Bitdefender infected

Solved
philub Posted messages 254 Registration date   Status Member Last intervention   -  
noctambule28 Posted messages 25275 Registration date   Status Member Last intervention   -
Hello,
It has already been two days since I've been trying by all means to save my computer. I have Bitdefender Total Security 2008 and I feel like I'm having a lot of issues.

The last actions I took are:
- Secured my network
- Downloaded spy-secure
- Uninstalled spy-secure

Currently, a window pops up telling me that I am infected by a virus. And it's a Windows thing telling me that my computer is a victim of malware and that I don't have antivirus protection. The problem is that I have Bitdefender and I have reinstalled it twice, yet the message still appears.

That's not all, when I scan my system, Bitdefender spots the viruses and malware in question and asks me what actions to take. So I tell it to quarantine them. It tells me that it cannot, then asks me if I want to delete them. I select delete and it tells me it cannot delete. So I continue and it tells me that my computer is not fully protected because it is still infected. This is where I have a link to go to Bitdefender's site. Once I click on the link I get a MessageBox that says:
Unable to load the dialog box
Error 623: The system could not find the phone book entry.

Here is the link that I cannot open
http://kb.bitdefender.fr/KB376/

45 answers

  • 1
  • 2
  • 3
  1. noctambule28 Posted messages 25275 Registration date   Status Member Last intervention   2 875
     
    Hello

    Click on this link
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
    to download the HijackThis installation file.

    Save HJTInstall.exe to your desktop.

    Double-click on HJTInstall.exe to launch the program

    By default, it will install here:
    C:\Program Files\Trend Micro\HijackThis

    Accept the license by clicking on the "I Accept" button

    Choose the option "Do a system scan and save a log file"

    Click "Save log" to save the report that will open in Notepad

    Click on "Edit -> Select All," then "Edit -> Copy" to copy all the content of the report

    Paste the report you just copied onto this forum

    Do not fix ANY lines yet, as this could prevent your PC from functioning correctly

    Tutorials: http://pageperso.aol.fr/balltrap34/demohijack.htm (do not fix anything for the moment!!)
    http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

    And in the same vein

    Click on this link:
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    to download navilog1.exe.

    Choose Save

    and save it to your desktop.

    Then double-click on navilog1.exe to launch the installation.
    Once the installation is complete, the fix will run automatically.
    (If it does not, double-click on the Navilog1 shortcut present on the desktop).

    Follow the instructions. In the main menu, choose 1 and confirm.
    (do not choose 2, 3, or 4 without our advice/approval)

    Wait for the message:
    *** Scan Completed ..... ***
    Press a key as requested, Notepad will open.
    Copy and paste the entire report into your response. Close Notepad.
    The report is also saved at the root of the drive (fixnavi.txt)

    The two reports, for starters

    See you later
    --

    Humor is the keystone of consciousness
    0
  2. philub Posted messages 254 Registration date   Status Member Last intervention   58
     
    Logfile de Trend Micro HijackThis v2.0.2
    Analyse sauvegardée à 11:33:53, le 2007-12-14
    Plateforme : Windows XP SP2 (WinNT 5.01.2600)
    MSIE : Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Mode de démarrage : Normal

    Processus en cours :
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Driver\i386\ms-java.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\BITWARE\NT\bwprnmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?setlang=fr-CA&FORM=LTHP&mkt=en-ca&toHttps=1&redig=97927FA48C9041D3B1BB018B773EB4D4
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?setlang=fr-CA&FORM=LTHP&mkt=en-ca&toHttps=1&redig=97927FA48C9041D3B1BB018B773EB4D4
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.qc.ca/?icid=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook : (pas de nom) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook : Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (pas de fichier)
    O1 - Hosts : 66.98.148.65 auto.search.msn.com
    O1 - Hosts : 66.98.148.65 auto.search.msn.es
    O2 - BHO : Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO : ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (pas de fichier)
    O2 - BHO : SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO : (pas de nom) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (pas de fichier)
    O2 - BHO : Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO : Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO : Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar : Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar : BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar : Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run : [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run : [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run : [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run : [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
    O4 - HKLM\..\Run : [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run : [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run : [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
    O4 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run : [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run : [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run : [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run : [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
    O4 - HKLM\..\Run : [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run : [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run : [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run : [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run : [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run : [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run : [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run : [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run : [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run : [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run : [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKCU\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run : [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run : [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0
    O4 - HKCU\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run : [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Utilisateur 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Utilisateur 'Utilisateur par défaut')
    O4 - Démarrage de l'utilisateur .DEFAULT : Pin.lnk = C:\hp\bin\CLOAKER.EXE (Utilisateur 'Utilisateur par défaut')
    O4 - Démarrage : Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Démarrage : Pin.lnk = C:\hp\bin\CLOAKER.EXE
    O4 - Démarrage global : Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O4 - Démarrage global : HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Démarrage global : Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Démarrage global : Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Démarrage global : Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O4 - Démarrage global : Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel présent
    O8 - Élément de menu contextuel supplémentaire : Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Élément de menu contextuel supplémentaire : Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Élément de menu contextuel supplémentaire : Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Élément de menu contextuel supplémentaire : Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Élément de menu contextuel supplémentaire : Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Élément de menu contextuel supplémentaire : Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Élément de menu contextuel supplémentaire : Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Élément de menu contextuel supplémentaire : Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Élément de menu contextuel supplémentaire : Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Élément de menu contextuel supplémentaire : E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Bouton supplémentaire : (pas de nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Élément de menu 'Outils' supplémentaire : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Bouton supplémentaire : (pas de nom) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Élément de menu 'Outils' supplémentaire : Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Bouton supplémentaire : Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Bouton supplémentaire : Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Bouton supplémentaire : (pas de nom) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Bouton supplémentaire : ShopperReports - Comparer les prix des produits - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Bouton supplémentaire : ShopperReports - Comparer les tarifs des voyages - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Bouton supplémentaire : (pas de nom) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (pas de fichier)
    O9 - Bouton supplémentaire : Exécuter IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Bouton supplémentaire : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Élément de menu 'Outils' supplémentaire : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Bouton supplémentaire : (pas de nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Élément de menu 'Outils' supplémentaire : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Bouton supplémentaire : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Élément de menu 'Outils' supplémentaire : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Fichier inconnu dans Winsock LSP : c:\windows\system32\nwprovau.dll
    O23 - Service : Service Ad-Aware 2007 (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service : Service LM d'Adobe - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service : Service ANIWZCSd (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service : ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Service Bonjour) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service : C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service : Service Creative pour l'accès CDROM - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service : Serveur Firebird - Instance MAGIX (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service : Service de licence FLEXnet - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service : Service de mise à jour Google (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service : Gestionnaire de table d'InstallDriver (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service : Service LightScribeService Direct Disc Labeling (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service : Service de mise à jour de bureau BitDefender (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service : Ms-java - Propriétaire inconnu - C:\WINDOWS\Driver\i386\ms-java.exe
    O23 - Service : Planificateur Nero BackItUp 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service : NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service : Service du pilote d'affichage NVIDIA (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service : Pilote Pml HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    O23 - Service : Service Cyberlink RichVideo(CRVS) (RichVideo) - Propriétaire inconnu - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service : Bouclier antivirus BitDefender (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service : Worker d'image Windows (windownetpker) - Propriétaire inconnu - C:\Program Files\Internet Explorer\svchost.exe
    O23 - Service : Communicant BitDefender (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    Fin du fichier - 16215 octets
    0
  3. philub Posted messages 254 Registration date   Status Member Last intervention   58
     
    I also found this:
    http://www.bitdefender.fr/site/Downloads/browseFreeRemovalTool/

    and this that explains that we need to remove them manually
    http://www.bitdefender.fr/KB376-en--What-to-do-when-some-items-appear-as-unresolved?.html

    I don’t know if I’m mixing things up, but maybe the solution is here. I don’t know, I don’t know anything.
    The other report will arrive shortly.
    0
  4. philub Posted messages 254 Registration date   Status Member Last intervention   58
     
    Search Navipromo version 3.3.8 started on 2007-12-14 at 11:44:51.34

    !!! Attention, this report may indicate legitimate files/programs!!!
    !!! Post this report on the forum for analysis!!!
    !!! Do not start the disinfection process without the advice of a specialist!!!

    Tool executed from C:\Program Files\navilog1
    Updated on 11.12.2007 at 18:00 by IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer: 6.0.2900.2180
    File system: NTFS

    Executed in normal mode

    *** Searching for Installed Programs ***

    WebMediaPlayer

    *** Searching for folders in C:\WINDOWS ***

    *** Searching for folders in C:\Program Files ***

    C:\Program Files\WebMediaPlayer found!

