View original (French)

What is a red triangle with an exclamation point?

merlin -  
 beboune -
Hello,
I've got a little problem, for the past few days an icon (red triangle with a yellow exclamation point) has been appearing in my taskbar and blinking; sometimes it opens Internet Explorer and brings up an alert like "malware alert, etc."
I think it's a spyware.. but I'm having a bit more trouble getting rid of it than the others; I've tried Ad-Aware and Spybot in normal mode and safe mode, I've cleaned the registry, I've scanned with Kaspersky 6 (all updated of course) but it comes back every time I start up... does anyone have any idea??? Thanks in advance
Configuration: Windows XP Firefox 2.0.0.3

27 réponses

  • 1
  • 2
Réponse 1 / 27
merlin
 
Here is my HijackThis report

Logfile of HijackThis v1.99.1
Scan saved at 07:53:11, on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\jubb\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lstard.stormcorp.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: VPNS System - {9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} - C:\WINDOWS\iesettings.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\Common Files\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\Common Files\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: iesupport - {F9A3CE4B-9269-4E25-B3A3-F8ECF27CA0F8} - C:\WINDOWS\iesupport.dll
O21 - SSODL: iedebug - {89304A23-6A7A-4772-B718-F9AD49F4833E} - C:\WINDOWS\iedebug.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 2 / 27
Merlin
 
Report made at 22:13:28.70, 02/04/2007
Executed from C:\Documents and Settings\jubb\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Corrupted hosts file!

# [MICROSOFT.COM]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jubb

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jubb\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jubb\Favorites

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop items

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Warning, the following keys are not necessarily infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Warning, the following keys are not necessarily infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Warning, the following keys are not necessarily infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Packet Scheduling Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{10A3C246-DD8D-481D-BAA3-8E0CA95FA33B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{10A3C246-DD8D-481D-BAA3-8E0CA95FA33B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{10A3C246-DD8D-481D-BAA3-8E0CA95FA33B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

»»»»»»»»»»»»»»»»»»»»»»»» Searching for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 3 / 27
salwa5 Posted messages 7552 Status Contributeur 1 670
 
restart Smitfraud, choose option 4 to update it

then

----------------------------------------------------------------------------
Start in safe mode:
To do this, tap the F8 key right at the beginning of the PC's startup without stopping
A window will open, navigate with the arrow keys to start in safe mode and then press enter.
Once on the desktop, if there are no colors and other things, that's normal!
(If F8 doesn’t work, use the F5 key).
----------------------------------------------------------------------------
Restart the Smitfraud program,
This time choose option 2, answer yes to all;
Save the report, restart in normal mode, copy/paste the saved report here

see you+++
0
Réponse 4 / 27
S!Ri Posted messages 932 Status Contributeur sécurité 10
 
Hello

You can upload this file:
C:\WINDOWS\iesettings.dll

to this address: http://siri.urz.free.fr/upload/
to update the fix.

Thank you
see you later
0
Réponse 5 / 27
Merlin
 
SmitFraudFix v2.162

Report made at 23:01:23,09, 02/04/2007
Executed from C:\Documents and Settings\jubb\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Warning, the following keys are not necessarily infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Stopping processes

