Sujet Précédent Sujet Suivant

[Virus] [Trojan] spy sheriff et autres

lolo997 Messages postés 102 Statut Membre -  
lolo997 Messages postés 102 Statut Membre -
bonjour, voici mon problème, hier j'ai reformaté mon ordinateur pour problème de freeze toute les 5 minutes. ne fois reformaté, je réinstalle mes périphérique et logiciel. Je vais télécharger avast que l'on m'a recommandé, puis peu de temps aprèse, de nombreux message d'erreur avec une liste impressionante de virus, trojan ( hoaxalarm, trojan jullicites...). j'ai beau faire réparer, et mettre en quarantaine, apres reboot cela ne change strictement rien ! je désinstalle avast puis installe NIS avec NAV 2003. Je procède à la mise à jour, analyse... et la, deux fichier infecté mais non répare. Norton quitte tout seul et apparait le message : your computer is infected (dans la barre des tache une crois blanche sur rond rouge). Spysheriff se lance tout seul, fait une analyse, et me propose tres gentilement de régler les problème ( moyennant une clé cd...). Au moment même ou j'écris ce message un message d'alerte virus NAV me previent qu'il na pas réussi a supprimé Download.Trojan. J'ai navigué tant bien que mal sur internet, je suis tombé sur un tuto de ccc http://www.commentcamarche.net/faq/sujet-2964-virus-your-computer-is-infected

je fais ca tout de suite, en espérant que cela soit résolu et que si ce n'est pas le cas, vous m'aiderez à résoudres ces nombreux problème. Merci d'avance !!
A voir également:

78 réponses

Précédent
Réponse 41 / 78
bernie61
 
re
relances Hijack et coche/fix
O20 - Winlogon Notify: xdudtt - C:\WINDOWS\SYSTEM32\xdudtt.dll

il faut ensuite effacer cette dll : C:\WINDOWS\SYSTEM32\xdudtt.dll

selon la procédure de l'effaceur hijack
Procédure effaceur HT: ouvrir Hijackthis là en bas droite CONFIG puis onglet MISCtools, là " Delete a file on reboot ", cliq dessus et suivre chemin de fichier à effacer, il indique alors " voulez-vous redémarrer maintenant ", cliq sur NON si d'autres fichiers sont à sélectionner et à nouveau " Delete a file on reboot " .. puis cliq OUI quand tous les fichiers sont sélectionnés

dis nous où en sont tes pbm, remet un rapport hijack
a+
0
Réponse 42 / 78
lolo997 Messages postés 102 Statut Membre
 
xdudtt.dll est introuvable :S
0
Réponse 43 / 78
lolo997 Messages postés 102 Statut Membre
 
Logfile of HijackThis v1.99.1
Scan saved at 20:31:00, on 25/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\MSIEXEC.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe
C:\WINDOWS\System32\MsiExec.exe
D:\FotoWire\FRA\fwSetup3_10210.exe
C:\Documents and Settings\Gasser.SN301096530007.000\Mes documents\rapport virus logiciel\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F53F0CF1-5B8B-4F81-B70D-0FA81D64D824}: NameServer = 86.64.145.141 84.103.237.141
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: xdudtt - C:\WINDOWS\SYSTEM32\xdudtt.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InSec(inetsec) (InSec) - Unknown owner - C:\WINDOWS\system32\inetsec.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 44 / 78
bernie61
 
re
bon on essaie autre chose alors
on nettoie avec l2mfix selon cette procédure
http://users.skynet.be/BernieClub/index.html#l2mfix

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 78
Regis59
 
Salut

Rend toi ici:
c:\windows\system32\drivers\etc\Host.

Ouvre le Host et copie/colle ce qu il y a a l interieur stp

a+
0
Réponse 46 / 78
regis59
 
Essai ceci aussi:

The Hoster http://www.funkytoad.com/download/hoster.zip Dézippe ce fichier sur ton bureau
* Hors connexion nagigateur fermé ainsi que toutes les applications en cours
* Double clic sur hoster.exe
* Clique sur Restore Original Hosts ensuite sur Ok
0
Réponse 47 / 78
lolo997 Messages postés 102 Statut Membre
 
