 --a------ C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
    C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
    C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2004-10-08 11:52 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RunDLL32.exe NvMCTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
    2006-05-03 11:48 307200 --a------ C:\Program Files\styler\Styler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
    C:\WINDOWS\system32\transbar.exe /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
    2002-08-14 17:26 819200 --a------ C:\Program Files\Foreignword\Xanadu\Xanadu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "burn long"=C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "nwiz"=nwiz.exe /install

    R0 kaftunru;kaftunru;C:\WINDOWS\system32\drivers\jrrgpkti.dat []
    R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
    R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
    R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
    R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
    R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-11 23:31]
    R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-11 23:31]
    R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-11-30 21:41]
    R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 15:46]
    R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-11 23:31]
    R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-11 23:31]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279e7e7c-9f85-11dc-8a91-806d6172696f}]
    \Shell\AutoRun\command - E:\ASUSACPI.exe

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-02 18:38:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\UberIcon\UberIcon.dll
    -> C:\Windows\System32\VttHooks.dll
    .
    Completion time: 2008-01-02 18:40:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-02 17:40:41
    ComboFix2.txt 2008-01-02 16:11:09


    Et voila le rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:43, on 02/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
    I:\program files\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 6957 bytes
    a b 8 Sécurité
    2 Janvier 2008 20:34:46

    Recommence avec ce script :

    Driver::
    kaftunru

    File::
    C:\WINDOWS\system32\drivers\jrrgpkti.dat
    Rootkit::

    C:\WINDOWS\system32\cmcfg3.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB2C9408-C7D6-42A2-8851-4D05FDC73CEB}]

    2 Janvier 2008 20:56:51

    ComboFix 08-01-02.1 - joe 2008-01-02 20:50:33.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1205 [GMT 1:00]
    Running from: C:\Documents and Settings\joe\Bureau\outils virus\ComboFix.exe
    Command switches used :: C:\Documents and Settings\joe\Bureau\outils virus\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\drivers\jrrgpkti.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\jrrgpkti.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_KAFTUNRU
    -------\kaftunru