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 china.dalexcars.com
127.0.0.1 dl.aaascreensavers.com
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
127.0.0.1 www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com
127.0.0.1 www.adcipta.net #[W32/Malware]
127.0.0.1 adserv.adbonus.com
127.0.0.1 www.adbonus.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad3.adcept.net
127.0.0.1 www.adcept.net
127.0.0.1 adcomplete.com
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 ads.adcorps.com
127.0.0.1 ads.addynamix.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com
127.0.0.1 www.ad4ever.com
127.0.0.1 adhearus.com
127.0.0.1 display2.adhearus.com
127.0.0.1 ssl3.adhost.com
127.0.0.1 www2.adhost.com
127.0.0.1 www.addme.com
127.0.0.1 www.adinfinity.com
127.0.0.1 te.adlandpro.com
127.0.0.1 classic.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 www.adminder.com
127.0.0.1 adsfac.net
127.0.0.1 www.adonweb.com
127.0.0.1 www.adrelevance.com #[NetRatings]
127.0.0.1 media.adrevolver.com
127.0.0.1 adroar.com
127.0.0.1 ads.adroar.com
127.0.0.1 delta.adroar.com
127.0.0.1 iads.adroar.com #[Adware.AdRoar][ADW_ADROAR.A]
127.0.0.1 lists.adroar.com
127.0.0.1 www.adroar.com
127.0.0.1 ads.adsag.com
127.0.0.1 di.adsag.com
127.0.0.1 img.adsag.com
127.0.0.1 adserv.com
127.0.0.1 www.adserv.com
127.0.0.1 ads.adtomi.com
127.0.0.1 www.adtomi.com #[Adware.Adtomi]
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com
127.0.0.1 www.adtrader.com
127.0.0.1 www.adtraffic.net
127.0.0.1 survey.advantageresearch.com
127.0.0.1 ad.adver.com.tw
127.0.0.1 ads.advertise.net
127.0.0.1 advertisingvision.com #[Adware.Advision]
127.0.0.1 www.advertisingvision.com
127.0.0.1 adviva.com
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net
127.0.0.1 adstats.adviva.net
127.0.0.1 tracker.affistats.com #[msvrl.dll]
127.0.0.1 www.affiliatefuel.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 affiliatetarget.com
127.0.0.1 www.affiliatetarget.com
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 our.affiliatetracking.net
127.0.0.1 www.affiliatetracking.net
127.0.0.1 www.affiliatetracking.com
127.0.0.1 adserver.aim4media.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 pops.aim4media.com
127.0.0.1 www.aim4media.com
127.0.0.1 crs.akamai.com
127.0.0.1 soap.alexa.com #[Spyware.Alexa][Alexa Toolbar]
127.0.0.1 traffic.alexa.com
127.0.0.1 xsltcache.alexa.com
127.0.0.1 www.alexa.com
127.0.0.1 allcheapsolutions.com #[Backdoor-CIE]
127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster]
127.0.0.1 bantam.ai.net
127.0.0.1 fiona.ai.net
127.0.0.1 ads.amazingmedia.com
127.0.0.1 bohema.amillo.net #[Trojan.Mitglieder.H]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 banner.arttoday.com
127.0.0.1 ads.aspalliance.com
127.0.0.1 associmg.com #[amazon.com]
127.0.0.1 armbender.com #[UCSearch.ucUCSearch][W32.Adclicker.F.Trojan]
127.0.0.1 www.armbender.com #[UCSearch.ArmBender]
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com #[Restricted Zone site]
127.0.0.1 adserving.autotrader.com
127.0.0.1 www.avatarresources.com #[Parasite.AutoStartup]
127.0.0.1 www.avres.net
127.0.0.1 www.aweber.com
127.0.0.1 cploving.awmhost.net #[TrojanClicker.Win32.Lopin]
127.0.0.1 bar.baidu.com #[Parasite.ClientMan]
127.0.0.1 www.baltictop.com
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com #[Restricted Zone site]
127.0.0.1 www2.bannerspace.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com
127.0.0.1 bannerswap.com
127.0.0.1 www.bannerswap.com
127.0.0.1 www.bidclix.com
127.0.0.1 bidclix.net
127.0.0.1 www.bidclix.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net #[Restricted Zone site]
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 download.bigwebportal.com #[hotwebsearch.com]
127.0.0.1 www.bigwebportal.com
127.0.0.1 counter.bizland.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.black-hole.co.uk #[Restricted Zone site]
127.0.0.1 www.blazehits.net #[gonnasearch.com]
127.0.0.1 s7.blingblingcontent.com #[Easywebinstaller Control]
127.0.0.1 ads.bmais.net #[bluemountain]
127.0.0.1 bookedspace.com #[Parasite.BookedSpace]
127.0.0.1 www.bookedspace.com #[Adware.Bookedspace]
127.0.0.1 a.boom.ro
127.0.0.1 s.boom.ro
127.0.0.1 www1.boomerank.com
127.0.0.1 boomerank.com
127.0.0.1 citi.bridgetrack.com #[Tracking Service]
127.0.0.1 rccl.bridgetrack.com
127.0.0.1 config.broadcastpc.tv #[TROJ_RVP.E]
127.0.0.1 report.broadcastpc.tv #[AdvWare.Broadcap.a]
127.0.0.1 www.broadcastpc.tv #[Adware.Broadcastpc]
127.0.0.1 www.browserplugin.com #[WebHlprObj Class]
127.0.0.1 install.browsertoolbar.com #[Backdoor.Autoupder][BrowserToolbar]
127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]
127.0.0.1 www.browsertoolbar.com #[Parasite.BrowserToolbar]
127.0.0.1 browserwise.com #[Parasite.Xupiter][Xupiter.BrowserWise]
127.0.0.1 www.browserwise.com
127.0.0.1 www.buildtraffic.com
127.0.0.1 casino-on-net.com
127.0.0.1 java2.casino-on-net.com
127.0.0.1 www.casino-on-net.com
127.0.0.1 casinojems.com
127.0.0.1 www.casinojems.com
127.0.0.1 cc-dt.com
127.0.0.1 ads.cc-dt.com
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 www.capital-systems.net #[Troj/Ovedil-B]
127.0.0.1 www.care2.com #[TopMoxie]
127.0.0.1 ads.cars.com
127.0.0.1 www.cashforclicks.com
127.0.0.1 www.cashpile.com
127.0.0.1 ads.cdfreaks.com #[Ads.cdfreaks]
127.0.0.1 mds.centrport.net
127.0.0.1 c.clickaire.com #[CWS trojan downloads]
127.0.0.1 classifieds1000.com
127.0.0.1 www.classifieds1000.com
127.0.0.1 clearfind.com
127.0.0.1 www.clearfind.com #[Restricted Zone site]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank]
127.0.0.1 zzz.clickbank.net
127.0.0.1 clickedyclick.com
127.0.0.1 www.clickexchange.ru
127.0.0.1 click2boost.com
127.0.0.1 secure.click2boost.com
127.0.0.1 service.click2boost.com
127.0.0.1 www.click2boost.com
127.0.0.1 servedby.clickexperts.net
127.0.0.1 www.clicks2you.com
127.0.0.1 stats1.clicktracks.com
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com
127.0.0.1 www1.click-fr.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com
127.0.0.1 www.clicks4u.com
127.0.0.1 www.clipgenie.com
127.0.0.1 comclick.com
127.0.0.1 ct2.comclick.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com #[Restricted Zone site]
127.0.0.1 www.thecoolbar.com #[Softomate Toolbar][The Coolbar]
127.0.0.1 www.compactbanner.com
127.0.0.1 ads.console.net
127.0.0.1 coolshader.com
127.0.0.1 c.coolshader.com #[Win32.Harnig]
127.0.0.1 www.coolshader.com
127.0.0.1 counted.com
127.0.0.1 bilbo.counted.com
127.0.0.1 www.counted.com
127.0.0.1 www.counterguide.com
127.0.0.1 counter4u.de
127.0.0.1 connectionzone.com
127.0.0.1 count.casino-trade.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com
127.0.0.1 twci.coremetrics.com
127.0.0.1 us.cqcounter.com
127.0.0.1 zz.cqcounter.com
127.0.0.1 1us.cqcounter.com
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 cyberbounty.com
127.0.0.1 js.cybermonitor.com
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 cytron.com #[DailyWinner][Cytron]
127.0.0.1 www.cytron.com
127.0.0.1 www.dash.com
127.0.0.1 ads.date.com
127.0.0.1 banner.date.com
127.0.0.1 dbbsrv.com #[bserv.darkblue.com][Restricted Zone site]
127.0.0.1 freestuff.com.19828.fb.dbbsrv.com #[roar.com]
127.0.0.1 spyware.com.16871.fb.dbbsrv.com
127.0.0.1 webads.com.18345.fb.dbbsrv.com
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com #[Data Miner]
127.0.0.1 ad.ads.dk
127.0.0.1 tdkads.ads.dk
127.0.0.1 didtheyreadit.com #[email tracker]
127.0.0.1 www.didtheyreadit.com
127.0.0.1 counter.digits.com
127.0.0.1 www.divago.com #[Adware.Surfairy]
127.0.0.1 www.dnscaching.net #[stickypops.com]
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 downloadalot.com
127.0.0.1 get.downloadalot.com
127.0.0.1 www.downloadalot.com #[Restricted Zone site]
127.0.0.1 www.downseek.com #[DownSeek Search]
127.0.0.1 dqmedia.net #[spam]
127.0.0.1 drmx01.net #[spam]
127.0.0.1 www.duenow.com
127.0.0.1 gfx.dvlabs.com
127.0.0.1 klipads.dvlabs.com
127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
127.0.0.1 www.e2give.com
127.0.0.1 www.e-bannerx.com
127.0.0.1 adv1.eblocs.com
127.0.0.1 adv2.eblocs.com #[Rogue/Suspect]
127.0.0.1 www.easycounter.com
127.0.0.1 banners.easydns.com
127.0.0.1 banner.easyspace.com
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 www.efinder.cc #[StartPage-DA]
127.0.0.1 enhancemysearch.com #[xzoomy.com]
127.0.0.1 www.enhancemysearch.com
127.0.0.1 epeople.com
127.0.0.1 errorpage404.com #[JS_TRAFFICHBAR.A]
127.0.0.1 www.errorpage404.com #[Parasite.TinyBar]
127.0.0.1 vipuk.escritorioactivo.com #[123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[bogus antivirus spyware]
127.0.0.1 www.eshopads2.com
127.0.0.1 perso.estat.com
127.0.0.1 prof.estat.com
127.0.0.1 www.estat.com #[Restricted Zone site]
127.0.0.1 eu-adcenter.net
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 ugo.eu-adcenter.net #[evidence-eliminator.com]
127.0.0.1 www.euroklik.nl #[EasyBar][InstallerX Class]
127.0.0.1 engage.everyone.net
127.0.0.1 static.everyone.net
127.0.0.1 www.exchangead.com
127.0.0.1 exitexchange.com
127.0.0.1 count.exitexchange.com
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com #[Restricted Zone site]
127.0.0.1 www.exchangeexit.com #[Installer Class][Winupie]
127.0.0.1 www.exittraffic.net
127.0.0.1 ezcybersearch.com #[EZCyberSearch.Surebar]
127.0.0.1 ads.ezcybersearch.com #[Adware.EZSearch.B]
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 www.ezcybersearch.com #[Parasite.ezCyberSearch]
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 redirect.fairfax.com.au
127.0.0.1 campaigns.f2.com.au
127.0.0.1 www.fast2net.com
127.0.0.1 www.fastfind.org #[SubSearch][TROJ_STARTPAG.KF][Adware.Fastfind.B]
127.0.0.1 fasttrack.nu
127.0.0.1 www.fceboard.com #[Adware.EBoard]
127.0.0.1 www.fightpopups.net #[Adware.MessStopper]
127.0.0.1 adserver.filefront.com
127.0.0.1 www.filemix.net #[Surf+]
127.0.0.1 www.fineclicks.com
127.0.0.1 firstname.com
127.0.0.1 clicks.firstname.com
127.0.0.1 www.fizzlewizzle.com #[Fizzle Wizzle Searchbar]
127.0.0.1 flashtrack.net
127.0.0.1 ads.flashtrack.net #[Adware.Flashtrack.B]
127.0.0.1 coreg.flashtrack.net
127.0.0.1 www.flashtrack.net #[Adware.FlashEnhancer][KB312429]
127.0.0.1 flyinads.com
127.0.0.1 www.flyinads.com
127.0.0.1 ads.forbes.com
127.0.0.1 klipmart.forbes.com
127.0.0.1 www.ampira.com #[Fortunecity]
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.v3.com #[Fortunecity]
127.0.0.1 www2.fortunecity.com
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehistorycleaner.com #[Adware.Fapi][ADW_HISCLEAN.A]
127.0.0.1 free-stats.com
127.0.0.1 www.freewebsites.com
127.0.0.1 ads.free-windows-games.com
127.0.0.1 www.free-windows-games.com #[Parasite.GAMsys][GamHelper]
127.0.0.1 pops.freeze.com #[[GamHelper]
127.0.0.1 ads.gamespy.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 www.getsmart.com
127.0.0.1 bp2.getredirect.com
127.0.0.1 4.getredirect.com #[superlogy.com]
127.0.0.1 www.getredirect.com
127.0.0.1 getupdate.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 www.getupdate.com #[Adware.Getup]
127.0.0.1 gigex.com
127.0.0.1 media.gigex.com #[SpeedDelivery]
127.0.0.1 oascentral.gigex.com #[RealMedia]
127.0.0.1 www.gigex.com #[download Class]
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com #[Restricted Zone site][CWS]
127.0.0.1 banner.goldenpalace.com #[redirects]
127.0.0.1 www.goldenwebawards.com #[server down?]
127.0.0.1 goldstats.net
127.0.0.1 www.goldstats.net
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 ads.gorillanation.com #[Restricted Zone site]
127.0.0.1 adserver.gorillanation.com
127.0.0.1 gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com
127.0.0.1 webcounter.goweb.de
127.0.0.1 greatstartpage.com #[parasite downloads]
127.0.0.1 www.greatstartpage.com
127.0.0.1 grokster.com #[Restricted Zone site][P2P]
127.0.0.1 dl.grokster.com
127.0.0.1 www.grokster.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 www.g-wizzads.net
127.0.0.1 hamster.com #[apps5.oingo.com]
127.0.0.1 ad0.haynet.com
127.0.0.1 www.hitboss.com
127.0.0.1 www.hit4hit.com
127.0.0.1 ads.hitcents.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 loga.hit-parade.com
127.0.0.1 hit-parade.com
127.0.0.1 www.hitpointer.com
127.0.0.1 hitslink.com
127.0.0.1 counter.hitslink.com
127.0.0.1 counter2.hitslink.com
127.0.0.1 www2.hitslink.com
127.0.0.1 www.hitslink.com #[Restricted Zone site]