    *** Searching for folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

    *** Searching for folders in "C:\Documents and Settings\philHubert\application data" ***

    *** Searching for folders in C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***

    ...\WebMediaPlayer found!

    *** Searching with Catchme-rootkit/stealth malware detector by gmer ***
    for more information: http://www.gmer.net

    Hidden file(s):

    C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.dat
    C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.exe
    C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_nav.dat
    C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_navps.dat

    *** Searching with GenericNaviSearch ***
    !!! All these results may reveal legitimate files!!!
    !!! Must be checked before any manual deletion!!!

    * Searching in C:\WINDOWS\system32 *

    * Searching in "C:\Documents and Settings\philHubert\local settings\application data" *

    Files found:

    elxjaw.exe found!

    *** Searching for files ***

    C:\DOCUME~1\ALLUSE~1\Desktop\WebMediaPlayer.lnk found!
    C:\WINDOWS\system32\nvs2.inf found!

    *** Searching for specific keys in the Registry ***

    HKEY_CURRENT_USER\Software\Lanconfig found!

    *** Additional Search Module ***
    (Searching for specific files)

    1) Searching for new Instant Access files:

    2) Heuristic Search:

    * In C:\WINDOWS\system32:

    * In "C:\Documents and Settings\philHubert\local settings\application data":

    3) Searching for Certificates:

    Egroup Certificate found!

    4) Searching for known files:

    *** Analysis completed on 2007-12-14 at 11:52:33.34 ***
    0
  5. noctambule28 Posted messages 25275 Registration date   Status Member Last intervention   2 875
     
    RE

    Your link points to Bitdefender tools, which could be interesting, but I'm not familiar with them, so I'll manage with what I have.
    -------------------
    Double-click on the Navilog1 shortcut on the desktop and follow the instructions.
    In the main menu, choose 2 and confirm.

    The fix will inform you that it will restart your PC.
    Close all open windows and save your personal documents.
    Press a key as prompted.
    (If your PC doesn't restart automatically, do it manually)
    When your PC restarts, choose your usual session.

    Wait for the message:
    *** Cleaning Finished ..... ***
    The notepad will open.
    Save the report so that you can find it later.
    Close the notepad. Your desktop will reappear.

    PS: If your desktop doesn't reappear, press CTRL+ALT+DELETE to open the Task Manager.
    Then go to the "Processes" tab. Click on "File" at the top left and choose "Run new task".
    Type explorer and confirm. This will make your desktop appear.

    Then

    Download this: (thanks to S!RI for this program).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    or
    http://siri.urz.free.fr/Fix/SmitfraudFix.php
    Run it, double-click on Smitfraudfix.cmd, choose option 1, it will generate a report.
    Copy/paste it here please.

    See you later
    --

    Humor is the keystone of consciousness.
    0
  6. philub Posted messages 254 Registration date   Status Member Last intervention   58
     
    Clean Navipromo version 3.3.8 started on 2007-12-14 at 12:26:10.40

    Tool executed from C:\Program Files\navilog1
    Updated on 11.12.2007 at 18:00 by IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer: 6.0.2900.2180
    File system: NTFS

    Automatic deletion mode

    *** Creation of backups of files found by Catchme ***

    Copying to "C:\Program Files\navilog1\Backupnavi"

    Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.dat completed successfully!
    Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.exe completed successfully!
    Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_nav.dat completed successfully!
    Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_navps.dat completed successfully!

    *** Deleting files found with Catchme ***

    C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.dat deleted!
    C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.exe deleted!
    C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_nav.dat deleted!
    C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_navps.dat deleted!

    ** 2nd pass with Catchme results **

    * In C:\WINDOWS\system32 *

    C:\WINDOWS\prefetch\elxjaw*.pf found!
    Copy C:\WINDOWS\prefetch\elxjaw*.pf completed successfully!
    C:\WINDOWS\prefetch\elxjaw*.pf deleted!

    * In "C:\Documents and Settings\philHubert\local settings\application data" *

    *** Deletion with backups of GenericNaviSearch results ***

    * Deleting in C:\WINDOWS\System32 *

    * Deleting in "C:\Documents and Settings\philHubert\local settings\application data" *

    *** Deleting folders in C:\WINDOWS ***

    *** Deleting folders in C:\Program Files ***

    C:\Program Files\WebMediaPlayer ...deleting...
    C:\Program Files\WebMediaPlayer deleted!

    *** Deleting folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

    *** Deleting folders in "C:\Documents and Settings\philHubert\application data" ***

    *** Deleting folders in C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***

    ...\WebMediaPlayer ...deleting...
    ...\WebMediaPlayer !!ERROR DELETING!!

    *** Deleting files ***

    C:\DOCUME~1\ALLUSE~1\Desktop\WebMediaPlayer.lnk deleted!
    C:\WINDOWS\system32\nvs2.inf deleted!

    *** Deleting temporary files ***

    Cleaning contents of C:\WINDOWS\Temp completed!
    Cleaning contents of C:\Documents and Settings\philHubert\local settings\Temp completed!

    *** Additional Search Processing ***
    (Searching for specific files)

    1)Deletion with backups of new Instant Access files:

    2)Search, create backups and deletion Heuristic:

    * In C:\WINDOWS\system32 *

    * In "C:\Documents and Settings\philHubert\local settings\application data" *

    *** Registry Backup to Backupnavi folder ***

    Registry backup completed successfully!

    *** Registry Cleaning ***

    Registry cleaning OK

    *** Certificates ***

    Egroup certificate deleted!

    *** Cleaning completed on 2007-12-14 at 12:31:22.76 ***
    0
  7. philub Posted messages 254 Registration date   Status Member Last intervention   58
     
    SmitFraudFix v2.267

    Report generated at 12:48:06.90, 2007-12-14
    Executed from C:\Documents and Settings\philHubert\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    The file system type is NTFS
    Fix executed in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Driver\i386\ms-java.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\BITWARE\NT\bwprnmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\philHubert

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\philHubert\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PHILHU~1\Favorites

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Items

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My homepage"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, the following keys are not necessarily infected!!!

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, the following keys are not necessarily infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, the following keys are not necessarily infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, the following keys are not necessarily infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    I do not provide my DNS because I believe it will harm my security?!?

    »»»»»»»»»»»»»»»»»»»»»»»» Searching for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  8. noctambule28 Posted messages 25275 Registration date   Status Member Last intervention   2 875
     
    can you run hijackthis again, please

    let me know where your problems are as well (still some alerts?)
    --

    Humor is the keystone of consciousness
    0
  9. philub Posted messages 254 Registration date   Status Member Last intervention   58
     
    BitDefender Log File
    Product: BitDefender Total Security 2008
    Version: BitDefender UIScanner V.11
    Log Date: 14:45:24 19/12/2007
    Log Path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1198093524_1_02.xml

    Path Analysis:Path0000: C:\
    Path0001: D:\
    Path0002: N:\

    Scan Options:Scan for viruses: Yes
    Detect adware: Yes
    Scan for spyware: Yes
    Scan applications: Yes
    Detect dialers: Yes
    Scan for Rootkits: Yes

    Target Selection Options:Scan registry keys: Yes
    Scan cookies: Yes
    Scan boot sector: Yes
    Scan memory processes: Yes
    Scan archives: Yes
    Scan packed files: Yes
    Scan emails: Yes
    Scan all files: Yes
    Heuristic analysis: Yes
    Analyzed extensions:
    Excluded extensions:

    Target ProcessingDefault action for infected items: disinfect
    Default action for suspicious items: None
    Default action for cloaked items: None

    Scan SummaryNumber of virus signatures: 960481
    Archive plugins: 41
    Email plugins: 6
    Scan plugins: 12
    Archive plugins: 41
    System plugins: 4
    Decompression plugins: 7

    General Scan SummaryItems scanned: 736278
    Infected items: 19
    Suspicious items: 0
    Resolved items: 1
    Individual viruses found: 12
    Directories scanned: 15056
    Boot sectors scanned: 5
    Archives scanned: 20085
    I/O Errors: 77
    Scan time: 00:07:08:33
    Files per second: 28