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-02 17:32 . 2008-01-02 17:36 <REP> d-------- C:\Program Files\LcdStudio
    2008-01-02 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-02 15:30 . 2008-01-02 15:30 <REP> d-------- C:\Program Files\Echovoice
    2008-01-02 15:26 . 2008-01-02 15:26 <REP> d-------- C:\Program Files\MSBuild
    2008-01-02 15:22 . 2008-01-02 15:22 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-01-02 15:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-01-02 15:20 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-01-01 23:39 . 2008-01-01 23:41 8 --a------ C:\WINDOWS\system32\nvModes.dat
    2008-01-01 20:16 . 2008-01-01 21:59 <REP> d-------- C:\Program Files\Lop SD
    2007-12-31 19:45 . 2007-12-31 19:45 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-30 19:33 . 2007-12-30 19:33 <REP> d-------- C:\Program Files\Crux Calculator v5
    2007-12-30 19:07 . 2007-12-30 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-12-29 23:59 . 2007-12-30 00:09 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-12-29 23:59 . 2007-12-30 00:09 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-12-29 23:57 . 2007-12-29 23:57 <REP> d-------- C:\Program Files\Kaspersky Lab
    2007-12-29 23:57 . 2008-01-02 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-29 23:57 . 2008-01-02 20:53 2,596,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-29 23:57 . 2008-01-02 20:52 40,004 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-29 23:57 . 2008-01-02 20:54 30,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-12-29 23:57 . 2008-01-02 20:52 4,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-12-29 23:48 . 2007-12-29 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2007-12-29 22:18 . 2007-12-29 22:18 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
    2007-12-29 21:35 . 2008-01-01 23:46 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
    2007-12-29 21:35 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2007-12-29 21:30 . 2007-12-29 21:30 <REP> d-------- C:\NVIDIA
    2007-12-29 19:50 . 2007-12-29 19:50 109 --a------ C:\WINDOWS\wininit.ini
    2007-12-29 19:11 . 2007-12-30 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-29 18:51 . 2007-12-29 18:51 24,973,198 --------- C:\AVG7QT.DAT
    2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-12-29 18:48 . 2007-12-29 22:22 <REP> d-------- C:\Documents and Settings\joe\Application Data\AVG7
    2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Circle Developement
    2007-12-28 23:55 . 2007-12-28 23:55 <REP> d-------- C:\Documents and Settings\joe\Application Data\teamspeak2
    2007-12-28 23:54 . 2007-12-28 23:55 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2007-12-28 23:54 . 2007-12-28 23:54 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
    2007-12-28 23:20 . 2007-12-28 23:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-12-28 22:49 . 2007-12-28 22:49 146 --a------ C:\WINDOWS\system32\del32.bat
    2007-12-26 17:57 . 2004-08-28 14:00 84,992 --a------ C:\WINDOWS\system32\cmcfg3.dll
    2007-12-26 17:56 . 2007-12-26 17:56 <REP> d-------- C:\Program Files\Adssite Games Collection
    2007-12-26 17:56 . 2007-12-26 17:56 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iTunes
    2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iPod
    2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\joe\Application Data\Apple Computer
    2007-12-20 21:41 . 2007-12-29 04:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-20 21:41 . 2007-12-20 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\QuickTime
    2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Apple Software Update
    2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-17 20:10 . 2007-12-17 20:10 209 --a------ C:\xmlin.ini
    2007-12-16 22:13 . 2007-12-16 22:13 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-12-16 22:10 . 2007-12-18 19:28 <REP> d-------- C:\Program Files\BitComet
    2007-12-16 21:47 . 2007-12-16 21:47 <REP> d-------- C:\Program Files\BitTorrent
    2007-12-16 21:47 . 2007-12-16 21:49 <REP> d-------- C:\Documents and Settings\joe\Application Data\BitTorrent
    2007-12-16 21:32 . 2007-12-16 21:32 <REP> d-------- C:\Program Files\Foreignword
    2007-12-16 21:32 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2007-12-16 20:59 . 2007-12-16 20:59 268 --ah----- C:\sqmdata00.sqm
    2007-12-16 20:59 . 2007-12-16 20:59 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-13 19:08 . 2007-12-23 13:44 <REP> d-------- C:\Program Files\PKR
    2007-12-11 22:27 . 2007-12-11 22:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Media Player Classic
    2007-12-11 22:26 . 2007-12-11 22:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2007-12-11 21:24 . 2007-12-11 21:24 <REP> d-------- C:\Poker
    2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Program Files\Participatory Culture Foundation
    2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Participatory Culture Foundation
    2007-12-11 20:01 . 2007-12-28 22:54 <REP> d-------- C:\Downloads
    2007-12-11 18:40 . 2008-01-02 17:02 <REP> d-------- C:\Documents and Settings\joe\Shared
    2007-12-11 18:39 . 2007-12-13 19:11 <REP> d-------- C:\Documents and Settings\joe\Application Data\FrostWire
    2007-12-11 18:38 . 2007-12-11 18:39 <REP> d-------- C:\Program Files\FrostWire
    2007-12-11 18:22 . 2007-12-11 18:22 <REP> d-------- C:\Program Files\NewsBin
    2007-12-11 18:22 . 2007-12-11 18:28 <REP> d-------- C:\Documents and Settings\joe\Application Data\Newsbin
    2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
    2007-12-09 21:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-12-09 21:49 . 2007-12-09 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2007-12-09 21:49 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
    2007-12-09 21:49 . 2004-10-08 12:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
    2007-12-09 21:49 . 2004-10-08 13:00 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2007-12-09 21:49 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
    2007-12-09 21:49 . 2004-10-08 12:56 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
    2007-12-09 21:49 . 2004-10-08 12:55 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
    2007-12-09 21:49 . 2004-10-08 12:52 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
    2007-12-09 21:49 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
    2007-12-09 21:49 . 2004-10-08 12:57 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2007-12-09 21:49 . 2004-10-08 11:52 6,812 --a------ C:\WINDOWS\system32\lvcoinst.ini
    2007-12-09 21:49 . 2007-12-09 21:49 252 --a------ C:\WINDOWS\_delis32.ini
    2007-12-09 21:26 . 2007-12-09 21:26 <REP> d-------- C:\Documents and Settings\joe\Application Data\Ahead
    2007-12-04 21:46 . 2007-12-04 21:46 69 --a------ C:\WINDOWS\ggfirst.ini
    2007-12-04 21:39 . 2007-12-11 17:29 373,760 --a------ C:\WINDOWS\system32\Msn Attack 2007.exe
    2007-12-04 21:12 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2007-12-04 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2007-12-04 21:12 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2007-12-02 20:19 . 2007-12-24 23:23 <REP> d-------- C:\Program Files\Nero Portable 8.1.1.0
    2007-12-02 20:18 . 2007-12-02 20:18 <REP> d-------- C:\Documents and Settings\joe\Application Data\Nero
    2007-12-02 20:15 . 2007-12-02 20:15 <REP> d-------- C:\Program Files\Alwil Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-29 18:12 --------- d-----w C:\Program Files\Spybot
    2007-12-29 18:03 --------- d-----w C:\Program Files\Ad-Aware
    2007-12-29 14:51 --------- d-----w C:\Program Files\Windows Live
    2007-12-29 14:51 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-16 20:05 --------- d-----w C:\Program Files\Avant Browser
    2007-12-11 17:38 --------- d-----w C:\Program Files\LimeWire