127.0.0.1 hitstats.net
127.0.0.1 www.hiwire.com
127.0.0.1 ads.home.net
127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
127.0.0.1 counters.honesty.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 hotphrase.com
127.0.0.1 www.hotphrase.com #[Restricted Zone site]
127.0.0.1 hotsearch.com #[roar.com][Restricted Zone site]
127.0.0.1 www.hotsearch.com
127.0.0.1 hotsearchbar.com #[iiittt Class][SpiderSearch]
127.0.0.1 www.hotsearchbar.com
127.0.0.1 www.10s.com.br #[Trojan.Cargao]
127.0.0.1 cgi.hotstat.nl
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 hc2.humanclick.com
127.0.0.1 www.humanclick.com #[Data Miner]
127.0.0.1 www.hypertracker.com
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 image-catcher.com
127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
127.0.0.1 stats.surfaid.ihost.com
127.0.0.1 ads.imdb.com #[amazon.com]
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 stats.indextools.com
127.0.0.1 adserver.indieclick.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads7.inet1.com
127.0.0.1 banners.inetfast.com
127.0.0.1 ads.infospace.com
127.0.0.1 bvads.infospace.com
127.0.0.1 dpxml.infospace.com
127.0.0.1 xads.infospace.com
127.0.0.1 www.infospider.com
127.0.0.1 ads.intellicast.com
127.0.0.1 ads.intelihealth.com
127.0.0.1 ads.intermezzia.com
127.0.0.1 mjxads.internet.com
127.0.0.1 indiads.com
127.0.0.1 infostart.com
127.0.0.1 popups.infostart.com
127.0.0.1 www.intelli-tracker.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipstat.com
127.0.0.1 istarthere.com #[Troj/IEStart-C]
127.0.0.1 directory.istarthere.com
127.0.0.1 moviesponsor.istarthere.com
127.0.0.1 partners.istarthere.com
127.0.0.1 www.istarthere.com #[VBS_IESTART.F]
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 isurfplus.com
127.0.0.1 www.isurfplus.com #[Adware.Surebar]
127.0.0.1 www.itrafficstar.com #[Restricted Zone site]
127.0.0.1 www.jcount.com
127.0.0.1 affiliates.jeanharris.com
127.0.0.1 popup.jeanharris.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 www.joltid.com #[Adware.P2PNetworking]
127.0.0.1 www1.kliks.nl
127.0.0.1 www2.kliks.nl
127.0.0.1 www.kliks.nl
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 stats.klsoft.com
127.0.0.1 www.kmindex.ru
127.0.0.1 ad.leadcrunch.com
127.0.0.1 ts1.lexmark.com
127.0.0.1 www.linkcounter.com
127.0.0.1 linkexchange.ru
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com
127.0.0.1 plus.link4link.com
127.0.0.1 www.links4trade.com
127.0.0.1 escati.linkopp.net
127.0.0.1 www.linkopp.net
127.0.0.1 js.livehelper.com #[Restricted Zone site]
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 liveperson.net
127.0.0.1 server.iad.liveperson.net #[Data Miner]
127.0.0.1 www.liveperson.com
127.0.0.1 adserv.lwmn.net
127.0.0.1 locators.com #[Adware.Locator]
127.0.0.1 toolbar.locators.com #[Locators Toolbar]
127.0.0.1 www.locators.com
127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 luckyhomepage.com #[search.targetwords.com\1stblaze.com]
127.0.0.1 www.luckyhomepage.com #[Restricted Zone site]
127.0.0.1 adverts.lzio.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 search.lzio.com
127.0.0.1 updates.lzio.com #[Downloader-LE][Adware.ZioCom]
127.0.0.1 make-deal.com
127.0.0.1 www.madoogali.com #[Madoogali]
127.0.0.1 go.mailbits.com
127.0.0.1 mair.net #[Realtracker]
127.0.0.1 marnet.us #[Downloader-IU]
127.0.0.1 image.masterstats.com
127.0.0.1 link.masterstats.com
127.0.0.1 ads.affiliates.match.com
127.0.0.1 associmage.match.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 maybeyes.biz #[Trojan.Ducky]
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 banner.meerhits.nl #[IEHIjacker.Meerhits.nl]
127.0.0.1 pokpok.meerhits.nl
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com #[typo squatter]
127.0.0.1 www.megaseek.net #[Restricted Zone site]
127.0.0.1 pubs.mgn.net #[Grolier Network]
127.0.0.1 www.mgshareware.com #[Adware Bundler]
127.0.0.1 micorsoft.com
127.0.0.1 www.micorsoft.com #[typo hijacker]
127.0.0.1 www.mini-player.com #[5MOF Mini-Player]
127.0.0.1 banner.missingkids.com
127.0.0.1 ads.monster.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.a.in.monster.com
127.0.0.1 ads.monstermoving.com
127.0.0.1 cookie.monster.com
127.0.0.1 mp3today.net
127.0.0.1 www.mp3yes.com #[C2Media\LOP]
127.0.0.1 mpamexit.com
127.0.0.1 www.messagetag.com #[Email tracker]
127.0.0.1 msgtag.com
127.0.0.1 img.msgtag.com #[Restricted Zone site]
127.0.0.1 www.msgtag.com
127.0.0.1 multi1.rmuk.co.uk #[RealMedia]
127.0.0.1 mvtracker.com
127.0.0.1 www.mvtracker.com
127.0.0.1 mvr3d.net #[NavExcel\n-CASE]
127.0.0.1 mvr.us #[Parasite.NavExcel]
127.0.0.1 www.mvr.us
127.0.0.1 www.myaffiliateprogram.com
127.0.0.1 www.myarmory.com #[Spyware.Bazookabar]
127.0.0.1 ads.mydailyhoroscope.net
127.0.0.1 www.mydailyhoroscope.net #[Adware.Horoscope]
127.0.0.1 www.myemessenger.com
127.0.0.1 rm.myoc.com
127.0.0.1 myhitlogger.com
127.0.0.1 mypagefinder.com #[Parasite.MyPageFinder]
127.0.0.1 hit.namimedia.com
127.0.0.1 ads.nandomedia.com
127.0.0.1 neededware.com #[Adware.NeededWare]
127.0.0.1 www.neededware.com
127.0.0.1 neo-toolbar.com #[InstControl Class][Trojan.NeoToolbar.Installer]
127.0.0.1 www6.netbroadcaster.com
127.0.0.1 code.netbreak.com.au
127.0.0.1 www.netflip.com
127.0.0.1 money2.netfirms.com #[The Money Toolbar]
127.0.0.1 partner.netmechanic.com
127.0.0.1 tracker.netmechanic.com
127.0.0.1 counter.netmore.net
127.0.0.1 www.netpoll.nl
127.0.0.1 servedby.netshelter.net
127.0.0.1 ads.netsol.com
127.0.0.1 www.netsearch.info
127.0.0.1 ads.newsint.co.uk
127.0.0.1 adq.nextag.com
127.0.0.1 newiframe.biz #[TROJ_DELF.DS]
127.0.0.1 www.newiframe.biz
127.0.0.1 web1.noadware.net
127.0.0.1 www.noadware.net #[SCAM.Enigma.NoAdware]
127.0.0.1 nowbox.com
127.0.0.1 www.nowbox.com #[Parasite.NowBox]
127.0.0.1 mediatickets.nubela.net
127.0.0.1 www.nubela.net
127.0.0.1 nzads.net.nz
127.0.0.1 okcounter.com
127.0.0.1 www.okww.net #[Trojan.StartPage.C]
127.0.0.1 stat.onestat.com
127.0.0.1 www.onestat.com
127.0.0.1 one.ru
127.0.0.1 cnt.one.ru
127.0.0.1 stats0.one.ru
127.0.0.1 stats1.one.ru
127.0.0.1 stats2.one.ru
127.0.0.1 www.oneandonlynetwork.com #[Ticketmaster]
127.0.0.1 server1.opentracker.net
127.0.0.1 www.opinionlab.com
127.0.0.1 ccc00.opinionlab.com
127.0.0.1 rate.opinionlab.com
127.0.0.1 banner.orb.net
127.0.0.1 www.originalicons.com #[F1 Organizer Class]
127.0.0.1 geoads.osdn.com
127.0.0.1 tg-images.osdn.com
127.0.0.1 otx5.otxresearch.com
127.0.0.1 otx.ifilm.com #[OTXMedia.dll]
127.0.0.1 survey.otxresearch.com #[TrojanDownloader.OTXloader.A]
127.0.0.1 www.otxresearch.com #[OTXMovie Class]
127.0.0.1 adpopper.outblaze.com #[bargain-buddy.net]
127.0.0.1 www.p3marketing.com #[Zapspot]
127.0.0.1 click.payserve.com
127.0.0.1 www.pc-test.net
127.0.0.1 ad1.peel.com
127.0.0.1 ad3.peel.com
127.0.0.1 ads.peel.com
127.0.0.1 ad4.peel.com
127.0.0.1 ads5.peel.com
127.0.0.1 www.peel.com
127.0.0.1 www.peel.net
127.0.0.1 ads.pennyweb.com #[addynamix.com]
127.0.0.1 banners.pennyweb.com
127.0.0.1 www.peruvianmarket.com #[Trojan.Beagooz.D][server down?]
127.0.0.1 ads.photosight.ru
127.0.0.1 phpadsnew.com
127.0.0.1 www.phpadsnew.com
127.0.0.1 ads2.playnet.com
127.0.0.1 popfind.net #[Adware.Ddpop]
127.0.0.1 www.popupads.com
127.0.0.1 www.popupad.net
127.0.0.1 popupblockade.com #[Parasite.Httper]
127.0.0.1 www.popupblockade.com
127.0.0.1 popupmoney.com #[Restricted Zone site]
127.0.0.1 server01.popupmoney.com
127.0.0.1 www.popupmoney.com
127.0.0.1 popadstop.com #[Adware.PopAdStop]
127.0.0.1 www.popadstop.com
127.0.0.1 www.popunder.info #[TROJ_CHECKIN.B]
127.0.0.1 www.popupswappers.com
127.0.0.1 ad.popupswappers.com
127.0.0.1 www.popuptop.com
127.0.0.1 www2.portdetective.com
127.0.0.1 www.positivebeats.com #[C2Media\LOP]
127.0.0.1 x0x0l.pp.ru #[BKDR_CCT.A]
127.0.0.1 www.praize.com #[Adware.Praize]
127.0.0.1 1.primaryads.com
127.0.0.1 www.privacyoutpost.com #[Troj/Regldr-A]
127.0.0.1 www.prtracker.com
127.0.0.1 www.profitzone.com #[ProfitZONE Adbar]
127.0.0.1 prolivation.com #[Restricted Zone site]
127.0.0.1 www.prolivation.com
127.0.0.1 ads.pro-market.net
127.0.0.1 www.promo.com.au
127.0.0.1 www.prutect.com #[Spyware.e2give][Win32.Prutec.A]
127.0.0.1 www.pstopper.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 sma.punto.net
127.0.0.1 www.pureseeker.com #[C2Media\LOP]
127.0.0.1 www.pwallet.com #[Restricted Zone site]
127.0.0.1 rads01.quadrogram.com #[Adware.Quadro][Memwatcher.B][TROJ_PEPER.A]
127.0.0.1 adserv.quality-channel.de
127.0.0.1 www.quarterserver.de
127.0.0.1 questionmarket.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ch.questionmarket.com
127.0.0.1 survey.questionmarket.com
127.0.0.1 www.questionmarket.com
127.0.0.1 download.quickflicks.com #[Parasite.SVAPlayer]
127.0.0.1 www.qq886.com #[Backdoor.Semes]
127.0.0.1 ramgo.com #[Restricted Zone site]
127.0.0.1 www.ramgo.com #[Win32.Startpage.B]
127.0.0.1 www.autoraskrutka.ru #[Spyware.Acext]
127.0.0.1 www.raskrutim.ru #[Spyware.Acext]
127.0.0.1 www.realclicks.com
127.0.0.1 www.relmaxtop.com
127.0.0.1 banner.relcom.ru
127.0.0.1 adservice.recon-networks.com
127.0.0.1 rightmedia.net
127.0.0.1 rightstats.com
127.0.0.1 www.rightstats.com
127.0.0.1 m.rmbclick.com
127.0.0.1 www.rgs-rostock.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 track.roiservice.com
127.0.0.1 ad.ro2cn.com #[Adware.Ro2cn]
127.0.0.1 www.sandboxer.com #[Adware.Quadro][memorywatcher.com][Memwatcher.B]
127.0.0.1 www.savehits.com
127.0.0.1 st.sageanalyst.net
127.0.0.1 scorpionsearch.com #[W32.Adclicker.C.Trojan]
127.0.0.1 www.scorpionsearch.com #[x10.com][Trojan.Clicker.NetBuie a-b]
127.0.0.1 adsremote.scripps.com
127.0.0.1 te.scripps.com
127.0.0.1 counter.search.bg
127.0.0.1 searchalot.com
127.0.0.1 cards.searchalot.com
127.0.0.1 mail.searchalot.com
127.0.0.1 search.searchalot.com
127.0.0.1 web.searchalot.com
127.0.0.1 www.searchalot.com #[Adware-Tronix]
127.0.0.1 searchandclick.com
127.0.0.1 search.searchandclick.com
127.0.0.1 www.searchandclick.com #[Browseraid][SearchAndClick]
127.0.0.1 searchby.net
127.0.0.1 www.searchby.net #[Ultimate Popup Killer]
127.0.0.1 searchfst.com #[SFUtility Class][keywordsinc.com]
127.0.0.1 www.searchfst.com
127.0.0.1 www.searchgauge.com
127.0.0.1 www.search-control.com #[TrojanDropper.Win32.Small.ig]
127.0.0.1 search-itnow.com #[Parasite.AdultLinks]
127.0.0.1 www.search-itnow.com
127.0.0.1 www.searchmachine.com
127.0.0.1 www.searchmagnifier.com
127.0.0.1 www.searchrelevancy.com
127.0.0.1 www.searchresult.net #[Parasite.IgetNet]
127.0.0.1 searchseekfind.com #[Adware.SearchSeekFind]
127.0.0.1 www.searchseekfind.com
127.0.0.1 browser.secondpower.com
127.0.0.1 download.secondpower.com
127.0.0.1 www1.secondpower.com
127.0.0.1 www3.secondpower.com #[KB320159]
127.0.0.1 www.secondpower.com
127.0.0.1 adserver.securityfocus.com #[RealMedia]
127.0.0.1 www.selfsurveys.com
127.0.0.1 www.seehits.com
127.0.0.1 www.sendtraffic.com
127.0.0.1 sesso.com
127.0.0.1 www.sesso.com #[VBS.Biscuit.A@mm]
127.0.0.1 ds.serving-sys.com
127.0.0.1 quasar.sitegauge.com
127.0.0.1 tracker.sitescout.com
127.0.0.1 advertpro.sitepoint.com
127.0.0.1 www.sitestatslive.com
127.0.0.1 www.sitetracking.info #[Naughty Pops]
127.0.0.1 www.shadowcrew.com #[spam]
127.0.0.1 adserver.sharewareonline.com #[nictechnetworks.com]
127.0.0.1 www.shockcounter.com
127.0.0.1 shopathomeselect.com #[Parasite.ShopAtHomeSelect]
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 downloads.shopathomeselect.com
127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com #[Restricted Zone site]
127.0.0.1 smart2com.net #[Trojan.Autoproxy]
127.0.0.1 smart-browser.com
127.0.0.1 update.smart-browser.com #[Parasite.SmartBrowser]
127.0.0.1 www.smart-browser.com
127.0.0.1 smartclicks.net
127.0.0.1 www.smartclicks.net
127.0.0.1 smarter.com #[Restricted Zone site]
127.0.0.1 sidebar.smarter.com
127.0.0.1 www.smarter.com
127.0.0.1 ads.smni.com
127.0.0.1 static.smni.com
127.0.0.1 www.sonyasys.com #[Downloader.Botten]
127.0.0.1 www1.spaex.com #[searchboss.com]
127.0.0.1 www.specialoffersnetworks.com
127.0.0.1 www.spedia.net #[SpediaBar]
127.0.0.1 www.spyarsenal.com #[Spyware.DesktopSpy][Spyware.FamilyKeylog]
127.0.0.1 spyferret.com #[OnlinePcFix.SpyFerret]
127.0.0.1 www.spyferret.com
127.0.0.1 spyware.com #[roar.com]
127.0.0.1 www.ssppyy.com #[Spyware.Ssppyy]
127.0.0.1 www.s-tracking.com
127.0.0.1 adsintl.starwave.com
127.0.0.1
0
Réponse 6 / 27
Merlin
 