    Summary of Scanned ProcessesScanned: 71
    Infected: 0

    Summary of Scanned Registry KeysScanned: 397
    Infected: 0

    Summary of Scanned CookiesScanned: 39
    Infected: 0

    Unresolved Issues:Object Name Threat Name Final State
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0019 Adware.Hotbar.B Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0003 Adware.Hotbar.BI Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0002 Adware.Hotbar.CK Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107574.exe=](NSIS 2o)=]lzma_solid_nsis0007 Adware.Navipromo.BXQ Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107575.exe=](NSIS 2o)=]lzma_solid_nsis0007 Adware.Navipromo.BXQ Deletion failed (file in an archive)
    C:\Documents and Settings\philHubert\My Documents\webmediaplayer_setup.exe=](NSIS 2o)=]lzma_solid_nsis0006 Adware.Navipromo.BZJ Deletion failed (file in an archive)
    C:\Documents and Settings\philHubert\My Documents\webmediaplayer_setup.exe=](NSIS 2o)=]lzma_solid_nsis0014=](NSIS g)=]lzma_solid_nsis0002 Adware.Navipromo.BZJ Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0108446.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.Navipromo.BZJ Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107574.exe=](NSIS 2o)=]lzma_solid_nsis0008 Adware.SpywareSecure.A Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107575.exe=](NSIS 2o)=]lzma_solid_nsis0008 Adware.SpywareSecure.A Deletion failed (file in an archive)
    C:\WINDOWS\system32\txp\keygen.exe=](RAR Sfx o)=]winlogon.exe Application.Generic.6285 Deletion failed (file in an archive)
    C:\WINDOWS\system32\txp\keygen.exe=](RAR Sfx o)=]Mssvc.exe Application.Servu.Daemon.CE Deletion failed (file in an archive)
    C:\WINDOWS\system32\txp\keygen.exe=](RAR Sfx o)=]TzoLibr.dll Backdoor.RBot.BZO Deletion failed (file in an archive)
    C:\104813\Access.exe=](Embedded EXE o) Trojan.Dialer.FO Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0085893.exe=](NSIS o)=]zlib_nsis0001 Trojan.Hotbar.A Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0001 Trojan.Hotbar.A Deletion failed (file in an archive)
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0006=](NSIS g)=]zlib_nsis0001 Trojan.Hotbar.A Deletion failed (file in an archive)
    C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\A1QP652H\sp2-adtegrity-728[1].swf=][SWF command] Trojan.SwfDL.A Deletion failed (file in an archive)

    Resolved Issues:Object Name Threat Name Final State
    C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP541\A0105436.exe Adware.SpywareSecure.A Moved to quarantine
    0
  10. noctambule28 Posted messages 25275 Registration date   Status Member Last intervention   2 875
     
    Hello

    A good part is in the restoration files, but there are still a few cracks that have resisted!!!
    They are in archives,
    so
    disable system restore

    start->right-click on My Computer then Properties
    in the System Restore tab check Disable System Restore, then Apply (at the bottom right)
    then uncheck Disable System Restore, and Apply (you will have a clean point)

    Then

    Download Hoster:
    http://www.funkytoad.com/download/HostsXpert.zip

    * Unzip the folder on the desktop.
    * Launch Hoster and click on Restore Microsoft's Hosts File
    * Then run Hijackthis again and post the report

    there will be further steps to take afterward ...

    --

    Humor is the keystone of consciousness
    0
  11. philub Posted messages 254 Registration date   Status Member Last intervention   58
     
    Just before proceeding, is it dangerous to display our IP address? I went to the program provider's site HostsXpert. I translated the page http://www.mvps.org/winhelp2002/hosts.htm:
    ...........................................................................................................
    What it does ...
    The Hosts file contains mappings of IP addresses to hostnames. This file is loaded into memory (the cache) at startup, Windows then checks the Hosts file against one of the DNS server queries, which allows for the replacement of addresses in the DNS. This prevents access to the listed sites while redirecting connection attempts to the local computer. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, anticipating existing entries.

    You can use a HOSTS file to block ads, banners, third-party cookies, third-party web pages, bugs, and even most hijackers. This is achieved by blocking the connection(s) that supply these little gems.

    Example: the following entry 127.0.0.1 ad.doubleclick.net blocks all files delivered by this DoubleClick server to the web page you are viewing. It also prevents the server from tracking your movements. Why? ... Because in some cases, "Ad Servers" like Doubleclick (and many others) will try to open a connection on the web page you are viewing.

    For XP SP2 users, you should quickly see a Security Center on this subject. [Image]
    Just click No and continue. Yes, the instructions may be tedious, but at least you will know, however you shouldn't see these instructions if these entries are included in the HOSTS file.
    Note: this prompt only occurs if (for example) *.doubleclick.net is included in the "restricted zone".
    ...........................................................................................................

    There are many things about this program that I am afraid of. I am afraid of giving too much confidential information. Am I possibly mistaken? Does the program provide the IP address of the sites that infected me or does it give my IP address?

    Thank you
    0
  12. philub Posted messages 254 Registration date   Status Member Last intervention   58
     
    I'm stuck because my antivirus won't update anymore.
    0
  13. noctambule28 Posted messages 25275 Registration date   Status Member Last intervention   2 875
     
    Hello

    I suggested hosting because of these lines

    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    Your hosts file is corrupted, this is to restore it

    There are still issues

    Download SDFix (created by AndyManchesta) and save it to your Desktop.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double click on SDFix.exe and choose Install to extract it into a dedicated folder on the Desktop. Restart your computer in Safe Mode by following the procedure below:
    • Restart your computer in Safe Mode
    • After hearing the computer beep during startup, but before the Windows icon appears, tap the F8 key (one press per second).
    • Instead of the normal Windows loading, a menu with different options should appear.
    • Choose the first option to run Windows in Safe Mode, then press "Enter".
    • Choose your account.
    Roll down the list of instructions below:
    • Open the SDFix folder that was just created in the C:\ directory and double click on RunThis.bat to launch the script.
    • Press Y to start the cleaning process.
    • It will remove the services and registry entries of certain trojans found, then prompt you to press a key to restart.
    • Press a key to restart the PC.
    • Your system will take longer to restart than usual because the tool will continue to run and delete files.
    • After loading the Desktop, the tool will finish its work and display Finished.
    • Press a key to finish executing the script and load your Desktop icons.
    • Once the Desktop icons are displayed, the SDFix report will open on the screen and will also be saved in the SDFix folder as Report.txt.
    • Finally, copy/paste the content of the Report.txt file into your next response on the forum, along with a new Hijackthis log!

    See you
    --

    Humor is the keystone of consciousness
    0
  14. paco31
     
    Search Navipromo version 3.3.8 started on 12/29/2007 at 0:27:35.68

    !!! Warning, this report may indicate legitimate files/programs!!!
    !!! Post this report on the forum for analysis!!!
    !!! Do not start the disinfecting part without the advice of a specialist!!!

    Tool executed from C:\Program Files\navilog1
    Updated on 12.11.2007 at 6:00 PM by IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer: 7.0.5730.13
    File system: NTFS

    Executed in normal mode

    *** Searching Installed Programs ***

    *** Searching folders in C:\WINDOWS ***

    *** Searching folders in C:\Program Files ***

    *** Searching folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

    *** Searching folders in "C:\Documents and Settings\paco\application data" ***

    *** Searching folders in C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Searching with Catchme-rootkit/stealth malware detector by gmer ***
    for more info: http://www.gmer.net

    No Files found

    *** Searching with GenericNaviSearch ***
    !!! All these results may reveal legitimate files!!!
    !!! Must verify before any manual deletion!!!

    * Searching in C:\WINDOWS\system32 *

    * Searching in "C:\Documents and Settings\paco\local settings\application data" *

    *** Searching files ***

    *** Searching specific keys in the Registry ***

    *** Additional Search Module ***
    (Searching specific files)

    1) Searching for new Instant Access files:

    2) Heuristic Search:

    * In C:\WINDOWS\system32:

    * In "C:\Documents and Settings\paco\local settings\application data":

    3) Searching for Certificates:

    Certificate Egroup missing!

    4) Searching for known files:

    *** Analysis completed on 12/29/2007 at 0:28:49.76 ***
    0
  15. noctambule28 Posted messages 25275 Registration date   Status Member Last intervention   2 875
     
    You had already done that

    Download this: (thanks to S!RI for this program).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    or
    http://siri.urz.free.fr/Fix/SmitfraudFix.php
    Run it, double click on Smitfraudfix.cmd, choose option 1, it will generate a report
    Copy/paste it on the post please.

    --

    Humor is the keystone of consciousness
    0
  16. paco31
     
    SmitFraudFix v2.274

    Report made at 1:04:21.18, 29/12/2007
    Executed from C:\Program Files\AOL 9.0 VR\download\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    File system type is NTFS
    Fix executed in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\AOL\1198412413\ee\aolsoftware.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AOL 9.0 VR\waol.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\AOL 9.0 VR\shellmon.exe
    C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
    C:\Program Files\Ahead\NeroVision\NeroVision.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Corrupted hosts file!

