Virus defensenetsurfage

Résolu
kevinr166 -  
 kevinr166 -
Bonjour,
je suis infecté par le virus defensenetsurfage et j'ai tout éssayé mais je n'arrive pas à le supprimer j'ai aussi fait une analyse avec hijackthis qui ma indiqué des fichiers é des clés registres mais je ne sais pas lesquelles supprimer j'èspère que quelqu'un pourra m'aider parsk ce virus me soule depui kelke jour... répondez svp!! merci d'avance
Configuration: Windows XP
Internet Explorer 7.0

45 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par un malware complexe est rencontrée sur Windows XP, résistante aux tentatives de suppression et nécessitant l’identification précise de fichiers et clés malveillants. Plusieurs réponses préconisent des outils spécialisés comme SafeBootKeyRepair, SmitFraudFix, ComboFix, et des scans en ligne (BitDefender), associés à des nettoyages de registre et à la suppression de fichiers et de dossiers suspects. En parallèle, des analyses montrent des éléments de démarrage et des services modifiés, avec des rapports HijackThis et des logs SmitFraudFix/ComboFix décrivant des entrées douteuses et des restes de programmes malveillants. Des retours successifs évoquent des suppressions et restaurations, incluant un rapport ComboFix récent, mais sans confirmation formelle de la suppression complète ni du statut actuel du système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bienvenue sur le forum d’entraide de CommentCaMarche.net

    Nous connaissons votre situation et nous vous conseillons de ne surtout pas vous inquiéter.
    De plus, au vu du nombre croissant de désinfections effectuées sur le forum, nous vous demandons un peu de patience et surtout de ne pas créer plusieurs postes pour le même problème.
    Merci de votre compréhension.

    Copie colle ton rapport HijackThis.

    Bon courage

    A+
    0
  2. kevinr166
     
    Ok merci beaucoup d'avoir répondu é désolé d'avoir créé 2postes... voici mon raport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:36:13, on 04/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 255.255.255.255
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 255.255.255.255:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - <default> - (no file)
    R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {65D5A3B2-859E-42F5-AE9E-BC6D7EC1B0EB} - C:\WINDOWS\system32\VBA232.DLL (file missing)
    O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbHostIE.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll (file missing)
    O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: (no name) - {B7531CF3-3DBE-4D68-BED9-E3697F3CDC9B} - C:\WINDOWS\system32\dplay32.dll (file missing)
    O2 - BHO: (no name) - {C2EA6A7E-79FC-4CFB-90E4-898C742B44C5} - C:\WINDOWS\system32\mobsyncd.dll (file missing)
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: (no name) - {F3E3A0A8-906B-47D7-8E5E-8C7F1D3C0BDC} - C:\WINDOWS\system32\ulib32.dll (file missing)
    O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbHostIE.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: (no name) - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\expIorer.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll
    O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [L07FXLRD_674447171] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CCS\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS4\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS5\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS6\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O18 - Filter hijack: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll
    O20 - AppInit_DLLs: . 3 SF3.DLL,noxizaca.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O21 - SSODL: bxsbang - {D117607A-ED64-4810-9909-CD719374EE12} - C:\WINDOWS\bxsbang.dll
    O21 - SSODL: ocgrep - {8FFDD5BE-033D-4645-89DD-F81933FEDE44} - C:\WINDOWS\ocgrep.dll (file missing)
    O21 - SSODL: msmhost - {15FFDB8C-56FB-4F8A-B706-B188429645AA} - C:\WINDOWS\msmhost.dll
    O21 - SSODL: msmdev - {DB0855E8-80B3-44FE-B65C-8C23E45D0C0B} - C:\WINDOWS\msmdev.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Noxizac Service (NoxizacSrv) - Unknown owner - C:\WINDOWS\system32\noxizac.exe (file missing)
    O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
    O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OCBNEXFH - Sysinternals - www.sysinternals.com - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\OCBNEXFH.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok. Très infecté, fais attention ou tu surfes (sites X...)

    Télécharge ceci: (merci a S!RI pour ce programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    Exécute le Smitfraudfix.exe et choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.
    ----------------------------------------------------------------------------
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

    A+
    0
  4. kevinr166
     
    ok voici le rappor de smitfraudfix :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:36:13, on 04/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 255.255.255.255
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 255.255.255.255:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - <default> - (no file)
    R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {65D5A3B2-859E-42F5-AE9E-BC6D7EC1B0EB} - C:\WINDOWS\system32\VBA232.DLL (file missing)
    O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbHostIE.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll (file missing)
    O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: (no name) - {B7531CF3-3DBE-4D68-BED9-E3697F3CDC9B} - C:\WINDOWS\system32\dplay32.dll (file missing)
    O2 - BHO: (no name) - {C2EA6A7E-79FC-4CFB-90E4-898C742B44C5} - C:\WINDOWS\system32\mobsyncd.dll (file missing)
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: (no name) - {F3E3A0A8-906B-47D7-8E5E-8C7F1D3C0BDC} - C:\WINDOWS\system32\ulib32.dll (file missing)
    O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbHostIE.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: (no name) - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\expIorer.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll
    O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [L07FXLRD_674447171] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CCS\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS4\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24
    O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS5\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS6\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O18 - Filter hijack: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll
    O20 - AppInit_DLLs: . 3 SF3.DLL,noxizaca.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O21 - SSODL: bxsbang - {D117607A-ED64-4810-9909-CD719374EE12} - C:\WINDOWS\bxsbang.dll
    O21 - SSODL: ocgrep - {8FFDD5BE-033D-4645-89DD-F81933FEDE44} - C:\WINDOWS\ocgrep.dll (file missing)
    O21 - SSODL: msmhost - {15FFDB8C-56FB-4F8A-B706-B188429645AA} - C:\WINDOWS\msmhost.dll
    O21 - SSODL: msmdev - {DB0855E8-80B3-44FE-B65C-8C23E45D0C0B} - C:\WINDOWS\msmdev.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Noxizac Service (NoxizacSrv) - Unknown owner - C:\WINDOWS\system32\noxizac.exe (file missing)
    O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
    O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OCBNEXFH - Sysinternals - www.sysinternals.com - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\OCBNEXFH.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kevinr166
     
    ah... encore un problème... l'ordi veut pas se redémarrer en mode sans échec il charge les fichiers et tout d'un coup y se redémare... pourtant je l'ai déja fait plusieur fois auparavent mais c'est la première fois qu'il ne se rédémarre pas... peux- tu me dire ce que je dois faire stp?? merci d'avance!
    0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Déjà; j'atend l'option 1 de Smitfraudfix. suis bien les indications stp.

    A+
    0
  8. kevinr166
     
    Oh excuse moi j'ai collé le mauvais rapport celui de l'option 1 est là :

    SmitFraudFix v2.248

    Rapport fait à 23:04:18.10, 04/11/2007
    Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\bxsbang.dll PRESENT !
    C:\WINDOWS\kthemup.exe PRESENT !
    C:\WINDOWS\movctrlnkd.dll PRESENT !
    C:\WINDOWS\msmhost.dll PRESENT !
    C:\WINDOWS\privacy_danger PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    C:\DOCUME~1\HP_PRO~1\MENUDM~1\PROGRA~1\MovieCommander PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\MovieCommander\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
    "SubscribedURL"=""
    "FriendlyName"="Privacy Protection"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=". 3 SF3.DLL,noxizaca.dll C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"="lsass.exe"

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Sagem XG703 USB 802.11g - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer=85.155.115.94,85.155.118.94
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCEA4CCD-5AD7-462A-BC53-19A51F9571AC}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BCEA4CCD-5AD7-462A-BC53-19A51F9571AC}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BCEA4CCD-5AD7-462A-BC53-19A51F9571AC}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{BCEA4CCD-5AD7-462A-BC53-19A51F9571AC}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.94 85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.94 85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.94 85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.115.94 85.255.112.24

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Désolé de m'être trompé...
    0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok pas de soucis,

    Tu me disais que tu n'avais pas accès au Mode Sans Echec?

    A+
    0
  10. kevinr166
     
    Oui je n'y ai pas accès mais je ne sais pas du tout pourquoi! tous les fichiers se chargent mais après l'ordi se redémarre à nouveau et il ne s'allume qu'en le démarran normalement...
    A+
    0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok

    Execute smitfraudfix option 2 en mode normal et copie colle le rapport.

    A+
    0
  12. kevinr166
     
    Ok c'est bon je l'ai fait mais un moment il y avait écrit :
    "...
    Recherche DNS
    C:\Documents an Settings\HP_Propriétaire\Bureau\SmitfraudFix\FixDNS.vbs
    Erreur d'exécution Microsoft VBScript (214, 3) : Objet requis : ' '
    ..."

    et voila le rapport :