# copyright (c) 1993-1999 microsoft corp.

#

# ceci est un exemple de fichier hosts utilisé par microsoft tcp/ip

# pour windows.

#

# ce fichier contient les correspondances des adresses ip aux noms d'hôtes.

# chaque entrée doit être sur une ligne propre. l'adresse ip doit être placée

# dans la première colonne, suivie par le nom d'hôte correspondant. l'adresse

# ip et le nom d'hôte doivent être séparés par au moins un espace.

#

# de plus, des commentaires (tels que celui-ci) peuvent être insérés sur des

# lignes propres ou après le nom d'ordinateur. ils sont indiqué par le

# symbole '#'.

#

# par exemple :

#

# 102.54.94.97 rhino.acme.com # serveur source

# 38.25.63.10 x.acme.com # hôte client x

127.0.0.1 localhost

127.0.0.1 i.i.com.com

127.0.0.1 www.doubleclick.net

127.0.0.1 ad.preferances.com

127.0.0.1 ad.doubleclick.com

127.0.0.1 ads.web.aol.com

127.0.0.1 ad.doubleclick.net

127.0.0.1 ad.preferences.com

127.0.0.1 ad.washingtonpost.com

127.0.0.1 adpick.switchboard.com

127.0.0.1 ads.doubleclick.com

127.0.0.1 ads.infospace.com

127.0.0.1 ads.switchboard.com

127.0.0.1 ads.enliven.com

127.0.0.1 oz.valueclick.com

127.0.0.1 doubleclick.net

127.0.0.1 ads.doubleclick.net

127.0.0.1 ad2.doubleclick.net

127.0.0.1 ad3.doubleclick.net

127.0.0.1 ad4.doubleclick.net

127.0.0.1 ad5.doubleclick.net

127.0.0.1 ad6.doubleclick.net

127.0.0.1 ad7.doubleclick.net

127.0.0.1 ad8.doubleclick.net

127.0.0.1 ad9.doubleclick.net

127.0.0.1 ad10.doubleclick.net

127.0.0.1 ad11.doubleclick.net

127.0.0.1 ad12.doubleclick.net

127.0.0.1 ad13.doubleclick.net

127.0.0.1 ad14.doubleclick.net

127.0.0.1 ad15.doubleclick.net

127.0.0.1 ad16.doubleclick.net

127.0.0.1 ad17.doubleclick.net

127.0.0.1 ad18.doubleclick.net

127.0.0.1 ad19.doubleclick.net

127.0.0.1 ad20.doubleclick.net

127.0.0.1 ad.ch.doubleclick.net

127.0.0.1 ad.linkexchange.com

127.0.0.1 banner.linkexchange.com

127.0.0.1 ads*.focalink.com

127.0.0.1 ads.imdb.com

127.0.0.1 commonwealth.riddler.com

127.0.0.1 globaltrak.net

127.0.0.1 nrsite.com

127.0.0.1 www.nrsite.com

127.0.0.1 ad-up.com

127.0.0.1 ad.adsmart.net

127.0.0.1 ad.atlas.cz

127.0.0.1 ad.blm.net

127.0.0.1 ad.dogpile.com

127.0.0.1 ad.infoseek.com

127.0.0.1 ad.net-service.de

127.0.0.1 ad.preferences.com

127.0.0.1 ad.vol.at

127.0.0.1 adbot.com

127.0.0.1 adbureau.net

127.0.0.1 adcount.hollywood.com

127.0.0.1 add.yaho.com

127.0.0.1 adex3.flycast.com

127.0.0.1 adforce.adtech.de

127.0.0.1 adforce.imgis.com

127.0.0.1 adimage.blm.net

127.0.0.1 adlink.deh.de

127.0.0.1 ads.criticalmass.com

127.0.0.1 ads.csi.emcweb.com

127.0.0.1 ads.filez.com

127.0.0.1 ads.imagine-inc.com

127.0.0.1 ads.imdb.com

127.0.0.1 ads.infospace.com

127.0.0.1 ads.jwtt3.com

127.0.0.1 ads.mirrormedia.co.uk

127.0.0.1 ads.narrowline.com

127.0.0.1 ads.newcitynet.com

127.0.0.1 ads.realcities.com

127.0.0.1 ads.realmedia.com

127.0.0.1 ads.switchboard.com

127.0.0.1 ads.tripod.com

127.0.0.1 ads.usatoday.com

127.0.0.1 ads.washingtonpost.com

127.0.0.1 ads.web.de

127.0.0.1 ads.web21.com

127.0.0.1 adserv.newcentury.net

127.0.0.1 adservant.guj.de

127.0.0.1 adservant.mediapoint.de

127.0.0.1 adserver-espnet.sportszone.com

127.0.0.1 advert.heise.de

127.0.0.1 banners.internetextra.com

127.0.0.1 bannerswap.com

127.0.0.1 dino.mainz.ibm.de

127.0.0.1 ganges.imagine-inc.com

127.0.0.1 globaltrack.com

127.0.0.1 207-87-18-203.wsmg.digex.net

127.0.0.1 garden.ngadcenter.net

127.0.0.1 ogilvy.ngadcenter.net

127.0.0.1 responsemedia-ad.flycast.com

127.0.0.1 suissa-ad.flycast.com

127.0.0.1 ugo.eu-adcenter.net

127.0.0.1 vnu.eu-adcenter.net

127.0.0.1 ad-adex3.flycast.com

127.0.0.1 ad.adsmart.net

127.0.0.1 ad.ca.doubleclick.net

127.0.0.1 ad.de.doubleclick.net

127.0.0.1 ad.fr.doubleclick.net

127.0.0.1 ad.jp.doubleclick.net

127.0.0.1 ad.linkexchange.com

127.0.0.1 ad.linksynergy.com

127.0.0.1 ad.nl.doubleclick.net

127.0.0.1 ad.no.doubleclick.net

127.0.0.1 ad.sma.punto.net

127.0.0.1 ad.uk.doubleclick.net

127.0.0.1 ad.webprovider.com

127.0.0.1 ad08.focalink.com

127.0.0.1 adcontroller.unicast.com

127.0.0.1 adcreatives.imaginemedia.com

127.0.0.1 adforce.ads.imgis.com

127.0.0.1 adforce.imgis.com

127.0.0.1 adfu.blockstackers.com

127.0.0.1 adimages.earthweb.com

127.0.0.1 adimg.egroups.com

127.0.0.1 admedia.xoom.com

127.0.0.1 adremote.pathfinder.com

127.0.0.1 ads.admaximize.com

127.0.0.1 ads.bfast.com

127.0.0.1 ads.clickhouse.com

127.0.0.1 ads.fairfax.com.au

127.0.0.1 ads.fool.com

127.0.0.1 ads.freshmeat.net

127.0.0.1 ads.hollywood.com

127.0.0.1 ads.i33.com

127.0.0.1 ads.infi.net

127.0.0.1 ads.link4ads.com

127.0.0.1 ads.lycos.com

127.0.0.1 ads.madison.com

127.0.0.1 ads.mediaodyssey.com

127.0.0.1 ads.seattletimes.com

127.0.0.1 ads.smartclicks.com

127.0.0.1 ads.smartclicks.net

127.0.0.1 ads.sptimes.com

127.0.0.1 ads.web.aol.com

127.0.0.1 ads.x10.com

127.0.0.1 ads.xtra.co.nz

127.0.0.1 ads.zdnet.com

127.0.0.1 ads01.focalink.com

127.0.0.1 ads02.focalink.com

127.0.0.1 ads03.focalink.com

127.0.0.1 ads04.focalink.com

127.0.0.1 ads05.focalink.com

127.0.0.1 ads06.focalink.com

127.0.0.1 ads08.focalink.com

127.0.0.1 ads09.focalink.com

127.0.0.1 ads1.activeagent.at

127.0.0.1 ads10.focalink.com

127.0.0.1 ads11.focalink.com

127.0.0.1 ads12.focalink.com

127.0.0.1 ads14.focalink.com

127.0.0.1 ads16.focalink.com

127.0.0.1 ads17.focalink.com

127.0.0.1 ads18.focalink.com

127.0.0.1 ads19.focalink.com

127.0.0.1 ads2.zdnet.com

127.0.0.1 ads20.focalink.com

127.0.0.1 ads21.focalink.com

127.0.0.1 ads22.focalink.com

127.0.0.1 ads23.focalink.com

127.0.0.1 ads24.focalink.com

127.0.0.1 ads25.focalink.com

127.0.0.1 ads3.zdnet.com

127.0.0.1 ads5.gamecity.net

127.0.0.1 adserv.iafrica.com

127.0.0.1 adserv.quality-channel.de

127.0.0.1 adserver.dbusiness.com

127.0.0.1 adserver.garden.com

127.0.0.1 adserver.janes.com

127.0.0.1 adserver.merc.com

127.0.0.1 adserver.monster.com

127.0.0.1 adserver.track-star.com

127.0.0.1 adserver1.ogilvy-interactive.de

127.0.0.1 adtegrity.spinbox.net

127.0.0.1 antfarm-ad.flycast.com

127.0.0.1 au.ads.link4ads.com

127.0.0.1 banner.media-system.de

127.0.0.1 banner.orb.net

127.0.0.1 banner.relcom.ru

127.0.0.1 banners.easydns.com

127.0.0.1 banners.looksmart.com

127.0.0.1 banners.wunderground.com

127.0.0.1 barnesandnoble.bfast.com

127.0.0.1 beseenad.looksmart.com

127.0.0.1 bizad.nikkeibp.co.jp

127.0.0.1 bn.bfast.com

127.0.0.1 c3.xxxcounter.com

127.0.0.1 califia.imaginemedia.com

127.0.0.1 cds.mediaplex.com

127.0.0.1 click.avenuea.com

127.0.0.1 click.go2net.com

127.0.0.1 click.linksynergy.com

127.0.0.1 cookies.cmpnet.com

127.0.0.1 cornflakes.pathfinder.com

127.0.0.1 counter.hitbox.com

127.0.0.1 crux.songline.com

127.0.0.1 erie.smartage.com

127.0.0.1 etad.telegraph.co.uk

127.0.0.1 fp.valueclick.com

127.0.0.1 gadgeteer.pdamart.com

127.0.0.1 gm.preferences.com

127.0.0.1 gp.dejanews.com

127.0.0.1 hg1.hitbox.com

127.0.0.1 image.click2net.com

127.0.0.1 image.eimg.com

127.0.0.1 images2.nytimes.com

127.0.0.1 jobkeys.ngadcenter.net

127.0.0.1 kansas.valueclick.com

127.0.0.1 leader.linkexchange.com

127.0.0.1 liquidad.narrowcastmedia.com

127.0.0.1 ln.doubleclick.net

127.0.0.1 m.doubleclick.net

127.0.0.1 macaddictads.snv.futurenet.com

127.0.0.1 maximumpcads.imaginemedia.com

127.0.0.1 media.preferences.com

127.0.0.1 mercury.rmuk.co.uk

127.0.0.1 mojofarm.sjc.mediaplex.com

127.0.0.1 nbc.adbureau.net

127.0.0.1 newads.cmpnet.com

127.0.0.1 ng3.ads.warnerbros.com

127.0.0.1 ngads.smartage.com

127.0.0.1 nsads.hotwired.com

127.0.0.1 ntbanner.digitalriver.com

127.0.0.1 ph-ad05.focalink.com

127.0.0.1 ph-ad07.focalink.com

127.0.0.1 ph-ad16.focalink.com

127.0.0.1 ph-ad17.focalink.com

127.0.0.1 ph-ad18.focalink.com

127.0.0.1 realads.realmedia.com

127.0.0.1 redherring.ngadcenter.net

127.0.0.1 redirect.click2net.com

127.0.0.1 retaildirect.realmedia.com

127.0.0.1 s2.focalink.com

127.0.0.1 sh4sure-images.adbureau.net

127.0.0.1 spin.spinbox.net

127.0.0.1 static.admaximize.com

127.0.0.1 stats.superstats.com

127.0.0.1 sview.avenuea.com

127.0.0.1 thinknyc.eu-adcenter.net

127.0.0.1 tracker.clicktrade.com

127.0.0.1 tsms-ad.tsms.com

127.0.0.1 v0.extreme-dm.com

127.0.0.1 v1.extreme-dm.com

127.0.0.1 van.ads.link4ads.com

127.0.0.1 view.accendo.com

127.0.0.1 view.avenuea.com

127.0.0.1 w113.hitbox.com

127.0.0.1 w25.hitbox.com

127.0.0.1 web2.deja.com

127.0.0.1 webads.bizservers.com

127.0.0.1 www.postmasterbannernet.com

127.0.0.1 www.ad-up.com

127.0.0.1 www.admex.com

127.0.0.1 www.alladvantage.com

127.0.0.1 www.burstnet.com

127.0.0.1 www.commission-junction.com

127.0.0.1 www.eads.com

127.0.0.1 www.freestats.com

127.0.0.1 www.imaginemedia.com

127.0.0.1 www.netdirect.nl

127.0.0.1 www.oneandonlynetwork.com

127.0.0.1 www.targetshop.com

127.0.0.1 www.teknosurf2.com

127.0.0.1 www.teknosurf3.com

127.0.0.1 www.valueclick.com

127.0.0.1 www.websitefinancing.com

127.0.0.1 www2.burstnet.com

127.0.0.1 www4.trix.net

127.0.0.1 www80.valueclick.com

127.0.0.1 z.extreme-dm.com

127.0.0.1 z0.extreme-dm.com

127.0.0.1 z1.extreme-dm.com

127.0.0.1 ads.forbes.net

127.0.0.1 ads.newcity.com

127.0.0.1 ads.ign.com

127.0.0.1 adserver.ign.com

127.0.0.1 ads.scifi.com

127.0.0.1 adengine.theglobe.com

127.0.0.1 ads.tucows.com

127.0.0.1 adcontent.gamespy.com

127.0.0.1 ads4.advance.net

127.0.0.1 ads1.advance.net

127.0.0.1 eur.yimg.com

127.0.0.1 us.a1.yimg.com

127.0.0.1 ad.harmony-central.com

127.0.0.1 sg.yimg.com

127.0.0.1 adverity.adverity.com

127.0.0.1 ads.bloomberg.com

127.0.0.1 mojofarm.mediaplex.com

127.0.0.1 ads.mysimon.com

127.0.0.1 ad.img.yahoo.co.kr

127.0.0.1 adimages.go.com

127.0.0.1 kr-adimage.lycos.co.kr

127.0.0.1 ad.kimo.com.tw

127.0.0.1 ads.paxnet.co.kr

127.0.0.1 ads.paxnet.com

127.0.0.1 ads.admonitor.net

127.0.0.1 wwa.hitbox.com

127.0.0.1 ads.nytimes.com

127.0.0.1 ads.erotism.com

127.0.0.1 banner.rootsweb.com

127.0.0.1 ads.ole.com

127.0.0.1 adimg1.chosun.com

127.0.0.1 ss.mtree.com

127.0.0.1 adpulse.ads.targetnet.com

127.0.0.1 adserver.ugo.com

127.0.0.1 ad.sales.olympics.com

127.0.0.1 m2.doubleclick.net

127.0.0.1 ph-ad21.focalink.com

127.0.0.1 focusin.ads.targetnet.com

127.0.0.1 www.datais.com

127.0.0.1 oas.mmd.ch

127.0.0.1 pub-g.ifrance.com

127.0.0.1 ads.bianca.com

127.0.0.1 wap.adlink.de

127.0.0.1 click.adlink.de

127.0.0.1 banner.adlink.de

127.0.0.1 hurricane.adlink.de

127.0.0.1 west.adlink.de

127.0.0.1 scand.adlink.de

127.0.0.1 regio.adlink.de

127.0.0.1 direct.adlink.de

127.0.0.1 classic.adlink.de

127.0.0.1 adlui001.adlink.de

127.0.0.1 banner1.adlink.de

127.0.0.1 click.mp3.com

127.0.0.1 adcodes.bla-bla.com

127.0.0.1 icover.realmedia.com

127.0.0.1 ca.fp.sandpiper.net

127.0.0.1 adfarm.mediaplex.com

127.0.0.1 ads.tmcs.net

127.0.0.1 amedia.techies.com

127.0.0.1 www.exchange-it.com

127.0.0.1 www.ad.tomshardware.com

127.0.0.1 ad.tomshardware.com

127.0.0.1 ads.currantbun.com

127.0.0.1 phoenix-adrunner.mycomputer.com

127.0.0.1 ads15.focalink.com

127.0.0.1 ads13.focalink.com

127.0.0.1 adserver.colleges.com

127.0.0.1 ads.nwsource.com

127.0.0.1 ads.guardianunlimited.co.uk

127.0.0.1 ads.newsint.co.uk

127.0.0.1 ads.starnews.com

127.0.0.1 www.linksynergy.com

127.0.0.1 ieee-images.adbureau.net

127.0.0.1 connect.247media.ads.link4ads.com

127.0.0.1 ads.newsdigital.net

127.0.0.1 ads.discovery.com

127.0.0.1 im.800.com

127.0.0.1 img.cmpnet.com

127.0.0.1 ad7.internetadserver.com

127.0.0.1 ads.dai.net

127.0.0.1 ads.cbc.ca

127.0.0.1 www75.valueclick.com

127.0.0.1 ads.clearbluemedia.com

127.0.0.1 ti.click2net.com

127.0.0.1 www.onresponse.com

127.0.0.1 ads.list-universe.com

127.0.0.1 advert.bayarea.com

127.0.0.1 www3.pagecount.com

127.0.0.1 www.netsponsors.com

127.0.0.1 adthru.com

127.0.0.1 ads.newtimes.com

127.0.0.1 ads.ugo.com

127.0.0.1 ads.belointeractive.com

127.0.0.1 wwb.hitbox.com

127.0.0.1 comtrack.comclick.com

127.0.0.1 www.24pm-affiliation.com

127.0.0.1 www.click-fr.com

127.0.0.1 www.cibleclick.com

127.0.0.1 reply.mediatris.net

127.0.0.1 cgi.declicnet.com

127.0.0.1 pubs.mgn.net

127.0.0.1 ads.mcafee.com

127.0.0.1 ads1.ad-flow.com

127.0.0.1 ad.be.doubleclick.net

127.0.0.1 ad.adtraq.com

127.0.0.1 ad.sg.doubleclick.net

127.0.0.1 adpop.theglobe.com

127.0.0.1 ads-03.tor.focusin.ads.targetnet.com

127.0.0.1 ads.adflight.com

127.0.0.1 ads.detelefoongids.nl

127.0.0.1 ads.ecircles.com

127.0.0.1 ads.god.co.uk

127.0.0.1 ads.hyperbanner.net

127.0.0.1 ads.jpost.com

127.0.0.1 ads.netmechanic.com

127.0.0.1 ads.webcash.nl

127.0.0.1 adserver.netcast.nl

127.0.0.1 adserver.webads.com

127.0.0.1 adserver.webads.nl

127.0.0.1 adserver1.realtracker.com

127.0.0.1 adserver2.realtracker.com

127.0.0.1 adserver3.realtracker.com

127.0.0.1 delivery1.ads.telegraaf.nl

127.0.0.1 holland.hyperbanner.net

127.0.0.1 images.webads.nl

127.0.0.1 sc.clicksupply.com

127.0.0.1 service.bfast.com

127.0.0.1 www.ad4ex.com

127.0.0.1 www.bannercampaign.com

127.0.0.1 www.cyberbounty.com

127.0.0.1 www.netvertising.be

127.0.0.1 www.speedyclick.com

127.0.0.1 www.webads.nl

127.0.0.1 ads.snowball.com

127.0.0.1 ads.amazingmedia.com

127.0.0.1 www10.valueclick.com

127.0.0.1 js1.hitbox.com

127.0.0.1 rd1.hitbox.com

127.0.0.1 mt37.mtree.com

127.0.0.1 ads.gameanswers.com

127.0.0.1 ads7.udc.advance.net

127.0.0.1 www23.valueclick.com

127.0.0.1 ads.fortunecity.com

127.0.0.1 banners.nextcard.com

127.0.0.1 ads.iwon.com

127.0.0.1 www.qksrv.net

127.0.0.1 clickserve.cc-dt.com

127.0.0.1 ads-b.focalink.com

127.0.0.1 ad2.peel.com

127.0.0.1 ads.floridatoday.com

127.0.0.1 stats.adultrevenueservice.com

127.0.0.1 ads18.bpath.com

127.0.0.1 ph-ad06.focalink.com

127.0.0.1 global.msads.net

127.0.0.1 pluto1.iserver.net

127.0.0.1 ads1.intelliads.com

127.0.0.1 primetime.ad.asap-asp.net

127.0.0.1 ads.stileproject.com