    2007-12-11 17:35 --------- d-----w C:\Documents and Settings\joe\Application Data\LimeWire
    2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
    2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
    2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
    2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
    2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
    2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
    2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
    2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
    2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
    2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
    2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
    2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
    2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
    2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
    2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
    2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
    2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
    2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
    2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
    2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
    2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
    2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
    2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
    2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
    2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
    2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
    2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
    2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
    2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
    2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
    2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
    2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
    2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
    2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
    2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
    2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
    2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
    2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
    2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
    2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
    2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
    2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
    2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
    2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
    2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
    2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
    2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
    2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
    2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
    2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-02_17.10.33.81 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-02 17:06:47 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a5b56f4c7a2a5f16f5a9fbb2179f3d3c\ComSvcConfig.ni.exe
    + 2008-01-02 17:06:49 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\19c63aca789291b780e26aed783defac\Microsoft.Transactions.Bridge.ni.dll
    + 2008-01-02 17:06:50 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\422912646394eb73d7b4d2a731dadf53\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2008-01-02 17:07:23 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a17aeb679d15d0e1c488a13f6e8bd8a8\PresentationBuildTasks.ni.dll
    + 2008-01-02 17:06:51 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\92a5e70978574364c83d1ef6e0a1923b\ServiceModelReg.ni.exe
    + 2008-01-02 17:06:51 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\82d28c1c7fb7ac615cffec84a8d5fd26\SMDiagnostics.ni.dll
    + 2008-01-02 17:06:52 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\0c3c39e29e410f9bf5dc8438d158bdf1\SMSvcHost.ni.exe
    + 2008-01-02 17:07:27 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\912475636fa22b7244eb929e249ca694\sysglobl.ni.dll
    + 2008-01-02 17:06:16 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5c0a1be893eae7a8d517a7f76737fb7f\System.IdentityModel.Selectors.ni.dll
    + 2008-01-02 17:06:15 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\62acbb854a56e1211702aa1628560e2a\System.IdentityModel.ni.dll
    + 2008-01-02 17:06:17 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\2adc2ea418b06f4c74c67633f1593cb5\System.IO.Log.ni.dll
    + 2008-01-02 17:06:20 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b4565792948b8651d432aec5a1208f14\System.Runtime.Serialization.ni.dll
    + 2008-01-02 17:06:46 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b67d6aa655134e9dca4566650641ad92\System.ServiceModel.ni.dll
    + 2008-01-02 17:07:26 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\60703045570818429e9a76215958e06c\System.Speech.ni.dll
    + 2008-01-02 17:07:28 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\44d8b6fe933dbb1523b0bdd6a78aae40\UIAutomationClient.ni.dll
    + 2008-01-02 17:07:29 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41b141af40a582666de2bba411d69f08\UIAutomationClientsideProviders.ni.dll
    + 2008-01-02 17:07:32 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\20a7fd28518ebf02a2ff34ffd5262922\WindowsFormsIntegration.ni.dll
    + 2008-01-02 17:06:53 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\d11bc589ce335a1886b6e2c84a096856\WsatConfig.ni.exe
    - 2008-01-02 14:26:35 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-02 16:12:48 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-02 14:26:35 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-02 16:12:48 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-01-02 14:26:35 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-02 16:12:48 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-02 14:26:35 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-02 16:12:48 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="i:\program files\steam\steam.exe" [2007-12-30 20:58 1266936]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
    "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
    "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
    "C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 1216512 C:\WINDOWS\mixer.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 22:52 53248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
    "nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
    "nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
    "nltide_2"="regsvr32 /s /n /i:U shell32" []
    "nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    C:\Program Files\BitComet\BitComet.exe /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burn long]
    C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
    C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Data Bib.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-28 14:00 25088 --a------ C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
    C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
    C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2004-10-08 11:52 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RunDLL32.exe NvMCTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
    2006-05-03 11:48 307200 --a------ C:\Program Files\styler\Styler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
    C:\WINDOWS\system32\transbar.exe /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
    2002-08-14 17:26 819200 --a------ C:\Program Files\Foreignword\Xanadu\Xanadu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "burn long"=C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "nwiz"=nwiz.exe /install