    127.0.0.1 legal-at-spybot.info
    127.0.0.1 www.legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paco

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paco\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\paco\Favorites

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop items

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My homepage"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, the following keys may not be infected!!!

    IEDFix.exe by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, the following keys may not be infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, the following keys may not be infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, the following keys may not be infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: WAN (PPP/SLIP) Interface
    DNS Server Search Order: 86.64.145.140
    DNS Server Search Order: 84.103.237.140

    Description: Alcatel SpeedTouch(tm) USB ADSL RFC1483 - Packet Scheduling Miniport
    DNS Server Search Order: 132.165.195.1
    DNS Server Search Order: 152.163.154.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer=86.64.145.140 84.103.237.140
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer=86.64.145.145 84.103.237.145
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer=86.64.145.140 84.103.237.140
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1

    »»»»»»»»»»»»»»»»»»»»»»»» Searching wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  17. noctambule28 Posted messages 25275 Registration date   Status Member Last intervention   2 875
     
    Boot in safe mode:
    To do this, tap the F8 key right at the start of the PC booting without stopping
    A window will open, use the arrow keys to navigate to start in safe mode and then press enter.
    Once on the desktop, if there are no colors and other things, that’s normal!
    (If F8 doesn’t work, use the F5 key).
    ----------------------------------------------------------------------------
    Restart the Smitfraud program,
    This time choose option 2, answer yes to all;
    Save the report, restart in normal mode, copy/paste the saved report on the forum

    See you later
    --

    Humor is the keystone of consciousness.
    0
  18. paco31
     
    SmitFraudFix v2.274

    Report made at 1:38:55.20, 29/12/2007
    Executed from C:\Documents and Settings\paco\My Documents\My Pictures\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    The file system type is NTFS
    Fix executed in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!! Warning, the following keys are not necessarily infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Stopping processes

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com
    127.0.0.1 1001-search.info
    127.0.0.1 www.1001-search.info
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 132.com
    127.0.0.1 www.132.com
    127.0.0.1 136136.net
    127.0.0.1 www.136136.net
    127.0.0.1 139mm.com
    127.0.0.1 www.139mm.com
    127.0.0.1 163ns.com
    127.0.0.1 www.163ns.com
    127.0.0.1 171203.com
    127.0.0.1 17-plus.com
    127.0.0.1 1800searchonline.com
    127.0.0.1 www.1800searchonline.com
    127.0.0.1 180searchassistant.com
    127.0.0.1 www.180searchassistant.com
    127.0.0.1 180solutions.com
    127.0.0.1 www.180solutions.com
    127.0.0.1 181.365soft.info
    127.0.0.1 www.181.365soft.info
    127.0.0.1 1987324.com
    127.0.0.1 www.1987324.com
    127.0.0.1 1-domains-registrations.com
    127.0.0.1 www.1-domains-registrations.com
    127.0.0.1 1-extreme.biz
    127.0.0.1 www.1-extreme.biz
    127.0.0.1 1sexparty.com
    127.0.0.1 www.1sexparty.com
    127.0.0.1 1stantivirus.com
    127.0.0.1 www.1stantivirus.com
    127.0.0.1 1stpagehere.com
    127.0.0.1 www.1stpagehere.com
    127.0.0.1 1stsearchportal.com
    127.0.0.1 www.1stsearchportal.com
    127.0.0.1 2.82211.net
    127.0.0.1 www.2006ooo.com
    127.0.0.1 2007-download.com
    127.0.0.1 www.2007-download.com
    127.0.0.1 2020search.com
    127.0.0.1 www.2020search.com
    127.0.0.1 20x2p.com
    127.0.0.1 24.365soft.info
    127.0.0.1 www.24.365soft.info
    127.0.0.1 24-7pharmacy.info
    127.0.0.1 www.24-7pharmacy.info
    127.0.0.1 24-7searching-and-more.com
    127.0.0.1 www.24-7searching-and-more.com
    127.0.0.1 24teen.com
    127.0.0.1 www.24teen.com
    127.0.0.1 2every.net
    127.0.0.1 www.2every.net
    127.0.0.1 2ndpower.com
    127.0.0.1 2search.com
    127.0.0.1 www.2search.com
    127.0.0.1 2search.org
    127.0.0.1 www.2search.org
    127.0.0.1 2squared.com
    127.0.0.1 www.2squared.com
    127.0.0.1 3322.org
    127.0.0.1 www.3322.org
    127.0.0.1 365soft.info
    127.0.0.1 36site.com
    127.0.0.1 www.36site.com
    127.0.0.1 3721.com
    127.0.0.1 39-93.com
    127.0.0.1 3abetterinternet.com
    127.0.0.1 www.3abetterinternet.com
    127.0.0.1 3bay.it
    127.0.0.1 www.3bay.it
    127.0.0.1 3ebay.it
    127.0.0.1 www.3ebay.it
    127.0.0.1 404dns.com
    127.0.0.1 www.404dns.com
    127.0.0.1 4199.com
    127.0.0.1 www.4199.com
    127.0.0.1 4corn.net
    127.0.0.1 www.4corn.net
    127.0.0.1 4ebay.it
    127.0.0.1 www.4ebay.it
    127.0.0.1 4klm.com
    127.0.0.1 4repubblica.it
    127.0.0.1 www.4repubblica.it
    127.0.0.1 4softget.com
    127.0.0.1 www.4softget.com
    127.0.0.1 5iscali.it
    127.0.0.1 www.5iscali.it
    127.0.0.1 5repubblica.it
    127.0.0.1 www.5repubblica.it
    127.0.0.1 5starvideos.com
    127.0.0.1 www.5starvideos.com
    127.0.0.1 5tiscali.it
    127.0.0.1 www.5tiscali.it
    127.0.0.1 5zgmu7o20kt5d8yq.com
    127.0.0.1 www.5zgmu7o20kt5d8yq.com
    127.0.0.1 6iscali.it
    127.0.0.1 www.6iscali.it
    127.0.0.1 6sek.com
    127.0.0.1 www.6sek.com
    127.0.0.1 6tiscali.it
    127.0.0.1 www.6tiscali.it
    127.0.0.1 7322.com
    127.0.0.1 www.7322.com
    127.0.0.1 75tz.com
    127.0.0.1 777search.com
    127.0.0.1 www.777search.com
    127.0.0.1 777top.com
    127.0.0.1 www.777top.com
    127.0.0.1 7939.com
    127.0.0.1 www.7939.com
    127.0.0.1 7search.com
    127.0.0.1 www.7search.com
    127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
    127.0.0.1 82211.net
    127.0.0.1 8866.org
    127.0.0.1 888.com
    127.0.0.1 www.888.com
    127.0.0.1 8ad.com
    127.0.0.1 www.8ad.com
    127.0.0.1 9505.com
    127.0.0.1 www.9505.com
    127.0.0.1 971searchbox.com
    127.0.0.1 www.971searchbox.com
    127.0.0.1 a.bestmanage.org
    127.0.0.1 aaasexypics.com
    127.0.0.1 aaawebfinder.com
    127.0.0.1 www.aaawebfinder.com
    127.0.0.1 aavc.com
    127.0.0.1 abc-find.info
    127.0.0.1 www.abc-find.info
    127.0.0.1 abetterinternet.com
    127.0.0.1 www.abetterinternet.com
    127.0.0.1 abnetsoft.info
    127.0.0.1 www.abnetsoft.info
    127.0.0.1 aboutclicker.com
    127.0.0.1 www.aboutclicker.com
    127.0.0.1 abrp.net
    127.0.0.1 www.abrp.net
    127.0.0.1 absolutee.com
    127.0.0.1 www.absolutee.com
    127.0.0.1 abyssmedia.com
    127.0.0.1 www.abyssmedia.com
    127.0.0.1 ac66.cn
    127.0.0.1 www.ac66.cn
    127.0.0.1 access.Navinetwork.com
    127.0.0.1 access.rapid-pass.net
    127.0.0.1 accessactivexvideo.com
    127.0.0.1 www.accessactivexvideo.com
    127.0.0.1 accessclips.com
    127.0.0.1 www.accessclips.com
    127.0.0.1 access-dvd.com
    127.0.0.1 www.access-dvd.com
    127.0.0.1 accesskeygenerator.com
    127.0.0.1 www.accesskeygenerator.com
    127.0.0.1 accessorygeeks.com
    127.0.0.1 www.accessorygeeks.com
    127.0.0.1 accessthefuture.net
    127.0.0.1 www.accessthefuture.net
    127.0.0.1 accessvid.net
    127.0.0.1 www.accessvid.net
    127.0.0.1 acemedic.com
    127.0.0.1 www.acemedic.com
    127.0.0.1 ace-webmaster.com
    127.0.0.1 www.ace-webmaster.com
    127.0.0.1 acjp.com
    127.0.0.1 acrobat-2007.com
    127.0.0.1 www.acrobat-2007.com
    127.0.0.1 acrobat-8.com
    127.0.0.1 www.acrobat-8.com
    127.0.0.1 acrobat-center.com
    127.0.0.1 www.acrobat-center.com
    127.0.0.1 acrobat-hq.com
    127.0.0.1 www.acrobat-hq.com
    127.0.0.1 acrobatreader-8.com
    127.0.0.1 www.acrobatreader-8.com
    127.0.0.1 acrobat-reader-8.de
    127.0.0.1 www.acrobat-reader-8.de
    127.0.0.1 acrobat-stop.com
    127.0.0.1 www.acrobat-stop.com
    127.0.0.1 actionbreastcancer.org
    127.0.0.1 www.actionbreastcancer.org
    127.0.0.1 activesearcher.info
    127.0.0.1 www.activesearcher.info
    127.0.0.1 activexaccessobject.com
    127.0.0.1 www.activexaccessobject.com
    127.0.0.1 activexaccessvideo.com
    127.0.0.1 www.activexaccessvideo.com
    127.0.0.1 activexemedia.com
    127.0.0.1 www.activexemedia.com
    127.0.0.1 activexmediaobject.com
    127.0.0.1 www.activexmediaobject.com
    127.0.0.1 activexmediapro.com
    127.0.0.1 www.activexmediapro.com
    127.0.0.1 activexmediasite.com
    127.0.0.1 www.activexmediasite.com
    127.0.0.1 activexmediasoftware.com
    127.0.0.1 www.activexmediasoftware.com
    127.0.0.1 activexmediasource.com
    127.0.0.1 www.activexmediasource.com
    127.0.0.1 activexmediatool.com
    127.0.0.1 www.activexmediatool.com
    127.0.0.1 activexmediatour.com
    127.0.0.1 www.activexmediatour.com
    127.0.0.1 activexsoftwares.com
    127.0.0.1 www.activexsoftwares.com
    127.0.0.1 activexsource.com
    127.0.0.1 www.activexsource.com
    127.0.0.1 activexupdate.com
    127.0.0.1 www.activexupdate.com
    127.0.0.1 activexvideo.com
    127.0.0.1 www.activexvideo.com
    127.0.0.1 activexvideotool.com
    127.0.0.1 www.activexvideotool.com
    127.0.0.1 ad.marketingsector.com
    127.0.0.1 www.ad.marketingsector.com
    127.0.0.1 ad.mokead.com
    127.0.0.1 www.ad.mokead.com
    127.0.0.1 ad.yieldmanager.com
    127.0.0.1 www.ad.yieldmanager.com
    127.0.0.1 ad25.com
    127.0.0.1 ad45.com
    127.0.0.1 ad77.com
    127.0.0.1 ad86.com
    127.0.0.1 adamsupportgroup.org
    127.0.0.1 www.adamsupportgroup.org
    127.0.0.1 adarmor.com
    127.0.0.1 www.adarmor.com
    127.0.0.1 adasearch.com
    127.0.0.1 www.adasearch.com
    127.0.0.1 adaware.cc
    127.0.0.1 adawarenow.com
    127.0.0.1 www.adawarenow.com
    127.0.0.1 addictivetechnologies.com
    127.0.0.1 www.addictivetechnologies.com
    127.0.0.1 addictivetechnologies.net
    127.0.0.1 www.addictivetechnologies.net
    127.0.0.1 add-manager.com
    127.0.0.1 www.add-manager.com
    127.0.0.1 adgate.info
    127.0.0.1 www.adgate.info
    127.0.0.1 adipics.com
    127.0.0.1 www.adipics.com
    127.0.0.1 admin2cash.biz
    127.0.0.1 www.admin2cash.biz
    127.0.0.1 adnet-plus.com
    127.0.0.1 adobe-download-now.com
    127.0.0.1 adobe-downloads.com
    127.0.0.1 www.adobe-downloads.com
    127.0.0.1 adobe-reader-8.fr
    127.0.0.1 www.adobe-reader-8.fr
    127.0.0.1 adprotect.com
    127.0.0.1 www.adprotect.com
    127.0.0.1 ads.centralmedia.ws
    127.0.0.1 ads.k8l.info
    127.0.0.1 ads.kmpads.com
    127.0.0.1 ads.marketingsector.com
    127.0.0.1 ads.searchingbooth.com
    127.0.0.1 ads.z-quest.com
    127.0.0.1 ads183.com
    127.0.0.1 www.ads183.com
    127.0.0.1 adscontex.com
    127.0.0.1 www.adscontex.com
    127.0.0.1 adservices1.enhance.com
    127.0.0.1 www.adservices1.enhance.com
    127.0.0.1 adservs.com
    127.0.0.1 adsextend.net
    127.0.0.1 www.adsextend.net
    127.0.0.1 adshttp.com
    127.0.0.1 www.adshttp.com
    127.0.0.1 adsonwww.com
    127.0.0.1 www.adsonwww.com
    127.0.0.1 adspics.com
    127.0.0.1 www.adspics.com
    127.0.0.1 adtrak.net
    127.0.0.1 www.adtrak.net
    127.0.0.1 adtrgt.com
    127.0.0.1 adult777search.info
    127.0.0.1 www.adult777search.info
    127.0.0.1 adultan.com
    127.0.0.1 www.adultan.com
    127.0.0.1 adult-engine-search.com
    127.0.0.1 www.adult-engine-search.com
    127.0.0.1 adult-erotic-guide.net
    127.0.0.1 www.adult-erotic-guide.net
    127.0.0.1 adultfilmsite.com
    127.0.0.1 www.adultfilmsite.com
    127.0.0.1 adult-friends-finder.net
    127.0.0.1 www.adult-friends-finder.net
    127.0.0.1 adultgambling.org
    127.0.0.1 adult-host.org
    127.0.0.1 adulthyperlinks.com
    127.0.0.1 www.adulthyperlinks.com
    127.0.0.1 adultmovieplus.com
    127.0.0.1 www.adultmovieplus.com
    127.0.0.1 adult-personal.us
    127.0.0.1 adultsgames.net
    127.0.0.1 adultsper.com
    127.0.0.1 www.adultsper.com
    127.0.0.1 adulttds.com
    127.0.0.1 www.adulttds.com
    127.0.0.1 adultzoneworld.com
    127.0.0.1 www.adultzoneworld.com
    127.0.0.1 advcash.biz
    127.0.0.1 www.advcash.biz
    127.0.0.1 advert.exaccess.ru
    127.0.0.1 advertisemoney.info
    127.0.0.1 www.advertisemoney.info
    127.0.0.1 advertising.paltalk.com
    127.0.0.1 advertising-money.info
    127.0.0.1 www.advertising-money.info
    127.0.0.1 ad-ware.cc
    127.0.0.1 ad-w-a-r-e.com
    127.0.0.1 www.ad-w-a-r-e.com
    127.0.0.1 a-d-w-a-r-e.com
    127.0.0.1 www.a-d-w-a-r-e.com
    127.0.0.1 adwarebazooka.com
    127.0.0.1 www.adwarebazooka.com
    127.0.0.1 adwarefinder.com
    127.0.0.1 www.adwarefinder.com
    127.0.0.1 adwareprotectionsite.com
    127.0.0.1 www.adwareprotectionsite.com
    127.0.0.1 adwarepunisher.com
    127.0.0.1 www.adwarepunisher.com
    127.0.0.1 aflgate.com
    127.0.0.1 www.aflgate.com
    127.0.0.1 africaspromise.org
    127.0.0.1 agava.com
    127.0.0.1 agava.ru
    127.0.0.1 agentstudio.com
    127.0.0.1 aginegialle.it
    127.0.0.1 www.aginegialle.it
    127.0.0.1 www.aifind.info
    127.0.0.1 aifind.info
    127.0.0.1 airtleworld.com
    127.0.0.1 www.airtleworld.com
    127.0.0.1 aitalia.it
    127.0.0.1 www.aitalia.it
    127.0.0.1 akamai.downloadv3.com
    127.0.0.1 aklitalia.it
    127.0.0.1 www.aklitalia.it
    127.0.0.1 akril.com
    127.0.0.1 alcatel.ws
    127.0.0.1 alfacleaner.com
    127.0.0.1 www.alfacleaner.com
    127.0.0.1 alfa-search.com
    127.0.0.1 alialia.it
    127.0.0.1 www.alialia.it
    127.0.0.1 aliotalia.it
    127.0.0.1 www.aliotalia.it
    127.0.0.1 alirtalia.it
    127.0.0.1 www.alirtalia.it
    127.0.0.1 alitaia.it
    127.0.0.1 www.alitaia.it
    127.0.0.1 alitaklia.it
    127.0.0.1 www.alitaklia.it
    127.0.0.1 alitala.it
    127.0.0.1 www.alitala.it
    127.0.0.1 alitali.it
    127.0.0.1 www.alitali.it
    127.0.0.1 alitaliaq.it
    127.0.0.1 www.alitaliaq.it
    127.0.0.1 alitalias.it
    127.0.0.1 www.alitalias.it
    127.0.0.1 alitaliaz.it
    127.0.0.1 www.alitaliaz.it
    127.0.0.1 alitalioa.it
    127.0.0.1 www.alitalioa.it
    127.0.0.1 alitalisa.it
    127.0.0.1 www.alitalisa.it
    127.0.0.1 alitaliua.it
    127.0.0.1 www.alitaliua.it
    127.0.0.1 alitalkia.it
    127.0.0.1 www.alitalkia.it
    127.0.0.1 alitaloia.it
    127.0.0.1 www.alitaloia.it
    127.0.0.1 alitaluia.it
    127.0.0.1 www.alitaluia.it
    127.0.0.1 alitaslia.it
    127.0.0.1 www.alitaslia.it
    127.0.0.1 alitlia.it
    127.0.0.1 www.alitlia.it
    127.0.0.1 alitralia.it
    127.0.0.1 www.alitralia.it
    127.0.0.1 alitsalia.it
    127.0.0.1 www.alitsalia.it
    127.0.0.1 aliutalia.it
    127.0.0.1 www.aliutalia.it
    127.0.0.1 ALL1COUNT.NET
    127.0.0.1 www.ALL1COUNT.NET
    127.0.0.1 all4internet.com
    127.0.0.1 www.all4internet.com
    127.0.0.1 allabtcars.com
    127.0.0.1 allabtjeeps.com
    127.0.0.1 all-bittorrent.com
    127.0.0.1 www.all-bittorrent.com
    127.0.0.1 www.allcybersearch.com
    127.0.0.1 allcybersearch.com
    127.0.0.1 alldnserrors.com
    127.0.0.1 www.alldnserrors.com
    127.0.0.1 all-downloads-now.com
    127.0.0.1 www.all-downloads-now.com
    127.0.0.1 all-edonkey.com
    127.0.0.1 www.all-edonkey.com
    127.0.0.1 allforadult.com
    127.0.0.1 allhyperlinks.com
    127.0.0.1 alliesecurity.com
    127.0.0.1 www.alliesecurity.com
    127.0.0.1 all-inet.com
    127.0.0.1 allinternetbusiness.com
    127.0.0.1 all-limewire.com
    127.0.0.1 www.all-limewire.com
    127.0.0.1 allmegabucks.com
    127.0.0.1 www.allmegabucks.com
    127.0.0.1 allprotections.com
    127.0.0.1 www.allprotections.com
    127.0.0.1 allresultz.net
    127.0.0.1 www.allresultz.net
    127.0.0.1 allsecuritynotes.com
    127.0.0.1 www.allsecuritynotes.com
    127.0.0.1 allsecuritysite.com
    127.0.0.1 www.allsecuritysite.com
    127.0.0.1 allstarsvideos.net
    127.0.0.1 www.allstarsvideos.net
    127.0.0.1 alltruesoftware.com
    127.0.0.1 www.alltruesoftware.com
    127.0.0.1 allvideoactivex.com
    127.0.0.1 www.allvideoactivex.com
    127.0.0.1 almanah.biz
    127.0.0.1 www.almanah.biz
    127.0.0.1 almarvideos.com
    127.0.0.1 aloitalia.it
    127.0.0.1 www.aloitalia.it
    127.0.0.1 aluitalia.it
    127.0.0.1 www.aluitalia.it
    127.0.0.1 amaena.com
    127.0.0.1 www.amaena.com
    127.0.0.1 amandamountains.com
    127.0.0.1 amateurliveshow.com
    127.0.0.1 www.amateurliveshow.com
    127.0.0.1 amediasoftware.com
    127.0.0.1 www.amediasoftware.com
    127.0.0.1 amediasource.com
    127.0.0.1 www.amediasource.com
    127.0.0.1 americancarbargains.com
    127.0.0.1 www.americancarbargains.com
    127.0.0.1 american-teens.net
    127.0.0.1 amigeek.com
    127.0.0.1 amisbusiness.com
    127.0.0.1 ampmsearch.com
    127.0.0.1 www.ampmsearch.com
    127.0.0.1 analcord.com
    127.0.0.1 www.analcord.com
    127.0.0.1 analmovi.com
    127.0.0.1 anarchylolita.com
    127.0.0.1 www.anarchylolita.com
    127.0.0.1 anarchyporn.com
    127.0.0.1 andromedical.com
    127.0.0.1 www.andromedical.com
    127.0.0.1 animepornmag.com
    127.0.0.1 www.animepornmag.com
    127.0.0.1 anin.org
    127.0.0.1 anjpn-avxiz.biz
    127.0.0.1 www.anjpn-avxiz.biz
    127.0.0.1 anjpnzqav.biz
    127.0.0.1 www.anjpnzqav.biz
    127.0.0.1 anjpn-zqav.biz
    127.0.0.1 www.anjpn-zqav.biz
    127.0.0.1 annaromeo.com
    127.0.0.1 antiddos.us
    127.0.0.1 www.antiddos.us
    127.0.0.1 Antiespiadorado.com
    127.0.0.1 www.Antiespiadorado.com
    127.0.0.1 Antiespionspack.com
    127.0.0.1 www.Antiespionspack.com
    127.0.0.1 Antigusanos2008.com
    127.0.0.1 www.Antigusanos2008.com
    127.0.0.1 Antispionage.com
    127.0.0.1 www.Antispionage.com
    127.0.0.1 Antispionagepro.com
    127.0.0.1 www.Antispionagepro.com
    127.0.0.1 antispydns.biz
    127.0.0.1 www.antispydns.biz
    127.0.0.1 antispylab.com
    127.0.0.1 www.antispylab.com
    127.0.0.1 antispysolutions.com
    127.0.0.1 www.antispysolutions.com
    127.0.0.1 antispyware.com
    127.0.0.1 www.antispyware.com
    127.0.0.1 antispywarebot.com
    127.0.0.1 www.antispywarebot.com
    127.0.0.1 antispywarebox.com
    127.0.0.1 www.antispywarebox.com
    127.0.0.1 antispywaredownloads.com
    127.0.0.1 www.antispywaredownloads.com
    127.0.0.1 Antispywaresuite.com
    127.0.0.1 www.Antispywaresuite.com
    127.0.0.1 Antispyweb.net
    127.0.0.1 www.Antispyweb.net
    127.0.0.1 Antiver2008.com
    127.0.0.1 www.Antiver2008.com
    127.0.0.1 antivermins.com
    127.0.0.1 www.antivermins.com
    127.0.0.1 anti-vermins.com
    127.0.0.1 www.anti-vermins.com
    127.0.0.1 antivir2007.com
    127.0.0.1 www.antivir2007.com
    127.0.0.1 antivirgear.com
    127.0.0.1 www.antivirgear.com
    127.0.0.1 antivirus.fastfreedownload.com
    127.0.0.1 www.antivirus.fastfreedownload.com
    127.0.0.1 antivirusgolden.com
    127.0.0.1 www.antivirusgolden.com
    127.0.0.1 antivirus-hq.net
    127.0.0.1 www.antivirus-hq.net
    127.0.0.1 anti-virus-pro.com
    127.0.0.1 www.anti-virus-pro.com
    127.0.0.1 antivirusprotector.com
    127.0.0.1 www.antivirusprotector.com
    127.0.0.1 antivirussecuritypro.com
    127.0.0.1 www.antivirussecuritypro.com
    127.0.0.1 antivirus-stop.com
    127.0.0.1 www.antivirus-stop.com
    127.0.0.1 Antiworm2008.com
    127.0.0.1 www.Antiworm2008.com
    127.0.0.1 Antiwurm2008.com
    127.0.0.1 www.Antiwurm2008.com
    127.0.0.1 antrocity.com
    127.0.0.1 anyofus.com
    127.0.0.1 www.anyofus.com
    127.0.0.1 anysn.seproger.com
    127.0.0.1 www.anysn.seproger.com
    127.0.0.1 anything4health.com
    127.0.0.1 apicpreview.com
    127.0.0.1 www.apicpreview.com
    127.0.0.1 appealcircuit.com
    127.0.0.1 www.appealcircuit.com
    127.0.0.1 approvedlinks.com
    127.0.0.1 www.approvedlinks.com
    127.0.0.1 apps.deskwizz.com
    127.0.0.1 apps.webservicehost.com
    127.0.0.1 aprotectedpage.com
    127.0.0.1 www.aprotectedpage.com
    127.0.0.1 apsua.com
    127.0.0.1 archiviosex.net
    127.0.0.1 www.archiviosex.net
    127.0.0.1 aregay.com
    127.0.0.1 ares-freebie.com
    127.0.0.1 www.ares-freebie.com
    127.0.0.1 arespro2007.com
    127.0.0.1 www.arespro2007.com
    127.0.0.1 aresultra.com
    127.0.0.1 www.aresultra.com
    127.0.0.1 ares-usa.com
    127.0.0.1 www.ares-usa.com
    127.0.0.1 arheo.com
    127.0.0.1 arizonaweb.org
    127.0.0.1 armitageinn.com
    127.0.0.1 arquivojpgs.smtp.ru
    127.0.0.1 www.arquivojpgs.smtp.ru
    127.0.0.1 artachnid.com
    127.0.0.1 art-func.com
    127.0.0.1 art-xxx.com
    127.0.0.1 asafebrowser.com
    127.0.0.1 www.asafebrowser.com
    127.0.0.1 asafetynotice.com
    127.0.0.1 www.asafetynotice.com
    127.0.0.1 asafetypage.com
    127.0.0.1 www.asafetypage.com
    127.0.0.1 asdbiz.biz
    127.0.0.1 www.asdbiz.biz
    127.0.0.1 asdeykuddq.com
    127.0.0.1 www.asdeykuddq.com
    127.0.0.1 asecurebar.com
    127.0.0.1 www.asecurebar.com
    127.0.0.1 asecureboard.com
    127.0.0.1 www.asecureboard.com
    127.0.0.1 asecurevalue.com
    127.0.0.1 www.asecurevalue.com
    127.0.0.1 asecurityissue.com
    127.0.0.1 www.asecurityissue.com
    127.0.0.1 asecuritynotice.com
    127.0.0.1 www.asecuritynotice.com
    127.0.0.1 asecuritypaper.com
    127.0.0.1 www.asecuritypaper.com
    127.0.0.1 asecuritystuff.com
    127.0.0.1 www.asecuritystuff.com
    127.0.0.1 asiankingkong.com
    127.0.0.1 asianpornmag.com
    127.0.0.1 www.asianpornmag.com
    127.0.0.1 asiantoolbar.com
    127.0.0.1 www.asiantoolbar.com
    127.0.0.1 asidseiupc.com
    127.0.0.1 www.asidseiupc.com
    127.0.0.1 aslitalia.it
    127.0.0.1 www.aslitalia.it
    127.0.0.1 ass-gals.com
    127.0.0.1 assureprotection.com
    127.0.0.1 www.assureprotection.com
    127.0.0.1 asta-killer.com
    127.0.0.1 asupereva.it
    127.0.0.1 www.asupereva.it
    127.0.0.1 athenrye.com
    127.0.0.1 atotalsafety.com
    127.0.0.1 www.atotalsafety.com
    127.0.0.1 atrueprotection.com
    127.0.0.1 www.atrueprotection.com
    127.0.0.1 atruesecurity.com
    127.0.0.1 www.atruesecurity.com
    127.0.0.1 attackware.com
    127.0.0.1 www.attackware.com
    127.0.0.1 attrezzi.biz
    127.0.0.1 www.attrezzi.biz
    127.0.0.1 aulde.net
    127.0.0.1 www.aulde.net
    127.0.0.1 aupereva.it
    127.0.0.1 www.aupereva.it
    127.0.0.1 autocontext.begun.ru
    127.0.0.1 www.autocontext.begun.ru
    127.0.0.1 autoescrowpay.com
    127.0.0.1 avast.free-software-center.com
    127.0.0.1 www.avast.free-software-center.com
    127.0.0.1 avast-2007.com
    127.0.0.1 www.avast-2007.com
    127.0.0.1 avast-downloads.com
    127.0.0.1 www.avast-downloads.com
    127.0.0.1 avast-hq.com
    127.0.0.1 www.avast-hq.com
    127.0.0.1 avforce.com
    127.0.0.1 www.avforce.com
    127.0.0.1 avg.grab-it-today.net
    127.0.0.1 www.avg.grab-it-today.net
    127.0.0.1 avg.softwarecenterz.com
    127.0.0.1 www.avg.softwarecenterz.com
    127.0.0.1 avg-secure.com
    127.0.0.1 www.avg-secure.com
    127.0.0.1 avian-ads.com
    127.0.0.1 avideoaxaccess.com
    127.0.0.1 www.avideoaxaccess.com
    127.0.0.1 avideosurfer.com
    127.0.0.1 www.avideosurfer.com
    127.0.0.1 aviewersoft.com
    127.0.0.1 www.aviewersoft.com
    127.0.0.1 avpcheckupdate.com
    127.0.0.1 www.avpcheckupdate.com
    127.0.0.1 avxizaaqada.biz
    127.0.0.1 www.avxizaaqada.biz
    127.0.0.1 avxiz-anjpn.biz
    127.0.0.1 www.avxiz-anjpn.biz
    127.0.0.1 avxizueorn.biz
    127.0.0.1 www.avxizueorn.biz
    127.0.0.1 avxiz-ueorn.biz
    127.0.0.1 www.avxiz-ueorn.biz
    127.0.0.1 avxiz-vtvcp.biz
    127.0.0.1 www.avxiz-vtvcp.biz
    127.0.0.1 avxiz-ygco.biz
    127.0.0.1 www.avxiz-ygco.biz
    127.0.0.1 avxiz-zqav.biz
    127.0.0.1 www.avxiz-zqav.biz
    127.0.0.1 awarninglist.com
    127.0.0.1 www.awarninglist.com
    127.0.0.1 awbeta.net-nucleus.com
    127.0.0.1 awesomehomepage.com
    127.0.0.1 www.awesomehomepage.com
    127.0.0.1 awmcash.biz
    127.0.0.1 awmdabest.com
    127.0.0.1 axemediasoftware.com
    127.0.0.1 www.axemediasoftware.com
    127.0.0.1 aximageobject.com
    127.0.0.1 www.aximageobject.com
    127.0.0.1 axmediaproject.com
    127.0.0.1 www.axmediaproject.com
    127.0.0.1 axmediasoftware.com
    127.0.0.1 www.axmediasoftware.com
    127.0.0.1 axmediasolutions.com
    127.0.0.1 www.axmediasolutions.com
    127.0.0.1 axobjectpage.com
    127.0.0.1 www.axobjectpage.com
    127.0.0.1 axobjectsource.com
    127.0.0.1 www.axobjectsource.com
    127.0.0.1 axsoftwaretool.com
    127.0.0.1 www.axsoftwaretool.com
    127.0.0.1 axvideoproject.com
    127.0.0.1 www.axvideoproject.com
    127.0.0.1 axvideosetup.com
    127.0.0.1 www.axvideosetup.com
    127.0.0.1 ayakawamura.com
    127.0.0.1 ayb.dns-look-up.com
    127.0.0.1 ayb.netbios-wait.com
    127.0.0.1 ayumitaniguchi.com
    127.0.0.1 azebar.com
    127.0.0.1 azureusclub.com
    127.0.0.1 www.azureusclub.com
    127.0.0.1 azureus-freebie.com
    127.0.0.1 www.azureus-freebie.com
    127.0.0.1 azzetta.it
    127.0.0.1 www.azzetta.it
    127.0.0.1 b.casalemedia.com
    127.0.0.1 babe.k-lined.com
    127.0.0.1 www.babe.k-lined.com
    127.0.0.1 babe.the-killer.bz
    127.0.0.1 www.babe.the-killer.bz
    127.0.0.1 babenet.com
    127.0.0.1 www.babenet.com
    127.0.0.1 babespornmag.com
    127.0.0.1 www.babespornmag.com
    127.0.0.1 babeweb.de
    127.0.0.1 www.babeweb.de
    127.0.0.1 baccarat-other.info
    127.0.0.1 www.baccarat-other.info
    127.0.0.1 Backstripgirls.com
    127.0.0.1 www.Backstripgirls.com
    127.0.0.1 backup.mabou.org
    127.0.0.1 balotierra.com
    127.0.0.1 www.balotierra.com
    127.0.0.1 bannedhost.net
    127.0.0.1 barbudafarms.com
    127.0.0.1 bardownload.com
    127.0.0.1 www.bardownload.com
    127.0.0.1 barnandfence.com
    127.0.0.1 batsearch.com
    127.0.0.1 baygraphicsllc.com
    127.0.0.1 bbbsearch.com
    127.0.0.1 bb-search.com
    127.0.0.1 bdsmlibrary.net
    127.0.0.1 bdsmpornmag.com
    127.0.0.1 www.bdsmpornmag.com
    127.0.0.1 bearshare.download-me.info
    127.0.0.1 www.bearshare.download-me.info
    127.0.0.1 bearshare.mp3-muzic.com
    127.0.0.1 www.bearshare.mp3-muzic.com
    127.0.0.1 bearshare-download.org
    127.0.0.1 www.bearshare-download.org
    127.0.0.1 bearshare-downloads.net
    127.0.0.1 www.bearshare-downloads.net
    127.0.0.1 bearsharelive.co.uk
    127.0.0.1 www.bearsharelive.co.uk
    127.0.0.1 bearshare-music-downloads.com
    127.0.0.1 www.bearshare-music-downloads.com
    127.0.0.1 bearsharepro2007.com
    127.0.0.1 www.bearsharepro2007.com
    127.0.0.1 bearshare-usa.com
    127.0.0.1 www.bearshare-usa.com
    127.0.0.1 bedhome.com
    127.0.0.1 bediadance.com
    127.0.0.1 beebappyy.biz
    127.0.0.1 www.beebappyy.biz
    127.0.0.1 begin2search.com
    127.0.0.1 www.begin2search.com
    127.0.0.1 bellabasketsfl.com
    127.0.0.1 bernaolatwin.com
    127.0.0.1 best-counter.com
    127.0.0.1 bestcrawler.com
    127.0.0.1 bestfor.ru
    127.0.0.1 best-hardpics.com
    127.0.0.1 bestmanage.org
    127.0.0.1 www.bestmanage.org
    127.0.0.1 bestmanage0.org
    127.0.0.1 www.bestmanage0.org
    127.0.0.1 bestmanage1.org
    127.0.0.1 www.bestmanage1.org
    127.0.0.1 bestmanage2.org
    127.0.0.1 www.bestmanage2.org
    127.0.0.1 bestmanage3.org
    127.0.0.1 www.bestmanage3.org
    127.0.0.1 bestmanage4.org
    127.0.0.1 www.bestmanage4.org
    127.0.0.1 bestmanage5.org
    127.0.0.1 www.bestmanage5.org
    127.0.0.1 bestmanage6.org
    127.0.0.1 www.bestmanage6.org
    127.0.0.1 bestmanage7.org
    127.0.0.1 www.bestmanage7.org
    127.0.0.1 bestmanage8.org
    127.0.0.1 www.bestmanage8.org
    127.0.0.1 bestmanage9.org
    127.0.0.1 www.bestmanage9.org
    127.0.0.1 bestporngate.com
    127.0.0.1 bestsafetyguide.net
    127.0.0.1 www.bestsafetyguide.net
    127.0.0.1 best-spyware.info
    127.0.0.1 www.best-spyware.info
    127.0.0.1 best-targeted-traffic.com
    127.0.0.1 www.best-targeted-traffic.com
    127.0.0.1 best-voyeur.info
    127.0.0.1 www.best-voyeur.info
    127.0.0.1 bestweblinks.com
    127.0.0.1 best-winning-casino.com
    127.0.0.1 bestworldgirls-for-u.net
    127.0.0.1 www.bestworldgirls-for-u.net
    127.0.0.1 bestxporno.com
    127.0.0.1 bettersearch.biz
    127.0.0.1 www.bettersearch.biz
    127.0.0.1 bgazzetta.it
    127.0.0.1 www.bgazzetta.it
    127.0.0.1 bgoogle.it
    127.0.0.1 www.bgoogle.it
    127.0.0.1 bigtrafficnetwork.com
    127.0.0.1 www.bigtrafficnetwork.com
    127.0.0.1 bigwww.com
    127.0.0.1 www.bigwww.com
    127.0.0.1 bin.errorprotector.com
    127.0.0.1 bins.media-motor.net
    127.0.0.1 bins2.media-motor.net
    127.0.0.1 bis.180solutions.com
    127.0.0.1 bitchesonline.net
    127.0.0.1 bitcomet-freebie.com
    127.0.0.1 www.bitcomet-freebie.com
    127.0.0.1 biz.biz
    127.0.0.1 blackblues00.com
    127.0.0.1 www.blackblues00.com
    127.0.0.1 blackhats.tc
    127.0.0.1 www.blackhats.tc
    127.0.0.1 blackhawksoftware.com
    127.0.0.1 www.blackhawksoftware.com
    127.0.0.1 blackjack-free.net
    127.0.0.1 blazefind.com
    127.0.0.1 blender.xu.pl
    127.0.0.1 blondetgp.com
    127.0.0.1 blue-elefant.com
    127.0.0.1 www.blue-elefant.com
    127.0.0.1 bm.theaimonline.com
    127.0.0.1 www.bm.theaimonline.com
    127.0.0.1 bnmgate.com
    127.0.0.1 www.bnmgate.com
    127.0.0.1 bodaciousbabette.com
    127.0.0.1 bonzi.com
    127.0.0.1 www.bonzi.com
    127.0.0.1 boobdoll.com
    127.0.0.1 boobsandtits.com
    127.0.0.1 boobsclub.com
    127.0.0.1 bookedspace.com
    127.0.0.1 www.bookedspace.com
    127.0.0.1 boom.com.vn
    127.0.0.1 www.boom.com.vn
    127.0.0.1 boredlife.com
    127.0.0.1 bowlofogumbo.com
    127.0.0.1 bpfq02.com
    127.0.0.1 www.bpfq02.com
    127.0.0.1 bqgate.com
    127.0.0.1 www.bqgate.com
    127.0.0.1 br.errorsafe.com
    127.0.0.1 br.winantivirus.com
    127.0.0.1 br.winfixer.com
    127.0.0.1 bradcoem.org
    127.0.0.1 braincodec.com
    127.0.0.1 www.braincodec.com
    127.0.0.1 brandiyoung.com
    127.0.0.1 bravesentry.com
    127.0.0.1 www.bravesentry.com
    127.0.0.1 breenten.biz
    127.0.0.1 www.breenten.biz
    127.0.0.1 brodbfm.net
    127.0.0.1 www.brodbfm.net
    127.0.0.1 brookeburn.com
    127.0.0.1 browserwise.com
    127.0.0.1 www.browserwise.com
    127.0.0.1 bucps.com
    127.0.0.1 buhartes.info
    127.0.0.1 buldog-stats.com
    127.0.0.1 bullseye-network.com
    127.0.0.1 www.bullseye-network.com
    127.0.0.1 burgerkingbigscreen.com
    127.0.0.1 burnsrecyclinginc.com
    127.0.0.1 www.burnsrecyclinginc.com
    127.0.0.1 buscards.net
    127.0.0.1 bustyrussell.com
    127.0.0.1 busysearch.net
    127.0.0.1 www.busysearch.net
    127.0.0.1 buttejazz.org
    127.0.0.1 buy-find.info
    127.0.0.1 www.buy-find.info
    127.0.0.1 buyselldomain.net
    127.0.0.1 buytraff.biz
    127.0.0.1 www.buytraff.biz
    127.0.0.1 buz.ru
    127.0.0.1 bvirgilio.it
    127.0.0.1 www.bvirgilio.it
    127.0.0.1 c.centralmedia.ws
    127.0.0.1 c.enhance.com
    127.0.0.1 www.c.enhance.com
    127.0.0.1 c.goclick.com
    127.0.0.1 c4tdownload.com
    127.0.0.1
    0
  19. noctambule28 Posted messages 25275 Registration date   Status Member Last intervention   2 875
     
    you can put back a hijackthis

    and see you tomorrow for sure
    --

    Humor is the keystone of consciousness
    0
  20. paco31
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:41:00, on 29/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\AOL\1198412413\ee\aolsoftware.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AOL 9.0 VR\waol.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\AOL 9.0 VR\shellmon.exe
    C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
    R3 - URLSearchHook: Yahoo! Toolbar with popup blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar with popup blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [Shortcut to High Definition Audio Properties Page] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1198412413\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar Search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer = 132.165.195.1,152.163.154.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer = 84.103.237.147 86.64.145.147
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer = 158.165.156.1,123.156.189.1
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 8032 bytes
    0
  • 1
  • 2
  • 3