    SmitFraudFix v2.248

    Rapport fait à 14:35:02.54, 05/11/2007
    Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 serial.alcohol-soft.com
    127.0.0.1 www.alcohol-soft.com
    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com
    127.0.0.1 1001-search.info
    127.0.0.1 www.1001-search.info
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 132.com
    127.0.0.1 www.132.com
    127.0.0.1 136136.net
    127.0.0.1 www.136136.net
    127.0.0.1 139mm.com
    127.0.0.1 www.139mm.com
    127.0.0.1 163ns.com
    127.0.0.1 www.163ns.com
    127.0.0.1 171203.com
    127.0.0.1 17-plus.com
    127.0.0.1 1800searchonline.com
    127.0.0.1 www.1800searchonline.com
    127.0.0.1 180searchassistant.com
    127.0.0.1 www.180searchassistant.com
    127.0.0.1 180solutions.com
    127.0.0.1 www.180solutions.com
    127.0.0.1 181.365soft.info
    127.0.0.1 www.181.365soft.info
    127.0.0.1 1987324.com
    127.0.0.1 www.1987324.com
    127.0.0.1 1-domains-registrations.com
    127.0.0.1 www.1-domains-registrations.com
    127.0.0.1 1-extreme.biz
    127.0.0.1 www.1-extreme.biz
    127.0.0.1 1sexparty.com
    127.0.0.1 www.1sexparty.com
    127.0.0.1 1stantivirus.com
    127.0.0.1 www.1stantivirus.com
    127.0.0.1 1stpagehere.com
    127.0.0.1 www.1stpagehere.com
    127.0.0.1 1stsearchportal.com
    127.0.0.1 www.1stsearchportal.com
    127.0.0.1 2.82211.net
    127.0.0.1 www.2006ooo.com
    127.0.0.1 2007-download.com
    127.0.0.1 www.2007-download.com
    127.0.0.1 2020search.com
    127.0.0.1 www.2020search.com
    127.0.0.1 20x2p.com
    127.0.0.1 24.365soft.info
    127.0.0.1 www.24.365soft.info
    127.0.0.1 24-7pharmacy.info
    127.0.0.1 www.24-7pharmacy.info
    127.0.0.1 24-7searching-and-more.com
    127.0.0.1 www.24-7searching-and-more.com
    127.0.0.1 24teen.com
    127.0.0.1 www.24teen.com
    127.0.0.1 2every.net
    127.0.0.1 www.2every.net
    127.0.0.1 2ndpower.com
    127.0.0.1 2search.com
    127.0.0.1 www.2search.com
    127.0.0.1 2search.org
    127.0.0.1 www.2search.org
    127.0.0.1 2squared.com
    127.0.0.1 www.2squared.com
    127.0.0.1 3322.org
    127.0.0.1 www.3322.org
    127.0.0.1 365soft.info
    127.0.0.1 36site.com
    127.0.0.1 www.36site.com
    127.0.0.1 3721.com
    127.0.0.1 39-93.com
    127.0.0.1 3abetterinternet.com
    127.0.0.1 www.3abetterinternet.com
    127.0.0.1 3bay.it
    127.0.0.1 www.3bay.it
    127.0.0.1 3ebay.it
    127.0.0.1 www.3ebay.it
    127.0.0.1 404dns.com
    127.0.0.1 www.404dns.com
    127.0.0.1 4199.com
    127.0.0.1 www.4199.com
    127.0.0.1 4corn.net
    127.0.0.1 www.4corn.net
    127.0.0.1 4ebay.it
    127.0.0.1 www.4ebay.it
    127.0.0.1 4klm.com
    127.0.0.1 4repubblica.it
    127.0.0.1 www.4repubblica.it
    127.0.0.1 4softget.com
    127.0.0.1 www.4softget.com
    127.0.0.1 5iscali.it
    127.0.0.1 www.5iscali.it
    127.0.0.1 5repubblica.it
    127.0.0.1 www.5repubblica.it
    127.0.0.1 5starvideos.com
    127.0.0.1 www.5starvideos.com
    127.0.0.1 5tiscali.it
    127.0.0.1 www.5tiscali.it
    127.0.0.1 5zgmu7o20kt5d8yq.com
    127.0.0.1 www.5zgmu7o20kt5d8yq.com
    127.0.0.1 6iscali.it
    127.0.0.1 www.6iscali.it
    127.0.0.1 6sek.com
    127.0.0.1 www.6sek.com
    127.0.0.1 6tiscali.it
    127.0.0.1 www.6tiscali.it
    127.0.0.1 7322.com
    127.0.0.1 www.7322.com
    127.0.0.1 75tz.com
    127.0.0.1 777search.com
    127.0.0.1 www.777search.com
    127.0.0.1 777top.com
    127.0.0.1 www.777top.com
    127.0.0.1 7939.com
    127.0.0.1 www.7939.com
    127.0.0.1 7search.com
    127.0.0.1 www.7search.com
    127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
    127.0.0.1 82211.net
    127.0.0.1 8866.org
    127.0.0.1 888.com
    127.0.0.1 www.888.com
    127.0.0.1 8ad.com
    127.0.0.1 www.8ad.com
    127.0.0.1 9505.com
    127.0.0.1 www.9505.com
    127.0.0.1 971searchbox.com
    127.0.0.1 www.971searchbox.com
    127.0.0.1 a.bestmanage.org
    127.0.0.1 aaasexypics.com
    127.0.0.1 aaawebfinder.com
    127.0.0.1 www.aaawebfinder.com
    127.0.0.1 aavc.com
    127.0.0.1 abc-find.info
    127.0.0.1 www.abc-find.info
    127.0.0.1 abetterinternet.com
    127.0.0.1 www.abetterinternet.com
    127.0.0.1 abnetsoft.info
    127.0.0.1 www.abnetsoft.info
    127.0.0.1 aboutclicker.com
    127.0.0.1 www.aboutclicker.com
    127.0.0.1 abrp.net
    127.0.0.1 www.abrp.net
    127.0.0.1 absolutee.com
    127.0.0.1 www.absolutee.com
    127.0.0.1 abyssmedia.com
    127.0.0.1 www.abyssmedia.com
    127.0.0.1 ac66.cn
    127.0.0.1 www.ac66.cn
    127.0.0.1 access.Navinetwork.com
    127.0.0.1 access.rapid-pass.net
    127.0.0.1 accessactivexvideo.com
    127.0.0.1 www.accessactivexvideo.com
    127.0.0.1 accessclips.com
    127.0.0.1 www.accessclips.com
    127.0.0.1 access-dvd.com
    127.0.0.1 www.access-dvd.com
    127.0.0.1 accesskeygenerator.com
    127.0.0.1 www.accesskeygenerator.com
    127.0.0.1 accessorygeeks.com
    127.0.0.1 www.accessorygeeks.com
    127.0.0.1 accessthefuture.net
    127.0.0.1 www.accessthefuture.net
    127.0.0.1 accessvid.net
    127.0.0.1 www.accessvid.net
    127.0.0.1 acemedic.com
    127.0.0.1 www.acemedic.com
    127.0.0.1 ace-webmaster.com
    127.0.0.1 www.ace-webmaster.com
    127.0.0.1 acjp.com
    127.0.0.1 acrobat-2007.com
    127.0.0.1 www.acrobat-2007.com
    127.0.0.1 acrobat-8.com
    127.0.0.1 www.acrobat-8.com
    127.0.0.1 acrobat-center.com
    127.0.0.1 www.acrobat-center.com
    127.0.0.1 acrobat-hq.com
    127.0.0.1 www.acrobat-hq.com
    127.0.0.1 acrobatreader-8.com
    127.0.0.1 www.acrobatreader-8.com
    127.0.0.1 acrobat-reader-8.de
    127.0.0.1 www.acrobat-reader-8.de
    127.0.0.1 acrobat-stop.com
    127.0.0.1 www.acrobat-stop.com
    127.0.0.1 actionbreastcancer.org
    127.0.0.1 www.actionbreastcancer.org
    127.0.0.1 activesearcher.info
    127.0.0.1 www.activesearcher.info
    127.0.0.1 activexaccessobject.com
    127.0.0.1 www.activexaccessobject.com
    127.0.0.1 activexaccessvideo.com
    127.0.0.1 www.activexaccessvideo.com
    127.0.0.1 activexemedia.com
    127.0.0.1 www.activexemedia.com
    127.0.0.1 activexmediaobject.com
    127.0.0.1 www.activexmediaobject.com
    127.0.0.1 activexmediapro.com
    127.0.0.1 www.activexmediapro.com
    127.0.0.1 activexmediasite.com
    127.0.0.1 www.activexmediasite.com
    127.0.0.1 activexmediasoftware.com
    127.0.0.1 www.activexmediasoftware.com
    127.0.0.1 activexmediasource.com
    127.0.0.1 www.activexmediasource.com
    127.0.0.1 activexmediatool.com
    127.0.0.1 www.activexmediatool.com
    127.0.0.1 activexmediatour.com
    127.0.0.1 www.activexmediatour.com
    127.0.0.1 activexsoftwares.com
    127.0.0.1 www.activexsoftwares.com
    127.0.0.1 activexsource.com
    127.0.0.1 www.activexsource.com
    127.0.0.1 activexupdate.com
    127.0.0.1 www.activexupdate.com
    127.0.0.1 activexvideo.com
    127.0.0.1 www.activexvideo.com
    127.0.0.1 activexvideotool.com
    127.0.0.1 www.activexvideotool.com
    127.0.0.1 ad.marketingsector.com
    127.0.0.1 www.ad.marketingsector.com
    127.0.0.1 ad.mokead.com
    127.0.0.1 www.ad.mokead.com
    127.0.0.1 ad.yieldmanager.com
    127.0.0.1 www.ad.yieldmanager.com
    127.0.0.1 ad25.com
    127.0.0.1 ad45.com
    127.0.0.1 ad77.com
    127.0.0.1 ad86.com
    127.0.0.1 adamsupportgroup.org
    127.0.0.1 www.adamsupportgroup.org
    127.0.0.1 adarmor.com
    127.0.0.1 www.adarmor.com
    127.0.0.1 adasearch.com
    127.0.0.1 www.adasearch.com
    127.0.0.1 adaware.cc
    127.0.0.1 adawarenow.com
    127.0.0.1 www.adawarenow.com
    127.0.0.1 addictivetechnologies.com
    127.0.0.1 www.addictivetechnologies.com
    127.0.0.1 addictivetechnologies.net
    127.0.0.1 www.addictivetechnologies.net
    127.0.0.1 add-manager.com
    127.0.0.1 www.add-manager.com
    127.0.0.1 adgate.info
    127.0.0.1 www.adgate.info
    127.0.0.1 adipics.com
    127.0.0.1 www.adipics.com
    127.0.0.1 admin2cash.biz
    127.0.0.1 www.admin2cash.biz
    127.0.0.1 adnet-plus.com
    127.0.0.1 adobe-download-now.com
    127.0.0.1 adobe-downloads.com
    127.0.0.1 www.adobe-downloads.com
    127.0.0.1 adobe-reader-8.fr
    127.0.0.1 www.adobe-reader-8.fr
    127.0.0.1 adprotect.com
    127.0.0.1 www.adprotect.com
    127.0.0.1 ads.centralmedia.ws
    127.0.0.1 ads.k8l.info
    127.0.0.1 ads.kmpads.com
    127.0.0.1 ads.marketingsector.com
    127.0.0.1 ads.searchingbooth.com
    127.0.0.1 ads.z-quest.com
    127.0.0.1 ads183.com
    127.0.0.1 www.ads183.com
    127.0.0.1 adscontex.com
    127.0.0.1 www.adscontex.com
    127.0.0.1 adservices1.enhance.com
    127.0.0.1 www.adservices1.enhance.com
    127.0.0.1 adservs.com
    127.0.0.1 adsextend.net
    127.0.0.1 www.adsextend.net
    127.0.0.1 adshttp.com
    127.0.0.1 www.adshttp.com
    127.0.0.1 adsonwww.com
    127.0.0.1 www.adsonwww.com
    127.0.0.1 adspics.com
    127.0.0.1 www.adspics.com
    127.0.0.1 adtrak.net
    127.0.0.1 www.adtrak.net
    127.0.0.1 adtrgt.com
    127.0.0.1 adult777search.info
    127.0.0.1 www.adult777search.info
    127.0.0.1 adultan.com
    127.0.0.1 www.adultan.com
    127.0.0.1 adult-engine-search.com
    127.0.0.1 www.adult-engine-search.com
    127.0.0.1 adult-erotic-guide.net
    127.0.0.1 www.adult-erotic-guide.net
    127.0.0.1 adultfilmsite.com
    127.0.0.1 www.adultfilmsite.com
    127.0.0.1 adult-friends-finder.net
    127.0.0.1 www.adult-friends-finder.net
    127.0.0.1 adultgambling.org
    127.0.0.1 adult-host.org
    127.0.0.1 adulthyperlinks.com
    127.0.0.1 www.adulthyperlinks.com
    127.0.0.1 adultmovieplus.com
    127.0.0.1 www.adultmovieplus.com
    127.0.0.1 adult-personal.us
    127.0.0.1 adultsgames.net
    127.0.0.1 adultsper.com
    127.0.0.1 www.adultsper.com
    127.0.0.1 adulttds.com
    127.0.0.1 www.adulttds.com
    127.0.0.1 adultzoneworld.com
    127.0.0.1 www.adultzoneworld.com
    127.0.0.1 advcash.biz
    127.0.0.1 www.advcash.biz
    127.0.0.1 advert.exaccess.ru
    127.0.0.1 advertisemoney.info
    127.0.0.1 www.advertisemoney.info
    127.0.0.1 advertising.paltalk.com
    127.0.0.1 advertising-money.info
    127.0.0.1 www.advertising-money.info
    127.0.0.1 ad-ware.cc
    127.0.0.1 ad-w-a-r-e.com
    127.0.0.1 www.ad-w-a-r-e.com
    127.0.0.1 a-d-w-a-r-e.com
    127.0.0.1 www.a-d-w-a-r-e.com
    127.0.0.1 adwarebazooka.com
    127.0.0.1 www.adwarebazooka.com
    127.0.0.1 adwarefinder.com
    127.0.0.1 www.adwarefinder.com
    127.0.0.1 adwareprotectionsite.com
    127.0.0.1 www.adwareprotectionsite.com
    127.0.0.1 adwarepunisher.com
    127.0.0.1 www.adwarepunisher.com
    127.0.0.1 aflgate.com
    127.0.0.1 www.aflgate.com
    127.0.0.1 africaspromise.org
    127.0.0.1 agava.com
    127.0.0.1 agava.ru
    127.0.0.1 agentstudio.com
    127.0.0.1 aginegialle.it
    127.0.0.1 www.aginegialle.it
    127.0.0.1 www.aifind.info
    127.0.0.1 aifind.info
    127.0.0.1 airtleworld.com
    127.0.0.1 www.airtleworld.com
    127.0.0.1 aitalia.it
    127.0.0.1 www.aitalia.it
    127.0.0.1 akamai.downloadv3.com
    127.0.0.1 aklitalia.it
    127.0.0.1 www.aklitalia.it
    127.0.0.1 akril.com
    127.0.0.1 alcatel.ws
    127.0.0.1 alfacleaner.com
    127.0.0.1 www.alfacleaner.com
    127.0.0.1 alfa-search.com
    127.0.0.1 alialia.it
    127.0.0.1 www.alialia.it
    127.0.0.1 aliotalia.it
    127.0.0.1 www.aliotalia.it
    127.0.0.1 alirtalia.it
    127.0.0.1 www.alirtalia.it
    127.0.0.1 alitaia.it
    127.0.0.1 www.alitaia.it
    127.0.0.1 alitaklia.it
    127.0.0.1 www.alitaklia.it
    127.0.0.1 alitala.it
    127.0.0.1 www.alitala.it
    127.0.0.1 alitali.it
    127.0.0.1 www.alitali.it
    127.0.0.1 alitaliaq.it
    127.0.0.1 www.alitaliaq.it
    127.0.0.1 alitalias.it
    127.0.0.1 www.alitalias.it
    127.0.0.1 alitaliaz.it
    127.0.0.1 www.alitaliaz.it
    127.0.0.1 alitalioa.it
    127.0.0.1 www.alitalioa.it
    127.0.0.1 alitalisa.it
    127.0.0.1 www.alitalisa.it
    127.0.0.1 alitaliua.it
    127.0.0.1 www.alitaliua.it
    127.0.0.1 alitalkia.it
    127.0.0.1 www.alitalkia.it
    127.0.0.1 alitaloia.it
    127.0.0.1 www.alitaloia.it
    127.0.0.1 alitaluia.it
    127.0.0.1 www.alitaluia.it
    127.0.0.1 alitaslia.it
    127.0.0.1 www.alitaslia.it
    127.0.0.1 alitlia.it
    127.0.0.1 www.alitlia.it
    127.0.0.1 alitralia.it
    127.0.0.1 www.alitralia.it
    127.0.0.1 alitsalia.it
    127.0.0.1 www.alitsalia.it
    127.0.0.1 aliutalia.it
    127.0.0.1 www.aliutalia.it
    127.0.0.1 ALL1COUNT.NET
    127.0.0.1 www.ALL1COUNT.NET
    127.0.0.1 all4internet.com
    127.0.0.1 www.all4internet.com
    127.0.0.1 allabtcars.com
    127.0.0.1 allabtjeeps.com
    127.0.0.1 all-bittorrent.com
    127.0.0.1 www.all-bittorrent.com
    127.0.0.1 www.allcybersearch.com
    127.0.0.1 allcybersearch.com
    127.0.0.1 alldnserrors.com
    127.0.0.1 www.alldnserrors.com
    127.0.0.1 all-downloads-now.com
    127.0.0.1 www.all-downloads-now.com
    127.0.0.1 all-edonkey.com
    127.0.0.1 www.all-edonkey.com
    127.0.0.1 allforadult.com
    127.0.0.1 allhyperlinks.com
    127.0.0.1 alliesecurity.com
    127.0.0.1 www.alliesecurity.com
    127.0.0.1 all-inet.com
    127.0.0.1 allinternetbusiness.com
    127.0.0.1 all-limewire.com
    127.0.0.1 www.all-limewire.com
    127.0.0.1 allmegabucks.com
    127.0.0.1 www.allmegabucks.com
    127.0.0.1 allprotections.com
    127.0.0.1 www.allprotections.com
    127.0.0.1 allresultz.net
    127.0.0.1 www.allresultz.net
    127.0.0.1 allsecuritynotes.com
    127.0.0.1 www.allsecuritynotes.com
    127.0.0.1 allsecuritysite.com
    127.0.0.1 www.allsecuritysite.com
    127.0.0.1 allstarsvideos.net
    127.0.0.1 www.allstarsvideos.net
    127.0.0.1 alltruesoftware.com
    127.0.0.1 www.alltruesoftware.com
    127.0.0.1 allvideoactivex.com
    127.0.0.1 www.allvideoactivex.com
    127.0.0.1 almanah.biz
    127.0.0.1 www.almanah.biz
    127.0.0.1 almarvideos.com
    127.0.0.1 aloitalia.it
    127.0.0.1 www.aloitalia.it
    127.0.0.1 aluitalia.it
    127.0.0.1 www.aluitalia.it
    127.0.0.1 amaena.com
    127.0.0.1 www.amaena.com
    127.0.0.1 amandamountains.com
    127.0.0.1 amateurliveshow.com
    127.0.0.1 www.amateurliveshow.com
    127.0.0.1 amediasoftware.com
    127.0.0.1 www.amediasoftware.com
    127.0.0.1 amediasource.com
    127.0.0.1 www.amediasource.com
    127.0.0.1 americancarbargains.com
    127.0.0.1 www.americancarbargains.com
    127.0.0.1 american-teens.net
    127.0.0.1 amigeek.com
    127.0.0.1 amisbusiness.com
    127.0.0.1 ampmsearch.com
    127.0.0.1 www.ampmsearch.com
    127.0.0.1 analcord.com
    127.0.0.1 www.analcord.com
    127.0.0.1 analmovi.com
    127.0.0.1 anarchylolita.com
    127.0.0.1 www.anarchylolita.com
    127.0.0.1 anarchyporn.com
    127.0.0.1 andromedical.com
    127.0.0.1 www.andromedical.com
    127.0.0.1 animepornmag.com
    127.0.0.1 www.animepornmag.com
    127.0.0.1 anin.org
    127.0.0.1 anjpn-avxiz.biz
    127.0.0.1 www.anjpn-avxiz.biz
    127.0.0.1 anjpnzqav.biz
    127.0.0.1 www.anjpnzqav.biz
    127.0.0.1 anjpn-zqav.biz
    127.0.0.1 www.anjpn-zqav.biz
    127.0.0.1 annaromeo.com
    127.0.0.1 antiddos.us
    127.0.0.1 www.antiddos.us
    127.0.0.1 Antiespiadorado.com
    127.0.0.1 www.Antiespiadorado.com
    127.0.0.1 Antiespionspack.com
    127.0.0.1 www.Antiespionspack.com
    127.0.0.1 Antigusanos2008.com
    127.0.0.1 www.Antigusanos2008.com
    127.0.0.1 Antispionage.com
    127.0.0.1 www.Antispionage.com
    127.0.0.1 Antispionagepro.com
    127.0.0.1 www.Antispionagepro.com
    127.0.0.1 antispydns.biz
    127.0.0.1 www.antispydns.biz
    127.0.0.1 antispylab.com
    127.0.0.1 www.antispylab.com
    127.0.0.1 antispysolutions.com
    127.0.0.1 www.antispysolutions.com
    127.0.0.1 antispyware.com
    127.0.0.1 www.antispyware.com
    127.0.0.1 antispywarebot.com
    127.0.0.1 www.antispywarebot.com
    127.0.0.1 antispywarebox.com
    127.0.0.1 www.antispywarebox.com
    127.0.0.1 antispywaredownloads.com
    127.0.0.1 www.antispywaredownloads.com
    127.0.0.1 Antispywaresuite.com
    127.0.0.1 www.Antispywaresuite.com
    127.0.0.1 Antispyweb.net
    127.0.0.1 www.Antispyweb.net
    127.0.0.1 Antiver2008.com
    127.0.0.1 www.Antiver2008.com
    127.0.0.1 antivermins.com
    127.0.0.1 www.antivermins.com
    127.0.0.1 anti-vermins.com
    127.0.0.1 www.anti-vermins.com
    127.0.0.1 antivir2007.com
    127.0.0.1 www.antivir2007.com
    127.0.0.1 antivirgear.com
    127.0.0.1 www.antivirgear.com
    127.0.0.1 antivirus.fastfreedownload.com
    127.0.0.1 www.antivirus.fastfreedownload.com
    127.0.0.1 antivirusgolden.com
    127.0.0.1 www.antivirusgolden.com
    127.0.0.1 antivirus-hq.net
    127.0.0.1 www.antivirus-hq.net
    127.0.0.1 anti-virus-pro.com
    127.0.0.1 www.anti-virus-pro.com
    127.0.0.1 antivirusprotector.com
    127.0.0.1 www.antivirusprotector.com
    127.0.0.1 antivirussecuritypro.com
    127.0.0.1 www.antivirussecuritypro.com
    127.0.0.1 antivirus-stop.com
    127.0.0.1 www.antivirus-stop.com
    127.0.0.1 Antiworm2008.com
    127.0.0.1 www.Antiworm2008.com
    127.0.0.1 Antiwurm2008.com
    127.0.0.1 www.Antiwurm2008.com
    127.0.0.1 antrocity.com
    127.0.0.1 anyofus.com
    127.0.0.1 www.anyofus.com
    127.0.0.1 anysn.seproger.com
    127.0.0.1 www.anysn.seproger.com
    127.0.0.1 anything4health.com
    127.0.0.1 apicpreview.com
    127.0.0.1 www.apicpreview.com
    127.0.0.1 appealcircuit.com
    127.0.0.1 www.appealcircuit.com
    127.0.0.1 approvedlinks.com
    127.0.0.1 www.approvedlinks.com
    127.0.0.1 apps.deskwizz.com
    127.0.0.1 apps.webservicehost.com
    127.0.0.1 aprotectedpage.com
    127.0.0.1 www.aprotectedpage.com
    127.0.0.1 apsua.com
    127.0.0.1 archiviosex.net
    127.0.0.1 www.archiviosex.net
    127.0.0.1 aregay.com
    127.0.0.1 ares-freebie.com
    127.0.0.1 www.ares-freebie.com
    127.0.0.1 arespro2007.com
    127.0.0.1 www.arespro2007.com
    127.0.0.1 aresultra.com
    127.0.0.1 www.aresultra.com
    127.0.0.1 ares-usa.com
    127.0.0.1 www.ares-usa.com
    127.0.0.1 arheo.com
    127.0.0.1 arizonaweb.org
    127.0.0.1 armitageinn.com
    127.0.0.1 arquivojpgs.smtp.ru
    127.0.0.1 www.arquivojpgs.smtp.ru
    127.0.0.1 artachnid.com
    127.0.0.1 art-func.com
    127.0.0.1 art-xxx.com
    127.0.0.1 asafebrowser.com
    127.0.0.1 www.asafebrowser.com
    127.0.0.1 asafetynotice.com
    127.0.0.1 www.asafetynotice.com
    127.0.0.1 asafetypage.com
    127.0.0.1 www.asafetypage.com
    127.0.0.1 asdbiz.biz
    127.0.0.1 www.asdbiz.biz
    127.0.0.1 asdeykuddq.com
    127.0.0.1 www.asdeykuddq.com
    127.0.0.1 asecurebar.com
    127.0.0.1 www.asecurebar.com
    127.0.0.1 asecureboard.com
    127.0.0.1 www.asecureboard.com
    127.0.0.1 asecurevalue.com
    127.0.0.1 www.asecurevalue.com
    127.0.0.1 asecurityissue.com
    127.0.0.1 www.asecurityissue.com
    127.0.0.1 asecuritynotice.com
    127.0.0.1 www.asecuritynotice.com
    127.0.0.1 asecuritypaper.com
    127.0.0.1 www.asecuritypaper.com
    127.0.0.1 asecuritystuff.com
    127.0.0.1 www.asecuritystuff.com
    127.0.0.1 asiankingkong.com
    127.0.0.1 asianpornmag.com
    127.0.0.1 www.asianpornmag.com
    127.0.0.1 asiantoolbar.com
    127.0.0.1 www.asiantoolbar.com
    127.0.0.1 asidseiupc.com
    127.0.0.1 www.asidseiupc.com
    127.0.0.1 aslitalia.it
    127.0.0.1 www.aslitalia.it
    127.0.0.1 ass-gals.com
    127.0.0.1 assureprotection.com
    127.0.0.1 www.assureprotection.com
    127.0.0.1 asta-killer.com
    127.0.0.1 asupereva.it
    127.0.0.1 www.asupereva.it
    127.0.0.1 athenrye.com
    127.0.0.1 atotalsafety.com
    127.0.0.1 www.atotalsafety.com
    127.0.0.1 atrueprotection.com
    127.0.0.1 www.atrueprotection.com
    127.0.0.1 atruesecurity.com
    127.0.0.1 www.atruesecurity.com
    127.0.0.1 attackware.com
    127.0.0.1 www.attackware.com
    127.0.0.1 attrezzi.biz
    127.0.0.1 www.attrezzi.biz
    127.0.0.1 aulde.net
    127.0.0.1 www.aulde.net
    127.0.0.1 aupereva.it
    127.0.0.1 www.aupereva.it
    127.0.0.1 autocontext.begun.ru
    127.0.0.1 www.autocontext.begun.ru
    127.0.0.1 autoescrowpay.com
    127.0.0.1 avast.free-software-center.com
    127.0.0.1 www.avast.free-software-center.com
    127.0.0.1 avast-2007.com
    127.0.0.1 www.avast-2007.com
    127.0.0.1 avast-downloads.com
    127.0.0.1 www.avast-downloads.com
    127.0.0.1 avast-hq.com
    127.0.0.1 www.avast-hq.com
    127.0.0.1 avforce.com
    127.0.0.1 www.avforce.com
    127.0.0.1 avg.grab-it-today.net
    127.0.0.1 www.avg.grab-it-today.net
    127.0.0.1 avg.softwarecenterz.com
    127.0.0.1 www.avg.softwarecenterz.com
    127.0.0.1 avg-secure.com
    127.0.0.1 www.avg-secure.com
    127.0.0.1 avian-ads.com
    127.0.0.1 avideoaxaccess.com
    127.0.0.1 www.avideoaxaccess.com
    127.0.0.1 avideosurfer.com
    127.0.0.1 www.avideosurfer.com
    127.0.0.1 aviewersoft.com
    127.0.0.1 www.aviewersoft.com
    127.0.0.1 avpcheckupdate.com
    127.0.0.1 www.avpcheckupdate.com
    127.0.0.1 avxizaaqada.biz
    127.0.0.1 www.avxizaaqada.biz
    127.0.0.1 avxiz-anjpn.biz
    127.0.0.1 www.avxiz-anjpn.biz
    127.0.0.1 avxizueorn.biz
    127.0.0.1 www.avxizueorn.biz
    127.0.0.1 avxiz-ueorn.biz
    127.0.0.1 www.avxiz-ueorn.biz
    127.0.0.1 avxiz-vtvcp.biz
    127.0.0.1 www.avxiz-vtvcp.biz
    127.0.0.1 avxiz-ygco.biz
    127.0.0.1 www.avxiz-ygco.biz
    127.0.0.1 avxiz-zqav.biz
    127.0.0.1 www.avxiz-zqav.biz
    127.0.0.1 awarninglist.com
    127.0.0.1 www.awarninglist.com
    127.0.0.1 awbeta.net-nucleus.com
    127.0.0.1 awesomehomepage.com
    127.0.0.1 www.awesomehomepage.com
    127.0.0.1 awmcash.biz
    127.0.0.1 awmdabest.com
    127.0.0.1 axemediasoftware.com
    127.0.0.1 www.axemediasoftware.com
    127.0.0.1 aximageobject.com
    127.0.0.1 www.aximageobject.com
    127.0.0.1 axmediaproject.com
    127.0.0.1 www.axmediaproject.com
    127.0.0.1 axmediasoftware.com
    127.0.0.1 www.axmediasoftware.com
    127.0.0.1 axmediasolutions.com
    127.0.0.1 www.axmediasolutions.com
    127.0.0.1 axobjectpage.com
    127.0.0.1 www.axobjectpage.com
    127.0.0.1 axobjectsource.com
    127.0.0.1 www.axobjectsource.com
    127.0.0.1 axsoftwaretool.com
    127.0.0.1 www.axsoftwaretool.com
    127.0.0.1 axvideoproject.com
    127.0.0.1 www.axvideoproject.com
    127.0.0.1 axvideosetup.com
    127.0.0.1 www.axvideosetup.com
    127.0.0.1 ayakawamura.com
    127.0.0.1 ayb.dns-look-up.com
    127.0.0.1 ayb.netbios-wait.com
    127.0.0.1 ayumitaniguchi.com
    127.0.0.1 azebar.com
    127.0.0.1 azureusclub.com
    127.0.0.1 www.azureusclub.com
    127.0.0.1 azureus-freebie.com
    127.0.0.1 www.azureus-freebie.com
    127.0.0.1 azzetta.it
    127.0.0.1 www.azzetta.it
    127.0.0.1 b.casalemedia.com
    127.0.0.1 babe.k-lined.com
    127.0.0.1 www.babe.k-lined.com
    127.0.0.1 babe.the-killer.bz
    127.0.0.1 www.babe.the-killer.bz
    127.0.0.1 babenet.com
    127.0.0.1 www.babenet.com
    127.0.0.1 babespornmag.com
    127.0.0.1 www.babespornmag.com
    127.0.0.1 babeweb.de
    127.0.0.1 www.babeweb.de
    127.0.0.1 baccarat-other.info
    127.0.0.1 www.baccarat-other.info
    127.0.0.1 Backstripgirls.com
    127.0.0.1 www.Backstripgirls.com
    127.0.0.1 backup.mabou.org
    127.0.0.1 balotierra.com
    127.0.0.1 www.balotierra.com
    127.0.0.1 bannedhost.net
    127.0.0.1 barbudafarms.com
    127.0.0.1 bardownload.com
    127.0.0.1 www.bardownload.com
    127.0.0.1 barnandfence.com
    127.0.0.1 batsearch.com
    127.0.0.1 baygraphicsllc.com
    127.0.0.1 bbbsearch.com
    127.0.0.1 bb-search.com
    127.0.0.1 bdsmlibrary.net
    127.0.0.1 bdsmpornmag.com
    127.0.0.1 www.bdsmpornmag.com
    127.0.0.1 bearshare.download-me.info
    127.0.0.1 www.bearshare.download-me.info
    127.0.0.1 bearshare.mp3-muzic.com
    127.0.0.1 www.bearshare.mp3-muzic.com
    127.0.0.1 bearshare-download.org
    127.0.0.1 www.bearshare-download.org
    127.0.0.1 bearshare-downloads.net
    127.0.0.1 www.bearshare-downloads.net
    127.0.0.1 bearsharelive.co.uk
    127.0.0.1 www.bearsharelive.co.uk
    127.0.0.1 bearshare-music-downloads.com
    127.0.0.1 www.bearshare-music-downloads.com
    127.0.0.1 bearsharepro2007.com
    127.0.0.1 www.bearsharepro2007.com
    127.0.0.1 bearshare-usa.com
    127.0.0.1 www.bearshare-usa.com
    127.0.0.1 bedhome.com
    127.0.0.1 bediadance.com
    127.0.0.1 beebappyy.biz
    127.0.0.1 www.beebappyy.biz
    127.0.0.1 begin2search.com
    127.0.0.1 www.begin2search.com
    127.0.0.1 bellabasketsfl.com
    127.0.0.1 bernaolatwin.com
    127.0.0.1 best-counter.com
    127.0.0.1 bestcrawler.com
    127.0.0.1 bestfor.ru
    127.0.0.1 best-hardpics.com
    127.0.0.1 bestmanage.org
    127.0.0.1 www.bestmanage.org
    127.0.0.1 bestmanage0.org
    127.0.0.1 www.bestmanage0.org
    127.0.0.1 bestmanage1.org
    127.0.0.1 www.bestmanage1.org
    127.0.0.1 bestmanage2.org
    127.0.0.1 www.bestmanage2.org
    127.0.0.1 bestmanage3.org
    127.0.0.1 www.bestmanage3.org
    127.0.0.1 bestmanage4.org
    127.0.0.1 www.bestmanage4.org
    127.0.0.1 bestmanage5.org
    127.0.0.1 www.bestmanage5.org
    127.0.0.1 bestmanage6.org
    127.0.0.1 www.bestmanage6.org
    127.0.0.1 bestmanage7.org
    127.0.0.1 www.bestmanage7.org
    127.0.0.1 bestmanage8.org
    127.0.0.1 www.bestmanage8.org
    127.0.0.1 bestmanage9.org
    127.0.0.1 www.bestmanage9.org
    127.0.0.1 bestporngate.com
    127.0.0.1 bestsafetyguide.net
    127.0.0.1 www.bestsafetyguide.net
    127.0.0.1 best-spyware.info
    127.0.0.1 www.best-spyware.info
    127.0.0.1 best-targeted-traffic.com
    127.0.0.1 www.best-targeted-traffic.com
    127.0.0.1 best-voyeur.info
    127.0.0.1 www.best-voyeur.info
    127.0.0.1 bestweblinks.com
    127.0.0.1 best-winning-casino.com
    127.0.0.1 bestworldgirls-for-u.net
    127.0.0.1 www.bestworldgirls-for-u.net
    127.0.0.1 bestxporno.com
    127.0.0.1 bettersearch.biz
    127.0.0.1 www.bettersearch.biz
    127.0.0.1 bgazzetta.it
    127.0.0.1 www.bgazzetta.it
    127.0.0.1 bgoogle.it
    127.0.0.1 www.bgoogle.it
    127.0.0.1 bigtrafficnetwork.com
    127.0.0.1 www.bigtrafficnetwork.com
    127.0.0.1 bigwww.com
    127.0.0.1 www.bigwww.com
    127.0.0.1 bin.errorprotector.com
    127.0.0.1 bins.media-motor.net
    127.0.0.1 bins2.media-motor.net
    127.0.0.1 bis.180solutions.com
    127.0.0.1 bitchesonline.net
    127.0.0.1 bitcomet-freebie.com
    127.0.0.1 www.bitcomet-freebie.com
    127.0.0.1 biz.biz
    127.0.0.1 blackblues00.com
    127.0.0.1 www.blackblues00.com
    127.0.0.1 blackhats.tc
    127.0.0.1 www.blackhats.tc
    127.0.0.1 blackhawksoftware.com
    127.0.0.1 www.blackhawksoftware.com
    127.0.0.1 blackjack-free.net
    127.0.0.1 blazefind.com
    127.0.0.1 blender.xu.pl
    127.0.0.1 blondetgp.com
    127.0.0.1 blue-elefant.com
    127.0.0.1 www.blue-elefant.com
    127.0.0.1 bm.theaimonline.com
    127.0.0.1 www.bm.theaimonline.com
    127.0.0.1 bnmgate.com
    127.0.0.1 www.bnmgate.com
    127.0.0.1 bodaciousbabette.com
    127.0.0.1 bonzi.com
    127.0.0.1 www.bonzi.com
    127.0.0.1 boobdoll.com
    127.0.0.1 boobsandtits.com
    127.0.0.1 boobsclub.com
    127.0.0.1 bookedspace.com
    127.0.0.1 www.bookedspace.com
    127.0.0.1 boom.com.vn
    127.0.0.1 www.boom.com.vn
    127.0.0.1 boredlife.com
    127.0.0.1 bowlofogumbo.com
    127.0.0.1 bpfq02.com
    127.0.0.1 www.bpfq02.com
    127.0.0.1 bqgate.com
    127.0.0.1 www.bqgate.com
    127.0.0.1 br.errorsafe.com
    127.0.0.1 br.winantivirus.com
    127.0.0.1 br.winfixer.com
    127.0.0.1 bradcoem.org
    127.0.0.1 braincodec.com
    127.0.0.1 www.braincodec.com
    127.0.0.1 brandiyoung.com
    127.0.0.1 bravesentry.com
    127.0.0.1 www.bravesentry.com
    127.0.0.1 breenten.biz
    127.0.0.1 www.breenten.biz
    127.0.0.1 brodbfm.net
    127.0.0.1 www.brodbfm.net
    127.0.0.1 brookeburn.com
    127.0.0.1 browserwise.com
    127.0.0.1 www.browserwise.com
    127.0.0.1 bucps.com
    127.0.0.1 buhartes.info
    127.0.0.1 buldog-stats.com
    127.0.0.1 bullseye-network.com
    127.0.0.1 www.bullseye-network.com
    127.0.0.1 burgerkingbigscreen.com
    127.0.0.1 burnsrecyclinginc.com
    127.0.0.1 www.burnsrecyclinginc.com
    127.0.0.1 buscards.net
    127.0.0.1 bustyrussell.com
    127.0.0.1 busysearch.net
    127.0.0.1 www.busysearch.net
    127.0.0.1 buttejazz.org
    127.0.0.1 buy-find.info
    127.0.0.1 www.buy-find.info
    127.0.0.1 buyselldomain.net
    127.0.0.1 buytraff.biz
    127.0.0.1 www.buytraff.biz
    127.0.0.1 buz.ru
    127.0.0.1 bvirgilio.it
    127.0.0.1 www.bvirgilio.it
    127.0.0.1 c.centralmedia.ws
    127.0.0.1 c.enhance.com
    127.0.0.1 www.c.enhance.com
    127.0.0.1 c.goclick.com
    127.0.0.1 c4tdownload.com
    127.0.0.1 www.c4tdownload.com
    127.0.0.1 c5.www4free.info
    127.0.0.1 www.c5.www4free.info
    127.0.0.1 cache.surfaccuracy.com
    127.0.0.1 www.cache.surfaccuracy.com
    127.0.0.1 cache.ysbweb.com
    127.0.0.1 calcioturris.com
    127.0.0.1 calendaralerts.net
    127.0.0.1 www.calendaralerts.net
    127.0.0.1 cameouk.co.uk
    127.0.0.1 www.cameouk.co.uk
    127.0.0.1 cameup.com
    127.0.0.1 camouflageclothingonline.net
    127.0.0.1 www.camouflageclothingonline.net
    127.0.0.1 camup.net
    127.0.0.1 canberracricketcoaching.com
    127.0.0.1 candycantaloupes.com
    127.0.0.1 canidetect.org
    127.0.0.1 www.canidetect.org
    127.0.0.1 cantfind.com
    127.0.0.1 www.cantfind.com
    127.0.0.1 careers.dulcineasystems.net
    127.0.0.1 carsands.com
    127.0.0.1 carsrentals.net
    127.0.0.1 cartoes.uol.com.br
    127.0.0.1 casalemedia.com
    127.0.0.1 www.casalemedia.com
    127.0.0.1 cashdeluxe.net
    127.0.0.1 www.cashdeluxe.net
    127.0.0.1 cashengines.com
    127.0.0.1 www.cashengines.com
    127.0.0.1 cashsearch.biz
    127.0.0.1 cashsurfers.com
    127.0.0.1 www.cashsurfers.com
    127.0.0.1 CashUnlim.com
    127.0.0.1 www.CashUnlim.com
    127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
    127.0.0.1 casino2win.net
    127.0.0.1 casino-gambling-1.net
    127.0.0.1 casino-gambling-2.net
    127.0.0.1 casinomidas.net
    127.0.0.1 casinonline.net
    127.0.0.1 casino-onlines.net
    127.0.0.1 castingsamateur.com
    127.0.0.1 www.castingsamateur.com
    127.0.0.1 catallogue.com
    127.0.0.1 catch-dc.info
    127.0.0.1 www.catch-dc.info
    127.0.0.1 categories.mygeek.com
    127.0.0.1 catsss.da.ru
    127.0.0.1 caxa.ru
    127.0.0.1 cc.panet.org
    127.0.0.1 ccecaedbebfcaf.com
    127.0.0.1 www.ccecaedbebfcaf.com
    127.0.0.1 cclebali.org
    127.0.0.1 ccorriere.it
    127.0.0.1 www.ccorriere.it
    127.0.0.1 cdegate.com
    127.0.0.1 www.cdegate.com
    127.0.0.1 cdn.drivecleaner.com
    127.0.0.1 cdn.errorsafe.com
    127.0.0.1 cdn.movies-etc.com
    127.0.0.1 cdn.winsoftware.com
    127.0.0.1 cdn2.movies-etc.com
    127.0.0.1 cdorriere.it
    127.0.0.1 www.cdorriere.it
    127.0.0.1 ceewawires.org
    127.0.0.1 centralmedia.ws
    127.0.0.1 certumgroup.com
    127.0.0.1 cforriere.it
    127.0.0.1 www.cforriere.it
    127.0.0.1 check.jupitersatellites.biz
    127.0.0.1 www.check.jupitersatellites.biz
    127.0.0.1 checkin100.com
    127.0.0.1 www.checkin100.com
    127.0.0.1 checkssecurity.com
    127.0.0.1 www.checkssecurity.com
    127.0.0.1 chelancatering.com
    127.0.0.1 chenshijituan.com
    127.0.0.1 www.chenshijituan.com
    127.0.0.1 childrenvilla.com
    127.0.0.1 chips-4-free.com
    127.0.0.1 chrisswasey.com
    127.0.0.1 chriswallace.net
    127.0.0.1 cia-trjn.myvnc.com
    127.0.0.1 www.cia-trjn.myvnc.com
    127.0.0.1 ciorriere.it
    127.0.0.1 www.ciorriere.it
    127.0.0.1 cirriere.it
    127.0.0.1 www.cirriere.it
    127.0.0.1 ckick4thumbs.com
    127.0.0.1 cl55.biz
    127.0.0.1 clackamasliteraryreview.com
    127.0.0.1 cleansoftwares.com
    127.0.0.1 www.cleansoftwares.com
    127.0.0.1 clearsearch.cc
    127.0.0.1 clearsearch.net
    127.0.0.1 clickaire.com
    127.0.0.1 click-codec.com
    127.0.0.1 www.click-codec.com
    127.0.0.1 clickhere4search.com
    127.0.0.1 www.clickhere4search.com
    127.0.0.1 click-now.net
    127.0.0.1 clickspring.net
    127.0.0.1 www.clickspring.net
    127.0.0.1 click-to-download.com
    127.0.0.1 www.click-to-download.com
    127.0.0.1 clicktomakeasearch.com
    127.0.0.1 www.clicktomakeasearch.com
    127.0.0.1 clickyestoenter.net
    127.0.0.1 client.exeupdate.com
    127.0.0.1 client.myadultexplorer.com
    127.0.0.1 cliks.org
    127.0.0.1 www.cliks.org
    127.0.0.1 clorriere.it
    127.0.0.1 www.clorriere.it
    127.0.0.1 clrsch.com
    127.0.0.1 clubxxxvideo.com
    127.0.0.1 www.clubxxxvideo.com
    127.0.0.1 clusif.free.fr
    127.0.0.1 cmtapestry.com
    127.0.0.1 cnetadd.com
    127.0.0.1 www.cnetadd.com
    127.0.0.1 cnzz.com
    127.0.0.1 www.cnzz.com
    127.0.0.1 code.ignphrases.com
    127.0.0.1 codec.ninoa.com
    127.0.0.1 codecdvd.net
    127.0.0.1 www.codecdvd.net
    127.0.0.1 codec-fun.com
    127.0.0.1 www.codec-fun.com
    127.0.0.1 codecsoft.net
    127.0.0.1 www.codecsoft.net
    127.0.0.1 codrriere.it
    127.0.0.1 www.codrriere.it
    127.0.0.1 coeriere.it
    127.0.0.1 www.coeriere.it
    127.0.0.1 coerriere.it
    127.0.0.1 www.coerriere.it
    127.0.0.1 cofrriere.it
    127.0.0.1 www.cofrriere.it
    127.0.0.1 cogrriere.it
    127.0.0.1 www.cogrriere.it
    127.0.0.1 coirriere.it
    127.0.0.1 www.coirriere.it
    127.0.0.1 command.adservs.com
    127.0.0.1 www.commonname.com
    127.0.0.1 computerpcgames.net
    127.0.0.1 www.computerpcgames.net
    127.0.0.1 computerrecover.com
    127.0.0.1 www.computerrecover.com
    127.0.0.1 config.180solutions.com
    127.0.0.1 content.dollarrevenue.com
    127.0.0.1 www.content.dollarrevenue.com
    127.0.0.1 content.ireit.com
    127.0.0.1 www.content.ireit.com
    127.0.0.1 content.onerateld.com
    127.0.0.1 contentmatch.net
    127.0.0.1 www.contentmatch.net
    127.0.0.1 contra-virus.com
    127.0.0.1 www.contra-virus.com
    127.0.0.1 controlmeh.com
    127.0.0.1 www.controlmeh.com
    127.0.0.1 cooldeskalert.com
    127.0.0.1 www.cooldeskalert.com
    127.0.0.1 coolfetishsite.com
    127.0.0.1 coolfreehost.com
    127.0.0.1 coolfreepage.com
    127.0.0.1 coolfreepages.com
    127.0.0.1 cool-homepage.co
    127.0.0.1 cool-homepage.com
    127.0.0.1 coolmoneysearch.com
    127.0.0.1 coolpornsearch.com
    127.0.0.1 cool-search.net
    127.0.0.1 cool-search.netfartpost.com
    127.0.0.1 coolsearcher.info
    127.0.0.1 coolservecorp.net
    127.0.0.1 www.coolservecorp.net
    127.0.0.1 coolwebsearch.com
    127.0.0.1 www.coolwebsearch.com
    127.0.0.1 cool-web-search.com
    127.0.0.1 coolwebsearsh.com
    127.0.0.1 coolwwwsearch.com
    127.0.0.1 www.coolwwwsearch.com
    127.0.0.1 cool-xxx.net
    127.0.0.1 coorriere.it
    127.0.0.1 www.coorriere.it
    127.0.0.1 copmtraine.com
    127.0.0.1 coprriere.it
    127.0.0.1 www.coprriere.it
    127.0.0.1 core.psyche-evolution.com
    127.0.0.1 www.core.psyche-evolution.com
    127.0.0.1 coreiere.it
    127.0.0.1 www.coreiere.it
    127.0.0.1 coreriere.it
    127.0.0.1 www.coreriere.it
    127.0.0.1 corrdiere.it
    127.0.0.1 www.corrdiere.it
    127.0.0.1 correiere.it
    127.0.0.1 www.correiere.it
    127.0.0.1 corrfiere.it
    127.0.0.1 www.corrfiere.it
    127.0.0.1 corrgiere.it
    127.0.0.1 www.corrgiere.it
    127.0.0.1 corridere.it
    127.0.0.1 www.corridere.it
    127.0.0.1 corriedre.it
    127.0.0.1 www.corriedre.it
    127.0.0.1 corriee.it
    127.0.0.1 www.corriee.it
    127.0.0.1 corrieere.it
    127.0.0.1 www.corrieere.it
    127.0.0.1 corriefre.it
    127.0.0.1 www.corriefre.it
    127.0.0.1 corriegre.it
    127.0.0.1 www.corriegre.it
    127.0.0.1 corrierde.it
    127.0.0.1 www.corrierde.it
    127.0.0.1 corriered.it
    127.0.0.1 www.corriered.it
    127.0.0.1 corrieree.it
    127.0.0.1 www.corrieree.it
    127.0.0.1 corrieref.it
    127.0.0.1 www.corrieref.it
    127.0.0.1 corrierer.it
    127.0.0.1 www.corrierer.it
    127.0.0.1 corrieres.it
    127.0.0.1 www.corrieres.it
    127.0.0.1 corrierew.it
    127.0.0.1 www.corrierew.it
    127.0.0.1 corrierfe.it
    127.0.0.1 www.corrierfe.it
    127.0.0.1 corrierge.it
    127.0.0.1 www.corrierge.it
    127.0.0.1 corrierr.it
    127.0.0.1 www.corrierr.it
    127.0.0.1 corrierre.it
    127.0.0.1 www.corrierre.it
    127.0.0.1 corrierse.it
    127.0.0.1 www.corrierse.it
    127.0.0.1 corrierte.it
    127.0.0.1 www.corrierte.it
    127.0.0.1 corrierw.it
    127.0.0.1 www.corrierw.it
    127.0.0.1 corrierwe.it
    127.0.0.1 www.corrierwe.it
    127.0.0.1 corriesre.it
    127.0.0.1 www.corriesre.it
    127.0.0.1 corriete.it
    127.0.0.1 www.corriete.it
    127.0.0.1 corrietre.it
    127.0.0.1 www.corrietre.it
    127.0.0.1 corriewre.it
    127.0.0.1 www.corriewre.it
    127.0.0.1 corrifere.it
    127.0.0.1 www.corrifere.it
    127.0.0.1 corriiere.it
    127.0.0.1 www.corriiere.it
    127.0.0.1 corrilere.it
    127.0.0.1 www.corrilere.it
    127.0.0.1 corrioere.it
    127.0.0.1 www.corrioere.it
    127.0.0.1 corrire.it
    127.0.0.1 www.corrire.it
    127.0.0.1 corrirere.it
    127.0.0.1 www.corrirere.it
    127.0.0.1 corrirre.it
    127.0.0.1 www.corrirre.it
    127.0.0.1 corrisere.it
    127.0.0.1 www.corrisere.it
    127.0.0.1 corriuere.it
    127.0.0.1 www.corriuere.it
    127.0.0.1 corriwere.it
    127.0.0.1 www.corriwere.it
    127.0.0.1 corriwre.it
    127.0.0.1 www.corriwre.it
    127.0.0.1 corrliere.it
    127.0.0.1 www.corrliere.it
    127.0.0.1 corroere.it
    127.0.0.1 www.corroere.it
    127.0.0.1 corroiere.it
    127.0.0.1 www.corroiere.it
    127.0.0.1 corrriere.it
    127.0.0.1 www.corrriere.it
    127.0.0.1 corrtiere.it
    127.0.0.1 www.corrtiere.it
    127.0.0.1 corruere.it
    127.0.0.1 www.corruere.it
    127.0.0.1 corruiere.it
    127.0.0.1 www.corruiere.it
    127.0.0.1 cortiere.it
    127.0.0.1 www.cortiere.it
    127.0.0.1 cortriere.it
    127.0.0.1 www.cortriere.it
    127.0.0.1 costrike.com
    127.0.0.1 www.costrike.com
    127.0.0.1 cotriere.it
    127.0.0.1 www.cotriere.it
    127.0.0.1 cotrriere.it
    127.0.0.1 www.cotrriere.it
    127.0.0.1 couldnotfind.com
    127.0.0.1 count.cc
    127.0.0.1 count.hitscount.net
    127.0.0.1 count-all.com
    127.0.0.1 countdutycall.info
    127.0.0.1 www.countdutycall.info
    127.0.0.1 counter.sexmaniack.com
    127.0.0.1 cporriere.it
    127.0.0.1 www.cporriere.it
    127.0.0.1 cprriere.it
    127.0.0.1 www.cprriere.it
    127.0.0.1 cpvfeed.com
    127.0.0.1 cracks.me.uk
    127.0.0.1 cracks4all.com
    127.0.0.1 www.cracks4all.com
    127.0.0.1 crapsgold.info
    127.0.0.1 www.crapsgold.info
    127.0.0.1 Crazygirls-world.com
    127.0.0.1 crazywinnings.com
    127.0.0.1 www.crazywinnings.com
    127.0.0.1 creamedcutties.com
    127.0.0.1 createaccesskey.com
    127.0.0.1 www.createaccesskey.com
    127.0.0.1 creditsearchonline.com
    127.0.0.1 crestring.com
    127.0.0.1 crooder.com
    127.0.0.1 crriere.it
    127.0.0.1 www.crriere.it
    127.0.0.1 crystalysmedia.com
    127.0.0.1 www.crystalysmedia.com
    127.0.0.1 csx.adservs.com
    127.0.0.1 www.csx.adservs.com
    127.0.0.1 cts.180solutions.com
    127.0.0.1 cuisinartoven.com
    127.0.0.1 www.cuisinartoven.com
    127.0.0.1 curedc.info
    127.0.0.1 www.curedc.info
    127.0.0.1 curepcsolutions.com
    127.0.0.1 www.curepcsolutions.com
    127.0.0.1 curvedspaces.com
    127.0.0.1 cutadult.com
    127.0.0.1 www.cutadult.com
    127.0.0.1 cvirgilio.it
    127.0.0.1 www.cvirgilio.it
    127.0.0.1 cvorriere.it
    127.0.0.1 www.cvorriere.it
    127.0.0.1 cvs.jps.ru
    127.0.0.1 cvsymphony.com
    127.0.0.1 cxorriere.it
    127.0.0.1 www.cxorriere.it
    127.0.0.1 cyberrape.com
    127.0.0.1 www.cyberrape.com
    127.0.0.1 cydom.com
    127.0.0.1 cydoor.com
    127.0.0.1 www.cydoor.com
    127.0.0.1 daily-gals.com
    127.0.0.1 dailypornmag.com
    127.0.0.1 www.dailypornmag.com
    127.0.0.1 dailyteenspic.com
    127.0.0.1 dailytoolbar.com
    127.0.0.1 www.dailytoolbar.com
    127.0.0.1 dancingbabycd.com
    127.0.0.1 data-hoster.com
    127.0.0.1 www.data-hoster.com
    127.0.0.1 datanotary.com
    127.0.0.1 datareco.com
    127.0.0.1 dating-galaxy.info
    127.0.0.1 www.dating-galaxy.info
    127.0.0.1 dating-search.net
    127.0.0.1 davemarshall.org
    127.0.0.1 db105.com
    127.0.0.1 dbdecicated.com
    127.0.0.1 www.dbdecicated.com
    127.0.0.1 dbxcompany.com
    127.0.0.1 www.dbxcompany.com
    127.0.0.1 dcdl.dmcast.com
    127.0.0.1 dcfitusa.com
    127.0.0.1 dcorriere.it
    127.0.0.1 www.dcorriere.it
    127.0.0.1 dcurtis.com
    127.0.0.1 www.dcurtis.com
    127.0.0.1 dcww.dmcast.com
    127.0.0.1 de.ag
    127.0.0.1 de.drivecleaner.com
    127.0.0.1 de.errorsafe.com
    127.0.0.1 de.winantivirus.com
    127.0.0.1 de98.remsys.org
    127.0.0.1 debay.it
    127.0.0.1 www.debay.it
    127.0.0.1 dedmazay.3322.org
    127.0.0.1 dedsearch.com
    127.0.0.1 www.dedsearch.com
    127.0.0.1 defaultsearch.net
    127.0.0.1 Defensaantimalware.com
    127.0.0.1 www.Defensaantimalware.com
    127.0.0.1 deja-rue.com
    127.0.0.1 www.deja-rue.com
    127.0.0.1 derklaif.biz
    127.0.0.1 www.derklaif.biz
    127.0.0.1 derrari.it
    127.0.0.1 www.derrari.it
    127.0.0.1 desarrollocreativo.com
    127.0.0.1 deskbar.worldtostart.com
    127.0.0.1 www.deskbar.worldtostart.com
    127.0.0.1 deskwizz.com
    127.0.0.1 www.deskwizz.com
    127.0.0.1 dev.ntcor.com
    127.0.0.1 develip.com
    127.0.0.1 dewis.spb.ru
    127.0.0.1 dewis.us
    127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
    127.0.0.1 dgbusiness.com
    127.0.0.1 www.dgbusiness.com
    127.0.0.1 dialer2004.com
    127.0.0.1 dialerclub.com
    127.0.0.1 www.dialerclub.com
    127.0.0.1 dialer-shop.com
    127.0.0.1 www.dialer-shop.com
    127.0.0.1 dialoff.com
    127.0.0.1 www.dialoff.com
    127.0.0.1 did.i-used.cc
    127.0.0.1 www.did.i-used.cc
    127.0.0.1 dietpills4free.com
    127.0.0.1 dietpussy.com
    127.0.0.1 digikeygen.com
    127.0.0.1 www.digikeygen.com
    127.0.0.1 digistreamsa.com
    127.0.0.1 digitalcoders.net
    127.0.0.1 www.digitalcoders.net
    127.0.0.1 www.digitalfan.com
    127.0.0.1 digital-pornography.com
    127.0.0.1 dionforvalleycouncil.org
    127.0.0.1 directdvdpro.com
    127.0.0.1 www.directdvdpro.com
    127.0.0.1 directporta.info
    127.0.0.1 www.directporta.info
    127.0.0.1 directsearchzone.com
    127.0.0.1 www.directsearchzone.com
    127.0.0.1 dist.checkin100.com
    127.0.0.1 dl.ad-ware.cc
    127.0.0.1 dl.malwarewipe.com
    127.0.0.1 dl.targetsaver.com
    127.0.0.1 www.dl.targetsaver.com
    127.0.0.1 dl.web-nexus.net
    127.0.0.1 dl1.antivermins.com
    127.0.0.1 dl1.antivirgear.com
    127.0.0.1 dl1.spydawn.com
    127.0.0.1 dl1.virusprotectpro.com
    127.0.0.1 dl10.spyfalcon.com
    127.0.0.1 dl16.spyfalcon.com
    127.0.0.1 dl2.spyfalcon.com
    127.0.0.1 dl2.spyheal.com
    127.0.0.1 dl2.spywarestrike.com
    127.0.0.1 dl3.spyfalcon.com
    127.0.0.1 dl3.spyheal.com
    127.0.0.1 dl3.spywarestrike.com
    127.0.0.1 dl4.spyfalcon.com
    127.0.0.1 dl4.spywarestrike.com
    127.0.0.1 dl5.spyfalcon.com
    127.0.0.1 dl5.spywarestrike.com
    127.0.0.1 dl6.spywarestrike.com
    127.0.0.1 dl7.spywarestrike.com
    127.0.0.1 dl8.spyheal.com
    127.0.0.1 dl8.spywarestrike.com
    127.0.0.1 dl9.spyfalcon.com
    127.0.0.1 dmcast.com
    127.0.0.1 www.dmcast.com
    127.0.0.1 dnaads.com
    127.0.0.1 www.dnaads.com
    127.0.0.1 dnl.mabou.org
    127.0.0.1 dns-look-up.com
    127.0.0.1 www.dns-look-up.com
    127.0.0.1 doctorwaldron.com
    127.0.0.1 document-not-found.pornpic.org
    127.0.0.1 doggyaction.com
    127.0.0.1 dogproblemswebsite.com
    127.0.0.1 www.dogproblemswebsite.com
    127.0.0.1 doktorxxx.com
    127.0.0.1 dollarrevenue.com
    127.0.0.1 domaincar.com
    127.0.0.1 www.domaincar.com
    127.0.0.1 domains2003.net
    127.0.0.1 domains-for-you-online.com
    127.0.0.1 domain-your-registration.com
    127.0.0.1 domkrat.com
    127.0.0.1 dotcomtoolbar.com
    127.0.0.1 www.dotcomtoolbar.com
    127.0.0.1 down.136136.net
    127.0.0.1 download.abetterinternet.com
    127.0.0.1 download.antispywarebot.com
    127.0.0.1 www.download.antispywarebot.com
    127.0.0.1 download.bardownload.com
    127.0.0.1 www.download.bardownload.com
    127.0.0.1 download.bravesentry.com
    127.0.0.1 www.download.bravesentry.com
    127.0.0.1 download.cdn.drivecleaner.com
    127.0.0.1 download.cdn.errorsafe.com
    127.0.0.1 download.cdn.winsoftware.com
    127.0.0.1 download.errorsafe.com
    127.0.0.1 download.jupitersatellites.biz
    127.0.0.1 www.download.jupitersatellites.biz
    127.0.0.1 download.searchtabs.net
    127.0.0.1 download.secureyournet.biz
    127.0.0.1 www.download.secureyournet.biz
    127.0.0.1 download.spyonthis.net
    127.0.0.1 download.spy-shredder.com
    127.0.0.1 download.systemdoctor.com
    127.0.0.1 download.winantispyware.com
    127.0.0.1 download.winantivirus.com
    127.0.0.1 download.windrivecleaner.com
    127.0.0.1 download.winfixer.com
    127.0.0.1 download10.spywarequake.com
    127.0.0.1 download11.spywarequake.com
    127.0.0.1 download12.spywarequake.com
    127.0.0.1 download13.spywarequake.com
    127.0.0.1 download15.spywarequake.com
    127.0.0.1 download2.spywarequake.com
    127.0.0.1 download-2007.com
    127.0.0.1 www.download-2007.com
    127.0.0.1 download3.spyaxe.com
    127.0.0.1 download3.spywarequake.com
    127.0.0.1 download4.spyaxe.com
    127.0.0.1 download4.spywarequake.com
    127.0.0.1 download5.spyaxe.com
    127.0.0.1 download5.spywarequake.com
    127.0.0.1 download6.spyaxe.com
    127.0.0.1 download7.spywarequake.com
    127.0.0.1 download8.spywarequake.com
    127.0.0.1 download9.spywarequake.com
    127.0.0.1 download-ad-aware.com
    127.0.0.1 www.download-ad-aware.com
    127.0.0.1 download-all-4-free.com
    127.0.0.1 www.download-all-4-free.com
    127.0.0.1 download-all-area.com
    127.0.0.1 www.download-all-area.com
    127.0.0.1 download-antivir.com
    127.0.0.1 www.download-antivir.com
    127.0.0.1 downloadanysong.com
    127.0.0.1 www.downloadanysong.com
    127.0.0.1 download-avast.com
    127.0.0.1 www.download-avast.com
    127.0.0.1 downloadcorporation.com
    127.0.0.1 www.downloadcorporation.com
    127.0.0.1 download-dvdshrink.com
    127.0.0.1 www.download-dvdshrink.com
    127.0.0.1 download-for-free.net
    127.0.0.1 www.download-for-free.net
    127.0.0.1 downloadfreesoft.com
    127.0.0.1 www.downloadfreesoft.com
    127.0.0.1 downloadfreeway.com
    127.0.0.1 www.downloadfreeway.com
    127.0.0.1 downloadimesh.com
    127.0.0.1 www.downloadimesh.com
    127.0.0.1 download-itunes-now.com
    127.0.0.1 www.download-itunes-now.com
    127.0.0.1 download-limewire.org
    127.0.0.1 www.download-limewire.org
    127.0.0.1 downloadlost.tv
    127.0.0.1 www.downloadlost.tv
    127.0.0.1 downloadmax.net
    127.0.0.1 www.downloadmax.net
    127.0.0.1 download-mcafee.com
    127.0.0.1 www.download-mcafee.com
    127.0.0.1 download-me.info
    127.0.0.1 downloadmediaax.com
    127.0.0.1 www.downloadmediaax.com
    127.0.0.1 downloadpics.net
    127.0.0.1 www.downloadpics.net
    127.0.0.1 download-real-player.com
    127.0.0.1 www.download-real-player.com
    127.0.0.1 downloads.180solutions.com
    127.0.0.1 downloads.adaware.cc
    127.0.0.1 downloadservicearea.com
    127.0.0.1 www.downloadservicearea.com
    127.0.0.1 downloads-free.org
    127.0.0.1 www.downloads-free.org
    127.0.0.1 downloadsglobe.com
    127.0.0.1 www.downloadsglobe.com
    127.0.0.1 download-this.us
    127.0.0.1 www.download-this.us
    127.0.0.1 download-trillian.com
    127.0.0.1 www.download-trillian.com
    127.0.0.1 downloadv3.com
    127.0.0.1 www.downloadv3.com
    127.0.0.1 downloadvax.com
    127.0.0.1 www.downloadvax.com
    127.0.0.1 download-windvd.com
    127.0.0.1 www.download-windvd.com
    127.0.0.1 download-winrar.com
    127.0.0.1 www.download-winrar.com
    127.0.0.1 downloadwizard.com
    127.0.0.1 downloadzcenter.com
    127.0.0.1 downloadzcentral.com
    127.0.0.1 downloadzfree.com
    127.0.0.1 www.downloadzfree.com
    127.0.0.1 downloadznow.net
    127.0.0.1 download-zone-free.com
    127.0.0.1 www.download-zone-free.com
    127.0.0.1 download-zone-free.net
    127.0.0.1 www.download-zone-free.net
    127.0.0.1 dp-host.com
    127.0.0.1 dr.mcboo.com
    127.0.0.1 dr.webhancer.com
    127.0.0.1 www.dr.webhancer.com
    127.0.0.1 dr2.webhancer.com
    127.0.0.1 www.dr2.webhancer.com
    127.0.0.1 dr38.mcboo.com
    127.0.0.1 dr47.mcboo.com
    127.0.0.1 dragqueen.gay-clan.com
    127.0.0.1 drepubblica.it
    127.0.0.1 www.drepubblica.it
    127.0.0.1 drivecleaner.com
    127.0.0.1 www.drivecleaner.com
    127.0.0.1 drivecleanr.com
    127.0.0.1 www.drivecleanr.com
    127.0.0.1 drocherway.com
    127.0.0.1 dropspam.com
    127.0.0.1 www.dropspam.com
    127.0.0.1 drug-sources-exposed.com
    127.0.0.1 drvvv.com
    127.0.0.1 dsupereva.it
    127.0.0.1 www.dsupereva.it
    127.0.0.1 dtlproduct.com
    127.0.0.1 www.dtlproduct.com
    127.0.0.1 dudu.com
    127.0.0.1 www.dudu.com
    127.0.0.1 dulcineasystems.net
    127.0.0.1 dumpserv.com
    127.0.0.1 duolaimi.net
    127.0.0.1 dutch-sex.com
    127.0.0.1 dvdaccess.net
    127.0.0.1 www.dvdaccess.net
    127.0.0.1 dvdbank.org
    127.0.0.1 dvdcodec.net
    127.0.0.1 www.dvdcodec.net
    127.0.0.1 dvdsmovies.net
    127.0.0.1 www.dvdsmovies.net
    127.0.0.1 dvdsvideos.net
    127.0.0.1 www.dvdsvideos.net
    127.0.0.1 dvdtocdsite.com
    127.0.0.1 www.dvdtocdsite.com
    127.0.0.1 dynamique.drivecleaner.com
    127.0.0.1 e3bay.it
    127.0.0.1 www.e3bay.it
    127.0.0.1 e4bay.it
    127.0.0.1 www.e4bay.it
    127.0.0.1 eager-sex.com
    127.0.0.1 earthllnk.net
    127.0.0.1 www.earthllnk.net
    127.0.0.1 eases.net
    127.0.0.1 easyantispy.com
    127.0.0.1 easybestdeals.com
    127.0.0.1 www.easybestdeals.com
    127.0.0.1 easycategories.com
    127.0.0.1 easymp3musicnow.com
    127.0.0.1 www.easymp3musicnow.com
    127.0.0.1 easy-pharmacy.info
    127.0.0.1 www.easy-pharmacy.info
    127.0.0.1 easy-search.net
    127.0.0.1 easysearch4you.com
    127.0.0.1 www.easysearch4you.com
    127.0.0.1 easysearchingtips.com
    127.0.0.1 easyspyware.com
    127.0.0.1 www.easyspyware.com
    127.0.0.1 easywww.info
    127.0.0.1 www.easywww.info
    127.0.0.1 eba6y.it
    127.0.0.1 www.eba6y.it
    127.0.0.1 eba7y.it
    127.0.0.1 www.eba7y.it
    127.0.0.1 ebaay.it
    127.0.0.1 www.ebaay.it
    127.0.0.1 ebagy.it
    127.0.0.1 www.ebagy.it
    127.0.0.1 ebahy.it
    127.0.0.1 www.ebahy.it
    127.0.0.1 ebajy.it
    127.0.0.1 www.ebajy.it
    127.0.0.1 ebaqy.it
    127.0.0.1 www.ebaqy.it
    127.0.0.1 ebasy.it
    127.0.0.1 www.ebasy.it
    127.0.0.1 ebaty.it
    127.0.0.1 www.ebaty.it
    127.0.0.1 ebauy.it
    127.0.0.1 www.ebauy.it
    127.0.0.1 ebav.com
    127.0.0.1 ebaw.com
    127.0.0.1 ebawy.it
    127.0.0.1 www.ebawy.it
    127.0.0.1 ebaxy.it
    127.0.0.1 www.ebaxy.it
    127.0.0.1 ebay6.it
    127.0.0.1 www.ebay6.it
    127.0.0.1 ebay7.it
    127.0.0.1 www.ebay7.it
    127.0.0.1 ebayg.it
    127.0.0.1 www.ebayg.it
    127.0.0.1 ebayh.it
    127.0.0.1 www.ebayh.it
    127.0.0.1 ebayj.it
    127.0.0.1 www.ebayj.it
    127.0.0.1 ebayt.it
    127.0.0.1 www.ebayt.it
    127.0.0.1 ebayu.it
    127.0.0.1 www.ebayu.it
    127.0.0.1 ebazy.it
    127.0.0.1 www.ebazy.it
    127.0.0.1 ebch.com
    127.0.0.1 ebdv.com
    127.0.0.1 ebdw.com
    127.0.0.1 ebestfind.org
    127.0.0.1 www.ebestfind.org
    127.0.0.1 ebgay.it
    127.0.0.1 www.ebgay.it
    127.0.0.1 ebgo.com
    127.0.0.1 ebhay.it
    127.0.0.1 www.ebhay.it
    127.0.0.1 ebjp.com
    127.0.0.1 ebkb.com
    127.0.0.1 ebkn.com
    127.0.0.1 ebky.com
    127.0.0.1 eblv.com
    127.0.0.1 ebmu.com
    127.0.0.1 ebnay.it
    127.0.0.1 www.ebnay.it
    127.0.0.1 ebony-pornmag.com
    127.0.0.1 www.ebony-pornmag.com
    127.0.0.1 ebonypornmag.com
    127.0.0.1 www.ebonypornmag.com
    127.0.0.1 ebqay.it
    127.0.0.1 www.ebqay.it
    127.0.0.1 ebsay.it
    127.0.0.1 www.ebsay.it
    127.0.0.1 ebsy.it
    127.0.0.1 www.ebsy.it
    127.0.0.1 ebvay.it
    127.0.0.1 www.ebvay.it
    127.0.0.1 ebvr.com
    127.0.0.1 ebway.it
    127.0.0.1 www.ebway.it
    127.0.0.1 ebxay.it
    127.0.0.1 www.ebxay.it
    127.0.0.1 ebzay.it
    127.0.0.1 www.ebzay.it
    127.0.0.1 ecmh.com
    127.0.0.1 ecmp.com
    127.0.0.1 ecosrioplatenses.org
    127.0.0.1 ecpm.com
    127.0.0.1 ecstasyporn.net
    127.0.0.1 ecwz.com
    127.0.0.1 ecyb.com
    127.0.0.1 edbay.it
    127.0.0.1 www.edbay.it
    127.0.0.1 edhq.com
    127.0.0.1 edietprogram.com
    127.0.0.1 www.edietprogram.com
    127.0.0.1 edty.com
    127.0.0.1 eduy.com
    127.0.0.1 eebay.it
    127.0.0.1 www.eebay.it
    127.0.0.1 eeev.com
    127.0.0.1 eepubblica.it
    127.0.0.1 www.eepubblica.it
    127.0.0.1 efbay.it
    127.0.0.1 www.efbay.it
    127.0.0.1 egbay.it
    127.0.0.1 www.egbay.it
    127.0.0.1 ehbay.it
    127.0.0.1 www.ehbay.it
    127.0.0.1 eikokoike.com
    127.0.0.1 elitecodec.com
    127.0.0.1 www.elitecodec.com
    127.0.0.1 elitemediagroup.net
    127.0.0.1 www.elitemediagroup.net
    127.0.0.1 e-localad.com
    127.0.0.1 emailicon.org
    127.0.0.1 www.emailicon.org
    127.0.0.1 emch.com
    127.0.0.1 emcodec.com
    127.0.0.1 www.emcodec.com
    127.0.0.1 emediacodec.com
    127.0.0.1 www.emediacodec.com
    127.0.0.1 emule.mp3-muzic.com
    127.0.0.1 www.emule.mp3-muzic.com
    127.0.0.1 emuledownloadhome.com
    127.0.0.1 www.emuledownloadhome.com
    127.0.0.1 emule-freebie.com
    127.0.0.1 www.emule-freebie.com
    127.0.0.1 enay.it
    127.0.0.1 www.enay.it
    127.0.0.1 enbay.it
    127.0.0.1 www.enbay.it
    127.0.0.1 energy-factor.com
    127.0.0.1 www.energy-factor.com
    127.0.0.1 engineplay.com
    127.0.0.1 www.engineplay.com
    127.0.0.1 engine-ticket.com
    127.0.0.1 www.engine-ticket.com
    127.0.0.1 enhance.com
    127.0.0.1 www.enhance.com
    127.0.0.1 enhancevideos.com
    127.0.0.1 www.enhancevideos.com
    127.0.0.1 enitinvest.net
    127.0.0.1 enjoywebsurf.com
    127.0.0.1 entertainsite.net
    127.0.0.1 www.entertainsite.net
    127.0.0.1 enterthesearch.com
    127.0.0.1 www.enterthesearch.com
    127.0.0.1 e-plus.cc
    127.0.0.1 epornsex.com
    127.0.0.1 eprotectionline.com
    127.0.0.1 www.eprotectionline.com
    127.0.0.1 eprotectpage.com
    127.0.0.1 www.eprotectpage.com
    127.0.0.1 erbay.it
    127.0.0.1 www.erbay.it
    127.0.0.1 erepubblica.it
    127.0.0.1 www.erepubblica.it
    127.0.0.1 ergosites.com
    127.0.0.1 erossoalice.it
    127.0.0.1 www.erossoalice.it
    127.0.0.1 errari.it
    127.0.0.1 www.errari.it
    127.0.0.1 error404site.com
    127.0.0.1 www.error404site.com
    127.0.0.1 error404site.net
    127.0.0.1 www.error404site.net
    127.0.0.1 errorkiller.com
    127.0.0.1 www.errorkiller.com
    127.0.0.1 errorprotector.com
    127.0.0.1 www.errorprotector.com
    127.0.0.1 errorsafe.com
    127.0.0.1 www.errorsafe.com
    127.0.0.1 errorsdns.com
    127.0.0.1 www.errorsdns.com
    127.0.0.1 ert0003.e76.163ns.com
    127.0.0.1 ertikadeswiokinganfujas.com
    127.0.0.1 www.ertikadeswiokinganfujas.com
    127.0.0.1 es.winantivirus.com
    127.0.0.1 es0-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es1-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es2-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es3-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es4-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es5-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es6-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es7-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es8-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es9-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 esafetylist.com
    127.0.0.1 www.esafetylist.com
    127.0.0.1 esafetypage.com
    127.0.0.1 www.esafetypage.com
    127.0.0.1 esbay.it
    127.0.0.1 www.esbay.it
    127.0.0.1 esearch2005.com
    127.0.0.1 www.esearch2005.com
    127.0.0.1 esecuritynote.com
    127.0.0.1 www.esecuritynote.com
    127.0.0.1 esecuritypage.com
    127.0.0.1 www.esecuritypage.com
    127.0.0.1 esupereva.it
    127.0.0.1 www.esupereva.it
    127.0.0.1 etomi.all-downloads-now.com
    127.0.0.1 www.etomi.all-downloads-now.com
    127.0.0.1 eupdatepage.com
    127.0.0.1 www.eupdatepage.com
    127.0.0.1 euuu.com
    127.0.0.1 evbay.it
    127.0.0.1 www.evbay.it
    127.0.0.1 evidence-detector.biz
    127.0.0.1 evilspidercomics.com
    127.0.0.1 evko.biz
    127.0.0.1 www.evko.biz
    127.0.0.1 ewbay.it
    127.0.0.1 www.ewbay.it
    127.0.0.1 ewebsearch.net
    127.0.0.1 e-websitesolutions.com
    127.0.0.1 ewizard.cc
    127.0.0.1 exaccess.ru
    127.0.0.1 www.exaccess.ru
    127.0.0.1 excellentsckin.com
    127.0.0.1 exeupdate.com
    127.0.0.1 www.exeupdate.com
    127.0.0.1 exflow.org
    127.0.0.1 www.exflow.org
    127.0.0.1 exit.megago.com
    127.0.0.1 expandvideo.com
    127.0.0.1 www.expandvideo.com
    127.0.0.1 exportplay.com
    127.0.0.1 www.exportplay.com
    127.0.0.1 extremepaidsurveys.com
    127.0.0.1 www.extremepaidsurveys.com
    127.0.0.1 extremeseek.net
    127.0.0.1 eza1netsearch.com
    127.0.0.1 www.eza1netsearch.com
    127.0.0.1 ezcybersearch.com
    127.0.0.1 www.ezcybersearch.com
    127.0.0.1 ez-searching.com
    127.0.0.1 ezwebsearching.com
    127.0.0.1 www.ezwebsearching.com
    127.0.0.1 f1.bestmanage.org
    127.0.0.1 f1.truth-is-out-there.org
    127.0.0.1 f1organizer.com
    127.0.0.1 www.f1organizer.com
    127.0.0.1 f2.bestmanage.org
    127.0.0.1 f2.truth-is-out-there.org
    127.0.0.1 f3.bestmanage.org
    127.0.0.1 f3.truth-is-out-there.org
    127.0.0.1 f4.bestmanage.org
    127.0.0.1 f4.truth-is-out-there.org
    127.0.0.1 f5.bestmanage.org
    127.0.0.1 f5.truth-is-out-there.org
    127.0.0.1 f6.bestmanage.org
    127.0.0.1 f7.bestmanage.org
    127.0.0.1 f7.truth-is-out-there.org
    127.0.0.1 f8.bestmanage.org
    127.0.0.1 f8.truth-is-out-there.org
    127.0.0.1 f9.bestmanage.org
    127.0.0.1 f9.truth-is-out-there.org
    127.0.0.1 fairsearcher.com
    127.0.0.1 www.fairsearcher.com
    127.0.0.1 faithstevens.com
    127.0.0.1 fantasiewelten.com
    127.0.0.1 farmacept32.phpnet.us
    127.0.0.1 farmsteadbandb.com
    127.0.0.1 farse.com
    127.0.0.1 fartpost.com
    127.0.0.1 fastfreedownload.com
    127.0.0.1 fastmetasearch.com
    127.0.0.1 www.fastmetasearch.com
    127.0.0.1 fastssearch.com
    127.0.0.1 www.fastssearch.com
    127.0.0.1 fastwebfinder.com
    127.0.0.1 faxporn.com
    127.0.0.1 fazzetta.it
    127.0.0.1 www.fazzetta.it
    127.0.0.1 fcorriere.it
    127.0.0.1 www.fcorriere.it
    127.0.0.1 featured-results.com
    127.0.0.1 febay.it
    127.0.0.1 www.febay.it
    127.0.0.1 feed.dedsearch.com
    127.0.0.1 feeds.2search.com
    127.0.0.1 www.feeds.2search.com
    127.0.0.1 feeds2.2search.org
    127.0.0.1 www.feeds2.2search.org
    127.0.0.1 ferraeri.it
    127.0.0.1 www.ferraeri.it
    127.0.0.1 ferrai.it
    127.0.0.1 www.ferrai.it
    127.0.0.1 ferrarei.it
    127.0.0.1 www.ferrarei.it
    127.0.0.1 ferrarti.it
    127.0.0.1 www.ferrarti.it
    127.0.0.1 ferrasri.it
    127.0.0.1 www.ferrasri.it
    127.0.0.1 ferratri.it
    127.0.0.1 www.ferratri.it
    127.0.0.1 ferreari.it
    127.0.0.1 www.ferreari.it
    127.0.0.1 ferrri.it
    127.0.0.1 www.ferrri.it
    127.0.0.1 ferrsari.it
    127.0.0.1 www.ferrsari.it
    127.0.0.1 ferrtari.it
    127.0.0.1 www.ferrtari.it
    127.0.0.1 fetrrari.it
    127.0.0.1 www.fetrrari.it
    127.0.0.1 fgazzetta.it
    127.0.0.1 www.fgazzetta.it
    127.0.0.1 fgoogle.it
    127.0.0.1 www.fgoogle.it
    127.0.0.1 fhg.panet.org
    127.0.0.1 fhgate.com
    127.0.0.1 www.fhgate.com
    127.0.0.1 fickenisgeil.de
    127.0.0.1 file.unionsms.net
    127.0.0.1 filestore.com
    127.0.0.1 www.filestore.com
    127.0.0.1 filetretporn.com
    127.0.0.1 www.filetretporn.com
    127.0.0.1 Filtrodetrojan.com
    127.0.0.1 www.Filtrodetrojan.com
    127.0.0.1 finalfantasyactionfigures.com
    127.0.0.1 www.finalfantasyactionfigures.com
    127.0.0.1 finance-loans.com
    127.0.0.1 find4u.net
    127.0.0.1 find-52.com
    127.0.0.1 www.find-52.com
    127.0.0.1 findanyshow.org
    127.0.0.1 www.findanyshow.org
    127.0.0.1 find-find-777.net
    127.0.0.1 www.find-find-777.net
    127.0.0.1 find-itnow.com
    127.0.0.1 findit-now.com
    127.0.0.1 findloss.com
    127.0.0.1 findthesite.com
    127.0.0.1 findthewebsiteyouneed.com
    127.0.0.1 www.findthewebsiteyouneed.com
    127.0.0.1 find-uk-health.co.uk
    127.0.0.1 findwapsite.org
    127.0.0.1 www.findwapsite.org
    127.0.0.1 findwhatevernow.com
    127.0.0.1 www.findwhatevernow.com
    127.0.0.1 fined.biz
    127.0.0.1 fine-search.net
    127.0.0.1 fionasteel.com
    127.0.0.1 firefoxdownload-now.com
    127.0.0.1 www.firefoxdownload-now.com
    127.0.0.1 firehunt.com
    127.0.0.1 www.firehunt.com
    127.0.0.1 firgilio.it
    127.0.0.1 www.firgilio.it
    127.0.0.1 firstbookmark.net
    127.0.0.1 firstgoodsearch.com
    127.0.0.1 www.firstgoodsearch.com
    127.0.0.1 fitness-free.com
    127.0.0.1 fixerantispy.com
    127.0.0.1 www.fixerantispy.com
    127.0.0.1 fjsynebcod.com
    127.0.0.1 www.fjsynebcod.com
    127.0.0.1 flashdollars.com
    127.0.0.1 www.flashdollars.com
    127.0.0.1 flashflashmx.3322.org
    127.0.0.1 floorsovertexas.com
    127.0.0.1 www.floorsovertexas.com
    127.0.0.1 floproject.com
    127.0.0.1 www.floproject.com
    127.0.0.1 flrxtools.greatnuke.com
    127.0.0.1 flrx-tools.net
    127.0.0.1 www.flrx-tools.net
    127.0.0.1 fn777.greatbahamas.com
    127.0.0.1 www.fn777.greatbahamas.com
    127.0.0.1 foodvacations.net
    127.0.0.1 forex.jps.ru
    127.0.0.1 forexcredit.com
    127.0.0.1 forexcredit.ru
    127.0.0.1 formingfusions.com
    127.0.0.1 forsythfire.net
    127.0.0.1 forthline.com
    127.0.0.1 foxmin.com
    127.0.0.1 www.foxmin.com
    127.0.0.1 fp.gad-network.com
    127.0.0.1 fr.drivecleaner.com
    127.0.0.1 www.fr.drivecleaner.com
    127.0.0.1 fr.winantivirus.com
    127.0.0.1 fr.winfixer.com
    127.0.0.1 frame.crazywinnings.com
    127.0.0.1 free4porno.net
    127.0.0.1 free64all.com
    127.0.0.1 free-adobe-download-support.com
    127.0.0.1 www.free-adobe-download-support.com
    127.0.0.1 free-avg.org
    127.0.0.1 www.free-avg.org
    127.0.0.1 free-avg-download.com
    127.0.0.1 www.free-avg-download.com
    127.0.0.1 free-bearshares.com
    127.0.0.1 www.free-bearshares.com
    127.0.0.1 freebookmark.net
    127.0.0.1 freebookmarks.net
    127.0.0.1 freecat.biz
    127.0.0.1 www.freecat.biz
    127.0.0.1 freecategories.com
    127.0.0.1 free-chipes.com
    127.0.0.1 freecj.com
    127.0.0.1 freecoolhost.com
    127.0.0.1 freedownloadhq.com
    127.0.0.1 www.freedownloadhq.co
    0
  13. kevinr166
     
    ...

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer=85.155.115.94,85.155.118.94
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCEA4CCD-5AD7-462A-BC53-19A51F9571AC}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BCEA4CCD-5AD7-462A-BC53-19A51F9571AC}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BCEA4CCD-5AD7-462A-BC53-19A51F9571AC}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8BD60E3-62AE-4BF3-BE4B-4DD66B50BFFD}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{BCEA4CCD-5AD7-462A-BC53-19A51F9571AC}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: DhcpNameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer=85.255.115.94,85.255.112.24
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.94 85.255.112.24
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.94 85.255.112.24
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.94 85.255.112.24
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.115.94 85.255.112.24

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"="lsass.exe"

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    ok....

    Peux tu me dire ou tu habites? Espagne?

    Rends toi ici:
    C:\Windows\System32\drivers\etc\hosts

    Ouvre hosts avec le bloc note et laisses y que:
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
    # pour Windows.
    #
    # Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
    # Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
    # dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
    # IP et le nom d'hôte doivent être séparés par au moins un espace.
    #
    # De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
    # lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
    # symbole '#'.
    #
    # Par exemple :
    #
    #      102.54.94.97     rhino.acme.com          # serveur source
    #       38.25.63.10     x.acme.com              # hôte client x
    
    127.0.0.1       localhost


    Puis enregistre.

    Ensuite:

    Télécharge le FixWareout sur le bureau:
    http://download.bleepingcomputer.com/lonny/Fixwareout.exe

    Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4936D06-CABB-4B7A-B4A3-C8CD91583420}: NameServer = 85.255.115.94,85.255.112.24

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D76BD333-1E83-4E68-AF63-C008CBBC9822}: NameServer = 85.255.115.94,85.255.112.24

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24

    O17 - HKLM\System\CS1\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24

    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24

    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24
    O17 - HKLM\System\CS4\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.255.115.94,85.255.112.24

    O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24

    Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

    A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

    Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

    A+
    0
  15. kevinr166
     
    Non j'habite en France pourquoi?!
    Ok j'ai tout fait voila le rapport fixwareout :

    sername "HP_Propri‚taire" - 05/11/2007 21:20:59 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    Cache de résolution DNS vidé.

    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="lsass.exe"
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "Explorer"="C:\\WINDOWS\\system32\\expIorer.exe"
    "HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
    "h3yb0y"="C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\LSASS.exe C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\service.exe C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\conf.dll"
    "h3yb0y1"="C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\LSASS.exe C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\system.exe C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\serv-u.ini"
    "WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
    "helpr"="C:\\Program Files\\SETI\\helper.exe -loader -nolog"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
    "AlcxMonitor"="ALCXMNTR.EXE"
    "PS2"="C:\\WINDOWS\\system32\\ps2.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
    "EPSON Stylus CX3200"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P19 \"EPSON Stylus CX3200\" /O6 \"USB001\" /M \"Stylus CX3200\""
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCShield"="regsvr32 /s \"C:\\WINDOWS\\system32\\sfg.dll\""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
    "L07FXLRD_674447171"="\"C:\\Program Files\\Microsoft Etudes\\Microsoft Encarta 2007 - Études DVD\\EDICT.EXE\" -m"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
    "Philips Intelligent Agent"="\"C:\\Program Files\\Philips Intelligent Agent\\Philips Intelligent Agent.exe\" /SILENT"
    "LightScribe Control Panel"="C:\\Program Files\\Fichiers communs\\LightScribe\\LightScribeControlPanel.exe -hidden"
    "CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
    "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    C:\WINDOWS\System32\AUTOEXEC.NT missing
    ~~~~~ End report ~~~~~

    Et voici le rapport Hijack this :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:36:22, on 05/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 255.255.255.255
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 255.255.255.255:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - <default> - (no file)
    R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {65D5A3B2-859E-42F5-AE9E-BC6D7EC1B0EB} - C:\WINDOWS\system32\VBA232.DLL (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: (no name) - {B7531CF3-3DBE-4D68-BED9-E3697F3CDC9B} - C:\WINDOWS\system32\dplay32.dll (file missing)
    O2 - BHO: (no name) - {C2EA6A7E-79FC-4CFB-90E4-898C742B44C5} - C:\WINDOWS\system32\mobsyncd.dll (file missing)
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: (no name) - {F3E3A0A8-906B-47D7-8E5E-8C7F1D3C0BDC} - C:\WINDOWS\system32\ulib32.dll (file missing)
    O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\expIorer.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll
    O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [L07FXLRD_674447171] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CCS\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS5\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CS6\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O18 - Filter hijack: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll
    O20 - AppInit_DLLs: . 3 SF3.DLL,noxizaca.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O21 - SSODL: bxsbang - {D117607A-ED64-4810-9909-CD719374EE12} - C:\WINDOWS\bxsbang.dll (file missing)
    O21 - SSODL: ocgrep - {8FFDD5BE-033D-4645-89DD-F81933FEDE44} - C:\WINDOWS\ocgrep.dll (file missing)
    O21 - SSODL: msmhost - {4A21A9D8-A5F1-40D7-AAC3-942C449D9180} - (no file)
    O21 - SSODL: msmdev - {1BD78B53-5B73-4CCE-8BE2-CB16CCEA2F69} - C:\WINDOWS\msmdev.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Noxizac Service (NoxizacSrv) - Unknown owner - C:\WINDOWS\system32\noxizac.exe (file missing)
    O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
    O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OCBNEXFH - Unknown owner - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\OCBNEXFH.exe (file missing)
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    0
  16. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Y'a semble t il encore pas mal de boulot.

    Télécharge Combofix sUBs :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    Copie/colle un nouveau rapport HiJackThis avec.
    0
  17. kevinr166
     
    Peut être qu'il semble encore avoir pas mal de boulot mais le virus semble avoir été supprimé! L'antivirus ne le détecte plus et il n'est plus actif comme avant!
    Mais voici kan même le rapport de combofix :

    ComboFix 07-11-05.2 - HP_Propriétaire 2007-11-05 22:56:40.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.426 [GMT 1:00]
    Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\HP_Propriétaire\Application Data\hidires
    C:\Redemption.ECF
    C:\WINDOWS\pack.epk
    C:\WINDOWS\rs.txt
    C:\WINDOWS\search_res.txt
    C:\WINDOWS\system32\stera.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_FOPN
    -------\LEGACY_IPRIP
    -------\LEGACY_NTLOAD
    -------\LEGACY_NWSAPAGENT
    -------\LEGACY_VSPF
    -------\LEGACY_VSPF_HK
    -------\Iprip
    -------\m_hook
    -------\NTLOAD
    -------\NwSapAgent
    -------\vspf
    -------\vspf_hk

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-05 22:54 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-05 13:56 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-05 10:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-05 10:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-05 10:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-05 10:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-05 10:52 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-04 22:05 4,332 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-04 14:32 <REP> d----c--- C:\VundoFix Backups
    2007-11-03 19:41 <REP> d----c--- C:\Program Files\Trend Micro
    2007-10-30 18:55 2,855 --a------ C:\WINDOWS\system32\edit.PIF
    2007-10-27 09:07 44,032 --a------ C:\WINDOWS\system32\VuPassword.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-05 21:46 --------- dc----w C:\Program Files\eMule
    2007-11-05 20:26 --------- dc----w C:\Program Files\Wanadoo
    2007-10-27 17:45 --------- dc----w C:\Program Files\DivX
    2007-10-15 17:37 --------- dc----w C:\Program Files\Shareaza
    2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-09-23 20:09 --------- dc----w C:\Program Files\Dictionnaire
    2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2005-08-23 15:40:18 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    2005-10-24 07:39:23 56 --sh--r C:\WINDOWS\system32\8CD90E1E38.sys
    2003-08-16 19:56:00 579,584 --sha-r C:\WINDOWS\system32\cd.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D5A3B2-859E-42F5-AE9E-BC6D7EC1B0EB}]
    C:\WINDOWS\system32\VBA232.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208}]
    C:\Program Files\Accoona\ASearchAssist.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7531CF3-3DBE-4D68-BED9-E3697F3CDC9B}]
    C:\WINDOWS\system32\dplay32.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2EA6A7E-79FC-4CFB-90E4-898C742B44C5}]
    C:\WINDOWS\system32\mobsyncd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3E3A0A8-906B-47D7-8E5E-8C7F1D3C0BDC}]
    C:\WINDOWS\system32\ulib32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-01 23:12]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
    "h3yb0y"="C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe" []
    "h3yb0y1"="C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe" []
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "helpr"="C:\Program Files\SETI\helper.exe" []
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
    "AlcxMonitor"="ALCXMNTR.EXE" []
    "PS2"="C:\WINDOWS\system32\ps2.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43]
    "EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-15 19:02]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-18 08:38]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCShield"="regsvr32 /s C:\WINDOWS\system32\sfg.dll" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31]
    "L07FXLRD_674447171"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.exe" []
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-22 07:51]
    "Philips Intelligent Agent"="C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2007-03-06 10:58]
    "LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-05-15 16:12]
    "CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"=0 (0x0)
    "NoCommonGroups"=0 (0x0)
    "DisallowRun"=0 (0x0)
    "NoToolbarsOnTaskbar"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "1"=edi.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "bxsbang"= {D117607A-ED64-4810-9909-CD719374EE12} - C:\WINDOWS\bxsbang.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"="lsass.exe"
    "UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=. 3 SF3.DLL,noxizaca.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @="DiskDrive"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @="Hdc"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @="System"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @="Volume"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
    C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet /keeploaded /nodetect

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield]
    regsvr32 /s "C:\WINDOWS\system32\sfg.dll"

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
    R0 vax347b2;vax347b2;C:\WINDOWS\system32\DRIVERS\vax347b2.sys
    R0 vax347s2;vax347s2;C:\WINDOWS\system32\Drivers\vax347s2.sys
    R2 MicroGuard;MicroGuard Copy Protection;\??\C:\WINDOWS\system32\drivers\mgnt.sys
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
    S2 NoxizacDriver;Noxizac Driver;\??\C:\WINDOWS\system32\noxizac.sys
    S2 NoxizacSrv;Noxizac Service;C:\WINDOWS\system32\noxizac.exe
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State;C:\WINDOWS\system32\Drivers\frmupgr.sys
    S3 hSONYPVh;hSONYPVh;\??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hSONYPVh.sys
    S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS
    S3 OCBNEXFH;OCBNEXFH;C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\OCBNEXFH.exe
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 SaiH0464;SaiH0464;C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S4 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
    S4 QVMKLIL;QVMKLIL;C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\QVMKLIL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{096db9a4-0d52-11dc-b652-0060b3b148b3}]
    \Shell\AutoRun\command - G:\SETUP.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16e5fb2a-6824-11db-a3db-806d6172696f}]
    \Shell\AutoRun\command - G:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3970f550-40b0-11db-9d5b-806d6172696f}]
    \Shell\AutoRun\command - K:\SETUP.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d6f0b4a-35e0-11dc-9a38-806d6172696f}]
    \Shell\AutoRun\command - E:\autoplay.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47c058ab-3c1b-11dc-b036-806d6172696f}]
    \Shell\AutoRun\command - H:\autorun.exe
    \Shell\directx\command - H:\DirectX9\dxsetup.exe
    \Shell\setup\command - H:\install.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47c058c3-3c1b-11dc-b036-0060b3b148b3}]
    \Shell\AutoRun\command - EXPLORER.EXE
    \Shell\explore\Command - EXPLORER.EXE
    \Shell\open\Command - EXPLORER.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d5377a8-4a78-11db-90ea-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d5377aa-4a78-11db-90ea-806d6172696f}]
    \Shell\AutoRun\command - G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d37e11a-0923-11dc-b645-0060b3b148b3}]
    \Shell\AutoRun\command - EXPLORER.EXE
    \Shell\explore\Command - EXPLORER.EXE
    \Shell\open\Command - EXPLORER.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94c17f00-5499-11db-a6fe-806d6172696f}]
    \Shell\AutoRun\command - D:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a11c522a-3d00-11db-bb3c-806d6172696f}]
    \Shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4b15c4f-cf59-11db-9570-806d6172696f}]
    \Shell\AutoRun\command - F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab1b69cc-4bad-11db-8e77-806d6172696f}]
    \Shell\AutoRun\command - D:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab1b69d0-4bad-11db-8e77-806d6172696f}]
    \Shell\AutoRun\command - G:\EE2AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6a63ceb-b08e-11db-b7cf-0060b3b148b3}]
    \Shell\AutoRun\command - M:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de217750-44a2-11db-a39c-806d6172696f}]
    \Shell\AutoRun\command - G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4043a5a-56c1-11db-a1c1-806d6172696f}]
    \Shell\AutoRun\command - D:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d74926-5151-11db-a6d7-806d6172696f}]
    \Shell\AutoRun\command - D:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d74928-5151-11db-a6d7-806d6172696f}]
    \Shell\AutoRun\command - E:\AUTORUN\AUTORUN.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d7492a-5151-11db-a6d7-806d6172696f}]
    \Shell\AutoRun\command - G:\Autorun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-05 23:09:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-05 23:13:58 - machine was rebooted
    .
    --- E O F ---

    Ainsi que celui de hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:18:11, on 05/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\windows\system\hpsysdrv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 255.255.255.255
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 255.255.255.255:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - <default> - (no file)
    R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {65D5A3B2-859E-42F5-AE9E-BC6D7EC1B0EB} - C:\WINDOWS\system32\VBA232.DLL (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: (no name) - {B7531CF3-3DBE-4D68-BED9-E3697F3CDC9B} - C:\WINDOWS\system32\dplay32.dll (file missing)
    O2 - BHO: (no name) - {C2EA6A7E-79FC-4CFB-90E4-898C742B44C5} - C:\WINDOWS\system32\mobsyncd.dll (file missing)
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: (no name) - {F3E3A0A8-906B-47D7-8E5E-8C7F1D3C0BDC} - C:\WINDOWS\system32\ulib32.dll (file missing)
    O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll
    O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [L07FXLRD_674447171] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CCS\Services\Tcpip\..\{14DCEE1F-2437-4031-BA4A-C5A1D2178B73}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS5\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O17 - HKLM\System\CS6\Services\Tcpip\..\{0715969B-283B-4E93-8F2C-A4343706CA61}: NameServer = 85.155.115.94,85.155.118.94
    O20 - AppInit_DLLs: . 3 SF3.DLL,noxizaca.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O21 - SSODL: bxsbang - {D117607A-ED64-4810-9909-CD719374EE12} - C:\WINDOWS\bxsbang.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Noxizac Service (NoxizacSrv) - Unknown owner - C:\WINDOWS\system32\noxizac.exe (file missing)
    O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OCBNEXFH - Unknown owner - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\OCBNEXFH.exe (file missing)
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    0
  18. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok on verifie une chose et après on s'attaque au gros morceau.

    Fais un clic droit sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Fais un clic droit sur navilog1.zip et choisis "tout extraire"
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    0
  19. kevinr166
     
    Ok c'est fait :

    Search Navipromo version 3.3.4 commencé le 05/11/2007 à 23:44:48.68

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\HP_Propri‚taire\Application Data ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun fichier trouvé dans :

    - C:\WINDOWS\system32
    - C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1 *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche Heuristique :

    C:\WINDOWS\system32\ykmxghp.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup absent !

    *** Analyse terminée le 05/11/2007 à 23:51:11.71 ***
    0
  20. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    re

    Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
    Au menu principal, choisis 4 et valide.

    Le fix va te demander de saisir le nom de fichier.
    Saisies ce qui est en gras ci-dessous et rien d'autre puis valide:

    ykmxghp

    Le fix va te demander de le resaisir, fais-le et valide

    Le fix va t'informer qu'il va alors redémarrer ton PC
    Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    Appuie sur une touche comme demandé.
    (si ton Pc ne redémarre pas automatiquement, fais le toi même)
    Au redémarrage de ton PC, choisis ta session habituelle.

    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***
    Le blocnote va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver
    Referme le blocnote. Ton bureau va réapparaitre

    PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Cliques en haut à gauche sur fichiers et choisis "exécuter"
    Tapes explorer et valides. Celà te fera apparaitre ton bureau
    0
  21. kevinr166
     
    re! Ok c'est fai, voici le rapport :

    Clean Navipromo version 3.3.4 commencé le 06/11/2007 à 10:01:47.78

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11

    Mode suppression par méthode manuelle

    Nom du fichier saisi : ykmxghp

    *** Recherche, création sauvegardes et suppression ***

    * Suppression dans C:\WINDOWS\system32 *

    ykmxghp.dat trouvé !
    Copie ykmxghp.dat réalisé avec succès !
    ykmxghp.dat supprimé !

    * Suppression dans C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1 *

    *** Suppression dossiers dans C:\WINDOWS ***

    *** Suppression dossiers dans C:\Program Files ***

    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Suppression dossiers dans C:\Documents and Settings\HP_Propriétaire\Application Data ***

    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Suppression fichiers ***

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche, création sauvegardes et suppression Heuristique :

    *** Sauvegarde du Registre vers dossier Backupnavi ***

    sauvegarde du Registre réalisé avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup absent !

    *** Nettoyage terminé le 06/11/2007 à 10:09:15.00 ***
    0
  • 1
  • 2
  • 3