C'est très long, je te mets tout ?
Ou juste la fin ?
0
Réponse 7 / 27
salwa5 Posted messages 7552 Status Contributeur 1 670
 
yes please try to complete it if the problem persists do what siri asks you in message number 5

< 5 > S!Ri (Monday, April 2, 2007 at 10:59:22 PM)
Hello

You can upload this file:
C:\WINDOWS\iesettings.dll

to this address: http://siri.urz.free.fr/upload/
to update the fix.

Thank you
see you later
0
Réponse 8 / 27
salwa5 Posted messages 7552 Status Contributeur 1 670
 
For the report, it's all good, I received it in full by email :p

see you++++
0
Réponse 9 / 27
Merlin
 
C'est bon, j'ai téléchargé le fichier...
0
Réponse 10 / 27
S!Ri Posted messages 932 Status Contributeur sécurité 10
 
Hello

I received the file. It is part of your infection. There are others:

Restart in safe mode, check in
C:\Windows\ or C:\windows\system32\ for a file named mslog.exe
If you find it, rename it to mslog.bak

You can upload the following files in the same way:
C:\WINDOWS\iesupport.dll
C:\WINDOWS\iedebug.dll
C:\WINDOWS\mslog.bak or C:\WINDOWS\system32\mslog.bak if you found it.

Thanks
see you+
0
Réponse 11 / 27
Merlin
 
Thank you again for helping me... I'm doing it right away!
0
Réponse 12 / 27
merlin
 
Hi,
So I've uploaded what you asked for, but I couldn't find the mslog.exe file.
0
Réponse 13 / 27
S!Ri Posted messages 932 Status Contributeur sécurité 10
 
Hello

Thank you for your contribution.
I have just updated the fix with the new versions.

Restart SmitfraudFix.exe, select the update option (4).
The fix will download the latest version and then restart.

Select choice 1. and post the report here.

Restart in safe mode,
Restart SmitfraudFix and select choice number 2.
Post the generated report here (remove the lines 127.0.0.1... from it)
Along with a new HijackThis report.

I will leave you in the hands of salwa5 to finish.

See you later.
0
Réponse 14 / 27
merlin
 
SmitFraudFix v2.164

Report made at 8:53:23.65, 05/04/2007
Executed from C:\Documents and Settings\jubb\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Corrupted hosts file!

# [MICROSOFT.COM]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\iedebug.dll PRESENT!
C:\WINDOWS\iesettings.dll PRESENT!
C:\WINDOWS\iesupport.dll PRESENT!

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jubb

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jubb\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jubb\Favorites

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted Keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Items

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Warning, the following keys are not necessarily infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Warning, the following keys are not necessarily infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Warning, the following keys are not necessarily infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{10A3C246-DD8D-481D-BAA3-8E0CA95FA33B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{10A3C246-DD8D-481D-BAA3-8E0CA95FA33B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{10A3C246-DD8D-481D-BAA3-8E0CA95FA33B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

»»»»»»»»»»»»»»»»»»»»»»»» Searching for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 15 / 27
merlin
 
SmitFraudFix v2.164

Report made at 9:01:15,14, 05/04/2007
Executed from C:\Documents and Settings\jubb\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, the following keys are not necessarily infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Stopping processes