    R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
    R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
    R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
    R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
    R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-11 23:31]
    R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-11 23:31]
    R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-11-30 21:41]
    R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 15:46]
    R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-11 23:31]
    R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-11 23:31]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279e7e7c-9f85-11dc-8a91-806d6172696f}]
    \Shell\AutoRun\command - E:\ASUSACPI.exe

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-02 20:54:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\UberIcon\UberIcon.dll
    -> C:\Windows\System32\VttHooks.dll
    .
    Completion time: 2008-01-02 20:55:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-02 19:55:40
    ComboFix2.txt 2008-01-02 17:40:45
    ComboFix3.txt 2008-01-02 16:11:09










































    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:56, on 02/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
    I:\program files\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\verclsid.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 6896 bytes
    a b 8 Sécurité
    2 Janvier 2008 21:10:28

    C'est mieux ?
    2 Janvier 2008 21:47:11

    voila jai pu le supprimer il était plus protégé !!!

    Merci frenchement de t'ètre investi autant pour moi ses vrément cool !!

    Un grand merci a toi !!!!!!!!!!!
    2 Janvier 2008 23:10:53

    a l'aide moi aussi j'ai le meme probleme je reprendre tout comme la perssonne les etapes ci dessus ou pas
    merci
    2 Janvier 2008 23:18:21

    Bonsoir marechsand ,
    Citation :
    a l'aide moi aussi j'ai le meme probleme je reprendre tout comme la perssonne les etapes ci dessus ou pas
    merci

    Surtout pas ! ce genre de manip doit être suivie de près , tous les cas sont différents ...
    Merci de créer ton propre sujet

    PS : Angel , tu peux faire le ménage et virer mon post :D 
    a b 8 Sécurité
    3 Janvier 2008 14:33:22

    Je laisse :p 
    -----
    Tu as des questions ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS