worm:win32 ainslot.a

Question

Bonjour, j'ai windows defender qui a détecter et supprimer plusieurs fois le virus worm:win32 ainslot.a , depuis je ne l'est pas revu mais j'pense qu'il est encore la.
J'ai fait un scan rapide avec malwarebytes, il a détecté 6 fichier corrompus mais je sais pas s'ils sont vraiment tous infecter.

Pourriez vous m'aider ?

Rapport de malwarebytes :

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8049

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

31/10/2011 11:17:33
mbam-log-2011-10-31 (11-17-28).txt

Type d'examen: Examen éclair
Elément(s) analysé(s): 170312
Temps écoulé: 36 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iTunes.exe (Security.Hijack) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDefend (Trojan.MSIL.Gen) -> Value: WinDefend -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\julien\AppData\Local\Temp\server.exe (Trojan.MSIL.Gen) -> No action taken.
c:\Users\julien\AppData\Roaming\data.dat (Stolen.Data) -> No action taken.
c:\Users\julien\AppData\Roaming\WinSec.exe (Trojan.Agent) -> No action taken.

</signature>

Afficher la suite

Malekal_morte- · Accepted Answer

Salut,

C'est un RAT.
Malwarebyte doit faire le job.

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/  
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.  
!!! Malwarebyte doit être à jour avant de faire le scan !!! 
Supprime bien ce qui est détecté : bouton supprimer sélection.

ginto5 · Answer

Bonjour,

Tu les mets en quarantaine.
Si un problème survient, tu peux toujours les restaurer depuis la quarantaine.
Et si tou va bien, dans 2 semaines, tu les vires.

Malekal_morte- · Answer

Fais ça :
Télécharge ce tool : http://batchdhelus.open-web.fr/programme/MalwaresUploader.exe  
Puis tu coches Malekal à gauche  
Dans le cadre en bas, copie/colle les chemins des fichiers suivants :  

c:\Users\julien\AppData\Local\Temp\server.exe
c:\Users\julien\AppData\Roaming\WinSec.exe

et tu clics sur Upload en bas.  


et supprime la sélection dans le scan Malwarebyte.

spiderchouck2 · Answer

Bonjour, j'ai également le même problème que l'auteur, je suis en train de faire une analyse rapide malwarebyte, je vous poste le rapport dès que possible.

Malekal_morte- · Answer

Envoye ces fichiers sur http://upload.malekal.com :
c:\Windows\System32\Windir\svchost.exe
c:\Windows\SysWOW64\Windir\svchost.exe
c:\Users\patrick\AppData\Roaming\svchost2.exe

spiderchouck2 · Answer

Mon pc ne détecte pas les svchost, en suivant le chemin je tombe sur un dossier vide, comment révéler ces fichiers afin de te les envoyer?

Malekal_morte- · Answer

essaye ça : https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/

mais surement qu'il va enlever l'affichage :/

sinon essaye ça :

Télécharge ce tool : http://batchdhelus.open-web.fr/programme/MalwaresUploader.exe 
Puis tu coches Malekal à gauche 
Dans le cadre en bas, copie/colle les chemins des fichiers suivants : 

c:\Windows\System32\Windir\svchost.exe 
c:\Windows\SysWOW64\Windir\svchost.exe 
c:\Users\patrick\AppData\Roaming\svchost2.exe

et tu clics sur Upload en bas. 


et supprime la sélection dans le scan Malwarebyte.

spiderchouck2 · Answer

Bon je les ai upload.
Quand tu dis "supprime la sélection dans le scan Malwarebyte"  C'est à dire?

Malekal_morte- · Answer

Ca n'a pas uploadé :/

Tu vas sur Malwarebyte / onglet rapport
et sur le scan que tu viens de faire, tu fais "supprimer selection"
car là "no action taken", à priori tu as pas supprimé ce qui a été détecté.

spiderchouck2 · Answer

Quand j'essaye d'upload, le logiciel supprime instantanément les lignes c:\Windows\System32\Windir\svchost.exe
c:\Windows\SysWOW64\Windir\svchost.exe 

et il ne t'upload que celle là c:\Users\patrick\AppData\Roaming\svchost2.exe 

Bon j'suis un peu perdu là je sais plus vraiment quoi faire, mon antivirus a de nouveau détecté le virus (le même que celui de l'auteur) au rallumage du pc malgré l'intervention de malwarebyte...
A l'aide! :D

spiderchouck2 · Answer

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8090

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

05/11/2011 18:25:32
mbam-log-2011-11-05 (18-25-32).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 198744
Temps écoulé: 5 minute(s), 37 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 33

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{AFC38DFF-AF0F-27BC-FDA1-EBEA3BAED4B2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFC38DFF-AF0F-27BC-FDA1-EBEA3BAED4B2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFC38DFF-AF0F-27BC-FDA1-EBEA3BAED4B2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de4e75d3-60aa-4f02-a0e4-c8a40576574c} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win defender (Trojan.Agent) -> Value: win defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\win defender (Trojan.Agent) -> Value: win defender -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win defender (Trojan.Agent) -> Value: win defender -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\program files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Users\patrick\AppData\Roaming\svchost2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\patrick\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\bho_project.dll (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\enable.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\files (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\firefoxoverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Malekal_morte- · Answer

ok pour info, t'as aussi installé plein d'autres m*rdes sur ton PC....

Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel par éditeurs.       
L'éditeur touche de l'argent à chaque installation réussie de ces additionnels tiers (un genre de sponsoring).       
Seulement certains éditeurs, abusent, pour gagner plus d'argent, ils redistribuent des logiciels libres développés par des bénévoles en y ajoutant ces logiciels additionnels.       
Des pubs trompeuses peuvent aussi être utilisés pour faire installer ces logiciels.       

Outre le fait que les procédés sont discutables, l'accumulation de ces programmes additionnels non essentiels councourent à ralentir condésirablement l'ordinateur (peux aussi faire planter les navigateurs WEB).       
Certains font aussi du tracking anonymes (récupérations des thématiques de sites visités).       

Tu as la même chose avec les barres d'outils :        
Les barres d'outils sont là pour t'affilier à un service (moteur de recherche de Yahoo! ou Google), ça rajoute des fonctionnalités mais en général les navigateurs les ont par défaut.        
De plus, elles enregistrent les sites que tu visites pour les transmettre (tracking) à faire de la publicité ciblée, c'est pas super niveau protection de la vie privée.       
Plusieurs toolbars ralentissent le PC et peuvent faire planter les navigateurs WEB.        
Au final, il est pas conseillé d'en utiliser.        

Lire :       
Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/       

~~       

Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.  
Lance le, clique sur [Suppression] puis patiente le temps du scan.  
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.  

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt  


~~   

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/    

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.    
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)    

* Lance OTL    
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :    
netsvcs   
msconfig   
safebootminimal   
safebootnetwork   
activex   
drivers32   
%ALLUSERSPROFILE%\Application Data\*.   
%ALLUSERSPROFILE%\Application Data\*.exe /s   
%APPDATA%\*.   
%APPDATA%\*.exe /s   
%temp%\.exe /s   
%SYSTEMDRIVE%\*.exe   
%systemroot%\*. /mp /s   
%systemroot%\system32\*.dll /lockedfiles   
%systemroot%\Tasks\*.job /lockedfiles   
%systemroot%\system32\drivers\*.sys /lockedfiles   
%systemroot%\System32\config\*.sav   
/md5start   
explorer.exe   
winlogon.exe   
wininit.exe   
/md5stop   
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s   
CREATERESTOREPOINT   
nslookup www.google.fr /c   
SAVEMBR:0   
hklm\software\clients\startmenuinternet|command /rs   
hklm\software\clients\startmenuinternet|command /64 /rs    
* Clique sur le bouton Analyse.    
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.

spiderchouck2 · Answer

# AdwCleaner v1.316 - Rapport créé le 05/11/2011 à 18:35:31
# Mis à jour le 31/10/11 à 22h par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : patrick - PATRICK-PC (Droits Limités)
# Exécuté depuis : C:\Users\patrick\Desktop\Cédric\Téléchargements\adwcleaner0.exe
# Option [Suppression]


***** [KillNav] *****

# firefox.exe [PID:4768] -> Tué

***** [Processus] *****


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\patrick\AppData\Roaming\cacaoweb
Dossier Supprimé : C:\Users\patrick\AppData\Local\Conduit
Dossier Supprimé : C:\Users\patrick\AppData\Local\OpenCandy
Dossier Supprimé : C:\Users\patrick\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\patrick\AppData\LocalLow\ConduitEngine
Dossier Supprimé : C:\Program Files (x86)\Conduit
Dossier Supprimé : C:\Program Files (x86)\ConduitEngine
Dossier Supprimé : C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles
26a0yip.default\Conduit
Fichier Supprimé : C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles
26a0yip.default\searchplugins\Askcom.xml

***** [Registre] *****

Clé Supprimée : HKCU\Software\cacaoweb
Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\conduitEngine
Clé Supprimée : HKCU\Software\AppDataLow\Software\ShopperReports3
Clé Supprimée : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb]

***** [Navigateurs] *****

-\ Internet Explorer v9.0.8112.16421

Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.fr

-\ Mozilla Firefox v7.0.1 (fr)

Profil : n26a0yip.default
Fichier : C:\Users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles
26a0yip.default\prefs.js

Supprimée : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2207610", "\"1300086648\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr-fr", "xYQbfiyILJlwdgfyUaYSOw==");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=fr-fr", "rGzHjFU+YM5Lv74r5NOnMA==");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=fr-fr", "EvHKMLQbCv6s3VbbzJnJ+Q==");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=fr-fr", "FvLcNm096R6J6zPIjtn70Q==");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2207610", "\"634434930587600000\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2207610/CT2207610", "\"1306785072\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer_dead.gif", "\"03e383867bc91:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.gif", "\"0e685fa27bc91:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif", "\"02faea337c7c91:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif", "\"03a54d7f47ac91:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif", "\"049b47644c7c91:0\"");
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr-fr", "\"634432176643630000\"");
Supprimée : user_pref("CommunityToolbar.EngineOwner", "CT2207610");
Supprimée : user_pref("CommunityToolbar.EngineOwnerGuid", "{6d6b212b-2245-4898-8b16-9a11b81ff9e1}");
Supprimée : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_france_ff");
Supprimée : user_pref("CommunityToolbar.IsEngineShown", true);
Supprimée : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Supprimée : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Supprimée : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Supprimée : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Supprimée : user_pref("CommunityToolbar.ToolbarsList", "CT2207610");
Supprimée : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 12 2011 19:40:34 GMT+0200");
Supprimée : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Supprimée : user_pref("CommunityToolbar.alert.locale", "en");
Supprimée : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Supprimée : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 12 2011 19:40:31 GMT+0200");
Supprimée : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Supprimée : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Supprimée : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Supprimée : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Supprimée : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Supprimée : user_pref("CommunityToolbar.alert.userId", "b2cc2aa0-8038-4a52-a433-74977217d9d1");
Supprimée : user_pref("CommunityToolbar.globalUserId", "19d9a636-1bac-425a-a85b-57364071bbbd");
Supprimée : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Supprimée : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Supprimée : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Supprimée : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");

-\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée :       "keyword": "search.sweetim.com",
Supprimée :       "name": "SweetIM Search",
Supprimée :       "search_url": "hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={34EB05C6-F692-11E0-8956-485B3998F560}",
Supprimée :       "host_referral_list": [ 2, [ "hxxp://1.bp.blogspot.com/", [ "hxxp://1.bp.blogspot.com/", 0.6197289485153833 ] ], [ "hxxp://1pe0gabun5.s.ad6media.fr/", [ "hxxp://1pe0gabun5.s.ad6media.fr/", 1.0372583192660272, "hxxp://ad.zanox.com/", 0.8037034659213589, "hxxp://www.laredoute.fr/", 0.8037034659213589 ] ], [ "hxxp://62.75.239.102/", [ "hxxp://62.75.239.102/", 0.5314407752452762, "hxxp://ad.zanox.com/", 1.724049453995417, "hxxp://cdn.track.webgains.com/", 1.3132281179390324, "hxxp://media.laredoute.fr/", 0.2699539299733008, "hxxp://track.webgains.com/", 1.3132281179390324, "hxxp://www.lamaisondevalerie.fr/", 0.3091780052685668, "hxxp://www.lapostemobile.fr/", 0.832151695812517, "hxxp://www.pimkie.fr/", 0.9387144090888253, "hxxp://www.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.com/", 0.2699539299733008, "hxxp://www.zanox-affiliate.de/", 0.486416640697503 ] ], [ "hxxp://69.31.136.5/", [ "hxxp://ad.yieldmanager.com/", 0.6348082978593151, "hxxp://adserving.cpxinteractive.com/", 0.5633398139943591, "hxxp://ib.adnxs.com/", 0.4918713301294032, "hxxp://optimized.by.vitalads.net/", 0.4918713301294032, "hxxp://redir.reachclic.net/", 0.4918713301294032 ] ], [ "hxxp://7878bc76.linkbucks.com/", [ "hxxp://7878bc76.linkbucks.com/", 0.5633398139943591, "hxxp://media.revfusion.net/", 0.4918713301294032, "hxxp://rts.revfusion.net/", 0.4918713301294032, "hxxp://static.linkbucks.com/", 0.9206822333191387, "hxxp://www.google-analytics.com/", 0.6348082978593151, "hxxp://www.linkbucksmedia.com/", 0.4918713301294032 ] ], [ "hxxp://a.ligatus.com/", [ "hxxp://d.ligatus.com/", 0.5314462890985842, "hxxp://i.ligatus.com/", 1.863845793310717, "hxxp://x.ligatus.com/", 1.0031335470728135 ] ], [ "hxxp://ad-emea.doubleclick.net/", [ "hxxp://s0.2mdn.net/", 0.351688303126348, "hxxp://t.mookie1.com/", 0.20405748347725416, "hxxp://www.youtube.com/", 0.191518120545764 ] ], [ "hxxp://ad.adlegend.com/", [ "hxxp://ad.adlegend.com/", 0.9511643712163041 ] ], [ "hxxp://ad.adperium.com/", [ "hxxp://ad.adperium.com/", 0.4918713301294032, "hxxp://ad.yieldmanager.com/", 0.4918713301294032, "hxxp://content.yieldmanager.edgesuite.net/", 0.4918713301294032 ] ], [ "hxxp://ad.doubleclick.net/", [ "hxxp://s0.2mdn.net/", 0.47948935651587843 ] ], [ "hxxp://ad.turn.com/", [ "hxxp://cdn.turn.com/", 0.421364066975333 ] ], [ "hxxp://ad.yieldmanager.com/", [ "hxxp://altfarm.mediaplex.com/", 0.9719055386631453, "hxxp://c.betrad.com/", 0.7066920939137182, "hxxp://cm.g.doubleclick.net/", 0.37754783099500006, "hxxp://g-pixel.invitemedia.com/", 0.37754783099500006, "hxxp://img.mediaplex.com/", 0.8887883005523577, "hxxp://l.betrad.com/", 0.37754783099500006, "hxxp://mp.apmebf.com/", 0.5720421681742425, "hxxp://pixel.invitemedia.com/", 0.37754783099500006, "hxxp://s0.2mdn.net/", 0.37754783099500006, "hxxp://t.invitemedia.com/", 0.37754783099500006 ] ], [ "hxxp://ad.z5x.net/", [ "hxxp://ad.yieldmanager.com/", 0.2759692302446825, "hxxp://ad.z5x.net/", 0.2759692302446825, "hxxp://content.yieldmanager.com/", 0.2045007463797264, "hxxp://content.yieldmanager.edgesuite.net/", 0.2759692302446825 ] ], [ "hxxp://adopteunmec.solution.weborama.fr/", [ "hxxp://elstatic.weborama.fr/", 1.0728368526960674 ] ], [ "hxxp://ads.bluelithium.com/", [ "hxxp://ad.yieldmanager.com/", 0.44288289776799183, "hxxp://ads.bluelithium.com/", 0.3380145544750709, "hxxp://content.yieldmanager.com/", 0.20356796050978768 ] ], [ "hxxp://ads.cinejam.com/", [ "hxxp://www.google-analytics.com/", 0.30984961572685843 ] ], [ "hxxp://ads.contentabc.com/", [ "hxxp://cdn1.ads.brazzers.com/", 0.1308053012350964, "hxxp://cdn1.ads.contentabc.com/", 0.4896600111930239 ] ], [ "hxxp://ads.crakmedia.com/", [ "hxxp://urchin.craktraffic.com/", 1.0422931874998105, "hxxp://www.google-analytics.com/", 1.0422931874998105 ] ], [ "hxxp://ads.dnmmedia.com/", [ "hxxp://ads.dnmmedia.com/", 1.5950302367138762, "hxxp://app.dnmmedia.com/", 1.5950302367138762 ] ], [ "hxxp://ads.dothads.com/", [ "hxxp://adimages.dothads.com/", 0.7340769658238004, "hxxp://ads.dothads.com/", 0.7340769658238004 ] ], [ "hxxp://ads.flixbuster.com/", [ "hxxp://wac.20f5.edgecastcdn.net/", 0.20970516060901212, "hxxp://www.google-analytics.com/", 0.2547260449453931 ] ], [ "hxxp://ads.msvp.net/", [ "hxxp://ads.msvp.net/", 2.853168630076187 ] ], [ "hxxp://ads.traffichaus.com/", [ "hxxp://ads.crakmedia.com/", 0.19777238067407396, "hxxp://ads.dothads.com/", 0.10306011140516126, "hxxp://cdn.zeusclicks.com/", 1.5617189435841379, "hxxp://edge.quantserve.com/", 0.26566300393609565, "hxxp://ifa.camads.net/", 0.267564412269547, "hxxp://pixel.quantserve.com/", 0.6791494599076461 ] ], [ "hxxp://ads.vidcube.com/", [ "hxxp://wac.20f5.edgecastcdn.net/", 0.24952163071610764, "hxxp://www.google-analytics.com/", 0.24952163071610764 ] ], [ "hxxp://ads.whaleads.com/", [ "hxxp://ads.whaleads.com/", 0.4343865684134507, "hxxp://images.ads.whaleads.com/", 0.4343865684134507 ] ], [ "hxxp://adserver2.exgfnetwork.com/", [ "hxxp://adserver2.exgfnetwork.com/", 0.37927782465950555, "hxxp://assets1.exgfnetwork.com/", 0.37927782465950555 ] ], [ "hxxp://afe2.specificclick.net/", [ "hxxp://ad.piximedia.com/", 2.818189934090623, "hxxp://astatic.weborama.fr/", 1.0274332749962019, "hxxp://broadcast.piximedia.fr/", 2.0692606480925413, "hxxp://cache.adviva.net/", 0.8173559313053524, "hxxp://elstatic.weborama.fr/", 0.5096275613160419, "hxxp://gae.solution.weborama.fr/", 0.5096275613160419, "hxxp://istatic.weborama.fr/", 0.5096275613160419, "hxxp://rm.piximedia.fr/", 1.7689474195487565, "hxxp://secure-uk.imrworldwide.com/", 1.1497831088473733, "hxxp://sfr.solution.weborama.fr/", 1.0274332749962019 ] ], [ "hxxp://aka-cdn-ns.adtech.de/", [ "hxxp://a69.g.akamai.net/", 0.7791511784137265, "hxxp://aka-cdn-ns.adtech.de/", 0.8440796406820182, "hxxp://epromo.tf1.fr/", 0.5634078788376073, "hxxp://hi-media-europe.s3.amazonaws.com/", 0.3068884971371109 ] ], [ "hxxp://assets1.exgfnetwork.com/", [ "hxxp://assets1.exgfnetwork.com/", 0.4343865684134507 ] ], [ "hxxp://barrirepoker.solution.weborama.fr/", [ "hxxp://elstatic.weborama.fr/", 0.19041955741635627 ] ], [ "hxxp://bc.geocities.yahoo.co.jp/", [ "hxxp://ai.yimg.jp/", 1.1042755784134997, "hxxp://b8.yahoo.co.jp/", 1.1042755784134997 ] ], [ "hxxp://bcp.crwdcntrl.net/", [ "hxxp://bcp.crwdcntrl.net/", 1.852248241406885, "hxxp://d.turn.com/", 1.0728368526960674, "hxxp://ev.ib-ibi.com/", 1.2287191304382308, "hxxp://ib.mookie1.com/", 1.0728368526960674, "hxxp://p.adsymptotic.com/", 1.0728368526960674, "hxxp://p.brilig.com/", 1.2287191304382308, "hxxp://p.rfihub.com/", 1.0728368526960674, "hxxp://segment-pixel.invitemedia.com/", 1.0728368526960674, "hxxp://view.atdmt.com/", 1.0728368526960674, "hxxps://c1.rfihub.net/", 1.0728368526960674 ] ], [ "hxxp://broadcast.piximedia.fr/", [ "hxxp://broadcast.piximedia.fr/", 29.732043851775387 ] ], [ "hxxp://cdn-files.deezer.com/", [ "hxxp://ad.doubleclick.net/", 1.3913222852435276, "hxxp://s0.2mdn.net/", 1.3913222852435276 ] ], [ "hxxp://cdn.blogbang.com/", [ "hxxp://epromo.tf1.fr/", 1.8547003059723652 ] ], [ "hxxp://cdn.flashtalking.com/", [ "hxxp://cdn.flashtalking.com/", 0.3652697292551332, "hxxp://stat.flashtalking.com/", 0.31892953972276555 ] ], [ "hxxp://cdn.turn.com/", [ "hxxp://bh.contextweb.com/", 0.07490659624313328, "hxxp://ce.lijit.com/", 0.07490659624313328, "hxxp://cms.ad.yieldmanager.net/", 0.07490659624313328, "hxxp://cookex.amp.yahoo.com/", 0.07490659624313328, "hxxp://d.audienceiq.com/", 0.09667432506592412, "hxxp://d.turn.com/", 0.07490659624313328, "hxxp://pixel.rubiconproject.com/", 0.6208463449718169, "hxxp://r.turn.com/", 0.09667432506592412, "hxxp://sync.adap.tv/", 0.07490659624313328, "hxxp://tracking.adjug.com/", 0.07490659624313328 ] ], [ "hxxp://cdn.zeusclicks.com/", [ "hxxp://ads.zeusclicks.com/", 1.5617189435841379, "hxxp://ads2.zeusclicks.com/", 1.0307345027655308, "hxxp://cdn.zeusclicks.com/", 1.2576509304657901 ] ], [ "hxxp://cdn1.ads.contentabc.com/", [ "hxxp://cdn1.ads.contentabc.com/", 0.9961695304276609 ] ], [ "hxxp://clouds.rencontreshard.com/", [ "hxxp://ktu.sv2.biz/", 1.2395173340042036, "hxxp://media.rencontreshard.com/", 10.424658603932784, "hxxp://www.google-analytics.com/", 1.4196181432184896, "hxxp://www.rencontreshard.com/", 1.4196181432184896 ] ], [ "hxxp://clubmed.solution.weborama.fr/", [ "hxxp://istatic.weborama.fr/", 0.6197289485153833 ] ], [ "hxxp://comclick.hi-mediaserver.com/", [ "hxxp://bouyguestelecom.solution.weborama.fr/", 1.2758405134213082, "hxxp://elstatic.weborama.fr/", 1.2758405134213082, "hxxp://i2.ytimg.com/", 3.703168191172137, "hxxp://i3.ytimg.com/", 0.7721629716909727, "hxxp://i4.ytimg.com/", 0.7721629716909727, "hxxp://istatic.weborama.fr/", 0.4171464831061695, "hxxp://o-o.preferred.orange-par1.v21.lscache4.c.youtube.com/", 1.8711998620081955, "hxxp://s.youtube.com/", 1.7992595722733973, "hxxp://s.ytimg.com/", 1.9935496958593673, "hxxp://www.youtube.com/", 5.464783074201805 ] ], [ "hxxp://creatives.livejasmin.com/", [ "hxxp://80.77.113.200/", 1.5617189435841379, "hxxp://code.jquery.com/", 1.5617189435841379, "hxxp://creatives.livejasmin.com/", 3.6039667928864705, "hxxp://s0.img.awempire.com/", 2.242468226684916, "hxxp://s1.img.awempire.com/", 2.015551798984657, "hxxp://s2.img.awempire.com/", 2.015551798984657, "hxxp://static.awempire.com/", 2.015551798984657, "hxxp://www.livejasmin.com/", 1.5617189435841379 ] ], [ "hxxp://cti.w55c.net/", [ "hxxp://d.p-td.com/", 0.5116944507992971, "hxxp://i.w55c.net/", 0.2118830886878324, "hxxp://pixel.rubiconproject.com/", 0.5116944507992971, "hxxp://tags.bluekai.com/", 0.5116944507992971 ] ], [ "hxxp://custom.exoclick.com/", [ "hxxp://syndication.exoclick.com/", 0.3903922932482842 ] ], [ "hxxp://d.advertstream.com/", [ "hxxp://d.advertstream.com/", 0.6197289485153833, "hxxp://l.advertstream.com/", 0.6197289485153833 ] ], [ "hxxp://dap.criteo.com/", [ "hxxp://ad.advertstream.com/", 0.5082167956826499 ] ], [ "hxxp://difflhxxp.hvsdigital.com/", [ "hxxp://stats.hvsdigital.com/", 8.235814466499502 ] ], [ "hxxp://dis.criteo.com/", [ "hxxp://ad.advertstream.com/", 0.8037034659213589 ] ], [ "hxxp://ds.serving-sys.com/", [ "hxxp://ds.serving-sys.com/", 1.4267693843512774, "hxxp://epromo.tf1.fr/", 0.7097750350518064, "hxxp://media.wow-europe.com/", 0.9833635829392451 ] ], [ "hxxp://elfassiscoopblog.com/", [ "hxxp://ac.tynt.com/", 0.8037034659213589, "hxxp://googleads.g.doubleclick.net/", 1.8547003059723652, "hxxp://ib.adnxs.com/", 1.0372583192660272, "hxxp://ic.tynt.com/", 0.8037034659213589, "hxxp://image2.pubmatic.com/", 0.9204808925936929, "hxxp://pixel.invitemedia.com/", 0.8037034659213589, "hxxp://segment-pixel.invitemedia.com/", 1.8547003059723652, "hxxp://weboramadata.solution.weborama.fr/", 2.5553648660063697, "hxxp://www.elfassiscoopblog.com/", 2.321810012661701, "hxxp://www.googleadservices.com/", 1.8547003059723652 ] ], [ "hxxp://elstatic.weborama.fr/", [ "hxxp://elstatic.weborama.fr/", 1.2666297986834905, "hxxp://pmu.eficiens-serving.com/", 0.6143301056285497, "hxxp://www.eficiens-serving2.com/", 1.2724185628191613 ] ], [ "hxxp://eu.leagueoflegends.com/", [ "hxxp://b.scorecardresearch.com/", 0.4100046852880986, "hxxp://d1j6nv3mjrypkx.cloudfront.net/", 0.8383351059668954, "hxxp://eu.leagueoflegends.com/", 6.44395591342032, "hxxp://lol-promos.s3.amazonaws.com/", 0.5603908300115749, "hxxp://ping.chartbeat.net/", 2.0217715727144494, "hxxp://riot-web-static.s3.amazonaws.com/", 4.7424339767885435, "hxxp://static.chartbeat.com/", 0.35798916551274285, "hxxp://www.google-analytics.com/", 0.5951060533421506, "hxxp://www.youtube.com/", 0.46202020506345437, "hxxps://riot-web-static.s3.amazonaws.com/", 1.3909093906314933 ] ], [ "hxxp://feeds.videosz.com/", [ "hxxp://cdn.feeds.videosz.com/", 0.33644122914099867, "hxxp://cdn.niche.videosz.com/", 2.0575691333987782, "hxxp://feeds.videosz.com/", 1.3314633353624044 ] ], [ "hxxp://fl01.ct2.comclick.com/", [ "hxxp://action.metaffiliation.com/", 1.3913222852435276, "hxxp://ad-emea.doubleclick.net/", 0.5334238313801883, "hxxp://akamai.smartadserver.com/", 0.0758988665296392, "hxxp://comclick.hi-mediaserver.com/", 0.2030582807974634, "hxxp://hstfr.tradedoubler.com/", 0.34071760094575276, "hxxp://img.netaffiliation.com/", 1.3913222852435276, "hxxp://impfr.tradedoubler.com/", 0.3023586657399396, "hxxp://s0.2mdn.net/", 0.9416421659954338, "hxxp://tap2-cdn.rubiconproject.com/", 0.0758988665296392, "hxxp://www4.smartadserver.com/", 0.08692690696556969 ] ], [ "hxxp://fls.doubleclick.net/", [ "hxxp://googleads.g.doubleclick.net/", 1.1597517902609105, "hxxp://www.googleadservices.com/", 1.3068844800701307 ] ], [ "hxxp://forum.alldebrid.com/", [ "hxxp://forum.alldebrid.com/", 5.341551336849117, "hxxp://i66.servimg.com/", 0.5938984941036742 ] ], [ "hxxp://forum.hardware.fr/", [ "hxxp://dap.criteo.com/", 1.2758405134213082, "hxxp://logp.hit-parade.com/", 1.2758405134213082, "hxxp://logv5.xiti.com/", 1.2758405134213082, "hxxp://partner.googleadservices.com/", 1.461219049559447, "hxxp://pubads.g.doubleclick.net/", 1.461219049559447, "hxxp://r.skimresources.com/", 1.2758405134213082, "hxxp://s.skimresources.com/", 1.461219049559447, "hxxp://t.skimresources.com/", 1.2758405134213082, "hxxp://www.google-analytics.com/", 1.461219049559447, "hxxps://ajax.googleapis.com/", 1.2758405134213082 ] ], [ "hxxp://forum.zebulon.fr/", [ "hxxp://dap.criteo.com/", 1.8319761218357242, "hxxp://hades.bubblestat.com/", 1.2758405134213082, "hxxp://in.bubblestat.com/", 1.8319761218357242, "hxxp://logc15.xiti.com/", 1.461219049559447, "hxxp://sd-1.archive-host.com/", 1.646597585697586, "hxxp://www.facebook.com/", 1.461219049559447, "hxxp://www.overclocking-pc.fr/", 1.461219049559447, "hxxp://www.ovh.com/", 1.461219049559447, "hxxp://www.zebulon.fr/", 2.017354657973863, "hxxp://zeus.bubblestat.com/", 2.9442473386645562 ] ], [ "hxxp://forums.jeuxonline.info/", [ "hxxp://forums.jeuxonline.info/", 2.187211108179172, "hxxp://jolstatic.fr/", 11.617528593041643, "hxxp://medias.jeuxonline.info/", 0.5075990480098851, "hxxp://medias2.jeuxonline.info/", 0.3973762751317589, "hxxp://ox.jeuxonline.info/", 1.053484543662612, "hxxp://www.google-analytics.com/", 1.3089282241322724 ] ], [ "hxxp://fr-fr.facebook.com/", [ "hxxp://static.ak.fbcdn.net/", 3.6139182981343962 ] ], [ "hxxp://fr.64.slidein.clickintext.net/", [ "hxxp://ad.zanox.com/", 0.25683368574939286, "hxxp://www.conforama.fr/", 0.21049349621702507, "hxxp://www.lapostemobile.fr/", 0.31892953972276555 ] ], [ "hxxp://fr.75.slidein.clickintext.net/", [ "hxxp://ad.publicidees.com/", 0.6197289485153833, "hxxp://cofidis2.solution.weborama.fr/", 0.6197289485153833, "hxxp://elstatic.weborama.fr/", 0.6197289485153833, "hxxp://hst.tradedoubler.com/", 0.6197289485153833, "hxxp://hstfr.tradedoubler.com/", 0.7097750350518064, "hxxp://img.tati.fr/", 0.6197289485153833, "hxxp://impfr.tradedoubler.com/", 0.7097750350518064, "hxxp://multimedia.fnac.com/", 0.6197289485153833, "hxxp://sites.orange.fr/", 0.6197289485153833, "hxxp://www.virginmobile.fr/", 0.6197289485153833 ] ], [ "hxxp://fr.85.slidein.clickintext.net/", [ "hxxp://ad.publicidees.com/", 1.1699438965014737, "hxxp://affiliation.maty.com/", 1.1699438965014737, "hxxp://cofidis2.solution.weborama.fr/", 1.1699438965014737, "hxxp://elstatic.weborama.fr/", 1.1699438965014737, "hxxp://hstfr.tradedoubler.com/", 1.3399357447110893, "hxxp://impfr.tradedoubler.com/", 1.1699438965014737, "hxxp://media.laredoute.fr/", 1.3399357447110893, "hxxp://tracking.publicidees.com/", 1.6799194411303207, "hxxp://www.lamaisondevalerie.fr/", 1.1699438965014737, "hxxp://www.lapostemobile.fr/", 1.1699438965014737 ] ], [ "hxxp://fr.dsguide.wikia.com/", [ "hxxp://b.scorecardresearch.com/", 1.0728368526960674, "hxxp://bcp.crwdcntrl.net/", 1.2287191304382308, "hxxp://fr.dsguide.wikia.com/", 3.5669532965706834, "hxxp://images.intellitxt.com/", 2.631659630117703, "hxxp://images2.wikia.nocookie.net/", 2.319895074633376, "hxxp://images4.wikia.nocookie.net/", 3.255188741086358, "hxxp://s0.2mdn.net/", 2.008130519149049, "hxxp://tag.admeld.com/", 2.164012796891212, "hxxp://wikia.us.intellitxt.com/", 1.0728368526960674, "hxxp://www.google-analytics.com/", 2.631659630117703 ] ], [ "hxxp://fr.wikipedia.org/", [ "hxxp://bits.wikimedia.org/", 3.118461757261133, "hxxp://fr.wikipedia.org/", 1.466939954350253, "hxxp://geoiplookup.wikimedia.org/", 1.1366355937680768, "hxxp://meta.wikimedia.org/", 1.3017877740591646, "hxxp://upload.wikimedia.org/", 2.457853036096781 ] ], [ "hxxp://gam3r.fr/", [ "hxxp://a0.twimg.com/", 0.5363927041682115, "hxxp://a1.twimg.com/", 0.5363927041682115, "hxxp://farm6.static.flickr.com/", 1.2378293173112564, "hxxp://gam3r.fr/", 3.809763565502425, "hxxp://logc16.xiti.com/", 0.5363927041682115, "hxxp://mediacdn.disqus.com/", 2.4068903392163317, "hxxp://platform0.twitter.com/", 0.5363927041682115, "hxxp://stats.buzzparadise.com/", 0.5363927041682115, "hxxp://www.facebook.com/", 0.5363927041682115, "hxxp://www.youtube.com/", 1.3937041202319327 ] ], [ "hxxp://gandhi-was-skilled.forumgratuit.fr/", [ "hxxp://ad.yieldmanager.com/", 0.2658471790350317, "hxxp://ad.z5x.net/", 0.2995740599573865, "hxxp://cas.criteo.com/", 0.33330094087974094, "hxxp://content.yieldmanager.com/", 0.23212029811267693, "hxxp://content.yieldmanager.edgesuite.net/", 0.2658471790350317, "hxxp://dis.eu.criteo.com/", 0.2658471790350317, "hxxp://i74.servimg.com/", 0.23212029811267693, "hxxp://illiweb.com/", 0.8392041547150627, "hxxp://r29.imgfast.net/", 0.23212029811267693, "hxxp://www.picdo.net/", 1.1090192020938996 ] ], [ "hxxp://googleads.g.doubleclick.net/", [ "hxxp://google.com/", 1.967674022654115, "hxxp://pagead2.googlesyndication.com/", 0.41325140027652696, "hxxps://googleads.g.doubleclick.net/", 1.967674022654115 ] ], [ "hxxp://home.sweetim.com/", [ "hxxp://search.sweetim.com/", 1.703076792622645 ] ], [ "hxxp://hstfr.tradedoubler.com/", [ "hxxp://c617982.r82.cf0.rackcdn.com/", 1.3607548196208201 ] ], [ "hxxp://ib.adnxs.com/", [ "hxxp://bforbank.solution.weborama.fr/", 1.0728368526960674, "hxxp://elstatic.weborama.fr/", 1.0728368526960674, "hxxp://img-cdn.mediaplex.com/", 0.07102838438749037, "hxxp://istatic.weborama.fr/", 1.0728368526960674, "hxxp://log40.doubleverify.com/", 0.32103498286035204, "hxxp://puma.vizu.com/", 0.41432720010182184, "hxxp://r.turn.com/", 0.5304442875080966, "hxxp://www.experteerads.com/", 0.2118830886878324, "hxxp://www.smartadserver.com/", 0.21872688883334002 ] ], [ "hxxp://ibuzzyou.fr/", [ "hxxp://ads.over-blog.com/", 0.292457924393767, "hxxp://api.viglink.com/", 0.292457924393767, "hxxp://cstatic.weborama.fr/", 0.547421243096025, "hxxp://ibuzzyou.fr/", 2.3321644740118335, "hxxp://static.ak.fbcdn.net/", 0.3774456972945198, "hxxp://w.s.ad6media.fr/", 0.3349518108441434, "hxxp://weborama02.adsafe.fr/", 0.3774456972945198, "hxxp://www.ebuzzingvideo.com/", 0.4624334701952725, "hxxp://www.facebook.com/", 0.4199395837448958, "hxxps://plusone.google.com/", 0.292457924393767 ] ], [ "hxxp://ifa.camads.net/", [ "hxxp://ifa.youjizzlive.com/", 0.5435553424557621, "hxxp://syndication.exoclick.com/", 0.475133037636144 ] ], [ "hxxp://ifa.youjizzlive.com/", [ "hxxp://ifa.youjizzlive.com/", 0.45402291247491716, "hxxp://static.ifa.camads.net/", 2.1246245540623043 ] ], [ "hxxp://images.ads.whaleads.com/", [ "hxxp://images.ads.whaleads.com/", 0.37927782465950555 ] ], [ "hxxp://imagesrv.adition.com/", [ "hxxp://download.frogster.de/", 0.5991768514682801 ] ], [ "hxxp://img-cdn.mediaplex.com/", [ "hxxp://img-cdn.mediaplex.com/", 1.2258316461173453 ] ], [ "hxxp://img.mediaplex.com/", [ "hxxp://img-cdn.mediaplex.com/", 0.8726784755589517 ] ], [ "hxxp://imgext.shoes.fr/", [ "hxxp://imgext.shoes.fr/", 1.3017877740591646, "hxxp://webnibal.spartoo.com/", 1.3017877740591646 ] ], [ "hxxp://imglb.yobihost.com/", [ "hxxp://imglb.yobihost.com/", 0.6205106492812438 ] ], [ "hxxp://impfr.tradedoubler.com/", [ "hxxp://88.191.129.208/", 0.12739467186592493, "hxxp://hstfr.tradedoubler.com/", 0.12739467186592493 ] ], [ "hxxp://istatic.weborama.fr/", [ "hxxp://pmu.eficiens-serving.com/", 0.45795010831986804 ] ], [ "hxxp://java.youjizz.com/", [ "hxxp://java.youjizz.com/", 2.6092830690868576, "hxxp://media12.youjizz.com/", 1.1937374967946544, "hxxp://media20.youjizz.com/", 1.1937374967946544, "hxxp://media22.youjizz.com/", 0.9009488151891516, "hxxp://media25.youjizz.com/", 0.48949531216739595 ] ], [ "hxxp://jetload321.com/", [ "hxxp://images.jetload321.com/", 0.4091032228387118, "hxxp://jetload321.com/", 0.4091032228387118 ] ], [ "hxxp://live-test.deezer.com/", [ "hxxp://files.deezer.com/", 1.3913222852435276, "hxxp://live-test.deezer.com/", 1.3913222852435276 ] ], [ "hxxp://maps.google.fr/", [ "hxxp://id.google.fr/", 2.025335319191497, "hxxp://maps.google.fr/", 3.202453282482282, "hxxp://maps.gstatic.com/", 5.556689209063849, "hxxp://mt0.google.com/", 3.7910122641276733, "hxxp://mt1.google.com/", 4.968130227418458 ] ], [ "hxxp://mc.dailymotion.com/", [ "hxxp://static1.dmcdn.net/", 1.9652479184540816 ] ], [ "hxxp://media.adrcdn.com/", [ "hxxp://media.adrcdn.com/", 1.159753393788891 ] ], [ "hxxp://media.revfusion.net/", [ "hxxp://ad.xtendmedia.com/", 0.5633398139943591, "hxxp://ad.yieldmanager.com/", 0.5633398139943591, "hxxp://content.hollywire.com/", 0.4918713301294032, "hxxp://content.yieldmanager.com/", 0.4918713301294032, "hxxp://cookex.amp.yahoo.com/", 0.4918713301294032, "hxxp://rts.sparkstudios.com/", 0.4918713301294032, "hxxp://static.linkbucks.com/", 0.4918713301294032, "hxxps://rts.sparkstudios.com/", 0.7062767817242704 ] ], [ "hxxp://media2.flashmediaportal.com/", [ "hxxp://media2.flashmediaportal.com/", 0.30704703081562257 ] ], [ "hxxp://mediacdn.disqus.com/", [ "hxxp://connect.facebook.net/", 0.5363927041682115, "hxxp://edge.quantserve.com/", 0.15421075687754407, "hxxp://mediacdn.disqus.com/", 0.6143301056285497, "hxxp://pixel.quantserve.com/", 0.15421075687754407, "hxxp://www.facebook.com/", 0.5363927041682115, "hxxp://www.google-analytics.com/", 0.15421075687754407 ] ], [ "hxxp://mediastay.directtrack.com/", [ "hxxp://www.beezik.com/", 0.8037034659213589 ] ], [ "hxxp://monoprix.solution.weborama.fr/", [ "hxxp://elstatic.weborama.fr/", 0.25683368574939286, "hxxp://istatic.weborama.fr/", 0.18969601915489856 ] ], [ "hxxp://montagnac.blogs.midilibre.com/", [ "hxxp://a2.twimg.com/", 2.6138943008368893, "hxxp://api.twitter.com/", 2.025335319191497, "hxxp://logc1.xiti.com/", 2.025335319191497, "hxxp://maps.google.fr/", 2.025335319191497, "hxxp://memorix.sdv.fr/", 3.496732773304977, "hxxp://midilibre.purl.fr/", 4.673850736595761, "hxxp://montagnac.blogs.midilibre.com/", 4.08529175495037, "hxxp://static.blogs.midilibre.com/", 2.9081737916595856, "hxxp://widgets.twimg.com/", 2.9081737916595856, "hxxp://www.journauxdumidi.com/", 2.6138943008368893 ] ], [ "hxxp://na.leagueoflegends.com/", [ "hxxp://b.scorecardresearch.com/", 1.2647258761317002, "hxxp://di9vymcrcwnbk.cloudfront.net/", 1.4251761738499014, "hxxp://dnn506yrbagrg.cloudfront.net/", 1.1042755784134997, "hxxp://googleads.g.doubleclick.net/", 1.1042755784134997, "hxxp://lol-promos.s3.amazonaws.com/", 1.2647258761317002, "hxxp://na.leagueoflegends.com/", 26.134522022452938, "hxxp://riot-web-static.s3.amazonaws.com/", 1.5856264715681014, "hxxp://www.google-analytics.com/", 1.2647258761317002, "hxxp://www.googleadservices.com/", 1.2647258761317002 ] ], [ "hxxp://naf.infobel.fr/", [ "hxxp://ajax.googleapis.com/", 2.025335319191497, "hxxp://maps.google.com/", 2.319614810014193, "hxxp://maps.gstatic.com/", 3.496732773304977, "hxxp://mt0.google.com/", 2.6138943008368893, "hxxp://mt1.google.com/", 3.496732773304977, "hxxp://naf.infobel.fr/", 5.556689209063849, "hxxp://www.google-analytics.com/", 2.319614810014193, "hxxp://www.google.com/", 4.379571245773065 ] ], [ "hxxp://news.google.fr/", [ "hxxp://csi.gstatic.com/", 2.0388856080627877, "hxxp://news.google.fr/", 2.0388856080627877, "hxxp://nt0.ggpht.com/", 2.610688315500735, "hxxp://nt1.ggpht.com/", 3.6295167710167977, "hxxp://nt2.ggpht.com/", 3.151296783098725, "hxxp://nt3.ggpht.com/", 2.579494075660777, "hxxp://ssl.gstatic.com/", 3.1201025432587666, "hxxp://www.gstatic.com/", 3.660711010856756 ] ], [ "hxxp://nibal.spartoo.com/", [ "hxxp://imgext.shoes.fr/", 1.1366355937680768, "hxxps://nibal.spartoo.com/", 1.1366355937680768 ] ], [ "hxxp://openx.ad24.24h00.com/", [ "hxxp://openx.ad24.24h00.com/", 1.1267833292925329 ] ], [ "hxxp://ovh.com/", [ "hxxp://www.ovh.com/", 3.685761483217111 ] ], [ "hxxp://ox.jeuxonline.info/", [ "hxxp://bs.serving-sys.com/", 0.7585920251023976, "hxxp://ds.serving-sys.com/", 0.8688147979805237, "hxxp://jolstatic.fr/", 0.22446686247340636, "hxxp://pagead2.googlesyndication.com/", 0.1142440895952802, "hxxp://www.smartadserver.com/", 0.516258889165775 ] ], [ "hxxp://p.brilig.com/", [ "hxxp://d.p-td.com/", 1.2287191304382308, "hxxp://r.turn.com/", 1.2287191304382308 ] ], [ "hxxp://p.rfihub.com/", [ "hxxp://a.rfihub.com/", 1.2287191304382308, "hxxp://ad.yieldmanager.com/", 1.0728368526960674, "hxxp://apnxscm.ac3.msn.com:81/", 1.0728368526960674, "hxxp://b.scorecardresearch.com/", 1.2287191304382308, "hxxp://cm.g.doubleclick.net/", 1.0728368526960674, "hxxp://googleads.g.doubleclick.net/", 1.0728368526960674, "hxxp://ib.adnxs.com/", 1.5404836859225577, "hxxp://m.adnxs.com/", 1.0728368526960674, "hxxp://www.googleadservices.com/", 1.0728368526960674 ] ], [ "hxxp://p2.exr3qs6e66eak.qq7luvbeakofefet.if.v4.ipv6-exp.l.google.com/", [ "hxxp://p2.exr3qs6e66eak.qq7luvbeakofefet.420027.i1.v4.ipv6-exp.l.google.com/", 0.5211216038805425, "hxxp://p2.exr3qs6e66eak.qq7luvbeakofefet.420027.i2.ds.ipv6-exp.l.google.com/", 0.5211216038805425, "hxxp://p2.exr3qs6e66eak.qq7luvbeakofefet.420027.s1.v4.ipv6-exp.l.google.com/", 0.5211216038805425 ] ], [ "hxxp://p2.jjqong6yxv5ro.kevvsp3xgn7tpunh.if.v4.ipv6-exp.l.google.com/", [ "hxxp://p2.jjqong6yxv5ro.kevvsp3xgn7tpunh.630985.i1.ds.ipv6-exp.l.google.com/", 0.21909151133348162, "hxxp://p2.jjqong6yxv5ro.kevvsp3xgn7tpunh.630985.i2.v4.ipv6-exp.l.google.com/", 0.21909151133348162 ] ], [ "hxxp://p2.jwwtmrnnybyje.aitph5gqiwkyqlto.if.v4.ipv6-exp.l.google.com/", [ "hxxp://p2.jwwtmrnnybyje.aitph5gqiwkyqlto.657199.i1.ds.ipv6-exp.l.google.com/", 0.8037034659213589, "hxxp://p2.jwwtmrnnybyje.aitph5gqiwkyqlto.657199.i2.v4.ipv6-exp.l.google.com/", 0.8037034659213589 ] ], [ "hxxp://p4.h3q3kbfm4ctd4.ntlx47ufc35n6bfz.if.v4.ipv6-exp.l.google.com/", [ "hxxp://p4.h3q3kbfm4ctd4.ntlx47ufc35n6bfz.if.v4.ipv6-exp.l.google.com/", 1.3132281179390324 ] ], [ "hxxp://pagead2.googlesyndication.com/", [ "hxxp://pagead2.googlesyndication.com/", 1.4682520942241368 ] ], [ "hxxp://pbid.iforex.com/", [ "hxxp://ads2.iforex.com/", 0.218302072551498 ] ], [ "hxxp://pixel.invitemedia.com/", [ "hxxp://pixel.rubiconproject.com/", 0.2700863450635904, "hxxp://segment-pixel.invitemedia.com/", 0.8667305578397613, "hxxp://tags.bluekai.com/", 0.8667305578397613, "hxxp://tap.rubiconproject.com/", 0.2700863450635904 ] ], [ "hxxp://platform.twitter.com/", [ "hxxp://cdn.api.twitter.com/", 0.5647103333597522, "hxxp://platform.twitter.com/", 1.1901965570149098 ] ], [ "hxxp://platform0.twitter.com/", [ "hxxp://platform0.twitter.com/", 0.12118692318155673, "hxxp://urls.api.twitter.com/", 0.14401384956486912 ] ], [ "hxxp://pubhdstats2.msvp.net/", [ "hxxp://pubhdstats2.msvp.net/", 47.07960045185433, "hxxp://pubstream.msvp.net/", 18.609867639322147 ] ], [ "hxxp://puma.vizu.com/", [ "hxxp://cheetah.vizu.com/", 0.7369949101477324, "hxxp://puma.vizu.com/", 0.7369949101477324 ] ], [ "hxxp://redir.reachclic.net/", [ "hxxp://track.effiliation.com/", 0.5633398139943591, "hxxp://www.3suisses.fr/", 0.5633398139943591, "hxxp://www.daxon.fr/", 0.4918713301294032, "hxxp://www.delamaison.fr/", 0.4918713301294032, "hxxp://www.fotochat.com/", 0.4918713301294032, "hxxp://www.fotochat.fr/", 0.4918713301294032, "hxxp://www.mediaffiliation.com/", 0.4918713301294032, "hxxp://www.sfr.fr/", 0.5633398139943591, "hxxp://www.spartoo.com/", 0.4918713301294032, "hxxps://www.betclic.fr/", 0.5633398139943591 ] ], [ "hxxp://rmd.atdmt.com/", [ "hxxp://llstrm.atdmt.com/", 1.504039041058379 ] ], [ "hxxp://s.mcstatic.com/", [ "hxxp://b.scorecardresearch.com/", 0.3652697292551332, "hxxp://cdn.visiblemeasures.com/", 0.31892953972276555, "hxxp://load2.tubemogul.com/", 0.4116099187875008, "hxxp://rcv-srv43.inplay.tubemogul.com/", 0.6896510559817067, "hxxp://receive.inplay.tubemogul.com/", 0.3652697292551332, "hxxp://s6.mcstatic.com/", 0.4116099187875008, "hxxp://static.inplay.tubemogul.com/", 0.3652697292551332, "hxxp://v.mccont.com/", 0.4116099187875008, "hxxp://winter.metacafe.com/", 0.45795010831986804, "hxxp://www.metacafe.com/", 0.4116099187875008 ] ], [ "hxxp://s.ytimg.com/", [ "hxxp://o-o.preferred.orange-par1.v18.lscache8.c.youtube.com/", 1.1366355937680768, "hxxp://o-o.preferred.orange-par1.v24.lscache7.c.youtube.com/", 1.204228275505104, "hxxp://o-o.preferred.orange-par1.v4.lscache7.c.youtube.com/", 0.8037034659213589, "hxxp://pagead2.googlesyndication.com/", 3.471295252726876, "hxxp://s.youtube.com/", 7.336466951624019, "hxxp://s.ytimg.com/", 2.6963788568618026, "hxxp://s0.2mdn.net/", 5.08016024296706, "hxxp://s2.youtube.com/", 3.113828508686042, "hxxp://v24.nonxt7.c.youtube.com/", 1.204228275505104, "hxxp://www.youtube.com/", 5.809066004948047 ] ], [ "hxxp://s0.2mdn.net/", [ "hxxp://ad.doubleclick.net/", 0.4382040352989707, "hxxp://airfrance.bannerfactory.fr/", 1.5404836859225577, "hxxp://fr.uncle-bens-ad.08.08.11.s3.amazonaws.com/", 0.9511643712163041, "hxxp://s0.2mdn.net/", 0.7737670791778506 ] ], [ "hxxp://s2.noelshack.com/", [ "hxxp://ad.zanox.com/", 1.4301437273431912, "hxxp://cofidis2.solution.weborama.fr/", 0.889867208124652, "hxxp://elstatic.weborama.fr/", 0.889867208124652, "hxxp://fr.75.slidein.clickintext.net/", 5.93244805416435, "hxxp://media.laredoute.fr/", 0.7097750350518064, "hxxp://s2.noelshack.com/", 1.160005467733922, "hxxp://static.fr.groupon-content.net/", 0.6197289485153833, "hxxp://static.groupon.fr/", 0.6197289485153833, "hxxp://tracking.veoxa.com/", 0.7097750350518064, "hxxp://www.darty.com/", 0.6197289485153833 ] ], [ "hxxp://s3.noelshack.com/", [ "hxxp://cofidis2.solution.weborama.fr/", 1.5099275929207054, "hxxp://elstatic.weborama.fr/", 1.5099275929207054, "hxxp://fr.85.clickintext.net/", 1.1699438965014737, "hxxp://fr.85.slidein.clickintext.net/", 4.56978086069379, "hxxp://hstfr.tradedoubler.com/", 1.1699438965014737, "hxxp://img.tradedoubler.com/", 1.1699438965014737, "hxxp://impfr.tradedoubler.com/", 1.3399357447110893, "hxxp://media.laredoute.fr/", 1.5099275929207054, "hxxp://static.fr.groupon-content.net/", 1.1699438965014737, "hxxp://www.eplaque.fr/", 1.1699438965014737 ] ], [ "hxxp://s7.addthis.com/", [ "hxxp://cf.addthis.com/", 0.07277400544809126, "hxxp://l.addthiscdn.com/", 0.2029006918038399 ] ], [ "hxxp://sascentral.com/", [ "hxxp://media2.flashmediaportal.com/", 0.30704703081562257 ] ], [ "hxxp://search.sweetim.com/", [ "hxxp://ac1.sweetim.com/", 2.1979879973164054, "hxxp://ad.xtendmedia.com/", 1.950532394969525, "hxxp://ad.yieldmanager.com/", 1.703076792622645, "hxxp://cdn.search.sweetim.com/", 3.435266009050805, "hxxp://content.yieldmanager.edgesuite.net/", 1.703076792622645, "hxxp://www.google.com/", 1.703076792622645 ] ], [ "hxxp://server1.affiz.net/", [ "hxxp://platform.twitter.com/", 0.292457924393767, "hxxp://server1.affiz.net/", 0.23551611655026258, "hxxp://www.ebuzzing.com/", 0.547421243096025, "hxxp://www.ebuzzingvideo.com/", 0.3349518108441434 ] ], [ "hxxp://show.altitudedigitalpartners.com/", [ "hxxp://ad.reduxmedia.com/", 0.6348082978593151, "hxxp://ad.yieldmanager.com/", 0.5633398139943591 ] ], [ "hxxp://signup.leagueoflegends.com/", [ "hxxp://googleads.g.doubleclick.net/", 0.46202020506345437, "hxxp://ping.chartbeat.net/", 0.35798916551274285, "hxxp://signup.leagueoflegends.com/", 1.1382219621430791, "hxxp://static.chartbeat.com/", 0.35798916551274285, "hxxp://www.google-analytics.com/", 0.4100046852880986, "hxxp://www.googleadservices.com/", 0.46202020506345437, "hxxps://ads.ad4game.com/", 0.35798916551274285, "hxxps://googleads.g.doubleclick.net/", 0.35798916551274285, "hxxps://play.xmmorpg.com/", 0.35798916551274285, "hxxps://www.googleadservices.com/", 0.4100046852880986 ] ], [ "hxxp://static.awempire.com/", [ "hxxp://109.71.162.192:8080/", 1.5617189435841379, "hxxp://static.awempire.com/", 2.242468226684916, "hxxp://www.livejasmin.com/", 1.5617189435841379, "hxxp://wwwtp/", 1.5617189435841379 ] ], [ "hxxp://static.eplayer.performgroup.com/", [ "hxxp://ad4.liverail.com/", 0.2899101421922193, "hxxp://adserver.adtech.de/", 0.2899101421922193, "hxxp://images.eplayer.performgroup.com/", 0.25313049728723624, "hxxp://secure-uk.imrworldwide.com/", 0.25313049728723624, "hxxp://static.eplayer.performgroup.com/", 0.363469432002185, "hxxp://vox-static.liverail.com/", 0.25313049728723624, "hxxp://xml.eplayer.performgroup.com/", 0.363469432002185 ] ], [ "hxxp://static.weborama.fr/", [ "hxxp://ad-emea.doubleclick.net/", 0.5304442875080965, "hxxp://akamai.smartadserver.com/", 0.9285702433741843, "hxxp://at04.alenty.com/", 0.36802905205711595, "hxxp://bouyguestelecom.solution.weborama.fr/", 0.12739467186592496, "hxxp://elstatic.weborama.fr/", 0.12739467186592496, "hxxp://istatic.weborama.fr/", 0.14590500880370882, "hxxp://js.alenty.com/", 0.14590500880370882, "hxxp://s0.2mdn.net/", 0.6075173891118372, "hxxp://www3.smartadserver.com/", 1.3333316315116484 ] ], [ "hxxp://static07.reachclic.net/", [ "hxxp://static07.reachclic.net/", 0.4918713301294032 ] ], [ "hxxp://static1.dmcdn.net/", [ "hxxp://ad.auditude.com/", 1.9116543432291524, "hxxp://api161.thefilter.com/", 2.1894160854077476, "hxxp://b.scorecardresearch.com/", 2.1894160854077476, "hxxp://proxy-78.dailymotion.com/", 2.4833976647263114, "hxxp://rcv-srv30.inplay.tubemogul.com/", 3.411157631144503, "hxxp://sense.dailymotion.com/", 8.185779687575419, "hxxp://static1.dmcdn.net/", 25.78185481593628, "hxxp://static2.dmcdn.net/", 43.71575616349693, "hxxp://video.od.visiblemeasures.com/", 156.49606559492096, "hxxp://www.dailymotion.com/", 85.55455479095879 ] ], [ "hxxp://static1.shopoon.fr/", [ "hxxp://box.shopoon.fr/", 3.5359340514969224, "hxxp://static1.shopoon.fr/", 2.007691368222829 ] ], [ "hxxp://store.origin.com/", [ "hxxp://b.scorecardresearch.com/", 1.1699438965014737, "hxxp://drh.img.digitalriver.com/", 7.119658583838024, "hxxp://drh1.img.digitalriver.com/", 7.459642280257255, "hxxp://drh2.img.digitalriver.com/", 1.1699438965014737, "hxxp://eaeacom.112.2o7.net/", 1.3399357447110893, "hxxp://ssl-hints.netflame.cc/", 1.6799194411303207, "hxxp://sso.origin.com/", 1.1699438965014737, "hxxp://web-vassets.ea.com/", 2.8698623785976314, "hxxp://www.origin.com/", 3.3798379232264777, "hxxps://sso.origin.com/", 1.5099275929207054 ] ], [ "hxxp://syndication.exoclick.com/", [ "hxxp://static.exoclick.com/", 0.421452436368394 ] ], [ "hxxp://tap2-cdn.rubiconproject.com/", [ "hxxp://cm.netseer.com/", 0.285387437377759, "hxxp://d5p.de17a.com/", 0.07163870420502746, "hxxp://de17a.com/", 0.07163870420502746, "hxxp://pixel.quantserve.com/", 0.5803397848368256, "hxxp://pixel.rubiconproject.com/", 0.24918156845670011, "hxxp://um.simpli.fi/", 0.1644598351814221 ] ], [ "hxxp://tomshardware.fr.intellitxt.com/", [ "hxxp://ad.yieldmanager.com/", 0.4510452948431553, "hxxp://cm.g.doubleclick.net/", 0.4510452948431553, "hxxp://g-pixel.invitemedia.com/", 0.4510452948431553, "hxxp://googleads.g.doubleclick.net/", 0.4510452948431553, "hxxp://pixel.intellitxt.com/", 0.4510452948431553, "hxxp://segment-pixel.invitemedia.com/", 0.4510452948431553, "hxxp://www.googleadservices.com/", 0.4510452948431553 ] ], [ "hxxp://tripleplay.blogbang.com/", [ "hxxp://cdn.blogbang.com/", 1.1540357459383606, "hxxp://www.blogbang.com/", 1.1540357459383606 ] ], [ "hxxp://view.atdmt.com/", [ "hxxp://ad.doubleclick.net/", 0.7501794918869304, "hxxp://adopteunmec.solution.weborama.fr/", 0.30843630380270853, "hxxp://ec.atdmt.com/", 1.1366355937680768, "hxxp://ib.adnxs.com/", 0.16019859361690625, "hxxp://spe.atdmt.com/", 0.1073453395969346 ] ], [ "hxxp://voe.blogg.no/", [ "hxxp://a.analytics.yahoo.com/", 0.6197289485153833, "hxxp://adserver.adtech.de/", 0.6197289485153833, "hxxp://aka-cdn-ns.adtech.de/", 0.6197289485153833, "hxxp://bloggfiler.no/", 8.633830650257046, "hxxp://blogglisten.no/", 0.6197289485153833, "hxxp://connect.facebook.net/", 0.6197289485153833, "hxxp://static.blogg.no/", 1.0699593811974988, "hxxp://www.blogglisten.no/", 0.6197289485153833, "hxxp://www.google-analytics.com/", 0.9799132946610762, "hxxp://www.youtube.com/", 0.6197289485153833 ] ], [ "hxxp://w55c.net/", [ "hxxp://tag.admeld.com/", 1.0728368526960674 ] ], [ "hxxp://widget.chipin.com/", [ "hxxp://widget.chipin.com/", 0.4100046852880986 ] ], [ "hxxp://ws.amazon.fr/", [ "hxxp://ecx.images-amazon.com/", 2.0172033319146396, "hxxp://g-ecx.images-amazon.com/", 0.6922675070888882, "hxxp://images.amazon.com/", 0.5363927041682115, "hxxp://ws.amazon.fr/", 0.7702049085492259, "hxxp://www.amazon.com/", 0.6143301056285497, "hxxp://www.assoc-amazon.fr/", 0.5363927041682115 ] ], [ "hxxp://www.01net.com/", [ "hxxp://akamai.smartadserver.com/", 0.4220195828107198, "hxxp://googleads.g.doubleclick.net/", 0.4755593806299902, "hxxp://logc202.xiti.com/", 0.582638976268531, "hxxp://s0.2mdn.net/", 0.4220195828107198, "hxxp://s7.addthis.com/", 0.4755593806299902, "hxxp://securite.01net.com/", 3.9021064410632915, "hxxp://view.atdmt.com/", 0.3684797849914494, "hxxp://www.01net.com/", 10.969359753207051, "hxxp://www.facebook.com/", 0.582638976268531, "hxxp://www.google-analytics.com/", 0.5290991784492601 ] ], [ "hxxp://www.actufoot.fr/", [ "hxxp://cdn-static.liverail.com/", 0.25313049728723624, "hxxp://platform.twitter.com/", 0.25313049728723624, "hxxp://platform0.twitter.com/", 0.25313049728723624, "hxxp://s7.addthis.com/", 0.363469432002185, "hxxp://static.ak.fbcdn.net/", 0.25313049728723624, "hxxp://static.eplayer.performgroup.com/", 0.2899101421922193, "hxxp://www.actufoot.fr/", 1.7610959383915388, "hxxp://www.facebook.com/", 0.2899101421922193, "hxxp://www.google-analytics.com/", 0.25313049728723624, "hxxps://api-read.facebook.com/", 0.25313049728723624 ] ], [ "hxxp://www.alldebrid.fr/", [ "hxxp://www.alldebrid.com/", 0.5938984941036742, "hxxp://www.alldebrid.fr/", 8.286298036779863, "hxxp://www.facebook.com/", 0.5938984941036742, "hxxp://www.google-analytics.com/", 0.6539953655308325, "hxxp://www.internetdownloadmanager.com/", 0.41360787982220215, "hxxps://connect.facebook.net/", 0.41360787982220215, "hxxps://s-static.ak.facebook.com/", 0.41360787982220215, "hxxps://www.facebook.com/", 0.41360787982220215 ] ], [ "hxxp://www.annuaire.com/", [ "hxxp://csi.gstatic.com/", 2.025335319191497, "hxxp://googleads.g.doubleclick.net/", 2.319614810014193, "hxxp://maps.googleapis.com/", 2.6138943008368893, "hxxp://maps.gstatic.com/", 5.262409718241153, "hxxp://mt0.googleapis.com/", 3.202453282482282, "hxxp://mt1.googleapis.com/", 2.319614810014193, "hxxp://pagead2.googlesyndication.com/", 2.025335319191497, "hxxp://www.annuaire.com/", 9.382322589758898, "hxxp://www.googleadservices.com/", 2.025335319191497, "hxxp://www.linkedin.com/", 2.025335319191497 ] ], [ "hxxp://www.beezik.com/", [ "hxxp://connect.facebook.net/", 0.8037034659213589, "hxxp://mediaplanning.netavenir.com/", 0.8037034659213589, "hxxp://prof.estat.com/", 0.9204808925936929, "hxxp://static.ak.fbcdn.net/", 0.8037034659213589, "hxxp://ww17.smartadserver.com/", 1.387590599283029, "hxxp://www.beezik.com/", 5.241245679470055, "hxxp://www.google-analytics.com/", 0.8037034659213589 ] ], [ "hxxp://www.blogbang.com/", [ "hxxp://ajax.googleapis.com/", 0.3500932297553437, "hxxp://tripleplay.blogbang.com/", 0.4668706564276778, "hxxp://www.youtube.com/", 0.8037034659213589 ] ], [ "hxxp://www.bobtv.fr/", [ "hxxp://rtmp.bobtv.fr/", 3.0811151165779385, "hxxp://www.bobtv.fr/", 41.42999433541418, "hxxp://www.facebook.com/", 2.1457765990453503, "hxxp://www.google-analytics.com/", 2.4575561048895462, "hxxps://apis.google.com/", 2.1457765990453503, "hxxps://plusone.google.com/", 2.1457765990453503, "hxxps://ssl.gstatic.com/", 2.1457765990453503 ] ], [ "hxxp://www.brandalley.fr/", [ "hxxp://ajax.googleapis.com/", 0.6197289485153833, "hxxp://apicit.net/", 0.7097750350518064, "hxxp://logi13.xiti.com/", 0.7097750350518064, "hxxp://media.brandalley.com/", 10.52479846752195, "hxxp://rainbow.mythings.com/", 0.7097750350518064, "hxxp://retargeting.veoxa.com/", 0.7097750350518064, "hxxp://vu.veoxa.com/", 0.7097750350518064, "hxxp://wrap.tradedoubler.com/", 0.6197289485153833, "hxxp://www.brandalley.fr/", 0.7998211215882297, "hxxp://www.google-analytics.com/", 0.7097750350518064 ] ], [ "hxxp://www.connect.facebook.com/", [ "hxxp://profile.ak.fbcdn.net/", 2.0832890495910044, "hxxp://static.ak.fbcdn.net/", 1.8488433621921538 ] ], [ "hxxp://www.dailymotion.com/", [ "hxxp://b.scorecardresearch.com/", 2.1894160854077476, "hxxp://mc.dailymotion.com/", 1.9116543432291524, "hxxp://platform.twitter.com/", 3.0227013119435315, "hxxp://prof.estat.com/", 1.9116543432291524, "hxxp://static.ak.fbcdn.net/", 1.9116543432291524, "hxxp://static1.dmcdn.net/", 9.026188999187951, "hxxp://static2.dmcdn.net/", 17.884459852343074, "hxxp://www.dailymotion.com/", 7.058947843388812, "hxxp://www.facebook.com/", 2.1894160854077476, "hxxp://www.google-analytics.com/", 2.1894160854077476 ] ], [ "hxxp://www.deezer.com/", [ "hxxp://cdn-files.deezer.com/", 5.147450565057622, "hxxp://cdn-images.deezer.com/", 13.838384657952203, "hxxp://connect.facebook.net/", 1.3913222852435276, "hxxp://live-test.deezer.com/", 1.5934802241250656, "hxxp://platform.twitter.com/", 1.5575302342406394, "hxxp://static.ak.fbcdn.net/", 1.3913222852435276, "hxxp://ww400.smartadserver.com/", 4.76990116365348, "hxxp://www.deezer.com/", 1.5934802241250656, "hxxp://www.facebook.com/", 1.4975296188440501, "hxxp://www.google-analytics.com/", 1.3913222852435276 ] ], [ "hxxp://www.divx.com/", [ "hxxp://elstatico.divx.com/", 0.8272554279552446, "hxxp://fonts.divx.com/", 0.8272554279552446, "hxxp://www.divx.com/", 0.8272554279552446 ] ], [ "hxxp://www.dotallyrad.com/", [ "hxxp://c.statcounter.com/", 0.35798916551274285, "hxxp://imgcdn.nrelate.com/", 0.5660512446141659, "hxxp://pixel.quantserve.com/", 0.35798916551274285, "hxxp://s05.flagcounter.com/", 0.35798916551274285, "hxxp://stats.wordpress.com/", 0.35798916551274285, "hxxp://widget.chipin.com/", 0.35798916551274285, "hxxp://www.dotallyrad.com/", 1.5023306005705683, "hxxp://www.google-analytics.com/", 0.46202020506345437, "hxxp://www.gravatar.com/", 0.7741133237155892, "hxxp://www3.clustrmaps.com/", 0.35798916551274285 ] ], [ "hxxp://www.dpstream.net/", [ "hxxp://94.23.225.196/", 0.5338016226765172, "hxxp://images.allocine.fr/", 0.4737047512493596, "hxxp://t.videobb.com/", 0.5338016226765172, "hxxp://www.dpstream.net/", 2.7639243696907245, "hxxp://www.gambling-affiliation.com/", 0.41360787982220215, "hxxp://www.geektheory.fr/", 0.1189106110173638, "hxxp://www.google-analytics.com/", 0.30873835840684055, "hxxp://www.google.com/", 0.9221911328006963, "hxxp://www.videobb.com/", 0.41360787982220215, "hxxp://wwwstatic.megavideo.com/", 0.7741891083851472 ] ], [ "hxxp://www.easysiret.com/", [ "hxxp://www.easysiret.com/", 5.262409718241153, "hxxp://www.google-analytics.com/", 2.319614810014193 ] ], [ "hxxp://www.ebuzzing.com/", [ "hxxp://connect.facebook.net/", 0.3349518108441434, "hxxp://www.ebuzzing.com/", 0.3349518108441434, "hxxp://www.ebuzzingvideo.com/", 0.4199395837448958, "hxxp://www.facebook.com/", 0.4199395837448958 ] ], [ "hxxp://www.ebuzzingvideo.com/", [ "hxxp://i1.ytimg.com/", 0.4199395837448958, "hxxp://s.ytimg.com/", 0.3349518108441434, "hxxp://www.ebuzzingvideo.com/", 0.8448784482486593, "hxxp://www.youtube.com/", 0.3349518108441434 ] ], [ "hxxp://www.experteerads.com/", [ "hxxp://www.experteer.fr/", 0.7369949101477324, "hxxp://www.experteerads.com/", 1.2724185628191613 ] ], [ "hxxp://www.facebook.com/", [ "hxxp://external.ak.fbcdn.net/", 0.5056708159343671, "hxxp://profile.ak.fbcdn.net/", 0.5656984108169677, "hxxp://static.ak.fbcdn.net/", 1.9048002940647848 ] ], [ "hxxp://www.flickr.com/", [ "hxxp://farm1.static.flickr.com/", 0.6197289485153833, "hxxp://farm3.static.flickr.com/", 1.2500515542703448, "hxxp://farm4.static.flickr.com/", 1.0699593811974988, "hxxp://geo.yahoo.com/", 0.6197289485153833, "hxxp://l.yimg.com/", 1.8803741600253074, "hxxp://www.flickr.com/", 0.6197289485153833, "hxxp://yui.yahooapis.com/", 0.6197289485153833 ] ], [ "hxxp://www.francesoir.fr/", [ "hxxp://ads.horyzon-media.com/", 4.554762507012983, "hxxp://francesoir.seloger.net/", 2.262398482101845, "hxxp://googleads.g.doubleclick.net/", 1.7529842543438134, "hxxp://pagead2.googlesyndication.com/", 1.7529842543438134, "hxxp://platform.twitter.com/", 2.007691368222829, "hxxp://s0.2mdn.net/", 2.5171055959808606, "hxxp://www.facebook.com/", 2.262398482101845, "hxxp://www.francesoir.fr/", 26.714281414487363, "hxxps://plusone.google.com/", 1.7529842543438134, "hxxps://ssl.gstatic.com/", 1.7529842543438134 ] ], [ "hxxp://www.fureur.org/", [ "hxxp://ad1.adfarm1.adition.com/", 0.35487050006323956, "hxxp://common.zam.com/", 0.35487050006323956, "hxxp://fureur.org/", 0.4449122687360014, "hxxp://imagesrv.adition.com/", 0.35487050006323956, "hxxp://img818.imageshack.us/", 0.30984961572685843, "hxxp://mystatus.skype.com/", 0.35487050006323956, "hxxp://www.fureur.org/", 2.9210609072369613, "hxxp://www.google-analytics.com/", 0.35487050006323956, "hxxp://www.smartadserver.com/", 0.3998913843996207 ] ], [ "hxxp://www.gambling-france.com/", [ "hxxp://www.google-analytics.com/", 0.19056268460184972 ] ], [ "hxxp://www.game.fr/", [ "hxxp://www.game.fr/", 0.7921000794364336 ] ], [ "hxxp://www.gameatopia.com/", [ "hxxp://ad.xtendmedia.com/", 0.8492137494541826, "hxxp://ad.yieldmanager.com/", 0.8492137494541826, "hxxp://ad3.revfusion.net/", 0.7062767817242704, "hxxp://content.yieldmanager.edgesuite.net/", 0.7062767817242704, "hxxp://cookex.amp.yahoo.com/", 0.6348082978593151, "hxxp://router.tlvmedia.com/", 0.5633398139943591, "hxxp://www.gameatopia.com/", 0.7062767817242704 ] ], [ "hxxp://www.gamehope.com/", [ "hxxp://ad1.adfarm1.adition.com/", 0.6666338479911984, "hxxp://b.scorecardresearch.com/", 0.5317198549453611, "hxxp://imagesrv.adition.com/", 0.6666338479911984, "hxxp://logv11.xiti.com/", 0.46426285842244225, "hxxp://pixel.quantserve.com/", 0.46426285842244225, "hxxp://server.cpmstar.com/&

Malekal_morte- · Answer

Télécharge ce tool : http://batchdhelus.open-web.fr/programme/MalwaresUploader.exe  
Puis tu coches Malekal à gauche  
Dans le cadre en bas, copie/colle les chemins des fichiers suivants :  

O4 - HKCU..\Run: [WinUpdtr] C:\Users\patrick\AppData\Roaming\WinUpdtr\__tmp.exe ()

et tu clics sur Upload en bas.

spiderchouck2 · Answer

C'est fait. Ce matin mon antivirus a de nouveau détecte le virus Worm:win32 ainslot.a malgré toutes les manipulations que j'ai faite...
Et maintenant? (j'ai uploadé les deux fichiers demandés de ton post)

Malekal_morte- · Answer

Si tu me dis pas dans quel fichier, ça n'a aucun interêt de me dire que ton antivirus a détecté qq chose.


Relance OTL. 
o sous Personnalisation, copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction, un rapport apparraitra, copie/colle le contenu ici:  

:OTL
O4 - HKCU..\Run: [WinUpdtr] C:\Users\patrick\AppData\Roaming\WinUpdtr\__tmp.exe ()
:files
c:\Windows\SysWOW64\Windir
c:\Users\patrick\AppData\Roaming\*.exe
C:\Users\patrick\AppData\Roaming\WinUpdtr

* redemarre le pc sous windows et poste le rapport ici

spiderchouck2 · Answer

J'ai malencontreusement fermé le 1er rapport (pensant qu'il était sauvegardé), il me semble que les 3 fichiers ont étaient supprimés (d'après le rapport en question), en faisant un second rapport voilà ce que j'obtiens:

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdtr not found.
File C:\Users\patrick\AppData\Roaming\WinUpdtr\__tmp.exe not found.
========== FILES ==========
File\Folder c:\Windows\SysWOW64\Windir not found.
File\Folder c:\Users\patrick\AppData\Roaming\*.exe not found.
File\Folder C:\Users\patrick\AppData\Roaming\WinUpdtr not found.
 
OTL by OldTimer - Version 3.2.31.0 log created on 11062011_200317

Worm:win32 ainslot.a

17 réponses

Votre réponse

Discussions similaires

Newsletters