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

127.0.0.1 downloads.aaa1screensavers.com #[Bargain Buddy]
127.0.0.1 china.dalexcars.com
127.0.0.1 dl.aaascreensavers.com
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
127.0.0.1 www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com
127.0.0.1 www.adcipta.net #[W32/Malware]
127.0.0.1 adserv.adbonus.com
127.0.0.1 www.adbonus.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad3.adcept.net
127.0.0.1 www.adcept.net
127.0.0.1 adcomplete.com
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 ads.adcorps.com
127.0.0.1 ads.addynamix.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com
127.0.0.1 www.ad4ever.com
127.0.0.1 adhearus.com
127.0.0.1 display2.adhearus.com
127.0.0.1 ssl3.adhost.com
127.0.0.1 www2.adhost.com
127.0.0.1 www.addme.com
127.0.0.1 www.adinfinity.com
127.0.0.1 te.adlandpro.com
127.0.0.1 classic.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 www.adminder.com
127.0.0.1 adsfac.net
127.0.0.1 www.adonweb.com
127.0.0.1 www.adrelevance.com #[NetRatings]
127.0.0.1 media.adrevolver.com
127.0.0.1 adroar.com
127.0.0.1 ads.adroar.com
127.0.0.1 delta.adroar.com
127.0.0.1 iads.adroar.com #[Adware.AdRoar][ADW_ADROAR.A]
127.0.0.1 lists.adroar.com
127.0.0.1 www.adroar.com
127.0.0.1 ads.adsag.com
127.0.0.1 di.adsag.com
127.0.0.1 img.adsag.com
127.0.0.1 adserv.com
127.0.0.1 www.adserv.com
127.0.0.1 ads.adtomi.com
127.0.0.1 www.adtomi.com #[Adware.Adtomi]
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com
127.0.0.1 www.adtrader.com
127.0.0.1 www.adtraffic.net
127.0.0.1 survey.advantageresearch.com
127.0.0.1 ad.adver.com.tw
127.0.0.1 ads.advertise.net
127.0.0.1 advertisingvision.com #[Adware.Advision]
127.0.0.1 www.advertisingvision.com
127.0.0.1 adviva.com
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net
127.0.0.1 adstats.adviva.net
127.0.0.1 tracker.affistats.com #[msvrl.dll]
127.0.0.1 www.affiliatefuel.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 affiliatetarget.com
127.0.0.1 www.affiliatetarget.com
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 our.affiliatetracking.net
127.0.0.1 www.affiliatetracking.net
127.0.0.1 www.affiliatetracking.com
127.0.0.1 adserver.aim4media.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 pops.aim4media.com
127.0.0.1 www.aim4media.com
127.0.0.1 crs.akamai.com
127.0.0.1 soap.alexa.com #[Spyware.Alexa][Alexa Toolbar]
127.0.0.1 traffic.alexa.com
127.0.0.1 xsltcache.alexa.com
127.0.0.1 www.alexa.com
127.0.0.1 allcheapsolutions.com #[Backdoor-CIE]
127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster]
127.0.0.1 bantam.ai.net
127.0.0.1 fiona.ai.net
127.0.0.1 ads.amazingmedia.com
127.0.0.1 bohema.amillo.net #[Trojan.Mitglieder.H]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 banner.arttoday.com
127.0.0.1 ads.aspalliance.com
127.0.0.1 associmg.com #[amazon.com]
127.0.0.1 armbender.com #[UCSearch.ucUCSearch][W32.Adclicker.F.Trojan]
127.0.0.1 www.armbender.com #[UCSearch.ArmBender]
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com #[Restricted Zone site]
127.0.0.1 adserving.autotrader.com
127.0.0.1 www.avatarresources.com #[Parasite.AutoStartup]
127.0.0.1 www.avres.net
127.0.0.1 www.aweber.com
127.0.0.1 cploving.awmhost.net #[TrojanClicker.Win32.Lopin]
127.0.0.1 bar.baidu.com #[Parasite.ClientMan]
127.0.0.1 www.baltictop.com
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com #[Restricted Zone site]
127.0.0.1 www2.bannerspace.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com
127.0.0.1 bannerswap.com
127.0.0.1 www.bannerswap.com
127.0.0.1 www.bidclix.com
127.0.0.1 bidclix.net
127.0.0.1 www.bidclix.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net #[Restricted Zone site]
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 download.bigwebportal.com #[hotwebsearch.com]
127.0.0.1 www.bigwebportal.com
127.0.0.1 counter.bizland.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.black-hole.co.uk #[Restricted Zone site]
127.0.0.1 www.blazehits.net #[gonnasearch.com]
127.0.0.1 s7.blingblingcontent.com #[Easywebinstaller Control]
127.0.0.1 ads.bmais.net #[bluemountain]
127.0.0.1 bookedspace.com #[Parasite.BookedSpace]
127.0.0.1 www.bookedspace.com #[Adware.Bookedspace]
127.0.0.1 a.boom.ro
127.0.0.1 s.boom.ro
127.0.0.1 www1.boomerank.com
127.0.0.1 boomerank.com
127.0.0.1 citi.bridgetrack.com #[Tracking Service]
127.0.0.1 rccl.bridgetrack.com
127.0.0.1 config.broadcastpc.tv #[TROJ_RVP.E]
127.0.0.1 report.broadcastpc.tv #[AdvWare.Broadcap.a]
127.0.0.1 www.broadcastpc.tv #[Adware.Broadcastpc]
127.0.0.1 www.browserplugin.com #[WebHlprObj Class]
127.0.0.1 install.browsertoolbar.com #[Backdoor.Autoupder][BrowserToolbar]
127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]
127.0.0.1 www.browsertoolbar.com #[Parasite.BrowserToolbar]
127.0.0.1 browserwise.com #[Parasite.Xupiter][Xupiter.BrowserWise]
127.0.0.1 www.browserwise.com
127.0.0.1 www.buildtraffic.com
127.0.0.1 casino-on-net.com
127.0.0.1 java2.casino-on-net.com
127.0.0.1 www.casino-on-net.com
127.0.0.1 casinojems.com
127.0.0.1 www.casinojems.com
127.0.0.1 cc-dt.com
127.0.0.1 ads.cc-dt.com
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 www.capital-systems.net #[Troj/Ovedil-B]
127.0.0.1 www.care2.com #[TopMoxie]
127.0.0.1 ads.cars.com
127.0.0.1 www.cashforclicks.com
127.0.0.1 www.cashpile.com
127.0.0.1 ads.cdfreaks.com #[Ads.cdfreaks]
127.0.0.1 mds.centrport.net
127.0.0.1 c.clickaire.com #[CWS trojan downloads]
127.0.0.1 classifieds1000.com
127.0.0.1 www.classifieds1000.com
127.0.0.1 clearfind.com
127.0.0.1 www.clearfind.com #[Restricted Zone site]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank]
127.0.0.1 zzz.clickbank.net
127.0.0.1 clickedyclick.com
127.0.0.1 www.clickexchange.ru
127.0.0.1 click2boost.com
127.0.0.1 secure.click2boost.com
127.0.0.1 service.click2boost.com
127.0.0.1 www.click2boost.com
127.0.0.1 servedby.clickexperts.net
127.0.0.1 www.clicks2you.com
127.0.0.1 stats1.clicktracks.com
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com
127.0.0.1 www1.click-fr.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com
127.0.0.1 www.clicks4u.com
127.0.0.1 www.clipgenie.com
127.0.0.1 comclick.com
127.0.0.1 ct2.comclick.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com #[Restricted Zone site]
127.0.0.1 www.thecoolbar.com #[Softomate Toolbar][The Coolbar]
127.0.0.1 www.compactbanner.com
127.0.0.1 ads.console.net
127.0.0.1 coolshader.com
127.0.0.1 c.coolshader.com #[Win32.Harnig]
127.0.0.1 www.coolshader.com
127.0.0.1 counted.com
127.0.0.1 bilbo.counted.com
127.0.0.1 www.counted.com
127.0.0.1 www.counterguide.com
127.0.0.1 counter4u.de
127.0.0.1 connectionzone.com
127.0.0.1 count.casino-trade.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com
127.0.0.1 twci.coremetrics.com
127.0.0.1 us.cqcounter.com
127.0.0.1 zz.cqcounter.com
127.0.0.1 1us.cqcounter.com
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 cyberbounty.com
127.0.0.1 js.cybermonitor.com
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 cytron.com #[DailyWinner][Cytron]
127.0.0.1 www.cytron.com
127.0.0.1 www.dash.com
127.0.0.1 ads.date.com
127.0.0.1 banner.date.com
127.0.0.1 dbbsrv.com #[bserv.darkblue.com][Restricted Zone site]
127.0.0.1 freestuff.com.19828.fb.dbbsrv.com #[roar.com]
127.0.0.1 spyware.com.16871.fb.dbbsrv.com
127.0.0.1 webads.com.18345.fb.dbbsrv.com
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com #[Data Miner]
127.0.0.1 ad.ads.dk
127.0.0.1 tdkads.ads.dk
127.0.0.1 didtheyreadit.com #[email tracker]
127.0.0.1 www.didtheyreadit.com
127.0.0.1 counter.digits.com
127.0.0.1 www.divago.com #[Adware.Surfairy]
127.0.0.1 www.dnscaching.net #[stickypops.com]
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 downloadalot.com
127.0.0.1 get.downloadalot.com
127.0.0.1 www.downloadalot.com #[Restricted Zone site]
127.0.0.1 www.downseek.com #[DownSeek Search]
127.0.0.1 dqmedia.net #[spam]
127.0.0.1 drmx01.net #[spam]
127.0.0.1 www.duenow.com
127.0.0.1 gfx.dvlabs.com
127.0.0.1 klipads.dvlabs.com
127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
127.0.0.1 www.e2give.com
127.0.0.1 www.e-bannerx.com
127.0.0.1 adv1.eblocs.com
127.0.0.1 adv2.eblocs.com #[Rogue/Suspect]
127.0.0.1 www.easycounter.com
127.0.0.1 banners.easydns.com
127.0.0.1 banner.easyspace.com
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 www.efinder.cc #[StartPage-DA]
127.0.0.1 enhancemysearch.com #[xzoomy.com]
127.0.0.1 www.enhancemysearch.com
127.0.0.1 epeople.com
127.0.0.1 errorpage404.com #[JS_TRAFFICHBAR.A]
127.0.0.1 www.errorpage404.com #[Parasite.TinyBar]
127.0.0.1 vipuk.escritorioactivo.com #[123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[bogus antivirus spyware]
127.0.0.1 www.eshopads2.com
127.0.0.1 perso.estat.com
127.0.0.1 prof.estat.com
127.0.0.1 www.estat.com #[Restricted Zone site]
127.0.0.1 eu-adcenter.net
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 ugo.eu-adcenter.net #[evidence-eliminator.com]
127.0.0.1 www.euroklik.nl #[EasyBar][InstallerX Class]
127.0.0.1 engage.everyone.net
127.0.0.1 static.everyone.net
127.0.0.1 www.exchangead.com
127.0.0.1 exitexchange.com
127.0.0.1 count.exitexchange.com
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com #[Restricted Zone site]
127.0.0.1 www.exchangeexit.com #[Installer Class][Winupie]
127.0.0.1 www.exittraffic.net
127.0.0.1 ezcybersearch.com #[EZCyberSearch.Surebar]
127.0.0.1 ads.ezcybersearch.com #[Adware.EZSearch.B]
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 www.ezcybersearch.com #[Parasite.ezCyberSearch]
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 redirect.fairfax.com.au
127.0.0.1 campaigns.f2.com.au
127.0.0.1 www.fast2net.com
127.0.0.1 www.fastfind.org #[SubSearch][TROJ_STARTPAG.KF][Adware.Fastfind.B]
127.0.0.1 fasttrack.nu
127.0.0.1 www.fceboard.com #[Adware.EBoard]
127.0.0.1 www.fightpopups.net #[Adware.MessStopper]
127.0.0.1 adserver.filefront.com
127.0.0.1 www.filemix.net #[Surf+]
127.0.0.1 www.fineclicks.com
127.0.0.1 firstname.com
127.0.0.1 clicks.firstname.com
127.0.0.1 www.fizzlewizzle.com #[Fizzle Wizzle Searchbar]
127.0.0.1 flashtrack.net
127.0.0.1 ads.flashtrack.net #[Adware.Flashtrack.B]
127.0.0.1 coreg.flashtrack.net
127.0.0.1 www.flashtrack.net #[Adware.FlashEnhancer][KB312429]
127.0.0.1 flyinads.com
127.0.0.1 www.flyinads.com
127.0.0.1 ads.forbes.com
127.0.0.1 klipmart.forbes.com
127.0.0.1 www.ampira.com #[Fortunecity]
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.v3.com #[Fortunecity]
127.0.0.1 www2.fortunecity.com
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehistorycleaner.com #[Adware.Fapi][ADW_HISCLEAN.A]
127.0.0.1 free-stats.com
127.0.0.1 www.freewebsites.com
127.0.0.1 ads.free-windows-games.com
127.0.0.1 www.free-windows-games.com #[Parasite.GAMsys][GamHelper]
127.0.0.1 pops.freeze.com #[[GamHelper]
127.0.0.1 ads.gamespy.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 www.getsmart.com
127.0.0.1 bp2.getredirect.com
127.0.0.1 4.getredirect.com #[superlogy.com]
127.0.0.1 www.getredirect.com
127.0.0.1 getupdate.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 www.getupdate.com #[Adware.Getup]
127.0.0.1 gigex.com
127.0.0.1 media.gigex.com #[SpeedDelivery]
127.0.0.1 oascentral.gigex.com #[RealMedia]
127.0.0.1 www.gigex.com #[download Class]
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com #[Restricted Zone site][CWS]
127.0.0.1 banner.goldenpalace.com #[redirects]
127.0.0.1 www.goldenwebawards.com #[server down?]
127.0.0.1 goldstats.net
127.0.0.1 www.goldstats.net
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 ads.gorillanation.com #[Restricted Zone site]
127.0.0.1 adserver.gorillanation.com
127.0.0.1 gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com
127.0.0.1 webcounter.goweb.de
127.0.0.1 greatstartpage.com #[parasite downloads]
127.0.0.1 www.greatstartpage.com
127.0.0.1 grokster.com #[Restricted Zone site][P2P]
127.0.0.1 dl.grokster.com
127.0.0.1 www.grokster.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 www.g-wizzads.net
127.0.0.1 hamster.com #[apps5.oingo.com]
127.0.0.1 ad0.haynet.com
127.0.0.1 www.hitboss.com
127.0.0.1 www.hit4hit.com
127.0.0.1 ads.hitcents.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 loga.hit-parade.com
127.0.0.1 hit-parade.com
127.0.0.1 www.hitpointer.com
127.0.0.1 hitslink.com
127.0.0.1 counter.hitslink.com
127.0.0.1 counter2.hitslink.com
127.0.0.1 www2.hitslink.com
127.0.0.1 www.hitslink.com #[Restricted Zone site]
127.0.0.1 hitstats.net
127.0.0.1 www.hiwire.com
127.0.0.1 ads.home.net
127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
127.0.0.1 counters.honesty.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 hotphrase.com
127.0.0.1 www.hotphrase.com #[Restricted Zone site]
127.0.0.1 hotsearch.com #[roar.com][Restricted Zone site]
127.0.0.1 www.hotsearch.com
127.0.0.1 hotsearchbar.com #[iiittt Class][SpiderSearch]
127.0.0.1 www.hotsearchbar.com
127.0.0.1 www.10s.com.br #[Trojan.Cargao]
127.0.0.1 cgi.hotstat.nl
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 hc2.humanclick.com
127.0.0.1 www.humanclick.com #[Data Miner]
127.0.0.1 www.hypertracker.com
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 image-catcher.com
127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
127.0.0.1 stats.surfaid.ihost.com
127.0.0.1 ads.imdb.com #[amazon.com]
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 stats.indextools.com
127.0.0.1 adserver.indieclick.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads7.inet1.com
127.0.0.1 banners.inetfast.com
127.0.0.1 ads.infospace.com
127.0.0.1 bvads.infospace.com
127.0.0.1 dpxml.infospace.com
127.0.0.1 xads.infospace.com
127.0.0.1 www.infospider.com
127.0.0.1 ads.intellicast.com
127.0.0.1 ads.intelihealth.com
127.0.0.1 ads.intermezzia.com
127.0.0.1 mjxads.internet.com
127.0.0.1 indiads.com
127.0.0.1 infostart.com
127.0.0.1 popups.infostart.com
127.0.0.1 www.intelli-tracker.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipstat.com
127.0.0.1 istarthere.com #[Troj/IEStart-C]
127.0.0.1 directory.istarthere.com
127.0.0.1 moviesponsor.istarthere.com
127.0.0.1 partners.istarthere.com
127.0.0.1 www.istarthere.com #[VBS_IESTART.F]
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 isurfplus.com
127.0.0.1 www.isurfplus.com #[Adware.Surebar]
127.0.0.1 www.itrafficstar.com #[Restricted Zone site]
127.0.0.1 www.jcount.com
127.0.0.1 affiliates.jeanharris.com
127.0.0.1 popup.jeanharris.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 www.joltid.com #[Adware.P2PNetworking]
127.0.0.1 www1.kliks.nl
127.0.0.1 www2.kliks.nl
127.0.0.1 www.kliks.nl
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 stats.klsoft.com
127.0.0.1 www.kmindex.ru
127.0.0.1 ad.leadcrunch.com
127.0.0.1 ts1.lexmark.com
127.0.0.1 www.linkcounter.com
127.0.0.1 linkexchange.ru
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com
127.0.0.1 plus.link4link.com
127.0.0.1 www.links4trade.com
127.0.0.1 escati.linkopp.net
127.0.0.1 www.linkopp.net
127.0.0.1 js.livehelper.com #[Restricted Zone site]
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 liveperson.net
127.0.0.1 server.iad.liveperson.net #[Data Miner]
127.0.0.1 www.liveperson.com
127.0.0.1 adserv.lwmn.net
127.0.0.1 locators.com #[Adware.Locator]
127.0.0.1 toolbar.locators.com #[Locators Toolbar]
127.0.0.1 www.locators.com
127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 luckyhomepage.com #[search.targetwords.com\1stblaze.com]
127.0.0.1 www.luckyhomepage.com #[Restricted Zone site]
127.0.0.1 adverts.lzio.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 search.lzio.com
127.0.0.1 updates.lzio.com #[Downloader-LE][Adware.ZioCom]
127.0.0.1 make-deal.com
127.0.0.1 www.madoogali.com #[Madoogali]
127.0.0.1 go.mailbits.com
127.0.0.1 mair.net #[Realtracker]
127.0.0.1 marnet.us #[Downloader-IU]
127.0.0.1 image.masterstats.com
127.0.0.1 link.masterstats.com
127.0.0.1 ads.affiliates.match.com
127.0.0.1 associmage.match.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 maybeyes.biz #[Trojan.Ducky]
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 banner.meerhits.nl #[IEHIjacker.Meerhits.nl]
127.0.0.1 pokpok.meerhits.nl
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com #[typo squatter]
127.0.0.1 www.megaseek.net #[Restricted Zone site]
127.0.0.1 pubs.mgn.net #[Grolier Network]
127.0.0.1 www.mgshareware.com #[Adware Bundler]
127.0.0.1 micorsoft.com
127.0.0.1 www.micorsoft.com #[typo hijacker]
127.0.0.1 www.mini-player.com #[5MOF Mini-Player]
127.0.0.1 banner.missingkids.com
127.0.0.1 ads.monster.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.a.in.monster.com
127.0.0.1 ads.monstermoving.com
127.0.0.1 cookie.monster.com
127.0.0.1 mp3today.net
127.0.0.1 www.mp3yes.com #[C2Media\LOP]
127.0.0.1 mpamexit.com
127.0.0.1 www.messagetag.com #[Email tracker]
127.0.0.1 msgtag.com
127.0.0.1 img.msgtag.com #[Restricted Zone site]
127.0.0.1 www.msgtag.com
127.0.0.1 multi1.rmuk.co.uk #[RealMedia]
127.0.0.1 mvtracker.com
127.0.0.1 www.mvtracker.com
127.0.0.1 mvr3d.net #[NavExcel\n-CASE]
127.0.0.1 mvr.us #[Parasite.NavExcel]
127.0.0.1 www.mvr.us
127.0.0.1 www.myaffiliateprogram.com
127.0.0.1 www.myarmory.com #[Spyware.Bazookabar]
127.0.0.1 ads.mydailyhoroscope.net
127.0.0.1 www.mydailyhoroscope.net #[Adware.Horoscope]
127.0.0.1 www.myemessenger.com
127.0.0.1 rm.myoc.com
127.0.0.1 myhitlogger.com
127.0.0.1 mypagefinder.com #[Parasite.MyPageFinder]
127.0.0.1 hit.namimedia.com
127.0.0.1 ads.nandomedia.com
127.0.0.1 neededware.com #[Adware.NeededWare]
127.0.0.1 www.neededware.com
127.0.0.1 neo-toolbar.com #[InstControl Class][Trojan.NeoToolbar.Installer]
127.0.0.1 www6.netbroadcaster.com
127.0.0.1 code.netbreak.com.au
127.0.0.1 www.netflip.com
127.0.0.1 money2.netfirms.com #[The Money Toolbar]
127.0.0.1 partner.netmechanic.com
127.0.0.1 tracker.netmechanic.com
127.0.0.1 counter.netmore.net
127.0.0.1 www.netpoll.nl
127.0.0.1 servedby.netshelter.net
127.0.0.1 ads.netsol.com
127.0.0.1 www.netsearch.info
127.0.0.1 ads.newsint.co.uk
127.0.0.1 adq.nextag.com
127.0.0.1 newiframe.biz #[TROJ_DELF.DS]
127.0.0.1 www.newiframe.biz
127.0.0.1 web1.noadware.net
127.0.0.1 www.noadware.net #[SCAM.Enigma.NoAdware]
127.0.0.1 nowbox.com
127.0.0.1 www.nowbox.com #[Parasite.NowBox]
127.0.0.1 mediatickets.nubela.net
127.0.0.1 www.nubela.net
127.0.0.1 nzads.net.nz
127.0.0.1 okcounter.com
127.0.0.1 www.okww.net #[Trojan.StartPage.C]
127.0.0.1 stat.onestat.com
127.0.0.1 www.onestat.com
127.0.0.1 one.ru
127.0.0.1 cnt.one.ru
127.0.0.1 stats0.one.ru
127.0.0.1 stats1.one.ru
127.0.0.1 stats2.one.ru
127.0.0.1 www.oneandonlynetwork.com #[Ticketmaster]
127.0.0.1 server1.opentracker.net
127.0.0.1 www.opinionlab.com
127.0.0.1 ccc00.opinionlab.com
127.0.0.1 rate.opinionlab.com
127.0.0.1 banner.orb.net
127.0.0.1 www.originalicons.com #[F1 Organizer Class]
127.0.0.1 geoads.osdn.com
127.0.0.1 tg-images.osdn.com
127.0.0.1 otx5.otxresearch.com
127.0.0.1 otx.ifilm.com #[OTXMedia.dll]
127.0.0.1 survey.otxresearch.com #[TrojanDownloader.OTXloader.A]
127.0.0.1 www.otxresearch.com #[OTXMovie Class]
127.0.0.1 adpopper.outblaze.com #[bargain-buddy.net]
127.0.0.1 www.p3marketing.com #[Zapspot]
127.0.0.1 click.payserve.com
127.0.0.1 www.pc-test.net
127.0.0.1 ad1.peel.com
127.0.0.1 ad3.peel.com
127.0.0.1 ads.peel.com
127.0.0.1 ad4.peel.com
127.0.0.1 ads5.peel.com
127.0.0.1 www.peel.com
127.0.0.1 www.peel.net
127.0.0.1 ads.pennyweb.com #[addynamix.com]
127.0.0.1 banners.pennyweb.com
127.0.0.1 www.peruvianmarket.com #[Trojan.Beagooz.D][server down?]
127.0.0.1 ads.photosight.ru
127.0.0.1 phpadsnew.com
127.0.0.1 www.phpadsnew.com
127.0.0.1 ads2.playnet.com
127.0.0.1 popfind.net #[Adware.Ddpop]
127.0.0.1 www.popupads.com
127.0.0.1 www.popupad.net
127.0.0.1 popupblockade.com #[Parasite.Httper]
127.0.0.1 www.popupblockade.com
127.0.0.1 popupmoney.com #[Restricted Zone site]
127.0.0.1 server01.popupmoney.com
127.0.0.1 www.popupmoney.com
127.0.0.1 popadstop.com #[Adware.PopAdStop]
127.0.0.1 www.popadstop.com
127.0.0.1 www.popunder.info #[TROJ_CHECKIN.B]
127.0.0.1 www.popupswappers.com
127.0.0.1 ad.popupswappers.com
127.0.0.1 www.popuptop.com
127.0.0.1 www2.portdetective.com
127.0.0.1 www.positivebeats.com #[C2Media\LOP]
127.0.0.1 x0x0l.pp.ru #[BKDR_CCT.A]
127.0.0.1 www.praize.com #[Adware.Praize]
127.0.0.1 1.primaryads.com
127.0.0.1 www.privacyoutpost.com #[Troj/Regldr-A]
127.0.0.1 www.prtracker.com
127.0.0.1 www.profitzone.com #[ProfitZONE Adbar]
127.0.0.1 prolivation.com #[Restricted Zone site]
127.0.0.1 www.prolivation.com
127.0.0.1 ads.pro-market.net
127.0.0.1 www.promo.com.au
127.0.0.1 www.prutect.com #[Spyware.e2give][Win32.Prutec.A]
127.0.0.1 www.pstopper.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 sma.punto.net
127.0.0.1 www.pureseeker.com #[C2Media\LOP]
127.0.0.1 www.pwallet.com #[Restricted Zone site]
127.0.0.1 rads01.quadrogram.com #[Adware.Quadro][Memwatcher.B][TROJ_PEPER.A]
127.0.0.1 adserv.quality-channel.de
127.0.0.1 www.quarterserver.de
127.0.0.1 questionmarket.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ch.questionmarket.com
127.0.0.1 survey.questionmarket.com
127.0.0.1 www.questionmarket.com
127.0.0.1 download.quickflicks.com #[Parasite.SVAPlayer]
127.0.0.1 www.qq886.com #[Backdoor.Semes]
127.0.0.1 ramgo.com #[Restricted Zone site]
127.0.0.1 www.ramgo.com #[Win32.Startpage.B]
127.0.0.1 www.autoraskrutka.ru #[Spyware.Acext]
127.0.0.1 www.raskrutim.ru #[Spyware.Acext]
127.0.0.1 www.realclicks.com
127.0.0.1 www.relmaxtop.com
127.0.0.1 banner.relcom.ru
127.0.0.1 adservice.recon-networks.com
127.0.0.1 rightmedia.net
127.0.0.1 rightstats.com
127.0.0.1 www.rightstats.com
127.0.0.1 m.rmbclick.com
127.0.0.1 www.rgs-rostock.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 track.roiservice.com
127.0.0.1 ad.ro2cn.com #[Adware.Ro2cn]
127.0.0.1 www.sandboxer.com #[Adware.Quadro][memorywatcher.com][Memwatcher.B]
127.0.0.1 www.savehits.com
127.0.0.1 st.sageanalyst.net
127.0.0.1 scorpionsearch.com #[W32.Adclicker.C.Trojan]
127.0.0.1 www.scorpionsearch.com #[x10.com][Trojan.Clicker.NetBuie a-b]
127.0.0.1 adsremote.scripps.com
127.0.0.1 te.scripps.com
127.0.0.1 counter.search.bg
127.0.0.1 searchalot.com
127.0.0.1 cards.searchalot.com
127.0.0.1 mail.searchalot.com
127.0.0.1 search.searchalot.com
127.0.0.1 web.searchalot.com
127.0.0.1 www.searchalot.com #[Adware-Tronix]
127.0.0.1 searchandclick.com
127.0.0.1 search.searchandclick.com
127.0.0.1 www.searchandclick.com #[Browseraid][SearchAndClick]
127.0.0.1 searchby.net
127.0.0.1 www.searchby.net #[Ultimate Popup Killer]
127.0.0.1 searchfst.com #[SFUtility Class][keywordsinc.com]
127.0.0.1 www.searchfst.com
127.0.0.1 www.searchgauge.com
127.0.0.1 www.search-control.com #[TrojanDropper.Win32.Small.ig]
127.0.0.1 search-itnow.com #[Parasite.AdultLinks]
127.0.0.1 www.search-itnow.com
127.0.0.1 www.searchmachine.com
127.0.0.1 www.searchmagnifier.com
127.0.0.1 www.searchrelevancy.com
127.0.0.1 www.searchresult.net #[Parasite.IgetNet]
127.0.0.1 searchseekfind.com #[Adware.SearchSeekFind]
127.0.0.1 www.searchseekfind.com
127.0.0.1 browser.secondpower.com
127.0.0.1 download.secondpower.com
127.0.0.1 www1.secondpower.com
127.0.0.1 www3.secondpower.com #[KB320159]
127.0.0.1 www.secondpower.com
127.0.0.1 adserver.securityfocus.com #[RealMedia]
127.0.0.1 www.selfsurveys.com
127.0.0.1 www.seehits.com
127.0.0.1 www.sendtraffic.com
127.0.0.1 sesso.com
127.0.0.1 www.sesso.com #[VBS.Biscuit.A@mm]
127.0.0.1 ds.serving-sys.com
127.0.0.1 quasar.sitegauge.com
127.0.0.1 tracker.sitescout.com
127.0.0.1 advertpro.sitepoint.com
127.0.0.1 www.sitestatslive.com
127.0.0.1 www.sitetracking.info #[Naughty Pops]
127.0.0.1 www.shadowcrew.com #[spam]
127.0.0.1 adserver.sharewareonline.com #[nictechnetworks.com]
127.0.0.1 www.shockcounter.com
127.0.0.1 shopathomeselect.com #[Parasite.ShopAtHomeSelect]
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 downloads.shopathomeselect.com
127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com #[Restricted Zone site]
127.0.0.1 smart2com.net #[Trojan.Autoproxy]
127.0.0.1 smart-browser.com
127.0.0.1 update.smart-browser.com #[Parasite.SmartBrowser]
127.0.0.1 www.smart-browser.com
127.0.0.1 smartclicks.net
127.0.0.1 www.smartclicks.net
127.0.0.1 smarter.com #[Restricted Zone site]
127.0.0.1 sidebar.smarter.com
127.0.0.1 www.smarter.com
127.0.0.1 ads.smni.com
127.0.0.1 static.smni.com
127.0.0.1 www.sonyasys.com #[Downloader.Botten]
127.0.0.1 www1.spaex.com #[searchboss.com]
127.0.0.1 www.specialoffersnetworks.com
127.0.0.1 www.spedia.net #[SpediaBar]
127.0.0.1 www.spyarsenal.com #[Spyware.DesktopSpy][Spyware.FamilyKeylog]
127.0.0.1 spyferret.com #[OnlinePcFix.SpyFerret]
127.0.0.1 www.spyferret.com
127.0.0.1 spyware.com #[roar.com]
127.0.0.1 www.ssppyy.com #[Spyware.Ssppyy]
127.0.0.1 www.s-tracking.com
127.0.0.1 adsintl.starwave.com
127.0.0.1
0
Réponse 16 / 27
merlin
 
apparently it's all good!!!!
thank you very much...but what was that thing and why didn't Kaspersky find anything?
0
Réponse 17 / 27
S!Ri Posted messages 932 Status Contributeur sécurité 10
 
Re'

Post another Hijackthis report please.

Kaspersky let it through because no antivirus is 100% reliable. Not even the most reputable ones.

( http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9010041&source=rss_news50 )

The files you sent me have been sent to various antivirus labs and will be integrated into their database.

See you later
0
Réponse 18 / 27
merlin
 
Logfile of HijackThis v1.99.1
Scan saved at 13:34:54, on 05/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\jubb\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lstard.stormcorp.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: VPNS System - {9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} - C:\WINDOWS\iesettings.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: iesupport - {F9A3CE4B-9269-4E25-B3A3-F8ECF27CA0F8} - C:\WINDOWS\iesupport.dll (file missing)
O21 - SSODL: iedebug - {89304A23-6A7A-4772-B718-F9AD49F4833E} - C:\WINDOWS\iedebug.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 19 / 27
S!Ri Posted messages 932 Status Contributeur sécurité 10
 
Re'

Restart SmitfraudFix in normal mode, option 2
and this time, accept the registry cleaning.

Restart HijackThis, check the following lines and fix them.

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Post a report, that should be enough.
see you+
0
Réponse 20 / 27
salwa5 Posted messages 7552 Status Contributeur 1 670
 
Hello :) To finalize the cleaning, download and run

AVG anti-spyware
https://www.01net.com/telecharger/

(don’t forget to update it before starting the scan)

Restart AVG AS and then choose the "Scan" tab
Then the "Settings" tab
Under the question "How to react?", click on "Recommended actions" and choose "Quarantine"
Click again on the "Scan" tab and then perform a "Full system scan"

/!\ If a file is infected at the end of the scan /!\
Click on "Apply all actions"

Click on "Save report" and then "Save report as"
Save this text file to your desktop, then paste the report here

Delete unnecessary files (temporary files, cookies, etc.) with this

CCleaner
https://www.malekal.com/tutoriel-ccleaner/

See you+++
0
  • 1
  • 2