127.0.0.1 www.blissnet.net

127.0.0.1 www.consumerinfo.com

127.0.0.1 ads.rottentomatoes.com

127.0.0.1 k5ads.osdn.com

127.0.0.1 actionsplash.com

127.0.0.1 campaigns.f2.com.au

127.0.0.1 adserver.news.com.au

127.0.0.1 servedby.advertising.com

127.0.0.1 java.yahoo.com

127.0.0.1 ad.howstuffworks.com

127.0.0.1 ads.1for1.com

127.0.0.1 images.ads.fairfax.com.au

127.0.0.1 ads.devx.com

127.0.0.1 utils.mediageneral.com

127.0.0.1 banners.friendfinder.com

127.0.0.1 adserver.matchcraft.com

127.0.0.1 www.dnps.com

127.0.0.1 creative.whi.co.nz

127.0.0.1 rmedia.boston.com

127.0.0.1 webaffiliate.covad.com

127.0.0.1 ad.iwin.com

127.0.0.1 www.nailitonline2.com

127.0.0.1 mds.centrport.net

127.0.0.1 oas.dispatch.com

127.0.0.1 adserver.ads360.com

127.0.0.1 banners.adultfriendfinder.com

127.0.0.1 ads.as4x.tmcs.net

127.0.0.1 ads.clickagents.com

127.0.0.1 banners.chek.com

127.0.0.1 zi.r.tv.com

127.0.0.1 ph-ad19.focalink.com

127.0.0.1 ads.greensboro.com

127.0.0.1 ad2.adcept.net

127.0.0.1 ads.colo.kiva.net

127.0.0.1 adsrv.iol.co.za

127.0.0.1 mjxads.internet.com

127.0.0.1 adimage.asiaone.com.sg

127.0.0.1 ads.vnuemedia.com

127.0.0.1 affiliate.doteasy.com

127.0.0.1 m.tribalfusion.com

127.0.0.1 oas.lee.net

127.0.0.1 www.banneroverdrive.com

127.0.0.1 ad3.peel.com

127.0.0.1 ad1.peel.comwww.xbn.ru

127.0.0.1 adserver.snowball.com

127.0.0.1 media15.fastclick.net

127.0.0.1 ads5.advance.net

127.0.0.1 ads3.advance.net

127.0.0.1 ads2.advance.net

127.0.0.1 ads.advance.net

127.0.0.1 usbytecom.orbitcycle.com

127.0.0.1 adbanner.sweepsclub.com

127.0.0.1 oas.villagevoice.com

127.0.0.1 www.ad-flow.com

127.0.0.1 ads.guardian.co.uk

127.0.0.1 ads.hitcents.com

127.0.0.1 media19.fastclick.net

127.0.0.1 a.tribalfusion.com

127.0.0.1 ads.nypost.com

127.0.0.1 ads.premiumnetwork.com

127.0.0.1 ads.ad-flow.com

127.0.0.1 adserver.hispavista.com

127.0.0.1 ads.musiccity.com

127.0.0.1 banners.revenuelink.com

127.0.0.1 ads1.sptimes.com

127.0.0.1 adserver.bizland-inc.net

127.0.0.1 ads.adtegrity.net

127.0.0.1 media13.fastclick.net

127.0.0.1 adserver.ukplus.co.uk

127.0.0.1 ads.live365.com

127.0.0.1 ads.fredericksburg.com

127.0.0.1 banners.affiliatefuel.com

127.0.0.1 ar.atwola.com

127.0.0.1 ads.bigcitytools.com

127.0.0.1 netshelter.adtrix.com

127.0.0.1 y.ibsys.com

127.0.0.1 adserver.nydailynews.com

127.0.0.1 s0b.bluestreak.com

127.0.0.1 images.scripps.com

127.0.0.1 images.cybereps.com

127.0.0.1 altfarm.mediaplex.com

127.0.0.1 krd.realcities.com

127.0.0.1 www3.bannerspace.com

127.0.0.1 view.atdmt.com

127.0.0.1 ads7.advance.net

127.0.0.1 ad.abcnews.com

127.0.0.1 ads.newsquest.co.uk

127.0.0.1 secure.webconnect.net

127.0.0.1 ads.nandomedia.com

127.0.0.1 banners.babylon-x.com

127.0.0.1 media17.fastclick.net

127.0.0.1 techreview-images.adbureau.net

127.0.0.1 ads.exhedra.com

127.0.0.1 ad.trafficmp.com

127.0.0.1 realmedia-a800.d4p.net

127.0.0.1 banner.northsky.com

127.0.0.1 ftp.nacorp.com

127.0.0.1 www.digitalbettingcasinos.com

127.0.0.1 c1.zedo.com

127.0.0.1 ads4.condenet.com

127.0.0.1 www.brilliantdigital.com

127.0.0.1 desktop.kazaa.com

127.0.0.1 shop.kazaa.com

127.0.0.1 www.bonzi.com

127.0.0.1 www.b3d.com

127.0.0.1 neighborhood.standard.net

127.0.0.1 ads.telegraph.co.uk

127.0.0.1 spinbox.techtracker.com

127.0.0.1 toads.osdn.com

127.0.0.1 ads.themes.org

127.0.0.1 adserver.trb.com

127.0.0.1 media.fastclick.net

127.0.0.1 banner.easyspace.com

127.0.0.1 www.banner2u.com

127.0.0.1 ads.thestar.com

127.0.0.1 ads.digitalmedianet.com

127.0.0.1 www.fineclicks.com

127.0.0.1 ads.mdchoice.com

127.0.0.1 ad.horvitznewspapers.net

127.0.0.1 adtegrity.thruport.com

127.0.0.1 a.mktw.net

127.0.0.1 ads.pennyweb.com

127.0.0.1 www3.ad.tomshardware.com

127.0.0.1 www4.ad.tomshardware.com

127.0.0.1 www6.ad.tomshardware.com

127.0.0.1 www8.ad.tomshardware.com

127.0.0.1 www15.ad.tomshardware.com

127.0.0.1 ads.forbes.com

127.0.0.1 ads.desmoinesregister.com

127.0.0.1 adserver.tribuneinteractive.com

127.0.0.1 bannerads.anytimenews.com

127.0.0.1 ads1.condenet.com

127.0.0.1 adserver.anm.co.uk

127.0.0.1 zrap.zdnet.com.com

127.0.0.1 bidclix.net

127.0.0.1 media.popuptraffic.com

127.0.0.1 coreg.flashtrack.net

127.0.0.1 ads.icq.com

127.0.0.1 cb.icq.com

127.0.0.1 cf.icq.com

127.0.0.1 www2.newtopsites.com

127.0.0.1 adserv.internetfuel.com

127.0.0.1 images.fastclick.net

127.0.0.1 adserver.securityfocus.com

127.0.0.1 www.avsads.com

127.0.0.1 banners.moviegoods.com

127.0.0.1 ads.bitsonthewire.com

127.0.0.1 ads.iambic.com

127.0.0.1 sfads.osdn.com

127.0.0.1 fl01.ct2.comclick.com

127.0.0.1 adserver.phillyburbs.com

127.0.0.1 marketing.nyi.net

127.0.0.1 www.netflip.com

127.0.0.1 image.imgfarm.com

127.0.0.1 ads.viaarena.com

127.0.0.1 phpads2.cnpapers.com

127.0.0.1 ads.astalavista.us

127.0.0.1 banner.coza.com

127.0.0.1 adcreative.tribuneinteractive.com

127.0.0.1 ads.democratandchronicle.com

127.0.0.1 adlog.com.com

127.0.0.1 adimg.com.com

127.0.0.1 adimage.bankrate.com

127.0.0.1 ads.mediadevil.com

127.0.0.1 imageserv.adtech.de

127.0.0.1 ad.se.doubleclick.net

127.0.0.1 ads.cashsurfers.com

127.0.0.1 ads.specificpop.com

127.0.0.1 z1.adserver.com

127.0.0.1 images.bizrate.com

127.0.0.1 q.pni.com

127.0.0.1 ad01.mediacorpsingapore.com

127.0.0.1 adimage.asia1.com.sg

127.0.0.1 images.newsx.cc

127.0.0.1 www.adireland.com

127.0.0.1 ads.iafrica.com

127.0.0.1 ads.nyi.net

127.0.0.1 geoads.osdn.com

127.0.0.1 www.crisscross.com

127.0.0.1 netcomm.spinbox.net

127.0.0.1 ads.videoaxs.com

127.0.0.1 mediamgr.ugo.com

127.0.0.1 adserver.pollstar.com

127.0.0.1 information.gopher.com

127.0.0.1 ads.adviva.net

127.0.0.1 adsrv.bankrate.com

127.0.0.1 a207.p.f.qz3.net

127.0.0.1 ehg-bestbuy.hitbox.com

127.0.0.1 ehg-intel.hitbox.com

127.0.0.1 ehg-espn.hitbox.com

127.0.0.1 ehg-macromedia.hitbox.com

127.0.0.1 ehg-dig.hitbox.com

127.0.0.1 speed.pointroll.com

127.0.0.1 amch.questionmarket.com

127.0.0.1 ads.gamespy.com

127.0.0.1 spd.atdmt.com

127.0.0.1 ads.columbian.com

127.0.0.1 clickit.go2net.com

127.0.0.1 vpdc.ru4.com

127.0.0.1 ads.developershed.com

127.0.0.1 ads.globeandmail.com

127.0.0.1 ads.nerve.com

127.0.0.1 iv.doubleclick.net

127.0.0.1 ads2.condenet.com

127.0.0.1 www.burstnet.com

127.0.0.1 ads5.canoe.ca

127.0.0.1 askmen.thruport.com

127.0.0.1 adsrv2.gainesvillesun.com

127.0.0.1 ads.theolympian.com

127.0.0.1 ads.courierpostonline.com

127.0.0.1 i.timeinc.net

127.0.0.1 oasads.whitepages.com

127.0.0.1 serve.thisbanner.com

127.0.0.1 images.trafficmp.com

127.0.0.1 www.kaplanindex.com

127.0.0.1 kaplanindex.com

127.0.0.1 1.httpdads.com

127.0.0.1 spinbox.maccentral.com

127.0.0.1 akaads-abc.starwave.com

127.0.0.1 webad.ajeeb.com

127.0.0.1 ads.granadamedia.com

127.0.0.1 oas.uniontrib.com

127.0.0.1 ads.wnd.com

127.0.0.1 a3.suntimes.com

127.0.0.1 tmsads.tribune.com

127.0.0.1 ads.peel.com

127.0.0.1 ads.mh5.com

127.0.0.1 ad.usatoday.com

127.0.0.1 adserver.digitalpartners.com

127.0.0.1 ads.mediaturf.net

127.0.0.1 ads4.clearchannel.com

127.0.0.1 ads.clearchannel.com

127.0.0.1 ads2.clearchannel.com

127.0.0.1 ads.jacksonsun.com

127.0.0.1 servads.aip.org

127.0.0.1 ad.au.doubleclick.net

127.0.0.1 adng.ascii24.com

127.0.0.1 engage.speedera.net

127.0.0.1 ads.msn-ppe.com

127.0.0.1 ad.openfind.com.tw

127.0.0.1 adi.mainichi.co.jp

127.0.0.1 ads.northjersey.com

127.0.0.1 ad.moscowtimes.ru

127.0.0.1 banners.valuead.com

127.0.0.1 ad1.aaddzz.com

127.0.0.1 ds.eyeblaster.com

127.0.0.1 adserver.digitalpartners.com

127.0.0.1 oas.uniontrib.com

127.0.0.1 ads.statesmanjournal.com

127.0.0.1 ads.centralohio.com

# start of entries inserted by spybot - search & destroy

127.0.0.1 babe.the-killer.bz

127.0.0.1 babe.k-lined.com

127.0.0.1 did.i-used.cc

127.0.0.1 coolwwwsearch.com

127.0.0.1 coolwebsearch.com

127.0.0.1 hi.studioaperto.net

127.0.0.1 www.webbrowser.tv

127.0.0.1 www.wazzupnet.com

127.0.0.1 gueb.com

127.0.0.1 kabex.com

127.0.0.1 www.hityou.com

127.0.0.1 miosearch.com

127.0.0.1 wazzupnet.com

127.0.0.1 213.131.225.2

127.0.0.1 www.blue-elefant.com

127.0.0.1 babeweb.de

127.0.0.1 start-seite.com

127.0.0.1 sexolymp.com

127.0.0.1 toriii.cc

127.0.0.1 www.xtipp.de

127.0.0.1 urawa.cool.ne.jp

127.0.0.1 777search.com

127.0.0.1 ace-webmaster.com

127.0.0.1 aifind.info

127.0.0.1 amateurliveshow.com

127.0.0.1 anarchylolita.com

127.0.0.1 anarchyporn.com

127.0.0.1 approvedlinks.com

127.0.0.1 cantfind.com

127.0.0.1 castingsamateur.com

127.0.0.1 cyberrape.com

127.0.0.1 dialerclub.com

127.0.0.1 exit.megago.com

127.0.0.1 fastmetasearch.com

127.0.0.1 findwhatevernow.com

127.0.0.1 globesearch.com

127.0.0.1 hotfreebies.com

127.0.0.1 krankin.com

127.0.0.1 live.sex-explorer.com

127.0.0.1 loveadot.com

127.0.0.1 megaseek.net

127.0.0.1 mixsearch.com

127.0.0.1 munky.com

127.0.0.1 newtopsites.com

127.0.0.1 noblindlinks.com

127.0.0.1 r.babenet.com

127.0.0.1 searchresult.net

127.0.0.1 sexarena.org

127.0.0.1 skeech.com

127.0.0.1 superwp.by.ru

127.0.0.1 sureseeker.com

127.0.0.1 wethere.com

127.0.0.1 wowsearch.org

127.0.0.1 www.xxx.com

127.0.0.1 www.websearch.com

127.0.0.1 partner23.firehunt.com

127.0.0.1 screensaver.it

127.0.0.1 xads.cliks.org

127.0.0.1 xwebsearch.biz

127.0.0.1 znext.com

127.0.0.1 rawtocash.net

127.0.0.1 7search.com

127.0.0.1 zestyfind.com

127.0.0.1 dev.ntcor.com

127.0.0.1 www.allcybersearch.com

127.0.0.1 www.tinybar.com

127.0.0.1 topsite.us

127.0.0.1 topsites.us

127.0.0.1 topsitez.us

127.0.0.1 out.true-counter.com

127.0.0.1 www.cnetadd.com

127.0.0.1 okmmm.com

127.0.0.1 www.139mm.com

127.0.0.1 008k.com

127.0.0.1 00hq.com

127.0.0.1 1-domains-registrations.com

127.0.0.1 100sexlinks.com

127.0.0.1 157.238.62.14

127.0.0.1 1sexparty.com

127.0.0.1 1stpagehere.com

127.0.0.1 2020search.com

127.0.0.1 24teen.com

127.0.0.1 36site.com

127.0.0.1 4corn.net

127.0.0.1 66.117.14.138

127.0.0.1 66.197.100.83

127.0.0.1 66.250.107.99

127.0.0.1 66.250.107.100

127.0.0.1 66.250.107.101

127.0.0.1 66.250.130.194

127.0.0.1 66.250.170.107

127.0.0.1 66.250.57.26

127.0.0.1 66.250.57.27

127.0.0.1 66.250.57.28

127.0.0.1 66.250.74.150

127.0.0.1 777top.com

127.0.0.1 8ad.com

127.0.0.1 aboutclicker.com

127.0.0.1 abrp.net

127.0.0.1 accessthefuture.net

127.0.0.1 acemedic.com

127.0.0.1 actionbreastcancer.org

127.0.0.1 activexupdate.com

127.0.0.1 adamsupportgroup.org

127.0.0.1 adasearch.com

127.0.0.1 adipics.com

127.0.0.1 adspics.com

127.0.0.1 adult-engine-search.com

127.0.0.1 adult-erotic-guide.net

127.0.0.1 adult-friends-finder.net

127.0.0.1 adulthyperlinks.com

127.0.0.1 adulttds.com

127.0.0.1 advert.exaccess.ru

127.0.0.1 agentstudio.com

127.0.0.1 africaspromise.org

127.0.0.1 akril.com

127.0.0.1 alcatel.ws

127.0.0.1 alfa-search.com

127.0.0.1 all-inet.com

127.0.0.1 allabtcars.com

127.0.0.1 allabtjeeps.com

127.0.0.1 allcybersearch.com

127.0.0.1 allhyperlinks.com

127.0.0.1 allinternetbusiness.com

127.0.0.1 almarvideos.com

127.0.0.1 amandamountains.com

127.0.0.1 amigeek.com

127.0.0.1 amisbusiness.com

127.0.0.1 analmovi.com

127.0.0.1 anin.org

127.0.0.1 annaromeo.com

127.0.0.1 antrocity.com

127.0.0.1 anything4health.com

127.0.0.1 apsua.com

127.0.0.1 aregay.com

127.0.0.1 arheo.com

127.0.0.1 arizonaweb.org

127.0.0.1 armitageinn.com

127.0.0.1 art-func.com

127.0.0.1 art-xxx.com

127.0.0.1 artachnid.com

127.0.0.1 asiankingkong.com

127.0.0.1 ass-gals.com

127.0.0.1 athenrye.com

127.0.0.1 avian-ads.com

127.0.0.1 ayakawamura.com

127.0.0.1 ayumitaniguchi.com

127.0.0.1 bannedhost.net

127.0.0.1 barbudafarms.com

127.0.0.1 barnandfence.com

127.0.0.1 batsearch.com

127.0.0.1 baygraphicsllc.com

127.0.0.1 bb-search.com

127.0.0.1 bbbsearch.com

127.0.0.1 bedhome.com

127.0.0.1 bediadance.com

127.0.0.1 bellabasketsfl.com

127.0.0.1 bernaolatwin.com

127.0.0.1 best-counter.com

127.0.0.1 best-hardpics.com

127.0.0.1 best-winning-casino.com

127.0.0.1 bestcrawler.com

127.0.0.1 bestfor.ru

127.0.0.1 bestporngate.com

127.0.0.1 bestxporno.com

127.0.0.1 blackjack-free.net

127.0.0.1 blender.xu.pl

127.0.0.1 bodaciousbabette.com

127.0.0.1 boobdoll.com

127.0.0.1 boobsandtits.com

127.0.0.1 boobsclub.com

127.0.0.1 boredlife.com

127.0.0.1 bowlofogumbo.com

127.0.0.1 bradcoem.org

127.0.0.1 brandiyoung.com

127.0.0.1 brookeburn.com

127.0.0.1 bucps.com

127.0.0.1 burgerkingbigscreen.com

127.0.0.1 buscards.net

127.0.0.1 bustyrussell.com

127.0.0.1 buttejazz.org

127.0.0.1 buyselldomain.net

127.0.0.1 calcioturris.com

127.0.0.1 canberracricketcoaching.com

127.0.0.1 candycantaloupes.com

127.0.0.1 careers.dulcineasystems.net

127.0.0.1 carsands.com

127.0.0.1 carsrentals.net

127.0.0.1 casino-gambling-1.net

127.0.0.1 casino-gambling-2.net

127.0.0.1 casino-onlines.net

127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl

127.0.0.1 casino2win.net

127.0.0.1 casinomidas.net

127.0.0.1 casinonline.net

127.0.0.1 catallogue.com

127.0.0.1 catsss.da.ru

127.0.0.1 caxa.ru

127.0.0.1 cclebali.org

127.0.0.1 ceewawires.org

127.0.0.1 certumgroup.com

127.0.0.1 chelancatering.com

127.0.0.1 childrenvilla.com

127.0.0.1 chips-4-free.com

127.0.0.1 chrisswasey.com

127.0.0.1 chriswallace.net

127.0.0.1 ckick4thumbs.com

127.0.0.1 clackamasliteraryreview.com

127.0.0.1 clearsearch.cc

127.0.0.1 clearsearch.net

127.0.0.1 clickaire.com

127.0.0.1 clickyestoenter.net

127.0.0.1 clrsch.com

127.0.0.1 cmtapestry.com

127.0.0.1 cool-homepage.co

127.0.0.1 cool-homepage.com

127.0.0.1 cool-search.net

127.0.0.1 cool-search.netfartpost.com

127.0.0.1 cool-web-search.com

127.0.0.1 coolfetishsite.com

127.0.0.1 coolfreehost.com

127.0.0.1 coolfreepage.com

127.0.0.1 coolfreepages.com

127.0.0.1 coolmoneysearch.com

127.0.0.1 coolpornsearch.com

127.0.0.1 coolsearcher.info

127.0.0.1 coolwebsearch.

127.0.0.1 coolwebsearsh.com

127.0.0.1 coolwwwsearch.

127.0.0.1 copmtraine.com

127.0.0.1 couldnotfind.com

127.0.0.1 count-all.com

127.0.0.1 cracks.me.uk

127.0.0.1 creamedcutties.com

127.0.0.1 creditsearchonline.com

127.0.0.1 crestring.com

127.0.0.1 crooder.com

127.0.0.1 curvedspaces.com

127.0.0.1 cvs.jps.ru

127.0.0.1 cvsymphony.com

127.0.0.1 cydom.com

127.0.0.1 daily-gals.com

127.0.0.1 dancingbabycd.com

127.0.0.1 datanotary.com

127.0.0.1 datareco.com

127.0.0.1 davemarshall.org

127.0.0.1 dcfitusa.com

127.0.0.1 defaultsearch.net

127.0.0.1 desarrollocreativo.com

127.0.0.1 develip.com

127.0.0.1 dewis.spb.ru

127.0.0.1 dewis.us

127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz

127.0.0.1 dietpills4free.com

127.0.0.1 dietpussy.com

127.0.0.1 digistreamsa.com

127.0.0.1 dionforvalleycouncil.org

127.0.0.1 doctorwaldron.com

127.0.0.1 document-not-found.pornpic.org

127.0.0.1 doggyaction.com

127.0.0.1 domain-your-registration.com

127.0.0.1 domains-for-you-online.com

127.0.0.1 domains2003.net

127.0.0.1 domkrat.com

127.0.0.1 dp-host.com

127.0.0.1 dragqueen.gay-clan.com

127.0.0.1 drug-sources-exposed.com

127.0.0.1 drvvv.com

127.0.0.1 dutch-sex.com

127.0.0.1 dvdbank.org

127.0.0.1 e-localad.com

127.0.0.1 e-plus.cc

127.0.0.1 e-websitesolutions.com

127.0.0.1 eases.net

127.0.0.1 easy-search.net

127.0.0.1 easycategories.com

127.0.0.1 ecosrioplatenses.org

127.0.0.1 ecstasyporn.net

127.0.0.1 eikokoike.com

127.0.0.1 epornsex.com

127.0.0.1 euuu.com

127.0.0.1 evidence-detector.biz

127.0.0.1 evilspidercomics.com

127.0.0.1 ewebsearch.net

127.0.0.1 findloss.com

127.0.0.1 excellentsckin.com

127.0.0.1 extremeseek.net

127.0.0.1 f*ckdenniss.com

127.0.0.1 f*cknicepics.com

127.0.0.1 faithstevens.com

127.0.0.1 fantasiewelten.com

127.0.0.1 farmsteadbandb.com

127.0.0.1 fartpost.com

127.0.0.1 fastwebfinder.com

127.0.0.1 faxporn.com

127.0.0.1 fickenisgeil.de

127.0.0.1 finance-loans.com

127.0.0.1 find-itnow.com

127.0.0.1 find-uk-health.co.uk

127.0.0.1 find4u.net

127.0.0.1 findit-now.com

127.0.0.1 findthesite.com

127.0.0.1 findthewebsiteyouneed.com

127.0.0.1 fionasteel.com

127.0.0.1 firstbookmark.net

127.0.0.1 fitness-free.com

127.0.0.1 foodvacations.net

127.0.0.1 forex.jps.ru

127.0.0.1 forexcredit.com

127.0.0.1 forexcredit.ru

127.0.0.1 formingfusions.com

127.0.0.1 forsythfire.net

127.0.0.1 forthline.com

127.0.0.1 free-chipes.com

127.0.0.1 free-f*cking-video.com

127.0.0.1 free-hit.com

127.0.0.1 free-pics-and-movies.com

127.0.0.1 free-sex-movie-clips.net

127.0.0.1 free4porno.net

127.0.0.1 free64all.com

127.0.0.1 freebookmark.net

127.0.0.1 freebookmarks.net

127.0.0.1 freecategories.com

127.0.0.1 freecoolhost.com

127.0.0.1 freerbhost.com

127.0.0.1 freeshemalepics.net

127.0.0.1 freeyaho.com

127.0.0.1 freshseek.com

127.0.0.1 freshteensite.com

127.0.0.1 gabrielscott.com

127.0.0.1 galpostgirls.com

127.0.0.1 gals-for-free.com

127.0.0.1 gambling-online4you.com

127.0.0.1 gameterror.net

127.0.0.1 gay50.com

127.0.0.1 generalsmeltingofcanada.com

127.0.0.1 geteens.com

127.0.0.1 getpicshere.com

127.0.0.1 gimmezamore.com

127.0.0.1 gimnasiaer.com

127.0.0.1 girls-porn-life.com

127.0.0.1 glbdf.org

127.0.0.1 global-finder.com

127.0.0.1 globe-finder.cc

127.0.0.1 globe-finder.com

127.0.0.1 gocybersearch.com

127.0.0.1 golftennis.net

127.0.0.1 good-mortgages-calculator.com

127.0.0.1 good-mortgages.net

127.0.0.1 goodsexs.com

127.0.0.1 googlebar.jps.ru

127.0.0.1 googlf.com

127.0.0.1 gradforum.org

127.0.0.1 gratis-porn-movie.com

127.0.0.1 gratis-pornopics.com

127.0.0.1 guzzycats.com

127.0.0.1 gzphoenix.com

127.0.0.1 hallnetaccolade.com

127.0.0.1 hand-book.com

127.0.0.1 happyanal.com

127.0.0.1 hard-gals.com

127.0.0.1 hardbodytgp.com

127.0.0.1 hardcoreover.com

127.0.0.1 hardloved.com

127.0.0.1 hardwareseek.net

127.0.0.1 harukaigawa.com

127.0.0.1 hccsolanonapa.org

127.0.0.1 health-protein.com

127.0.0.1 hentai4u.net

127.0.0.1 here4search.com

127.0.0.1 heyrichy.com

127.0.0.1 hi-search.com

127.0.0.1 hiddenguides.com

127.0.0.1 hitlistlyrics.com

127.0.0.1 holidayautostr.com

127.0.0.1 homemortage.ws

127.0.0.1 hostssp.com

127.0.0.1 hot-cartoon-sex.anime.american-teens.net

127.0.0.1 hotbookmark.com

127.0.0.1 hotels-list.net

127.0.0.1 hotelxxxcams.com

127.0.0.1 hotpopup.com

127.0.0.1 hotsearchbox.com

127.0.0.1 hotsex-series.com

127.0.0.1 hotstartpage.com

127.0.0.1 hqsex.biz

127.0.0.1 hugeporn4u.net

127.0.0.1 hunacsa.com

127.0.0.1 hupacasath.com

127.0.0.1 hzsx.com

127.0.0.1 icansearch.net

127.0.0.1 idgsearch.com

127.0.0.1 ie-search.com

127.0.0.1 incestporngate.com

127.0.0.1 infodigger.net

127.0.0.1 infoglobus.com

127.0.0.1 inherhole.com

127.0.0.1 insertthiscock.com

127.0.0.1 insurance-flood.net

127.0.0.1 insuranceall.net

127.0.0.1 internetsearch.ru

127.0.0.1 ionichost.com

127.0.0.1 ionomist.com

127.0.0.1 ipsex.net

127.0.0.1 itsanal.com

127.0.0.1 itseasy.us

127.0.0.1 iweb-commerce.com

127.0.0.1 iwebland.com

127.0.0.1 jeannineoldfield.com

127.0.0.1 jethomepage.com

127.0.0.1 jetseeker.com

127.0.0.1 jmhgallery.org

127.0.0.1 joannelatham.com

127.0.0.1 judin.ru

127.0.0.1 junkysex.com

127.0.0.1 karleyt.narod.ru

127.0.0.1 kathisomers.com

127.0.0.1 kazaa-lite.ws

127.0.0.1 keithgreenpro.com

127.0.0.1 kenmccaul.com

127.0.0.1 kilosex.com

127.0.0.1 kimhines.com

127.0.0.1 kinoru.com

127.0.0.1 ksdspups.org

127.0.0.1 landrape.com

127.0.0.1 lauraroebuck.com

127.0.0.1 leannalovelace.com

127.0.0.1 lesobank.ru

127.0.0.1 libertyonlinehosting.com

127.0.0.1 lingerie-mania.com

127.0.0.1 lisamatthew.com

127.0.0.1 liveholio.com

127.0.0.1 livenewspaper.com

127.0.0.1 louiseleeds.com

127.0.0.1 love-pix.com

127.0.0.1 lovelas.com

127.0.0.1 lovelysearch.com

127.0.0.1 low-taxes.com

127.0.0.1 luckysearch.net

127.0.0.1 lunitaweb.net

127.0.0.1 lustful-porno.com

127.0.0.1 mackinnonsbrook.org

127.0.0.1 madfinder.com

127.0.0.1 madisonmoons.com

127.0.0.1 madisonoilco.com

127.0.0.1 madonalive.com

127.0.0.1 majuozawa.com

127.0.0.1 makin-do.com

127.0.0.1 male4free.com

127.0.0.1 map-quest.org

127.0.0.1 marilynchamber.com

127.0.0.1 martfinder.com

127.0.0.1 massearch.com

127.0.0.1 matetrava.com

127.0.0.1 mature50.com

127.0.0.1 matureporngate.com

127.0.0.1 maxdzines.com

127.0.0.1 mcgeeforlabor.com

127.0.0.1 mdstunisie.org

127.0.0.1 medicare-insurance.net

127.0.0.1 medicare-supplemental.com

127.0.0.1 mega-dating-tips.com

127.0.0.1 megumikanzaki.com

127.0.0.1 meshalynn.com

127.0.0.1 meta-adult.com

127.0.0.1 meta-casino.com

127.0.0.1 meta-mobile.com

127.0.0.1 meta-porn.com

127.0.0.1 metafora.ru

127.0.0.1 metapoisk.ru

127.0.0.1 michiyonakajima.com

127.0.0.1 miconsultamedica.com

127.0.0.1 mikasakamoto.com

127.0.0.1 mikoni.com

127.0.0.1 militarygods.porn4porn.net

127.0.0.1 millennialpeople.org

127.0.0.1 mipham.org

127.0.0.1 missingcommand.com

127.0.0.1 mommykiss.com

127.0.0.1 moneyhunters.com

127.0.0.1 montgomeryhospitalanesthesia.com

127.0.0.1 morflot.com

127.0.0.1 mortgage-debt.net

127.0.0.1 mortismaximus.com

127.0.0.1 moscowwhores.com

127.0.0.1 moviecategories.com

127.0.0.1 mp3-pix.com

127.0.0.1 mrtg.jps.ru

127.0.0.1 msn-info.net

127.0.0.1 multipussy.com

127.0.0.1 mundopolar.com

127.0.0.1 mustv.com

127.0.0.1 mywebsearch.net

127.0.0.1 nativehardcore.com

127.0.0.1 naturalspy.com

127.0.0.1 nbasportsbook.net

127.0.0.1 needf*cknow.com

127.0.0.1 nellyslyrics.com

127.0.0.1 nepgyan.com

127.0.0.1 nesrecords.com

127.0.0.1 netshastra.net

127.0.0.1 nettime.ru

127.0.0.1 nettracker.jps.ru

127.0.0.1 netyellowpages.info

127.0.0.1 new-incest.com

127.0.0.1 newcategories.com

127.0.0.1 newcracks.com

127.0.0.1 newcracks.net

127.0.0.1 newlife-lajolla.com

127.0.0.1 newsexgate.com

127.0.0.1 newtonsracks.com

127.0.0.1 newxpics.com

127.0.0.1 nhlsportsbook.net

127.0.0.1 niagaracapital.com

127.0.0.1 niche-tv.com

127.0.0.1 nmrba.com

127.0.0.1 nocalories.net

127.0.0.1 nocensor.com

127.0.0.1 ormandcompany.com

127.0.0.1 nsbabes.com

127.0.0.1 nuclearwitness.org

127.0.0.1 nursemania.com

127.0.0.1 nvntour.com

127.0.0.1 nvphall.org

127.0.0.1 oborot.com

127.0.0.1 ocalalivestockmarket.com

127.0.0.1 ocsff.com

127.0.0.1 oeatlanta.com

127.0.0.1 oharrowsearch.com

127.0.0.1 ok-search.com

127.0.0.1 okulta.com

127.0.0.1 omegabrains.net

127.0.0.1 online-casino-1.net

127.0.0.1 online-casino-bonus.info

127.0.0.1 online-casinos-x.com

127.0.0.1 online-winning.net

127.0.0.1 onlineserverz.com

127.0.0.1 onlinetradings.net

127.0.0.1 onlycunt.com

127.0.0.1 onlyinsured.com

127.0.0.1 operanabuco.com

127.0.0.1 opsex.com

127.0.0.1 oregoncharters.org

127.0.0.1 otrlives.com

127.0.0.1 ozawamadoka.com

127.0.0.1 paigesummer.com

127.0.0.1 pamelacollections.com

127.0.0.1 panamcup.com

127.0.0.1 pantygirls4u.com

127.0.0.1 pantyhoserealm.com

127.0.0.1 pantyplace.com

127.0.0.1 pastubes.com

127.0.0.1 paulapage.com

127.0.0.1 paulhoover.com

127.0.0.1 payfortraffic.net

127.0.0.1 pedo.ws

127.0.0.1 people.1gb.ru

127.0.0.1 pervertbot.com

127.0.0.1 pharma-diet-pills.com

127.0.0.1 pharmacy2003.com

127.0.0.1 pharmalocator.com

127.0.0.1 phendimetrazine-tenuate-adipex.com

127.0.0.1 pics-videos.com

127.0.0.1 picsdir.com

127.0.0.1 picsforbucks.com

127.0.0.1 picsofseductiveladies.com

127.0.0.1 pills-birth-control.com

127.0.0.1 pillsmall.com

127.0.0.1 pilotronix.com

127.0.0.1 pixpox.com

127.0.0.1 planemusic.com

127.0.0.1 poiska.net

127.0.0.1 poker-casino-free.com

127.0.0.1 poker-games-free.net

127.0.0.1 polradiologia.com

127.0.0.1 pooi.net

127.0.0.1 porn-teacher.com

127.0.0.1 porncamz.com

127.0.0.1 pornfree.info

127.0.0.1 pornnightdreams.com

127.0.0.1 pornokopec.com

127.0.0.1 porntetris.com

127.0.0.1 porntwist.com

127.0.0.1 powerwebsearch.com

127.0.0.1 prblitz.com

127.0.0.1 pretypics.com

127.0.0.1 pribalt.com

127.0.0.1 privacy-support.biz

127.0.0.1 privateporn.net

127.0.0.1 prostactive.com

127.0.0.1 prostol.com

127.0.0.1 protect-yourself.biz

127.0.0.1 prsainlandempire.org

127.0.0.1 put-your-link-here.com

127.0.0.1 pyrocorp.com

127.0.0.1 quick-search.ws

127.0.0.1 quiksearchgenealogy.com

127.0.0.1 radfrall.org

127.0.0.1 ramgo.com

127.0.0.1 ranafrog.ne

127.0.0.1 rapegate.com

127.0.0.1 redbudbmx.com

127.0.0.1 refinance-help.com

127.0.0.1 removeearthkeepers.org

127.0.0.1 rightfinder.net

127.0.0.1 robbsproshop.com

127.0.0.1 robertferencz.com

127.0.0.1 rotocasters.com

127.0.0.1 royalsearch.net

127.0.0.1 runsearch.com

127.0.0.1 russiansponsor.com

127.0.0.1 russogay.com

127.0.0.1 s2.exocrew.com

127.0.0.1 sacitylife.com

127.0.0.1 samplegals.com

127.0.0.1 satisf*cktion.net

127.0.0.1 sbssurvivor.com

127.0.0.1 scarypix.com

127.0.0.1 sccdnet.com

127.0.0.1 schoolforest.com

127.0.0.1 search-1.net

127.0.0.1 search-2003.com

127.0.0.1 search-about.net

127.0.0.1 search-hawk.com

127.0.0.1 search-log.com

127.0.0.1 search-meta.com

127.0.0.1 search-safe.com

127.0.0.1 search.psn.cn

127.0.0.1 searchadultweb.com

127.0.0.1 searchbutler.com

127.0.0.1 searchbuttler.com

127.0.0.1 searchbutler.org

127.0.0.1 searchcomplete.com

127.0.0.1 searchdesire.com

127.0.0.1 searchdot.net

127.0.0.1 searchexpander.com

127.0.0.1 searchfastnet.com

127.0.0.1 searchforge.com

127.0.0.1 searching-the-net.com

127.0.0.1 searchmeta.md

127.0.0.1 searchmeta.net

127.0.0.1 searchmeta.ru

127.0.0.1 searchmeta.webhost.ru

127.0.0.1 searchnow.ws

127.0.0.1 searchonfly.com

127.0.0.1 searchv.com

127.0.0.1 searchxl.com

127.0.0.1 searchxp.com

127.0.0.1 sebot.com

127.0.0.1 securenp.org

127.0.0.1 security-warning.biz

127.0.0.1 seehardcore.com

127.0.0.1 seekwell.net

127.0.0.1 selfbookmark.com

127.0.0.1 selfbookmark.info

127.0.0.1 selfbookmark.net

127.0.0.1 sex.free4porno.net

127.0.0.1 sex-coach.com

127.0.0.1 sex-festival.com

127.0.0.1 sex-video-galleries.com

127.0.0.1 sexgalleries4all.com

127.0.0.1 sexmoviesnet.com

127.0.0.1 sexpatriot.net

127.0.0.1 sexy18.cc

127.0.0.1 sexycat.adult-host.org

127.0.0.1 sfbayfolkboats.com

127.0.0.1 sgirls.net

127.0.0.1 sharempeg.com

127.0.0.1 shopcards.net

127.0.0.1 shopknights.com

127.0.0.1 sic02.com

127.0.0.1 sintrader.com

127.0.0.1 site1.ru

127.0.0.1 sites-in-web.com

127.0.0.1 sitevictoria.com

127.0.0.1 sixroads.com

127.0.0.1 skakalka.ru

127.0.0.1 slawsearch.com

127.0.0.1 slotch.com

127.0.0.1 smartsumo.com

127.0.0.1 smutarchive.net

127.0.0.1 solongas.com

127.0.0.1 sonomaevents.com

127.0.0.1 spermatrix.com

127.0.0.1 sportbooks-free4you.com

127.0.0.1 spros.com

127.0.0.1 spyass.com

127.0.0.1 spyorgy.net

127.0.0.1 staceyowens.com

127.0.0.1 stacistaxx.com

127.0.0.1 stacystaxx.com

127.0.0.1 start-space.com

127.0.0.1 steamycock.com

127.0.0.1 sterva.com

127.0.0.1 stevecashdollar.com

127.0.0.1 stop-tracking.biz

127.0.0.1 stopvotefraud.com

127.0.0.1 stopxxxpics.com

127.0.0.1 strekoza.com

127.0.0.1 stuffstore.com

127.0.0.1 styleclickink.com

127.0.0.1 summercollins.com

127.0.0.1 summitcross.com

127.0.0.1 super-spider.com

127.0.0.1 super-websearch.com

127.0.0.1 supersexmachine.com

127.0.0.1 superwebsearch.com

127.0.0.1 supret.com

127.0.0.1 suzannebrecht.com

127.0.0.1 sweeteenz.com

127.0.0.1 tacil.org

127.0.0.1 tangounion.com

127.0.0.1 tastethemusic.com

127.0.0.1 tax-refund4you.com

127.0.0.1 tech-jobs.ws

127.0.0.1 technology-related.com

127.0.0.1 teen-biz.com

127.0.0.1 teen-pic-post.com

127.0.0.1 teenpornosex.com

127.0.0.1 teens4free.net

127.0.0.1 teensact.com

127.0.0.1 teensgate.com

127.0.0.1 teensguru.com

127.0.0.1 teenswamp.com

127.0.0.1 testosterone-birth-control.com

127.0.0.1 the-exit.com

127.0.0.1 the-huns-yellow-pages.com

127.0.0.1 thefakejournal.com

127.0.0.1 thehuy.net

127.0.0.1 theproxy.org

127.0.0.1 therealsearch.com

127.0.0.1 thesten.com

127.0.0.1 thornleygroup.com

127.0.0.1 tings.org

127.0.0.1 tinybar.com

127.0.0.1 tit-x.com

127.0.0.1 titanvision.com

127.0.0.1 titsianna.com

127.0.0.1 toddhayes.com

127.0.0.1 toon-comics.com

127.0.0.1 tooncomics.com

127.0.0.1 topsearcher.com

127.0.0.1 trafficback.com

127.0.0.1 trafficswitcher.com

127.0.0.1 travel.picture-posters.com

127.0.0.1 true-counter.com

127.0.0.1 true-portal.com

127.0.0.1 trytechnical.com

127.0.0.1 ufindall.click-now.net

127.0.0.1 umaxsearch.com

127.0.0.1 une-autre-france.com

127.0.0.1 unigays.com

127.0.0.1 unipages.cc

127.0.0.1 up2you.ru

127.0.0.1 urlstat.com

127.0.0.1 urlstat.ru

127.0.0.1 uralitel.ru

127.0.0.1 ursie.net

127.0.0.1 utahsweet.com

127.0.0.1 utopicportal.com

127.0.0.1 uusocialjustice.org

127.0.0.1 v61.com

127.0.0.1 vaginpics.com

127.0.0.1 valmyers.com

127.0.0.1 vegas-free.com

127.0.0.1 vegbuy.com

127.0.0.1 veloventures.com

127.0.0.1 verzila.com

127.0.0.1 victoriaadam.com

127.0.0.1 videocategories.com

127.0.0.1 vitamins-for-each.com

127.0.0.1 votehowe.org

127.0.0.1 vxebony.com

127.0.0.1 wakeupdick.com

127.0.0.1 warnomore.org

127.0.0.1 watersport-specialties.com

127.0.0.1 web-homepage.net

127.0.0.1 web-search.tk

127.0.0.1 webcoolsearch.com

127.0.0.1 websearchdot.com

127.0.0.1 weekend-movies.com

127.0.0.1 wetpornostars.com

127.0.0.1 whatsyoursearch.com

127.0.0.1 white-pages.ws

127.0.0.1 whittierblvd.com

127.0.0.1 win-in-casino.com

127.0.0.1 wiresearch.com

127.0.0.1 wolfpacracing.com

127.0.0.1 wordlist.jps.ru

127.0.0.1 wpc2001.org

127.0.0.1 wspzone.sexpornonline.com

127.0.0.1 wwwbet.net

127.0.0.1 wwwbetting.net

127.0.0.1 wwwpokergames.com

127.0.0.1 wwwpokerplayers.com

127.0.0.1 wwwroulette.net

127.0.0.1 x-library.com

127.0.0.1 x-webdesign.com

127.0.0.1 xcomics4u.com

127.0.0.1 xic-bs.com

127.0.0.1 xldr.com

127.0.0.1 xp18.com

127.0.0.1 xrenosearch.com

127.0.0.1 xtragay.com

127.0.0.1 xu.xu.pl

127.0.0.1 xxxcategories.com

127.0.0.1 xxxemailxxx.com

127.0.0.1 y-e-l-l-o-w.com

127.0.0.1 yellow500.com

127.0.0.1 yezol.com

127.0.0.1 you-search.com

127.0.0.1 you-search.com.ru

127.0.0.1 youfindall.com

127.0.0.1 youfindall.net

127.0.0.1 your-prescriptions.net

127.0.0.1 yourbookmarks.info

127.0.0.1 yourbookmarks.ws

127.0.0.1 ypir.com

127.0.0.1 ysa-info.net

127.0.0.1 yukohamano.com

127.0.0.1 ywebsearch.info

127.0.0.1 zapros.com

127.0.0.1 zesearch.com

127.0.0.1 ziportal.com

127.0.0.1 zipportal.com

127.0.0.1 zoneoffreeporn.com

127.0.0.1 zoomegasite.com

127.0.0.1 zvimigdal.com

127.0.0.1 zyban-zocor-levitra.com

127.0.0.1 t.rack.cc

127.0.0.1 omega-search.com

127.0.0.1 cool-xxx.net

127.0.0.1 revolto3.da.ru

127.0.0.1 dating-search.net

127.0.0.1 linksummary.com

127.0.0.1 duolaimi.net

127.0.0.1 ez-searching.com

127.0.0.1 freehqmovies.com

127.0.0.1 xzoomy.com

127.0.0.1 freescratchandwin.com

127.0.0.1 fickenisgeil.de

127.0.0.1 globalwebsearch.com

127.0.0.1 www.gocybersearch.com

127.0.0.1 mayancasino.com

127.0.0.1 www.hastalavista.com

127.0.0.1 www.free-popup-killer.com

127.0.0.1 www.digitalfan.com

127.0.0.1 google123.web1000.com

127.0.0.1 search.ieplugin.com

127.0.0.1 i-lookup.com

127.0.0.1 spidersearch.com

127.0.0.1 istarthere.com

127.0.0.1 xxxtoolbar.com

127.0.0.1 www.seekporn.org

127.0.0.1 17-plus.com

127.0.0.1 lolita4all1.xrensmagpost.com

127.0.0.1 mafiapics.com

127.0.0.1 www.teenmonster.com

127.0.0.1 ie.marketdart.com

127.0.0.1 masterbar.com

127.0.0.1 search.netzany.co

127.0.0.1 only-virgins.com

127.0.0.1 passthison.com

127.0.0.1 blondetgp.com

127.0.0.1 prolivation.com

127.0.0.1 server-au.imrworldwide.com

127.0.0.1 .roar.com

127.0.0.1 rocketsearch.com

127.0.0.1 searchaccurate.com

127.0.0.1 searchalot.com

127.0.0.1 searchandbrowse.com

127.0.0.1 gtawarehouse.com

127.0.0.1 startium.com

127.0.0.1 searchandclick.com

127.0.0.1 searchby.net

127.0.0.1 searchdot.com

127.0.0.1 search-exe.com

127.0.0.1 secret-crush.com

127.0.0.1 seekseek.com

127.0.0.1 sexarena.com

127.0.0.1 sexocean.play-lolita.com

127.0.0.1 startsurfing.com

127.0.0.1 66.197.138.235

127.0.0.1 srng.net

127.0.0.1 apps.webservicehost.com

127.0.0.1 search.shopnav.com

127.0.0.1 wish7.com

127.0.0.1 216.65.3.68

127.0.0.1 www.supersexpass.com

127.0.0.1 surferbar.com

127.0.0.1 xlola.underagehost.com

127.0.0.1 hotlolitas.underagehost.com

127.0.0.1 loading-lolita.com

127.0.0.1 www.xupiter.com

127.0.0.1 xjupiter.com

127.0.0.1 www.xjupiter.com

127.0.0.1 www.browserwise.com

127.0.0.1 sqwire.com

127.0.0.1 orbitexplorer.com

127.0.0.1 searchcentrix.com

127.0.0.1 categories.mygeek.com

127.0.0.1 web-entrance.co

127.0.0.1 whazit.com

127.0.0.1 windowenhancer.com

127.0.0.1 buz.ru

127.0.0.1 iwon.com

127.0.0.1 featured-results.com

127.0.0.1 searchmadesafe.net

127.0.0.1 quicklaunch.com

127.0.0.1 www.cashsurfers.com

127.0.0.1 .lop.com

127.0.0.1 .tjdo.com

127.0.0.1 /tjdo.com

127.0.0.1 .ebav.com

127.0.0.1 /ebav.com

127.0.0.1 .ebgo.com

127.0.0.1 /ebgo.com

127.0.0.1 .ebaw.com

127.0.0.1 /ebaw.com

127.0.0.1 .ebkb.com

127.0.0.1 /ebkb.com

127.0.0.1 .ebmu.com

127.0.0.1 /ebmu.com

127.0.0.1 .ecmp.com

127.0.0.1 /ecmp.com

127.0.0.1 .edhq.com

127.0.0.1 /edhq.com

127.0.0.1 .edty.com

127.0.0.1 /edty.com

127.0.0.1 .sbee.com

127.0.0.1 /sbee.com

127.0.0.1 .aavc.com

127.0.0.1 /aavc.com

127.0.0.1 .acjp.com

127.0.0.1 /acjp.com

127.0.0.1 .ecmh.com

127.0.0.1 /ecmh.com

127.0.0.1 .emch.com

127.0.0.1 /emch.com

127.0.0.1 .ecpm.com

127.0.0.1 /ecpm.com

127.0.0.1 .wabu.com

127.0.0.1 /wabu.com

127.0.0.1 .wabq.com

127.0.0.1 .wabq.com

127.0.0.1 /wabq.com

127.0.0.1 .ebch.com

127.0.0.1 /ebch.com

127.0.0.1 .ebdv.com

127.0.0.1 /ebdv.com

127.0.0.1 .ebdw.com

127.0.0.1 /ebdw.com

127.0.0.1 .ebjp.com

127.0.0.1 /ebjp.com

127.0.0.1 .ebkn.com

127.0.0.1 /ebkn.com

127.0.0.1 .ebky.com

127.0.0.1 /ebky.com

127.0.0.1 .eblv.com

127.0.0.1 /eblv.com

127.0.0.1 .wbkb.com

127.0.0.1 /wbkb.com

127.0.0.1 .ebvr.com

127.0.0.1 /ebvr.com

127.0.0.1 .ecwz.com

127.0.0.1 /ecwz.com

127.0.0.1 .ecyb.com

127.0.0.1 /ecyb.com

127.0.0.1 .eduy.com

127.0.0.1 /eduy.com

127.0.0.1 .eeev.com

127.0.0.1 /eeev.com

127.0.0.1 .farse.com

127.0.0.1 /farse.com

127.0.0.1 .ibmx.com

127.0.0.1 /ibmx.com

127.0.0.1 .icwb.com

127.0.0.1 /icwb.com

127.0.0.1 .icwo.com

127.0.0.1 /icwo.com

127.0.0.1 .icwp.com

127.0.0.1 /icwp.com

127.0.0.1 .iddh.com

127.0.0.1 /iddh.com

127.0.0.1 .idhh.com

127.0.0.1 /idhh.com

127.0.0.1 .ifiz.com

127.0.0.1 /ifiz.com

127.0.0.1 .iguu.com

127.0.0.1 /iguu.com

127.0.0.1 .samz.com

127.0.0.1 /samz.com

127.0.0.1 .saoe.com

127.0.0.1 /saoe.com

127.0.0.1 .sbjr.com

127.0.0.1 /sbjr.com

127.0.0.1 .sbnl.com

127.0.0.1 /sbnl.com

127.0.0.1 .sbnt.com

127.0.0.1 /sbnt.com

127.0.0.1 .sbvr.com

127.0.0.1 /sbvr.com

127.0.0.1 .scbm.com

127.0.0.1 /scbm.com

127.0.0.1 .sckr.com

127.0.0.1 /sckr.com

127.0.0.1 .scrk.com

127.0.0.1 /scrk.com

127.0.0.1 .sdry.com

127.0.0.1 /sdry.com

127.0.0.1 .seld.com

127.0.0.1 /seld.com

127.0.0.1 .sfux.com

127.0.0.1 /sfux.com

127.0.0.1 .sheat.com

127.0.0.1 /sheat.com

127.0.0.1 .sipo.com

127.0.0.1 /sipo.com

127.0.0.1 .smds.com

127.0.0.1 /smds.com

127.0.0.1 .srib.com

127.0.0.1 /srib.com

127.0.0.1 .srox.com

127.0.0.1 /srox.com

127.0.0.1 .srsf.com

127.0.0.1 /srsf.com

127.0.0.1 .ssaw.com

127.0.0.1 /ssaw.com

127.0.0.1 .ssby.com

127.0.0.1 /ssby.com

127.0.0.1 .surj.com

127.0.0.1 /surj.com

127.0.0.1 .tbvg.com

127.0.0.1 /tbvg.com

127.0.0.1 .tdak.com

127.0.0.1 /tdak.com

127.0.0.1 .tdmy.com

127.0.0.1 /tdmy.com

127.0.0.1 .tefs.com

127.0.0.1 /tefs.com

127.0.0.1 .tfil.com

127.0.0.1 /tfil.com

127.0.0.1 .tjar.com

127.0.0.1 /tjar.com

127.0.0.1 .tjaw.com

127.0.0.1 /tjaw.com

127.0.0.1 .tjgo.com

127.0.0.1 /tjgo.com

127.0.0.1 .tjem.com

127.0.0.1 /tjem.com

127.0.0.1 .torc.com

127.0.0.1 /torc.com

127.0.0.1 .wfix.com

127.0.0.1 /wfix.com

127.0.0.1 .wflu.com

127.0.0.1 /wflu.com

127.0.0.1 .tdko.com

127.0.0.1 /tdko.com

127.0.0.1 .thko.com

127.0.0.1 /thko.com

127.0.0.1 h24413.tfil.com

127.0.0.1 germany.rub.to

127.0.0.1 search.rub.to

127.0.0.1 unitedstates.rub.to

127.0.0.1 www.commonname.com

127.0.0.1 www.ezcybersearch.com

127.0.0.1 www.jethomepage.com

127.0.0.1 www.gohip.com

127.0.0.1 hotbar.com

127.0.0.1 www.huntbar.com

127.0.0.1 search.imiserver.com

127.0.0.1 infospace.com/blsrch.dp.toolbar

127.0.0.1 searchenhancement.com

127.0.0.1 newtonknows.com

127.0.0.1 search-explorer.net

127.0.0.1 searchsquire.com

127.0.0.1 secondpower.com

127.0.0.1 2ndpower.com

127.0.0.1 searchgateway.net

127.0.0.1 worldusa.com

127.0.0.1 www.topsearcher.com

127.0.0.1 sb.htm

127.0.0.1 smutserver.com

127.0.0.1 searchmeup.com

127.0.0.1 cameup.com

127.0.0.1 kliksearch.com

127.0.0.1 realphx.com

127.0.0.1 blazefind.com

127.0.0.1 66.40.16.198

127.0.0.1 zoofil.com

127.0.0.1 terafinder.com

127.0.0.1 008i.com

127.0.0.1 171203.com

127.0.0.1 39-93.com

127.0.0.1 adult-personal.us

127.0.0.1 cashsearch.biz

127.0.0.1 cl55.biz

127.0.0.1 dailyteenspic.com

127.0.0.1 di
0
Réponse 48 / 78
lolo997 Messages postés 102 Statut Membre
 
rapport l2mfix

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xdudtt]
"DllName"=hex(2):78,00,64,00,75,00,64,00,74,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"Startup"="M6xnopProc"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"MaxWait"=dword:00000001
"secureUID"="[3865849464907492467]"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{D3581EB7-5E16-4182-9F58-86FA713B42F9}"="AOL Partenaire de Packard Bell"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{3c249f62-e26e-11d4-97f0-009027769c61}"="Format Shell"
"{03FF3962-D823-11D4-97F0-009027769C61}"="Data Caching Shell Extension"
@=""
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}"="PhotoToys"
"{B446400D-0030-457b-8F64-422A19605186}"="Logitech Gallery"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
dxtrans.dll Fri 24 Feb 2006 14:24:10 A.... 192 512 188,00 K
iepeers.dll Fri 24 Feb 2006 15:21:26 A.... 236 032 230,50 K
inetcomm.dll Mon 27 Feb 2006 13:31:54 A.... 596 480 582,50 K
inetres.dll Mon 27 Feb 2006 14:26:06 A.... 50 688 49,50 K
msdtcprx.dll Wed 1 Mar 2006 21:45:36 A.... 368 640 360,00 K
msdtctm.dll Wed 1 Mar 2006 21:45:36 A.... 974 336 951,50 K
msdtcuiu.dll Wed 1 Mar 2006 21:45:36 A.... 150 528 147,00 K
mshtml.dll Wed 22 Mar 2006 17:46:48 A.... 2 702 336 2,57 M
msident.dll Mon 27 Feb 2006 14:26:06 A.... 44 032 43,00 K
msoeacct.dll Mon 27 Feb 2006 14:26:06 A.... 229 376 224,00 K
msoert2.dll Mon 27 Feb 2006 13:31:36 A.... 91 136 89,00 K
mstime.dll Fri 3 Mar 2006 15:46:54 A.... 498 176 486,50 K
mtxclu.dll Wed 1 Mar 2006 21:45:36 A.... 64 512 63,00 K
mtxoci.dll Wed 1 Mar 2006 21:45:36 A.... 83 456 81,50 K
pncrt.dll Sun 21 May 2006 16:41:08 A.... 278 528 272,00 K
pndx5016.dll Sun 21 May 2006 16:45:06 A.... 6 656 6,50 K
pndx5032.dll Sun 21 May 2006 16:45:06 A.... 5 632 5,50 K
rmoc3260.dll Sun 21 May 2006 16:45:10 A.... 147 495 144,04 K
shdocvw.dll Tue 21 Mar 2006 15:37:16 A.... 1 339 392 1,28 M
shell32.dll Fri 17 Mar 2006 7:05:00 A.... 8 408 064 8,02 M
urlmon.dll Fri 3 Mar 2006 15:46:54 A.... 463 360 452,50 K
wininet.dll Fri 24 Feb 2006 15:21:26 A.... 581 120 567,50 K
xolehlp.dll Wed 1 Mar 2006 21:45:36 A.... 11 776 11,50 K
xpsp2res.dll Wed 22 Mar 2006 3:29:28 ..... 613 376 599,00 K

24 items found: 24 files, 0 directories.
Total of file sizes: 18 137 639 bytes 17,30 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 28DE-6981

R‚pertoire de C:\WINDOWS\System32

25/05/2006 21:04 <REP> dllcache
22/05/2006 18:35 32 {1D62576B-6726-4D32-B1A8-A941F5B2145C}.dat
22/05/2006 18:34 32 {557704D8-114E-46E5-A5D7-D9BB53D82F9F}.dat
30/09/2002 14:14 <REP> Microsoft
2 fichier(s) 64 octets
2 R‚p(s) 75ÿ452ÿ661ÿ760 octets libres
0
Réponse 49 / 78
lolo997 Messages postés 102 Statut Membre
 
voici les résultat de la procédur que vous l'avez di de suivre :

L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (600)
Killing 'winlogon.exe'
Killing 'explorer.exe'
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xdudtt]
"DllName"=hex(2):78,00,64,00,75,00,64,00,74,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"Startup"="M6xnopProc"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"MaxWait"=dword:00000001
"secureUID"="[3865849464907492467]"

The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Logfile of HijackThis v1.99.1
Scan saved at 22:30:24, on 25/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Gasser.SN301096530007.000\Mes documents\rapport virus logiciel\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F53F0CF1-5B8B-4F81-B70D-0FA81D64D824}: NameServer = 84.103.237.146 86.64.145.146
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: xdudtt - C:\WINDOWS\SYSTEM32\xdudtt.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InSec(inetsec) (InSec) - Unknown owner - C:\WINDOWS\system32\inetsec.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

le site virus total ne fonctionne toujours pas pour moi
0
Réponse 50 / 78
regis59
 
Re,

dis moi, t as essayé ceci?

Essai ceci aussi:

The Hoster http://www.funkytoad.com/download/hoster.zip Dézippe ce fichier sur ton bureau
* Hors connexion nagigateur fermé ainsi que toutes les applications en cours
* Double clic sur hoster.exe
* Clique sur Restore Original Hosts ensuite sur Ok

a+
0
Réponse 51 / 78
lolo997 Messages postés 102 Statut Membre
 
oui jlé fait :S
0
Réponse 52 / 78
regis59
 
lol
ok

Rend toi ici:
c:\windows\system32\drivers\etc\

Ouvre Host.

Supprime tout ce qu il ne faut pas afin qu il ne te reste plus que ca:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x

127.0.0.1 localhost

Une fois que tu as tout supprimé et qu il ne te reste que ceci; tu clik sur fichier < enregistrer

Redemarre ton pc, et reouvre le fichier host et copie/colle ce qu il y a dedans.

a+
0
Réponse 53 / 78
lolo997 Messages postés 102 Statut Membre
 
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

voila ce qu'il y a après un reboot
0
Réponse 54 / 78
Regis59
 
ok !

Maintenant essaie d aller sur le site, ca marche?

a+
0
Réponse 55 / 78
lolo997 Messages postés 102 Statut Membre
 
non :(

[URL=https://imageshack.com/][IMG]http://img522.imageshack.us/img522/7382/microsoft1no.th.jpg[/IMG][/URL]
0
Réponse 56 / 78
Regis59
 
Salut

T utilises quel navigateur? IE? ou mozilla?

Rend toi ici
http://www.kaspersky.com/remoteviruschk.html
Clik parcourir et recherche le fichier et clik submit

En dessou y a un tableau, regarde ce qu il marque

a+
0
Réponse 57 / 78
regis59
 
ok t es sous mozilla.

Essai sous internet explorer, pareil?

Et regarde poste 61.

a+
Note: si rien ne fonctionne, fais ceci

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+
0
Réponse 58 / 78
lolo997 Messages postés 102 Statut Membre
 
pareil ac ie, lorsque je clique sur ton lien, un fichier texte s'ouvre, est-ce normal ? le site de kasper ne fonctionne pas non plus, meme page microsoft

fichier texte du lien

'Silent Runners.vbs -- find out what programs start up with Windows!
'
'DO NOT REMOVE THIS HEADER!
'
'Copyright Andrew ARONOFF 24 April 2006, https://www.silentrunners.org/
'This script is provided without any warranty, either expressed or implied
'It may not be copied or distributed without permission
'
'** YOU RUN THIS SCRIPT AT YOUR OWN RISK! **
'HEADER ENDS HERE

Option Explicit

Dim strRevNo : strRevNo = "45"

Public flagTest : flagTest = False 'True if testing
'flagTest = True 'Uncomment to test

'This script is divided into 28 sections.

'malware launch points:
' registry keys (I-XII, XV)
' INI/INF-files (XVI-XVIII)
' folders (XIX)
' enabled scheduled tasks (XX)
' Winsock2 service provider DLLs (XXI)
' IE toolbars, explorer bars, extensions (XXII)
' started services (XXVI)
' keyboard driver filters (XXVII)
' printer monitors (XXVIII)

'hijack points:
' System/Group Policies (XIV)
' prefixes for IE URLs (XXIII)
' misc IE points (XXIV)
' HOSTS file (XXV)

'Output is suppressed if deemed normal unless the -all parameter is used
'Sections XVIII & XXII-dormant Explorer Bars are skipped unless the -supp/-all
' parameters are used or the first message box is answered "No"

' I. HKCU/HKLM... Run/RunOnce/RunOnce\Setup
' HKLM... RunOnceEx/RunServices/RunServicesOnce
' HKCU/HKLM... Policies\Explorer\Run
' II. HKLM... Active Setup\Installed Components\
' HKCU... Active Setup\Installed Components\
' (StubPath <> "" And HKLM version # > HKCU version #)
' III. HKLM... Explorer\Browser Helper Objects\
' IV. HKLM... Shell Extensions\Approved\
' V. HKLM... Explorer\SharedTaskScheduler/ShellExecuteHooks
' VI. HKCU/HKLM... ShellServiceObjectDelayLoad\
' VII. HKCU... Command Processor\AutoRun ((default) <> "")
' HKCU... Policies\System\Shell (W2K & WXP only)
' HKCU... Windows\load & run ((default) <> "")
' HKCU... Command Processor\AutoRun ((default) <> "")
' HKLM... Windows\AppInit_DLLs ((default) <> "")
' HKLM... Winlogon\Shell/Userinit/System/Ginadll/Taskman
' ((default) <> explorer.exe, userinit.exe, "", "", "")
' HKLM... Control\SafeBoot\Option\UseAlternateShell
' HKLM... Control\Session Manager\BootExecute
' HKLM... Control\Session Manager\WOW\cmdline, wowcmdline
' VIII. HKLM... Winlogon\Notify\ (subkey names/DLLName values <> O/S-specific dictionary data)
' IX. HKLM... Image File Execution Options\ (subkeys with name = "Debugger")
' X. HKCU/HKLM... Policies... Startup/Shutdown, Logon/Logoff
' XI. HKCU/HKLM Protocols\Filter
' XII. Context menu shell extensions
' XIII. HKCR executable file type (bat/cmd/com/exe/hta/pif/scr)
' (shell\open\command data <> "%1" %*; hta <> mshta.exe "%1" %*; scr <> "%1" /S)
' XIV. System/Group Policies
' XV. Enabled Wallpaper & Screen Saver
' XVI. WIN.INI (load/run <> ""), SYSTEM.INI (shell <> explorer.exe, scrnsave.exe), WINSTART.BAT
' XVII. AUTORUN.INF in root of fixed drive (open/shellexecute <> "")
' XVIII. DESKTOP.INI in any local fixed disk directory (section skipped by default)
' XIX. %WINDIR%... Startup & All Users... Startup (W98/WME) or
' %USERNAME%... Startup & All Users... Startup folder contents
' XX. Scheduled Tasks
' XXI. Winsock2 Service Provider DLLs
' XXII. Internet Explorer Toolbars, Explorer Bars, Extensions (dormant
' Explorer Bars section skipped by default)
' XXIII. Internet Explorer URL Prefixes
' XXIV. Misc. IE Hijack Points
' XXV. HOSTS file
' XXVI. Started Services
' XXVII. Keyboard Driver Filters
'XXVIII. Printer Monitors

Dim Wshso : Set Wshso = WScript.CreateObject("WScript.Shell")
Dim WshoArgs : Set WshoArgs = WScript.Arguments
Dim intErrNum, intMB 'Err.Number, MsgBox return value

Dim strflagTest : strflagTest = ""
If flagTest Then
strflagTest = "TEST "
Wshso.Popup "Silent Runners is in testing mode.",1, _
"Testing, testing, 1-2-3...", vbOKOnly + vbExclamation
End If

'Configuration Detection Section

' FileSystemObject creation error (112)
' CScript/WScript (147)
' Dim (161)
' GetFileVersion(WinVer.exe) (VBScript 5.1) (182)
' OS version (223)
' WMI (279)
' Dim (364)
' command line arguments (440)
' supplementary search MsgBox (532)
' startup MsgBox (557)
' CreateTextFile error (583)
' output file header (625)
' WXP SP2 (629)

On Error Resume Next
Dim Fso : Set Fso = CreateObject("Scripting.FileSystemObject")
intErrNum = Err.Number : Err.Clear
On Error Goto 0

If intErrNum <> 0 Then

strURL = "https://docs.microsoft.com/en-us/"

intMB = MsgBox (Chr(34) & "Silent Runners" & Chr(34) &_
" cannot access file services critical to" & vbCRLF &_
"proper script operation." & vbCRLF & vbCRLF &_
"If you are running Windows XP, make sure that the" &_
vbCRLF & Chr(34) & "Cryptographic Services" & Chr(34) &_
" service is started." & vbCRLF & vbCRLF &_
"You can also try reinstalling the latest version of the MS" &_
vbCRLF & "Windows Script Host." & vbCRLF & vbCRLF &_
"Press " & Chr(34) & "OK" & Chr(34) & " to direct your browser to " &_
"the download site or" & vbCRLF & Space(10) & Chr(34) & "Cancel" &_
Chr(34) & " to quit.", vbOKCancel + vbCritical, _
"Can't access the FileSystemObject!")

'if dl wanted now, send browser to dl site
If intMB = 1 Then Wshso.Run strURL

WScript.Quit

End If

Dim oNetwk : Set oNetwk = WScript.CreateObject("WScript.Network")

Const HKLM = &H80000002, HKCU = &H80000001
Const REG_SZ=1, REG_EXPAND_SZ=2, REG_BINARY=3, REG_DWORD=4, REG_MULTI_SZ=7
Const MS = " [MS]"
Const DQ = """"

'determine whether output is via MsgBox/PopUp or Echo
Dim flagOut
If InStr(LCase(WScript.FullName),"wscript.exe") > 0 Then
flagOut = "W" 'WScript
ElseIf InStr(LCase(WScript.FullName),"cscript.exe") > 0 Then
flagOut = "C" 'CScript
Else 'echo and continue if it works
flagOut = "C" 'assume CScript-compatible
WScript.Echo "Neither " & Chr(34) & "WSCRIPT.EXE" & Chr(34) & " nor " &_
Chr(34) & "CSCRIPT.EXE" & Chr(34) & " was detected as " &_
"the script host." & vbCRLF & Chr(34) & "Silent Runners" & Chr(34) &_
" will assume that the script host is CSCRIPT-compatible and will" & vbCRLF &_
"use WScript.Echo for all messages."
End If 'script host

Const SysFolder = 1 : Const WinFolder = 0
Dim strOS : strOS = "Unknown"
Dim strOSLong : strOSLong = "Unknown"
Dim strOSXP : strOSXP = "Windows XP Home" 'XP Home or Pro
Public strFPSF : strFPSF = Fso.GetSpecialFolder(SysFolder).Path 'FullPathSystemFolder
Public strFPWF : strFPWF = Fso.GetSpecialFolder(WinFolder).Path 'FullPathWindowsFolder
Public strExeBareName 'bare file name w/o windows or system folder prefixes
Dim strSysVer 'Winver.exe version number
Dim intErrNum1, intErrNum2, intErrNum3, intErrNum4, intErrNum5, intErrNum6 'error number
Dim intLenValue 'value length
Dim strURL 'download URL
Dim flagGP : flagGP = False 'assume Group Policies cannot be set in the O/S
Dim intCLL : intCLL = 1 'CLSID Lower Limit, default is for O/S <= NT4

'Winver.exe is in \Windows under W98, but in \System32 for other O/S's
'trap GetFileVersion error for VBScript version < 5.1
On Error Resume Next
If Fso.FileExists (strFPSF & "\Winver.exe") Then
strSysVer = Fso.GetFileVersion(strFPSF & "\Winver.exe")
Else
strSysVer = Fso.GetFileVersion(strFPWF & "\Winver.exe")
End If
intErrNum = Err.Number : Err.Clear
On Error Goto 0

'if old VBScript version
If intErrNum <> 0 Then

'store dl URL
strURL = "http://tinyurl.com/7zh0"

'if using WScript
If flagOut = "W" Then

'explain the problem
intMB = MsgBox ("This script requires VBScript 5.1 or higher " &_
"to run." & vbCRLF & vbCRLF & "The latest version of VBScript can " &_
"be downloaded at: " & strURL & vbCRLF & vbCRLF &_
"Press " & Chr(34) & "OK" & Chr(34) & " to direct your browser to " &_
"the download site or " & Chr(34) & "Cancel" & Chr(34) &_
" to quit." & vbCRLF & vbCRLF & "(WMI is also required. If it's " &_
"missing, download instructions will appear later.)", _
vbOKCancel + vbExclamation,"Unsupported VBScript Version!")

'if dl wanted now, send browser to dl site
If intMB = 1 Then Wshso.Run strURL

'if using CScript
Else 'flagOut = "C"

'explain the problem
WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
"VBScript 5.1 or higher to run." & vbCRLF & vbCRLF &_
"It can be downloaded at: " & strURL

End If 'WScript or CScript?

'quit the script
WScript.Quit

End If 'VBScript version error encountered?

'use WINVER.EXE file version to determine O/S
If Instr(Left(strSysVer,3),"4.1") > 0 Then
strOS = "W98" : strOSLong = "Windows 98"

ElseIf Instr(Left(strSysVer,5),"4.0.1") > 0 Then
strOS = "NT4" : strOSLong = "Windows NT 4.0"

ElseIf Instr(Left(strSysVer,8),"4.0.0.95") > 0 Then
strOS = "W98" : strOSLong = "Windows 95"

ElseIf Instr(Left(strSysVer,8),"4.0.0.11") > 0 Then
strOS = "W98" : strOSLong = "Windows 95 SR2 (OEM)"

ElseIf Instr(Left(strSysVer,3),"5.0") > 0 Then
strOS = "W2K" : strOSLong = "Windows 2000" : : intCLL = 0 : flagGP = True

ElseIf Instr(Left(strSysVer,3),"5.1") > 0 Then
'SP0 & SP1 = 5.1.2600.0, SP2 = 5.1.2600.2180
strOS = "WXP" : strOSLong = "Windows XP" : intCLL = 0

If Instr(strSysVer,".2180") > 0 Then strOSLong = "Windows XP SP2"

ElseIf Instr(Left(strSysVer,3),"4.9") > 0 Then
strOS = "WME" : strOSLong = "Windows Me (Millennium Edition)"

ElseIf Instr(Left(strSysVer,3),"5.2") > 0 Then
strOS = "WXP" : strOSLong = "Windows Server 2003 (interpreted as Windows XP)"
flagGP = True : intCLL = 0

Else 'unknown strSysVer

If flagOut = "W" Then

intMB = MsgBox ("The " & Chr(34) & "Silent Runners" & Chr(34) &_
" script cannot determine the operating system." & vbCRLF & vbCRLF &_
"Click " & Chr(34) & "OK" & Chr(34) & " to send an e-mail to the " &_
"author, providing the following information:" & vbCRLF & vbCRLF &_
"WINVER.EXE file version = " & strSysVer & vbCRLF & vbCRLF &_
"or click " & Chr(34) & "Cancel" & Chr(34) & " to quit.", _
49,"O/S Unknown!")

If intMB = 1 Then Wshso.Run "mailto:Andrew%20Aronoff%20" &_
"<%73%72.%6F%73.%76%65%72.%65%72%72%6F%72@%61%61%72%6F%6E%6F%66%66.%63%6F%6D>?" &_
"subject=Silent%20Runners%20OS%20Version%20Error&body=WINVER.EXE" &_
"%20file%20version%20=%20" & strSysVer

Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " cannot " &_
"determine the operating system." & vbCRLF & vbCRLF & "This script will exit."

End If 'flagOut?

WScript.Quit

End If 'OS id'd from strSysVer?

'use WMI to connect to the registry
On Error Resume Next
Dim oReg : Set oReg = GetObject("winmgmts:\root\default:StdRegProv")
intErrNum = Err.Number : Err.Clear
On Error Goto 0

'detect WMI connection error
If intErrNum <> 0 Then

strURL = ""

'for W98/NT4, assume WMI not installed and direct to d/l URL
If strOS = "W98" Or strOS = "NT4" Then

If strOS = "W98" Then strURL = "http://tinyurl.com/jbxe"
If strOS = "NT4" Then strURL = "http://tinyurl.com/7wd7"

'invite user to download WMI & quit
If flagOut = "W" Then

intMB = MsgBox ("This script requires " & Chr(34) & "WMI" &_
Chr(34) & ", Windows Management Instrumentation, to run." &_
vbCRLF & vbCRLF & "It can be downloaded at: " & strURL &_
vbCRLF & vbCRLF & "Press " & Chr(34) & "OK" & Chr(34) &_
" to direct your browser to the download site or " &_
Chr(34) & "Cancel" & Chr(34) & " to quit.",_
vbOKCancel + vbCritical,"WMI Not Installed!")

If intMB = 1 Then Wshso.Run strURL

'at command line, explain & quit
Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
Chr(34) & "WMI" & Chr(34) & ", Windows Management Instrumentation, " &_
"to run." & vbCRLF & vbCRLF & "It can be downloaded at: " & strURL

End If

'for W2K Or WXP, explain how to start the WMI service
ElseIf strOS = "W2K" Or strOS = "WXP" Then

If strOS = "W2K" Then strLine = "Settings, "

'explain how to turn on WMI service
If flagOut = "W" Then

MsgBox "This script requires Windows Management Instrumentation" &_
" to run." & vbCRLF & vbCRLF & "Click on Start, " & strLine &_
"Control Panel, Administrative Tools, Services," & vbCRLF &_
"and start the " & Chr(34) & "Windows Management Instrumentation" &_
Chr(34) & " service.",vbOKOnly + vbCritical,"WMI Service not running!"

'at command line, explain & quit
Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
"Windows Management Instrumentation to run." & vbCRLF & vbCRLF &_
"Click on Start, " & strLine & "Control Panel, Administrative " &_
" Tools, Services," & vbCRLF & "and start the " & Chr(34) &_
"Windows Management Instrumentation" & Chr(34) & " service."

End If 'flagOut?

Else 'WME

'say there's a WMI problem
If flagOut = "W" Then

MsgBox "This script requires WMI (Windows Management Instrumentation)" &_
" to run," & vbCRLF & "but WMI is not running correctly.", _
vbOKOnly + vbCritical,"WMI problem!"

'at command line, explain & quit
Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
"WMI (Windows Management Instrumentation) to run," & vbCRLF &_
"but WMI is not running correctly."

End If 'flagOut?

End If 'which O/S?

WScript.Quit

End If 'WMI execution error

'array of Run keys, counter x 5, hive member, startup folder file,
'startup file shortcut, IERESET.INF file
Dim arRunKeys, i, ii, j, k, l, oHiveElmt, oSUFi, oSUSC
'dictionary, keys, items, hard disk collection
Dim arSK, arSKk, arSKi, colDisks

'arrays: Run key names, keys, sub-keys, value type, Protocol filters
Dim arNames(), arKeys(), arSubKeys(), arType, arFilter()
'Sub-Directory DeskTop.Ini array, Sub-Directory Error array
Public arSDDTI(), arSDErr()
'DeskTop.Ini counter, Error counter, Classes data Hive counter
Public ctrArDTI, ctrArErr, ctrCH
Public ctrFo : ctrFo = 0 'folder counter

'name member, key array member x 4, O/S, drive root directory, work file
Dim oName, oKey, oKey2, strMemKey, strMemSubKey, oOS, oRoot, oFileWk
'values x 7
Dim strValue, strValue1, strValue2, strValue3, strValue4, strValue5, strValue6, intValue
'name, single character, startup folder name, startup folder, array member, temp var
Dim strName, strChr, arSUFN, oSUF, strArMember, strTmp
'output string x 3
Public strOut, strOut1, strOut2

'output file msg x 2, warning string, title line
Dim strLine, strLine1, strLine2, strWarn, strTitleLine
Dim strKey, strKey1, strKey2, strKey3, strSubKey 'register key x 4, sub-key
'output file name string (incl. path), file name (wo path),
'PIF path string, single binary character
Dim strFN, strFNNP, strPIFTgt, bin1C
Public datLaunch : datLaunch = Now 'script launch time
Public intCnt 'counter
'ref time, time taken by 2 pop-up boxes
Public datRef : datRef = 0
Public datPUB1 : datPUB1 = 0 : Public datPUB2 : datPUB2 = 0

'TRUE if show all output (default values not filtered)
Public flagShowAll : flagShowAll = False
Dim strRptOutput : strRptOutput = "Output limited to non-default values, " &_
"except where indicated by " & Chr(34) & "{++}" & Chr(34) 'output file string
Public strTitle : strTitle = ""
Public strSubTitle : strSubTitle = ""
Public strSubSubTitle : strSubSubTitle = ""
Public flagNVP : flagNVP = False 'existence of name/value pairs in a key
Public flagInfect : flagInfect = False 'flag infected condition
Dim flagMatch 'flag matching keys
Dim flagAllow 'flag key on approved list
Dim flagFound 'flag key that exists in Registry
Dim flagDirArg : flagDirArg = False 'presence of output directory argument
Dim flagIsCLSID : flagIsCLSID = False 'true if argument in CLSID format
Dim flagTitle 'True if title has already been written
Dim flagAllArg : flagAllArg = False 'presence of all output argument
Dim flagArray 'flag array containing elements
Public flagSupp : flagSupp = False 'do *not* check for DESKTOP.INI in all
'directories of local fixed disks
'or for dormant Explorer Bars
Dim intLBSP 'Last BackSlash Position in path string
Dim intSS 'lowest sort subscript
Dim intType 'value type
Dim strDLL, strCN 'DLL name, company name
'string to signal all output by default
Public strAllOutDefault : strAllOutDefault = ""

Dim ScrPath : ScrPath = Fso.GetParentFolderName(WScript.ScriptFullName)
If Right(ScrPath,1) <> "\" Then ScrPath = ScrPath & "\"
'initialize Path of Output File Folder to script path
Dim strPathOFFo : strPathOFFo = ScrPath

'hive array
Public arHives(1,1)
arHives(0,0) = "HKCU" : arHives(1,0) = "HKLM"
arHives(0,1) = &H80000001 : arHives(1,1) = &H80000002

'set up argument usage message string

Dim strLSp, strCSp 'Leading Spaces, Centering Spaces
strLSp = Space(4) : strCSp = Space(33) 'WScript spacing
If flagOut = "C" Then 'CScript spacing
strLsp = Space(3) : strCSp = Space(28)
End If

Dim strMsg : strMsg = "Only two arguments are permitted:" &_
vbCRLF & vbCRLF &_
"1. the name of an existing directory for the output report" &_
vbCRLF & strLSp & "(embed in quotes if it contains spaces)" &_
vbCRLF & vbCRLF & strCSp & "AND:" & vbCRLF & vbCRLF &_
"2. " & Chr(34) & "-supp" & Chr(34) & " to search " &_
"all directories for DESKTOP.INI DLL" & vbCRLF &_
strLSp & "launch points and all Registry CLSIDs for dormant" &_
vbCRLF & strLSp & "Explorer Bars" &_
vbCRLF & vbCRLF & strCSp & "-OR-" & vbCRLF & vbCRLF &_
"3. " & Chr(34) & "-all" & Chr(34) & " to output all non-empty " &_
"values and all launch" & vbCRLF & strLSp & "points checked"

'check if output directory or "-all" or "-supp" was supplied as argument
If WshoArgs.length > 0 And WshoArgs.length <= 2 Then

For i = 0 To WshoArgs.length-1

'if directory arg not already passed and arg directory exists
If Not flagDirArg And Fso.FolderExists(WshoArgs(i)) Then

'get the path & toggle the directory arg flag
Dim oOFFo : Set oOFFo = Fso.GetFolder(WshoArgs(i))
strPathOFFo = oOFFo.Path : flagDirArg = True
If Right(strPathOFFo,1) <> "\" Then strPathOFFo = strPathOFFo & "\"
Set oOFFo=Nothing

'if -all arg not already passed and is this arg
ElseIf Not flagAllArg And LCase(WshoArgs(i)) = "-all" Then

'toggle ShowAll flag, toggle the all arg flag, fill report string
flagShowAll = True : flagAllArg = True
strRptOutput = "Output of all locations checked and all values found."

'if -all arg not already passed and is this arg
ElseIf Not flagAllArg And LCase(WshoArgs(i)) = "-supp" Then
flagSupp = True : flagAllArg = True
strRptOutput = "Search enabled of all directories on local fixed " &_
"drives for DESKTOP.INI" & vbCRLF & " DLL launch points and of " &_
"all Registry CLSIDs for dormant Explorer Bars" & vbCRLF & strRptOutput

'argument can't be interpreted, so explain & quit
Else

If flagOut = "W" Then 'pop up a message window

Wshso.Popup "The argument:" & vbCRLF &_
Chr(34) & UCase(WshoArgs(i)) & Chr(34) & vbCRLF &_
"... can't be interpreted." & vbCRLF & vbCRLF &_
strMsg,10,"Bad Script Argument", vbOKOnly + vbExclamation

Else 'flagOut = "C" 'write the message to the console

WScript.Echo vbCRLF & "The argument: " &_
Chr(34) & UCase(WshoArgs(i)) & Chr(34) &_
" can't be interpreted." & vbCRLF & vbCRLF &_
strMsg & vbCRLF

End If 'WScript host?

WScript.Quit

End If 'argument can be interpreted?

Next 'argument

'too many args passed
ElseIf WshoArgs.length > 2 Then

'explain & quit
If flagOut = "W" Then 'pop up a message window

Wshso.Popup "Too many arguments (" & WshoArgs.length & ") were passed." &_
vbCRLF & vbCRLF & strMsg,10,"Too Many Arguments",_
vbOKOnly + vbCritical

Else 'flagOut = "C" 'write the message to the console

WScript.Echo "Too many arguments (" & WshoArgs.length & ") were passed." &_
vbCRLF & vbCRLF & strMsg & vbCRLF

End If 'WScript host?

WScript.Quit

End If 'directory arguments passed?

Set WshoArgs=Nothing

datRef = Now

'if no cmd line argument for flagSupp and not testing, show popup
If Not flagTest And Not flagShowAll And Not flagSupp And flagOut = "W" Then

intMB = Wshso.Popup ("Do you want to skip the supplementary searches?" &_
vbCRLF & "(They typically take several minutes.)" & vbCRLF & vbCRLF &_
"Press " & Chr(34) & "Yes" & Chr(34) & Space(5) &_
" to skip the supplementary searches (default)" & vbCRLF & vbCRLF &_
Space(10) & Chr(34) & "No" & Chr(34) & Space(6) &_
" to perform them, or" & vbCRLF & vbCRLF &_
Space(10) & Chr(34) & "Cancel" & Chr(34) &_
" to get more information at the web site" & vbCRLF &_
Space(25) & "and exit the script.",_
15,"Skip supplementary searches?",_
vbYesNoCancel + vbQuestion + vbDefaultButton1 + vbSystemModal)

If intMB = vbNo Then
flagSupp = True
ElseIf intMB = vbCancel Then
Wshso.Run "https://www.silentrunners.org/thescript.html#supp"
WScript.Quit
End If

End If

datPUB1 = DateDiff("s",datRef,Now) : datRef = Now

'inform user that script has started
If Not flagTest Then
If flagOut = "W" Then
Wshso.PopUp Chr(34) & "Silent Runners" & Chr(34) & " has started." &_
vbCRLF & vbCRLF & "A message box like this one will appear " &_
"when it's done." & vbCRLF & vbCRLF & "Please be patient...",3,_
"Silent Runners R" & strRevNo & " startup", _
vbOKOnly + vbInformation + vbSystemModal
Else
WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " has started." &_
" Please be patient..."
End If 'flagOut?
End If 'flagTest?

datPUB2 = DateDiff("s",datRef,Now)

'create output file name with computer name & today's date
'Startup Programs (pc_name_here) yyyy-mm-dd.txt

strFNNP = "Startup Programs (" & oNetwk.ComputerName & ") " &_
FmtDate(datLaunch) & " " & FmtHMS(datLaunch) & ".txt"
strFN = strPathOFFo & strflagTest & strFNNP
On Error Resume Next
If Fso.FileExists(strFN) Then Fso.DeleteFile(strFN)
Err.Clear
Public oFN : Set oFN = Fso.CreateTextFile(strFN,True)
intErrNum = Err.Number : Err.Clear
On Error Goto 0

'if can't create report file
If intErrNum > 0 Then

strURL = "https://www.silentrunners.org/Silent%20Runners%20RED.vbs"

'invite user to e-mail me & quit
If flagOut = "W" Then

intMB = MsgBox ("The script cannot create its report file. " &_
"This is a known, intermittent" & vbCRLF & "problem under " &_
strOSLong & "." & vbCRLF & vbCRLF &_
"An alternative script version is available for download. " &_
"After it runs, " & vbCRLF & "the script you're using now will " &_
"run correctly." & vbCRLF & vbCRLF &_
"Press " & Chr(34) & "OK" & Chr(34) & " to direct your browser " &_
"to the alternate script location, or" & vbCRLF & Space(10) &_
Chr(34) & "Cancel" & Chr(34) & " to quit.",49,"CreateTextFile Error!")

'if alternative script wanted now, send browser to dl site
If intMB = 1 Then Wshso.Run strURL

'explain & quit
Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " cannot " &_
"create the report file." & vbCRLF & vbCRLF &_
"An alternative script is available. Run it, then rerun this version." &_
vbCRLF & "The alternative script can be downloaded at: " & vbCRLF &_
vbCRLF & strURL

End If

WScript.Quit

End If 'report file creation error?

'add report header
Set oNetwk=Nothing

oFN.WriteLine Chr(34) & "Silent Runners.vbs" & Chr(34) &_
", revision " & strRevNo & ", https://www.silentrunners.org/" &_
vbCRLF & "Operating System: " & strOSLong & vbCRLF & strRptOutput

'test for WMI corruption and use WMI to differentiate between
'WXP Home & WXP Pro

'get the O/S collection
Dim colOS : Set colOS = GetObject("winmgmts:\root\cimv2").ExecQuery _
("Select * from Win32_OperatingSystem")

On Error Resume Next

Err.Clear

For Each oOS in colOS

If strOS = "WXP" Then

'modify strOSXP if O/S = Pro
If InStr(1,LCase(oOS.Name),"professional",1) > 0 Then
strOSXP = "Windows XP Professional"
flagGP = True
End If
'modify strOSXP if SP2
If Right(strOSLong,3) = "SP2" Then strOSXP = strOSXP & " SP2"

End If 'WXP?

Next 'oOS

If Err.Number <> 0 Then

strURL = "http://go.microsoft.com/fwlink/?LinkId=62562"

oFN.WriteLine vbCRLF & "FATAL ERROR!" & vbCRLF & String(12,"-") &_
vbCRLF & vbCRLF & DQ & "Silent Runners" & DQ &_
" cannot use WMI to identify the operating system." &_
vbCRLF & "This is caused by corruption of the WMI installation." &_
vbCRLF & vbCRLF &_
"WMI is complex and it is recommended that you use a Microsoft" &_
vbCRLF & "tool, " & DQ & "WMIDiag.vbs," & DQ & " to diagnose WMI " &_
"on your system." & vbCRLF & vbCRLF & "It can be downloaded here:" &_
vbCRLF & vbCRLF & strURL

intMB = MsgBox (DQ & "Silent Runners" & DQ & " cannot use WMI to " &_
"identify the operating system." & vbCRLF & "This is caused by " &_
"corruption of the WMI installation." &_
vbCRLF & vbCRLF &_
"WMI is complex and it is recommended that you use a Microsoft" &_
vbCRLF & "tool, " & DQ & "WMIDiag.vbs," & DQ & " to diagnose WMI " &_
"on your system." &_
vbCRLF & vbCRLF &_
"Press " & DQ & "OK" & DQ & " to direct your browser to the " &_
"WMIDiag download site or" &_
vbCRLF & Space(10) & DQ & "Cancel" & DQ & " to quit.",_
vbOKCancel + vbCritical + + vbSystemModal + vbDefaultButton2,_
"Can't iterate Win32_OperatingSystem!")

'if dl wanted now, send browser to dl site
If intMB = 1 Then Wshso.Run strURL

WScript.Quit

End If 'Err.Number<>0?

On Error Goto 0

Set colOS=Nothing

'I. Examine HKCU/HKLM... Run/RunOnce/RunOnceEx/RunServices/RunServicesOnce
' and HKCU/HKLM... Policies\Explorer\Run

If Not flagTest Then 'skip if testing

'write registry header lines to file
strTitle = "Startup items buried in registry:"
TitleLineWrite

'put keys in array (Key Index 0 - 6)
arRunKeys = Array ("SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run", _
"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", _
"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce", _
"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup", _
"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx", _
"SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices", _
"SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce")

'Key Execution Flag/Subkey Recursion Flag array
'
'first number in the ordered pair in the array immediately below
' pertains to execution of the key:
'0: not executed (ignore)
'1: may be executed so display with EXECUTION UNLIKELY warning
'2: executable
'
'second number in the ordered pair pertains to subkey recursion
'0: subkeys not used
'1: subkey recursion necessary

'Hive HKCU - 0 HKLM - 1
'
'Key 0 1 2 3 4 5 6 0 1 2 3 4 5 6
'Index
'
'O/S:
'W98 0,0 2,0 2,0 0,0 0,0 0,0 0,0 0,0 2,0 2,0 2,0 2,1 2,0 2,0
'WME 0,0 2,0 2,0 0,0 0,0 0,0 0,0 0,0 2,0 2,0 2,0 2,1 2,0 2,0
'NT4 1,0 2,0 2,0 0,0 0,0 0,0 0,0 1,0 2,0 2,0 1,0 2,1 0,0 0,0
'W2K 2,1 2,1 2,1 0,0 0,0 0,0 0,0 2,1 2,1 2,1 0,0 2,1 0,0 0,0
'WXP 2,0 2,0 2,0 0,0 0,0 0,0 0,0 2,0 2,0 2,0 1,0 2,1 0,0 0,0
'WS2K3 ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ???

'arRegFlag(i,j,k): put flags in array by O/S:
'hive = i (0 or 1), key_# = j (0-6),
' flags (key execution/subkey recursion) = k (0 or 1)
' k = 0 holds key execution value = 0/1/2
' 1 holds subkey recursion value = 0/1
Dim arRegFlag()
ReDim arRegFlag(1,6,1)

'initialize entire array to zero
For i = 0 To 1 : For j = 0 To 6 : For k = 0 To 1
arRegFlag(i,j,k) = 0
Next : Next : Next

'add data to array for O/S that's running

'W98 0,0 2,0 2,0 0,0 0,0 0,0 0,0 0,0 2,0 2,0 2,0 2,1 2,0 2,0
If strOS = "W98" Or strOS = "WME" Then
arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
arRegFlag(1,3,0) = 2 'HKLM,RunOnce\Setup = no-warn
arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
arRegFlag(1,5,0) = 2 'HKLM,RunServices = no-warn
arRegFlag(1,6,0) = 2 'HKLM,RunServicesOnce = no-warn
End If

'NT4 1,0 2,0 2,0 0,0 0,0 0,0 0,0 1,0 2,0 2,0 1,0 2,1 0,0 0,0
If strOS = "NT4" Then
arRegFlag(0,0,0) = 1 'HKCU,Explorer\Run = warning
arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
arRegFlag(1,0,0) = 1 'HKLM,Explorer\Run = warning
arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
arRegFlag(1,3,0) = 1 'HKLM,RunOnce\Setup = warning
arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
End If

'W2K 2,1 2,1 2,1 0,0 0,0 0,0 0,0 2,1 2,1 2,1 0,0 2,1 0,0 0,0
If strOs = "W2K" Then
arRegFlag(0,0,0) = 2 'HKCU,Explorer\Run = no-warn
arRegFlag(0,0,1) = 1 'HKCU,Explorer\Run = sub-keys
arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
arRegFlag(0,1,1) = 1 'HKCU,Run = sub-keys
arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
arRegFlag(0,2,1) = 1 'HKCU,RunOnce = sub-keys
arRegFlag(1,0,0) = 2 'HKLM,Explorer\Run = no-warn
arRegFlag(1,0,1) = 1 'HKLM,Explorer\Run = sub-keys
arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
arRegFlag(1,1,1) = 1 'HKLM,Run = sub-keys
arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
arRegFlag(1,2,1) = 1 'HKLM,RunOnce = sub-keys
arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
End If

'WXP 2,0 2,0 2,0 0,0 0,0 0,0 0,0 2,0 2,0 2,0 1,0 2,1 0,0 0,0
If strOs = "WXP" Then
arRegFlag(0,0,0) = 2 'HKCU,Explorer\Run = no-warn
arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
arRegFlag(1,0,0) = 2 'HKLM,Explorer\Run = no-warn
arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
arRegFlag(1,3,0) = 1 'HKLM,RunOnce\Setup = warning
arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
End If

'for each hive
For i = 0 To 1

'for each key
For j = 0 To 6

'if not ShowAll, show all output for Run keys
If j = 1 And Not flagShowAll Then strAllOutDefault = " {++}"

'if key is not ignored
If arRegFlag(i,j,0) > 0 Then

flagNVP = False

'intialize string with warning if necessary
strWarn = ""
If arRegFlag(i,j,0) = 1 Then strWarn = "EXECUTION UNLIKELY: "

'with no name/value pairs (sub-keys are identical)
' IsArray TypeName UBound
'W98 True "Variant()" -1
'WME True "Variant()" -1
'NT4 True "Variant()" -1
'W2K False "Null" --
'WXP False "Null" --
'WS2K3 True "Variant()" --

EnumNVP arHives(i,1), arRunKeys(j), arNames, arType

If flagNVP Then 'name/value pairs exist

'write the full key name
oFN.WriteLine vbCRLF & arHives(i,0) & "\" & arRunKeys(j) & "\" & strAllOutDefault

'for each data type in the names array
For k = LBound(arNames) To UBound(arNames)

'use the type to find the value
strValue = RtnValue (arHives(i,1), arRunKeys(j), arNames(k), arType(k))
'write the name & value
WriteValueData arNames(k), strValue, arType(k), strWarn

Next 'member of names array

Else 'no name/value pairs

If flagShowAll Then _
oFN.WriteLine vbCRLF & arHives(i,0) & "\" & arRunKeys(j) & "\"

End If 'flagNVP?

'recurse subkeys if necessary
If arRegFlag(i,j,1) = 1 Then

'put all subkeys into array

oReg.EnumKey arHives(i,1),arRunKeys(j),arKeys

'excludes W2K/WXP with no sub-keys
If IsArray(arKeys) Then

'excludes W98/WME/NT4/WS2K3 with no sub-keys
For Each strMemKey in arKeys

flagNVP = False
strSubKey = arRunKeys(j) & "\" & strMemKey

EnumNVP arHives(i,1), arRunKeys(j) & "\" & strMemKey,arNames,arType

If flagNVP Then 'if name/value pairs exist

'write the full key name
oFN.WriteLine vbCRLF & arHives(i,0) & "\" & strSubKey & strAllOutDefault

'for each data type in the names array
For k = LBound(arNames) To UBound(arNames)

'use the type to find the value
strValue = RtnValue (arHives(i,1), strSubKey, arNames(k), arType(k))
'write the name & value
WriteValueData arNames(k), strValue, arType(k), strWarn

Next 'member of names array

Else 'no name/value pairs

If flagShowAll Then _
oFN.WriteLine vbCRLF & arHives(i,0) & "\" & strSubKey & "\"

End If 'flagNVP?

Next 'sub-key

End If 'sub-keys exist? W2K/WXP/WS2K3

End If 'enum sub-keys?

End If 'arRegFlag(i,j,0) > 0

Next 'Run key

Next 'Hive

strAllOutDefault = "" : flagNVP = False

'recover array memory
ReDim arRunKeys(0)
ReDim arKeys(0)
ReDim arRegFlag(0)

End If 'flagTest?

'II. Examine HKLM... Active Setup\Installed Components

If Not flagTest Then 'skip if testing

'flags True if only numeric & comma chrs in Version values
Dim flagHKLMVer, flagHKCUVer
'StubPath Value string, HKLM Version value, HKCU Version value, HKLM program name
Dim strSPV, strHKLMVer, strHKCUVer, strPgmName
Dim arHKLMKeys, arHKCUKeys, strHKLMKey, strHKCUKey

strKey = "Software\Microsoft\Active Setup\Installed Components"

strSubTitle = "HKLM" & "\" & strKey & "\"

'find all the subkeys
oReg.EnumKey HKLM, strKey, arHKLMKeys 'HKLM
oReg.EnumKey HKCU, strKey, arHKCUKeys 'HKCU

'enumerate HKLM keys if present
If IsArray(arHKLMKeys) Then

'for each HKLM key
For Each strHKLMKey In arHKLMKeys

'Default Value not set:
'W98/WME: returns 0, strValue = ""
'NT4/W2K/WXP: returns non-zero, strValue = Null

'Non-Default name inexistent:
'W98/WME/NT4/W2K/WXP: returns non-zero, strValue = Null

'Non-Default Value not set:
'W2K: returns 0, strValue = unwritable string
'W98/WME/NT4/WXP: returns 0, strValue = ""

'get the StubPath value
intErrNum = oReg.GetStringValue (HKLM,strKey & "\" & strHKLMKey,"StubPath",strSPV)

'if the StubPath name exists And value set (exc for W2K!)
If intErrNum = 0 And strSPV <> "" Then

flagMatch = False

'if HKCU keys present
If IsArray(arHKCUKeys) Then

'for each HKCU key
For Each strHKCUKey in arHKCUKeys

'if identical HKLM key exists
If LCase(strHKLMKey) = LCase(strHKCUKey) Then

'assume Version fmts are OK
flagHKLMVer = True : flagHKCUVer = True

'get HKLM & HKCU Version values
intErrNum1 = oReg.GetStringValue (HKLM,strKey & "\" & strHKLMKey, _
"Version",strHKLMVer) 'HKLM Version #
intErrNum2 = oReg.GetStringValue (HKCU,strKey & "\" & strHKCUKey, _
"Version",strHKCUVer) 'HKCU Version #

'if HKLM Version name exists And value set (exc for W2K!)
If intErrNum1 = 0 And strHKLMVer <> "" Then

'the next two loops check for allowed chars (numeric & comma)
' in returned Version values

For i = 1 To Len(strHKLMVer)
strChr = Mid(strHKLMVer,i,1)
If Not IsNumeric(strChr) And strChr <> "," Then flagHKLMVer = False
Next

'if HKCU Version name exists And value set (exc for W2K!)
If intErrNum2 = 0 And strHKCUVer <> "" Then

'check that value consists only of numeric & comma chrs
For i = 1 To Len(strHKCUVer)
strChr = Mid(strHKCUVer,i,1)
If Not IsNumeric(strChr) And strChr <> "," Then flagHKCUVer = False
Next

End If 'HKCU Version null or MT?

'if HKLM Ver # has illegal fmt (i.e., is not assigned) or doesn't exist (is Null)
' or is empty, match = True
'if HKCU/HKLM Ver # fmts OK And HKCU Ver # >= HKLM Ver #, match = True
'if HKLM Ver # = "0,0" and HKCU Ver # = "", key will output
' but StubPath will not launch
If Not flagHKLMVer Then flagMatch = True
If flagHKLMVer And flagHKCUVer And strHKCUVer >= strHKLMVer Then flagMatch = True

Else 'HKLM Version name doesn't exist Or value not set (exc for W2K!)

flagMatch = True

End If 'HKLM Version name exists And value set (exc for W2K!)?

End If 'HKCU key=HKLM key?

Next 'HKCU Installed Components key

End If 'HKCU Installed Components subkeys exist?

'if the StubPath will launch
If Not flagMatch Then

flagAllow = False 'assume StubPath DLL not on approved list
strCN = CoName(IDExe(strSPV))

'test for approved StubPath DLL
If LCase(strHKLMKey) = ">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}" And _
(InStr(LCase(strSPV),"wmpocm.exe") > 0 Or _
InStr(LCase(strSPV),"unregmp2.exe") > 0) And _
strCN = MS And Not flagShowAll Then flagAllow = True

'StubPath DLL not approved
If Not flagAllow Then

'get the default value (program name)
intErrNum3 = oReg.GetStringValue (HKLM,strKey & "\" & strHKLMKey,"",strPgmName)
'enclose pgm name in quotes if name exists and default value isn't empty
If intErrNum3 = 0 And strPgmName <> "" Then
strPgmName = Chr(34) & strPgmName & Chr(34)
Else
strPgmName = "(no title provided)"
End If

TitleLineWrite

'output the CLSID & pgm name
oFN.WriteLine strHKLMKey & "\(Default) = " & StringFilter(strPgmName,False)

On Error Resume Next
'output the StubPath value
oFN.WriteLine Space(Len(strHKLMKey)+1) & "\StubPath = " &_
Chr(34) & strSPV & Chr(34) & strCN
'error check for W2K if StubPath value not set
If Err.Number <> 0 Then oFN.WriteLine Space(Len(strHKLMKey)+1) & "\StubPath = " &_
"(value not set)"
Err.Clear
On Error GoTo 0

End If 'flagAllow false?

End If 'flagMatch false?

End If 'StubPath value exists?

Next 'HKLM Installed Components subkey

End If 'HKLM Installed Components subkeys exist?

If flagShowAll Then TitleLineWrite

'recover array memory
ReDim arHKLMKeys(0)
ReDim arHKCUKeys(0)

strTitle = "" : strSubTitle = "" : strSubSubTitle = ""

End If 'flagTest?

'III. Examine HKLM... Explorer\Browser Helper Objects

If Not flagTest Then 'skip if testing

strKey = "Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
strSubTitle = "HKLM" & "\" & strKey & "\"

'find all the subkeys
oReg.EnumKey HKLM, strKey, arSubKeys

'enumerate data if present
If IsArray(arSubKeys) Then

'for each key
For Each strSubKey In arSubKeys

flagTitle = False

CLSIDLocTitle HKLM, strKey & "\" & strSubKey, "", strLocTitle

For ctrCH = intCLL To 1

ResolveCLSID strSubKey, arHives(ctrCH,1), strCLSIDTitle, strIPSDLL

If strIPSDLL <> "" Then

'output the title line if not already done
TitleLineWrite

If Not flagTitle Then

'error check for W2K if value not set
On Error Resume Next
oFN.WriteLine strSubKey & "\(Default) = " & strLocTitle
intErrNum = Err.Number : Err.Clear
If intErrNum <> 0 Then oFN.WriteLine strSubKey &_
"\(Default) = (no title provided)"
flagTitle = True
On Error GoTo 0

End If

'output CLSID title, InProcServer32 DLL & CoName
oFN.WriteLine " -> {" & arHives(ctrCH,0) & "...CLSID} = " &_
strCLSIDTitle & vbCRLF & Space(19) & "\InProcServer32\(Default) = " &_
StringFilter(strIPSDLL,True) & CoName(IDExe(strIPSDLL))

End If 'strIPSDLL exists?

Next 'CLSID hive

Next 'BHO subkey

End If 'BHO subkeys exist?

'if ShowAll, output the key name if not already done
If flagShowAll Then TitleLineWrite
strTitle = "" : strSubTitle = "" : strSubSubTitle = ""

'recover array memory
ReDim arSubKeys(0)

End If 'flagTest?

'IV. Examine HKLM... Shell Extensions\Approved\

If Not flagTest Then 'skip if testing

'CLSID value, InProcessServer32 DLL name & output file version,
'CLSID Key Title display flag
Dim strCLSID, strIPSDLL, strIPSDLLOut, strCLSIDTitle, strLocTitle

'Shell Extension Approved array
Dim arSEA()
ReDim arSEA(243,1)
'WXP
arSEA(0,0) = "{00022613-0000-0000-C000-000000000046}" : arSEA(0,1) = "mmsys.cpl"
arSEA(1,0) = "{176d6597-26d3-11d1-b350-080036a75b03}" : arSEA(1,1) = "icmui.dll"
arSEA(2,0) = "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" : arSEA(2,1) = "rshx32.dll"
arSEA(3,0) = "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" : arSEA(3,1) = "docprop.dll"
arSEA(4,0) = "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" : arSEA(4,1) = "ntshrui.dll"
arSEA(5,0) = "{41E300E0-78B6-11ce-849B-444553540000}" : arSEA(5,1) = "themeui.dll"
arSEA(6,0) = "{42071712-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(6,1) = "deskadp.dll"
arSEA(7,0) = "{42071713-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(7,1) = "deskmon.dll"
arSEA(8,0) = "{42071714-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(8,1) = "deskpan.dll"
arSEA(9,0) = "{4E40F770-369C-11d0-8922-00A024AB2DBB}" : arSEA(9,1) = "dssec.dll"
arSEA(10,0) = "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" : arSEA(10,1) = "SlayerXP.dll"
arSEA(11,0) = "{56117100-C0CD-101B-81E2-00AA004AE837}" : arSEA(11,1) = "shscrap.dll"
arSEA(12,0) = "{59099400-57FF-11CE-BD94-0020AF85B590}" : arSEA(12,1) = "diskcopy.dll"
arSEA(13,0) = "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" : arSEA(13,1) = "ntlanui2.dll"
arSEA(14,0) = "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" : arSEA(14,1) = "icmui.dll"
arSEA(15,0) = "{675F097E-4C4D-11D0-B6C1-0800091AA605}" : arSEA(15,1) = "icmui.dll"
arSEA(16,0) = "{764BF0E1-F219-11ce-972D-00AA00A14F56}" : arSEA(16,1) = ""
arSEA(17,0) = "{77597368-7b15-11d0-a0c2-080036af3f03}" : arSEA(17,1) = "printui.dll"
arSEA(18,0) = "{7988B573-EC89-11cf-9C00-00AA00A14F56}" : arSEA(18,1) = "dskquoui.dll"
arSEA(19,0) = "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" : arSEA(19,1) = ""
arSEA(20,0) = "{85BBD920-42A0-1069-A2E4-08002B30309D}" : arSEA(20,1) = "syncui.dll"
arSEA(21,0) = "{88895560-9AA2-1069-930E-00AA0030EBC8}" : arSEA(21,1) = "hticons.dll"
arSEA(22,0) = "{BD84B380-8CA2-1069-AB1D-08000948F534}" : arSEA(22,1) = "fontext.dll"
arSEA(23,0) = "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" : arSEA(23,1) = "icmui.dll"
arSEA(24,0) = "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" : arSEA(24,1) = "rshx32.dll"
arSEA(25,0) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" : arSEA(25,1) = "ntshrui.dll"
arSEA(26,0) = "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" : arSEA(26,1) = "deskperf.dll"
arSEA(27,0) = "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" : arSEA(27,1) = "cryptext.dll"
arSEA(28,0) = "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" : arSEA(28,1) = "cryptext.dll"
arSEA(29,0) = "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" : arSEA(29,1) = "NETSHELL.dll"
arSEA(30,0) = "{992CFFA0-F557-101A-88EC-00DD010CCC48}" : arSEA(30,1) = "NETSHELL.dll"
arSEA(31,0) = "{E211B736-43FD-11D1-9EFB-0000F8757FCD}" : arSEA(31,1) = "wiashext.dll"
arSEA(32,0) = "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" : arSEA(32,1) = "wiashext.dll"
arSEA(33,0) = "{905667aa-acd6-11d2-8080-00805f6596d2}" : arSEA(33,1) = "wiashext.dll"
arSEA(34,0) = "{3F953603-1008-4f6e-A73A-04AAC7A992F1}" : arSEA(34,1) = "wiashext.dll"
arSEA(35,0) = "{83bbcbf3-b28a-4919-a5aa-73027445d672}" : arSEA(35,1) = "wiashext.dll"
arSEA(36,0) = "{F0152790-D56E-4445-850E-4F3117DB740C}" : arSEA(36,1) = "remotepg.dll"
arSEA(37,0) = "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" : arSEA(37,1) = "wuaucpl.cpl"
arSEA(38,0) = "{60254CA5-953B-11CF-8C96-00AA00B8708C}" : arSEA(38,1) = "wshext.dll"
arSEA(39,0) = "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" : arSEA(39,1) = "oledb32.dll"
arSEA(40,0) = "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" : arSEA(40,1) = "mstask.dll"
arSEA(41,0) = "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" : arSEA(41,1) = "mstask.dll"
arSEA(42,0) = "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" : arSEA(42,1) = "mstask.dll"
arSEA(43,0) = "{0DF44EAA-FF21-4412-828E-260A8728E7F1}" : arSEA(43,1) = ""
arSEA(44,0) = "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(44,1) = "shdocvw.dll"
arSEA(45,0) = "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(45,1) = "shdocvw.dll"
arSEA(46,0) = "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(46,1) = "shdocvw.dll"
arSEA(47,0) = "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(47,1) = "shdocvw.dll"
arSEA(48,0) = "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(48,1) = "shdocvw.dll"
arSEA(49,0) = "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(49,1) = "shdocvw.dll"
arSEA(50,0) = "{D20EA4E1-3957-11d2-A40B-0C5020524152}" : arSEA(50,1) = "shdocvw.dll"
arSEA(51,0) = "{D20EA4E1-3957-11d2-A40B-0C5020524153}" : arSEA(51,1) = "shdocvw.dll"
arSEA(52,0) = "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" : arSEA(52,1) = "shmedia.dll"
arSEA(53,0) = "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" : arSEA(53,1) = "shmedia.dll"
arSEA(54,0) = "{E4B29F9D-D390-480b-92FD-7DDB47101D71}" : arSEA(54,1) = "shmedia.dll"
arSEA(55,0) = "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" : arSEA(55,1) = "shmedia.dll"
arSEA(56,0) = "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" : arSEA(56,1) = "shmedia.dll"
arSEA(57,0) = "{c5a40261-cd64-4ccf-84cb-c394da41d590}" : arSEA(57,1) = "shmedia.dll"
arSEA(58,0) = "{5E6AB780-7743-11CF-A12B-00AA004AE837}" : arSEA(58,1) = "browseui.dll"
arSEA(59,0) = "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" : arSEA(59,1) = "browseui.dll"
arSEA(60,0) = "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" : arSEA(60,1) = "browseui.dll"
arSEA(61,0) = "{6413BA2C-B461-11d1-A18A-080036B11A03}" : arSEA(61,1) = "browseui.dll"
arSEA(62,0) = "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" : arSEA(62,1) = "browseui.dll"
arSEA(63,0) = "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" : arSEA(63,1) = "browseui.dll"
arSEA(64,0) = "{30D02401-6A81-11d0-8274-00C04FD5AE38}" : arSEA(64,1) = "browseui.dll"
arSEA(65,0) = "{32683183-48a0-441b-a342-7c2a440a9478}" : arSEA(65,1) = "browseui.dll"
arSEA(66,0) = "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" : arSEA(66,1) = "browseui.dll"
arSEA(67,0) = "{07798131-AF23-11d1-9111-00A0C98BA67D}" : arSEA(67,1) = "browseui.dll"
arSEA(68,0) = "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" : arSEA(68,1) = "browseui.dll"
arSEA(69,0) = "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" : arSEA(69,1) = "browseui.dll"
arSEA(70,0) = "{A08C11D2-A228-11d0-825B-00AA005B4383}" : arSEA(70,1) = "browseui.dll"
arSEA(71,0) = "{00BB2763-6A77-11D0-A535-00C04FD7D062}" : arSEA(71,1) = "browseui.dll"
arSEA(72,0) = "{7376D660-C583-11d0-A3A5-00C04FD706EC}" : arSEA(72,1) = "browseui.dll"
arSEA(73,0) = "{6756A641-DE71-11d0-831B-00AA005B4383}" : arSEA(73,1) = "browseui.dll"
arSEA(74,0) = "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" : arSEA(74,1) = "browseui.dll"
arSEA(75,0) = "{7e653215-fa25-46bd-a339-34a2790f3cb7}" : arSEA(75,1) = "browseui.dll"
arSEA(76,0) = "{acf35015-526e-4230-9596-becbe19f0ac9}" : arSEA(76,1) = "browseui.dll"
arSEA(77,0) = "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" : arSEA(77,1) = "browseui.dll"
arSEA(78,0) = "{00BB2764-6A77-11D0-A535-00C04FD7D062}" : arSEA(78,1) = "browseui.dll"
arSEA(79,0) = "{03C036F1-A186-11D0-824A-00AA005B4383}" : arSEA(79,1) = "browseui.dll"
arSEA(80,0) = "{00BB2765-6A77-11D0-A535-00C04FD7D062}" : arSEA(80,1) = "browseui.dll"
arSEA(81,0) = "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" : arSEA(81,1) = "browseui.dll"
arSEA(82,0) = "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" : arSEA(82,1) = "browseui.dll"
arSEA(83,0) = "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" : arSEA(83,1) = "browseui.dll"
arSEA(84,0) = "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" : arSEA(84,1) = "browseui.dll"
arSEA(85,0) = "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" : arSEA(85,1) = "browseui.dll"
arSEA(86,0) = "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" : arSEA(86,1) = "browseui.dll"
arSEA(87,0) = "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" : arSEA(87,1) = "shdocvw.dll"
arSEA(88,0) = "{0A89A860-D7B1-11CE-8350-444553540000}" : arSEA(88,1) = "shdocvw.dll"
arSEA(89,0) = "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" : arSEA(89,1) = "shdocvw.dll"
arSEA(90,0) = "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" : arSEA(90,1) = "shdocvw.dll"
arSEA(91,0) = "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" : arSEA(91,1) = "shdocvw.dll"
arSEA(92,0) = "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" : arSEA(92,1) = "shdocvw.dll"
arSEA(93,0) = "{FF393560-C2A7-11CF-BFF4-444553540000}" : arSEA(93,1) = "shdocvw.dll"
arSEA(94,0) = "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" : arSEA(94,1) = "shdocvw.dll"
arSEA(95,0) = "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" : arSEA(95,1) = "shdocvw.dll"
arSEA(96,0) = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" : arSEA(96,1) = "shdocvw.dll"
arSEA(97,0) = "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" : arSEA(97,1) = "shdocvw.dll"
arSEA(98,0) = "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" : arSEA(98,1) = "shdocvw.dll"
arSEA(99,0) = "{131A6951-7F78-11D0-A979-00C04FD705A2}" : arSEA(99,1) = "shdocvw.dll"
arSEA(100,0) = "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" : arSEA(100,1) = "shdocvw.dll"
arSEA(101,0) = "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" : arSEA(101,1) = "shdocvw.dll"
arSEA(102,0) = "{871C5380-42A0-1069-A2EA-08002B30309D}" : arSEA(102,1) = "shdocvw.dll"
arSEA(103,0) = "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" : arSEA(103,1) = "shdocvw.dll"
arSEA(104,0) = "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" : arSEA(104,1) = "sendmail.dll"
arSEA(105,0) = "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" : arSEA(105,1) = "sendmail.dll"
arSEA(106,0) = "{88C6C381-2E85-11D0-94DE-444553540000}" : arSEA(106,1) = "occache.dll"
arSEA(107,0) = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" : arSEA(107,1) = "webcheck.dll"
arSEA(108,0) = "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" : arSEA(108,1) = "webcheck.dll"
arSEA(109,0) = "{F5175861-2688-11d0-9C5E-00AA00A45957}" : arSEA(109,1) = "webcheck.dll"
arSEA(110,0) = "{08165EA0-E946-11CF-9C87-00AA005127ED}" : arSEA(110,1) = "webcheck.dll"
arSEA(111,0) = "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" : arSEA(111,1) = "webcheck.dll"
arSEA(112,0) = "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" : arSEA(112,1) = "webcheck.dll"
arSEA(113,0) = "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" : arSEA(113,1) = "webcheck.dll"
arSEA(114,0) = "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" : arSEA(114,1) = "webcheck.dll"
arSEA(115,0) = "{D8BD2030-6FC9-11D0-864F-00AA006809D9}" : arSEA(115,1) = "webcheck.dll"
arSEA(116,0) = "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" : arSEA(116,1) = "webcheck.dll"
arSEA(117,0) = "{352EC2B7-8B9A-11D1-B8AE-006008059382}" : arSEA(117,1) = "appwiz.cpl"
arSEA(118,0) = "{0B124F8F-91F0-11D1-B8B5-006008059382}" : arSEA(118,1) = "appwiz.cpl"
arSEA(119,0) = "{CFCCC7A0-A282-11D1-9082-006008059382}" : arSEA(119,1) = "appwiz.cpl"
arSEA(120,0) = "{e84fda7c-1d6a-45f6-b725-cb260c236066}" : arSEA(120,1) = "shimgvw.dll"
arSEA(121,0) = "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" : arSEA(121,1) = "shimgvw.dll"
arSEA(122,0) = "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" : arSEA(122,1) = "shimgvw.dll"
arSEA(123,0) = "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" : arSEA(123,1) = "shimgvw.dll"
arSEA(124,0) = "{EAB841A0-9550-11cf-8C16-00805F1408F3}" : arSEA(124,1) = "shimgvw.dll&qu
0
Réponse 59 / 78
regis59
 
Re,

clik ici
https://www.silentrunners.org/

Puis sur Here dans cette phrase sur le site: If you want to download the latest version of “Silent Runners.vbs”, click here for Revision 45. (It's about 289 KB.)

a+ ou a demain
0
Réponse 60 / 78
lolo997 Messages postés 102 Statut Membre
 
"Silent Runners.vbs", revision 45, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet" ["NVIDIA Corporation"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Sunkist2k" = "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" ["Alcor Micro, Corp."]
"Lexmark 3100 Series" = ""C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"" ["Lexmark International, Inc."]
"LXBRKsk" = "C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe" [" "]
"DSLAGENTEXE" = "dslagent.exe" [file not found]
"%FP%Friendly fts.exe" = ""C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"" ["Friendly Technologies"]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]

c'est ce que j'obtiens, le lien ne marche que sous ie, c'est pour ca que j'avais un fichier texte!
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses