Bitdefender infected
Solved
philub
Posted messages
254
Registration date
Status
Membre
Last intervention
-
noctambule28 Posted messages 25275 Registration date Status Membre Last intervention -
noctambule28 Posted messages 25275 Registration date Status Membre Last intervention -
Hello,
It has already been two days since I've been trying by all means to save my computer. I have Bitdefender Total Security 2008 and I feel like I'm having a lot of issues.
The last actions I took are:
- Secured my network
- Downloaded spy-secure
- Uninstalled spy-secure
Currently, a window pops up telling me that I am infected by a virus. And it's a Windows thing telling me that my computer is a victim of malware and that I don't have antivirus protection. The problem is that I have Bitdefender and I have reinstalled it twice, yet the message still appears.
That's not all, when I scan my system, Bitdefender spots the viruses and malware in question and asks me what actions to take. So I tell it to quarantine them. It tells me that it cannot, then asks me if I want to delete them. I select delete and it tells me it cannot delete. So I continue and it tells me that my computer is not fully protected because it is still infected. This is where I have a link to go to Bitdefender's site. Once I click on the link I get a MessageBox that says:
Unable to load the dialog box
Error 623: The system could not find the phone book entry.
Here is the link that I cannot open
http://kb.bitdefender.fr/KB376/
It has already been two days since I've been trying by all means to save my computer. I have Bitdefender Total Security 2008 and I feel like I'm having a lot of issues.
The last actions I took are:
- Secured my network
- Downloaded spy-secure
- Uninstalled spy-secure
Currently, a window pops up telling me that I am infected by a virus. And it's a Windows thing telling me that my computer is a victim of malware and that I don't have antivirus protection. The problem is that I have Bitdefender and I have reinstalled it twice, yet the message still appears.
That's not all, when I scan my system, Bitdefender spots the viruses and malware in question and asks me what actions to take. So I tell it to quarantine them. It tells me that it cannot, then asks me if I want to delete them. I select delete and it tells me it cannot delete. So I continue and it tells me that my computer is not fully protected because it is still infected. This is where I have a link to go to Bitdefender's site. Once I click on the link I get a MessageBox that says:
Unable to load the dialog box
Error 623: The system could not find the phone book entry.
Here is the link that I cannot open
http://kb.bitdefender.fr/KB376/
45 réponses
- 1
- 2
- 3
Suivant
Hello
Click on this link
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
to download the HijackThis installation file.
Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to launch the program
By default, it will install here:
C:\Program Files\Trend Micro\HijackThis
Accept the license by clicking on the "I Accept" button
Choose the option "Do a system scan and save a log file"
Click "Save log" to save the report that will open in Notepad
Click on "Edit -> Select All," then "Edit -> Copy" to copy all the content of the report
Paste the report you just copied onto this forum
Do not fix ANY lines yet, as this could prevent your PC from functioning correctly
Tutorials: http://pageperso.aol.fr/balltrap34/demohijack.htm (do not fix anything for the moment!!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
And in the same vein
Click on this link:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
to download navilog1.exe.
Choose Save
and save it to your desktop.
Then double-click on navilog1.exe to launch the installation.
Once the installation is complete, the fix will run automatically.
(If it does not, double-click on the Navilog1 shortcut present on the desktop).
Follow the instructions. In the main menu, choose 1 and confirm.
(do not choose 2, 3, or 4 without our advice/approval)
Wait for the message:
*** Scan Completed ..... ***
Press a key as requested, Notepad will open.
Copy and paste the entire report into your response. Close Notepad.
The report is also saved at the root of the drive (fixnavi.txt)
The two reports, for starters
See you later
--
Humor is the keystone of consciousness
Click on this link
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
to download the HijackThis installation file.
Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to launch the program
By default, it will install here:
C:\Program Files\Trend Micro\HijackThis
Accept the license by clicking on the "I Accept" button
Choose the option "Do a system scan and save a log file"
Click "Save log" to save the report that will open in Notepad
Click on "Edit -> Select All," then "Edit -> Copy" to copy all the content of the report
Paste the report you just copied onto this forum
Do not fix ANY lines yet, as this could prevent your PC from functioning correctly
Tutorials: http://pageperso.aol.fr/balltrap34/demohijack.htm (do not fix anything for the moment!!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
And in the same vein
Click on this link:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
to download navilog1.exe.
Choose Save
and save it to your desktop.
Then double-click on navilog1.exe to launch the installation.
Once the installation is complete, the fix will run automatically.
(If it does not, double-click on the Navilog1 shortcut present on the desktop).
Follow the instructions. In the main menu, choose 1 and confirm.
(do not choose 2, 3, or 4 without our advice/approval)
Wait for the message:
*** Scan Completed ..... ***
Press a key as requested, Notepad will open.
Copy and paste the entire report into your response. Close Notepad.
The report is also saved at the root of the drive (fixnavi.txt)
The two reports, for starters
See you later
--
Humor is the keystone of consciousness
Logfile de Trend Micro HijackThis v2.0.2
Analyse sauvegardée à 11:33:53, le 2007-12-14
Plateforme : Windows XP SP2 (WinNT 5.01.2600)
MSIE : Internet Explorer v6.00 SP2 (6.00.2900.2180)
Mode de démarrage : Normal
Processus en cours :
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Driver\i386\ms-java.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?setlang=fr-CA&FORM=LTHP&mkt=en-ca&toHttps=1&redig=97927FA48C9041D3B1BB018B773EB4D4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?setlang=fr-CA&FORM=LTHP&mkt=en-ca&toHttps=1&redig=97927FA48C9041D3B1BB018B773EB4D4
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.qc.ca/?icid=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook : (pas de nom) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook : Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (pas de fichier)
O1 - Hosts : 66.98.148.65 auto.search.msn.com
O1 - Hosts : 66.98.148.65 auto.search.msn.es
O2 - BHO : Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO : ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (pas de fichier)
O2 - BHO : SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO : (pas de nom) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (pas de fichier)
O2 - BHO : Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO : Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO : Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar : Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar : BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar : Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run : [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run : [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run : [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run : [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run : [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run : [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run : [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run : [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run : [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run : [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run : [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
O4 - HKLM\..\Run : [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run : [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run : [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run : [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run : [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run : [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run : [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run : [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run : [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run : [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run : [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run : [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run : [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0
O4 - HKCU\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run : [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Utilisateur 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Utilisateur 'Utilisateur par défaut')
O4 - Démarrage de l'utilisateur .DEFAULT : Pin.lnk = C:\hp\bin\CLOAKER.EXE (Utilisateur 'Utilisateur par défaut')
O4 - Démarrage : Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Démarrage : Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Démarrage global : Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Démarrage global : HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Démarrage global : Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Démarrage global : Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Démarrage global : Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Démarrage global : Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel présent
O8 - Élément de menu contextuel supplémentaire : Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Élément de menu contextuel supplémentaire : Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Élément de menu contextuel supplémentaire : Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Élément de menu contextuel supplémentaire : Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Élément de menu contextuel supplémentaire : Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Élément de menu contextuel supplémentaire : Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Élément de menu contextuel supplémentaire : Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Élément de menu contextuel supplémentaire : Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Élément de menu contextuel supplémentaire : Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Élément de menu contextuel supplémentaire : E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Bouton supplémentaire : (pas de nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Élément de menu 'Outils' supplémentaire : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Bouton supplémentaire : (pas de nom) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Élément de menu 'Outils' supplémentaire : Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Bouton supplémentaire : Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Bouton supplémentaire : Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Bouton supplémentaire : (pas de nom) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Bouton supplémentaire : ShopperReports - Comparer les prix des produits - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Bouton supplémentaire : ShopperReports - Comparer les tarifs des voyages - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Bouton supplémentaire : (pas de nom) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (pas de fichier)
O9 - Bouton supplémentaire : Exécuter IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Bouton supplémentaire : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Élément de menu 'Outils' supplémentaire : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Bouton supplémentaire : (pas de nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Élément de menu 'Outils' supplémentaire : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Bouton supplémentaire : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Élément de menu 'Outils' supplémentaire : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Fichier inconnu dans Winsock LSP : c:\windows\system32\nwprovau.dll
O23 - Service : Service Ad-Aware 2007 (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service : Service LM d'Adobe - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service : Service ANIWZCSd (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service : ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Service Bonjour) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service : C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service : Service Creative pour l'accès CDROM - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service : Serveur Firebird - Instance MAGIX (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service : Service de licence FLEXnet - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service : Service de mise à jour Google (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service : Gestionnaire de table d'InstallDriver (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service : Service LightScribeService Direct Disc Labeling (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service : Service de mise à jour de bureau BitDefender (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service : Ms-java - Propriétaire inconnu - C:\WINDOWS\Driver\i386\ms-java.exe
O23 - Service : Planificateur Nero BackItUp 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service : NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service : Service du pilote d'affichage NVIDIA (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service : Pilote Pml HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service : Service Cyberlink RichVideo(CRVS) (RichVideo) - Propriétaire inconnu - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service : Bouclier antivirus BitDefender (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service : Worker d'image Windows (windownetpker) - Propriétaire inconnu - C:\Program Files\Internet Explorer\svchost.exe
O23 - Service : Communicant BitDefender (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
Fin du fichier - 16215 octets
Analyse sauvegardée à 11:33:53, le 2007-12-14
Plateforme : Windows XP SP2 (WinNT 5.01.2600)
MSIE : Internet Explorer v6.00 SP2 (6.00.2900.2180)
Mode de démarrage : Normal
Processus en cours :
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Driver\i386\ms-java.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?setlang=fr-CA&FORM=LTHP&mkt=en-ca&toHttps=1&redig=97927FA48C9041D3B1BB018B773EB4D4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?setlang=fr-CA&FORM=LTHP&mkt=en-ca&toHttps=1&redig=97927FA48C9041D3B1BB018B773EB4D4
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.qc.ca/?icid=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook : (pas de nom) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook : Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (pas de fichier)
O1 - Hosts : 66.98.148.65 auto.search.msn.com
O1 - Hosts : 66.98.148.65 auto.search.msn.es
O2 - BHO : Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO : ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (pas de fichier)
O2 - BHO : SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO : (pas de nom) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (pas de fichier)
O2 - BHO : Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO : Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO : Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar : Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar : BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar : Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run : [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run : [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run : [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run : [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run : [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run : [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run : [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run : [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run : [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run : [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run : [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
O4 - HKLM\..\Run : [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run : [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run : [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run : [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run : [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run : [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run : [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run : [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run : [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run : [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run : [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run : [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run : [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0
O4 - HKCU\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run : [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Utilisateur 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Utilisateur 'Utilisateur par défaut')
O4 - Démarrage de l'utilisateur .DEFAULT : Pin.lnk = C:\hp\bin\CLOAKER.EXE (Utilisateur 'Utilisateur par défaut')
O4 - Démarrage : Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Démarrage : Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Démarrage global : Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Démarrage global : HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Démarrage global : Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Démarrage global : Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Démarrage global : Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Démarrage global : Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel présent
O8 - Élément de menu contextuel supplémentaire : Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Élément de menu contextuel supplémentaire : Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Élément de menu contextuel supplémentaire : Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Élément de menu contextuel supplémentaire : Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Élément de menu contextuel supplémentaire : Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Élément de menu contextuel supplémentaire : Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Élément de menu contextuel supplémentaire : Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Élément de menu contextuel supplémentaire : Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Élément de menu contextuel supplémentaire : Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Élément de menu contextuel supplémentaire : E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Bouton supplémentaire : (pas de nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Élément de menu 'Outils' supplémentaire : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Bouton supplémentaire : (pas de nom) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Élément de menu 'Outils' supplémentaire : Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Bouton supplémentaire : Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Bouton supplémentaire : Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Bouton supplémentaire : (pas de nom) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Bouton supplémentaire : ShopperReports - Comparer les prix des produits - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Bouton supplémentaire : ShopperReports - Comparer les tarifs des voyages - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Bouton supplémentaire : (pas de nom) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (pas de fichier)
O9 - Bouton supplémentaire : Exécuter IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Bouton supplémentaire : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Élément de menu 'Outils' supplémentaire : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Bouton supplémentaire : (pas de nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Élément de menu 'Outils' supplémentaire : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Bouton supplémentaire : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Élément de menu 'Outils' supplémentaire : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Fichier inconnu dans Winsock LSP : c:\windows\system32\nwprovau.dll
O23 - Service : Service Ad-Aware 2007 (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service : Service LM d'Adobe - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service : Service ANIWZCSd (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service : ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Service Bonjour) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service : C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service : Service Creative pour l'accès CDROM - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service : Serveur Firebird - Instance MAGIX (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service : Service de licence FLEXnet - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service : Service de mise à jour Google (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service : Gestionnaire de table d'InstallDriver (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service : Service LightScribeService Direct Disc Labeling (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service : Service de mise à jour de bureau BitDefender (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service : Ms-java - Propriétaire inconnu - C:\WINDOWS\Driver\i386\ms-java.exe
O23 - Service : Planificateur Nero BackItUp 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service : NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service : Service du pilote d'affichage NVIDIA (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service : Pilote Pml HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service : Service Cyberlink RichVideo(CRVS) (RichVideo) - Propriétaire inconnu - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service : Bouclier antivirus BitDefender (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service : Worker d'image Windows (windownetpker) - Propriétaire inconnu - C:\Program Files\Internet Explorer\svchost.exe
O23 - Service : Communicant BitDefender (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
Fin du fichier - 16215 octets
I also found this:
http://www.bitdefender.fr/site/Downloads/browseFreeRemovalTool/
and this that explains that we need to remove them manually
http://www.bitdefender.fr/KB376-en--What-to-do-when-some-items-appear-as-unresolved?.html
I don’t know if I’m mixing things up, but maybe the solution is here. I don’t know, I don’t know anything.
The other report will arrive shortly.
http://www.bitdefender.fr/site/Downloads/browseFreeRemovalTool/
and this that explains that we need to remove them manually
http://www.bitdefender.fr/KB376-en--What-to-do-when-some-items-appear-as-unresolved?.html
I don’t know if I’m mixing things up, but maybe the solution is here. I don’t know, I don’t know anything.
The other report will arrive shortly.
Search Navipromo version 3.3.8 started on 2007-12-14 at 11:44:51.34
!!! Attention, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfection process without the advice of a specialist!!!
Tool executed from C:\Program Files\navilog1
Updated on 11.12.2007 at 18:00 by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 6.0.2900.2180
File system: NTFS
Executed in normal mode
*** Searching for Installed Programs ***
WebMediaPlayer
*** Searching for folders in C:\WINDOWS ***
*** Searching for folders in C:\Program Files ***
C:\Program Files\WebMediaPlayer found!
*** Searching for folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Searching for folders in "C:\Documents and Settings\philHubert\application data" ***
*** Searching for folders in C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
...\WebMediaPlayer found!
*** Searching with Catchme-rootkit/stealth malware detector by gmer ***
for more information: http://www.gmer.net
Hidden file(s):
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.dat
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.exe
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_nav.dat
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_navps.dat
*** Searching with GenericNaviSearch ***
!!! All these results may reveal legitimate files!!!
!!! Must be checked before any manual deletion!!!
* Searching in C:\WINDOWS\system32 *
* Searching in "C:\Documents and Settings\philHubert\local settings\application data" *
Files found:
elxjaw.exe found!
*** Searching for files ***
C:\DOCUME~1\ALLUSE~1\Desktop\WebMediaPlayer.lnk found!
C:\WINDOWS\system32\nvs2.inf found!
*** Searching for specific keys in the Registry ***
HKEY_CURRENT_USER\Software\Lanconfig found!
*** Additional Search Module ***
(Searching for specific files)
1) Searching for new Instant Access files:
2) Heuristic Search:
* In C:\WINDOWS\system32:
* In "C:\Documents and Settings\philHubert\local settings\application data":
3) Searching for Certificates:
Egroup Certificate found!
4) Searching for known files:
*** Analysis completed on 2007-12-14 at 11:52:33.34 ***
!!! Attention, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfection process without the advice of a specialist!!!
Tool executed from C:\Program Files\navilog1
Updated on 11.12.2007 at 18:00 by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 6.0.2900.2180
File system: NTFS
Executed in normal mode
*** Searching for Installed Programs ***
WebMediaPlayer
*** Searching for folders in C:\WINDOWS ***
*** Searching for folders in C:\Program Files ***
C:\Program Files\WebMediaPlayer found!
*** Searching for folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Searching for folders in "C:\Documents and Settings\philHubert\application data" ***
*** Searching for folders in C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
...\WebMediaPlayer found!
*** Searching with Catchme-rootkit/stealth malware detector by gmer ***
for more information: http://www.gmer.net
Hidden file(s):
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.dat
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.exe
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_nav.dat
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_navps.dat
*** Searching with GenericNaviSearch ***
!!! All these results may reveal legitimate files!!!
!!! Must be checked before any manual deletion!!!
* Searching in C:\WINDOWS\system32 *
* Searching in "C:\Documents and Settings\philHubert\local settings\application data" *
Files found:
elxjaw.exe found!
*** Searching for files ***
C:\DOCUME~1\ALLUSE~1\Desktop\WebMediaPlayer.lnk found!
C:\WINDOWS\system32\nvs2.inf found!
*** Searching for specific keys in the Registry ***
HKEY_CURRENT_USER\Software\Lanconfig found!
*** Additional Search Module ***
(Searching for specific files)
1) Searching for new Instant Access files:
2) Heuristic Search:
* In C:\WINDOWS\system32:
* In "C:\Documents and Settings\philHubert\local settings\application data":
3) Searching for Certificates:
Egroup Certificate found!
4) Searching for known files:
*** Analysis completed on 2007-12-14 at 11:52:33.34 ***
RE
Your link points to Bitdefender tools, which could be interesting, but I'm not familiar with them, so I'll manage with what I have.
-------------------
Double-click on the Navilog1 shortcut on the desktop and follow the instructions.
In the main menu, choose 2 and confirm.
The fix will inform you that it will restart your PC.
Close all open windows and save your personal documents.
Press a key as prompted.
(If your PC doesn't restart automatically, do it manually)
When your PC restarts, choose your usual session.
Wait for the message:
*** Cleaning Finished ..... ***
The notepad will open.
Save the report so that you can find it later.
Close the notepad. Your desktop will reappear.
PS: If your desktop doesn't reappear, press CTRL+ALT+DELETE to open the Task Manager.
Then go to the "Processes" tab. Click on "File" at the top left and choose "Run new task".
Type explorer and confirm. This will make your desktop appear.
Then
Download this: (thanks to S!RI for this program).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
or
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Run it, double-click on Smitfraudfix.cmd, choose option 1, it will generate a report.
Copy/paste it here please.
See you later
--
Humor is the keystone of consciousness.
Your link points to Bitdefender tools, which could be interesting, but I'm not familiar with them, so I'll manage with what I have.
-------------------
Double-click on the Navilog1 shortcut on the desktop and follow the instructions.
In the main menu, choose 2 and confirm.
The fix will inform you that it will restart your PC.
Close all open windows and save your personal documents.
Press a key as prompted.
(If your PC doesn't restart automatically, do it manually)
When your PC restarts, choose your usual session.
Wait for the message:
*** Cleaning Finished ..... ***
The notepad will open.
Save the report so that you can find it later.
Close the notepad. Your desktop will reappear.
PS: If your desktop doesn't reappear, press CTRL+ALT+DELETE to open the Task Manager.
Then go to the "Processes" tab. Click on "File" at the top left and choose "Run new task".
Type explorer and confirm. This will make your desktop appear.
Then
Download this: (thanks to S!RI for this program).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
or
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Run it, double-click on Smitfraudfix.cmd, choose option 1, it will generate a report.
Copy/paste it here please.
See you later
--
Humor is the keystone of consciousness.
Clean Navipromo version 3.3.8 started on 2007-12-14 at 12:26:10.40
Tool executed from C:\Program Files\navilog1
Updated on 11.12.2007 at 18:00 by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 6.0.2900.2180
File system: NTFS
Automatic deletion mode
*** Creation of backups of files found by Catchme ***
Copying to "C:\Program Files\navilog1\Backupnavi"
Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.dat completed successfully!
Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.exe completed successfully!
Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_nav.dat completed successfully!
Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_navps.dat completed successfully!
*** Deleting files found with Catchme ***
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.dat deleted!
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.exe deleted!
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_nav.dat deleted!
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_navps.dat deleted!
** 2nd pass with Catchme results **
* In C:\WINDOWS\system32 *
C:\WINDOWS\prefetch\elxjaw*.pf found!
Copy C:\WINDOWS\prefetch\elxjaw*.pf completed successfully!
C:\WINDOWS\prefetch\elxjaw*.pf deleted!
* In "C:\Documents and Settings\philHubert\local settings\application data" *
*** Deletion with backups of GenericNaviSearch results ***
* Deleting in C:\WINDOWS\System32 *
* Deleting in "C:\Documents and Settings\philHubert\local settings\application data" *
*** Deleting folders in C:\WINDOWS ***
*** Deleting folders in C:\Program Files ***
C:\Program Files\WebMediaPlayer ...deleting...
C:\Program Files\WebMediaPlayer deleted!
*** Deleting folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Deleting folders in "C:\Documents and Settings\philHubert\application data" ***
*** Deleting folders in C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
...\WebMediaPlayer ...deleting...
...\WebMediaPlayer !!ERROR DELETING!!
*** Deleting files ***
C:\DOCUME~1\ALLUSE~1\Desktop\WebMediaPlayer.lnk deleted!
C:\WINDOWS\system32\nvs2.inf deleted!
*** Deleting temporary files ***
Cleaning contents of C:\WINDOWS\Temp completed!
Cleaning contents of C:\Documents and Settings\philHubert\local settings\Temp completed!
*** Additional Search Processing ***
(Searching for specific files)
1)Deletion with backups of new Instant Access files:
2)Search, create backups and deletion Heuristic:
* In C:\WINDOWS\system32 *
* In "C:\Documents and Settings\philHubert\local settings\application data" *
*** Registry Backup to Backupnavi folder ***
Registry backup completed successfully!
*** Registry Cleaning ***
Registry cleaning OK
*** Certificates ***
Egroup certificate deleted!
*** Cleaning completed on 2007-12-14 at 12:31:22.76 ***
Tool executed from C:\Program Files\navilog1
Updated on 11.12.2007 at 18:00 by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 6.0.2900.2180
File system: NTFS
Automatic deletion mode
*** Creation of backups of files found by Catchme ***
Copying to "C:\Program Files\navilog1\Backupnavi"
Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.dat completed successfully!
Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.exe completed successfully!
Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_nav.dat completed successfully!
Copy C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_navps.dat completed successfully!
*** Deleting files found with Catchme ***
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.dat deleted!
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw.exe deleted!
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_nav.dat deleted!
C:\Documents and Settings\philHubert\Local Settings\Application Data\elxjaw_navps.dat deleted!
** 2nd pass with Catchme results **
* In C:\WINDOWS\system32 *
C:\WINDOWS\prefetch\elxjaw*.pf found!
Copy C:\WINDOWS\prefetch\elxjaw*.pf completed successfully!
C:\WINDOWS\prefetch\elxjaw*.pf deleted!
* In "C:\Documents and Settings\philHubert\local settings\application data" *
*** Deletion with backups of GenericNaviSearch results ***
* Deleting in C:\WINDOWS\System32 *
* Deleting in "C:\Documents and Settings\philHubert\local settings\application data" *
*** Deleting folders in C:\WINDOWS ***
*** Deleting folders in C:\Program Files ***
C:\Program Files\WebMediaPlayer ...deleting...
C:\Program Files\WebMediaPlayer deleted!
*** Deleting folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Deleting folders in "C:\Documents and Settings\philHubert\application data" ***
*** Deleting folders in C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
...\WebMediaPlayer ...deleting...
...\WebMediaPlayer !!ERROR DELETING!!
*** Deleting files ***
C:\DOCUME~1\ALLUSE~1\Desktop\WebMediaPlayer.lnk deleted!
C:\WINDOWS\system32\nvs2.inf deleted!
*** Deleting temporary files ***
Cleaning contents of C:\WINDOWS\Temp completed!
Cleaning contents of C:\Documents and Settings\philHubert\local settings\Temp completed!
*** Additional Search Processing ***
(Searching for specific files)
1)Deletion with backups of new Instant Access files:
2)Search, create backups and deletion Heuristic:
* In C:\WINDOWS\system32 *
* In "C:\Documents and Settings\philHubert\local settings\application data" *
*** Registry Backup to Backupnavi folder ***
Registry backup completed successfully!
*** Registry Cleaning ***
Registry cleaning OK
*** Certificates ***
Egroup certificate deleted!
*** Cleaning completed on 2007-12-14 at 12:31:22.76 ***
SmitFraudFix v2.267
Report generated at 12:48:06.90, 2007-12-14
Executed from C:\Documents and Settings\philHubert\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Driver\i386\ms-java.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\philHubert
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\philHubert\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PHILHU~1\Favorites
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Items
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My homepage"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, the following keys are not necessarily infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, the following keys are not necessarily infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
I do not provide my DNS because I believe it will harm my security?!?
»»»»»»»»»»»»»»»»»»»»»»»» Searching for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Report generated at 12:48:06.90, 2007-12-14
Executed from C:\Documents and Settings\philHubert\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Driver\i386\ms-java.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\philHubert
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\philHubert\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PHILHU~1\Favorites
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Items
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My homepage"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, the following keys are not necessarily infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, the following keys are not necessarily infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
I do not provide my DNS because I believe it will harm my security?!?
»»»»»»»»»»»»»»»»»»»»»»»» Searching for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
can you run hijackthis again, please
let me know where your problems are as well (still some alerts?)
--
Humor is the keystone of consciousness
let me know where your problems are as well (still some alerts?)
--
Humor is the keystone of consciousness
BitDefender Log File
Product: BitDefender Total Security 2008
Version: BitDefender UIScanner V.11
Log Date: 14:45:24 19/12/2007
Log Path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1198093524_1_02.xml
Path Analysis:Path0000: C:\
Path0001: D:\
Path0002: N:\
Scan Options:Scan for viruses: Yes
Detect adware: Yes
Scan for spyware: Yes
Scan applications: Yes
Detect dialers: Yes
Scan for Rootkits: Yes
Target Selection Options:Scan registry keys: Yes
Scan cookies: Yes
Scan boot sector: Yes
Scan memory processes: Yes
Scan archives: Yes
Scan packed files: Yes
Scan emails: Yes
Scan all files: Yes
Heuristic analysis: Yes
Analyzed extensions:
Excluded extensions:
Target ProcessingDefault action for infected items: disinfect
Default action for suspicious items: None
Default action for cloaked items: None
Scan SummaryNumber of virus signatures: 960481
Archive plugins: 41
Email plugins: 6
Scan plugins: 12
Archive plugins: 41
System plugins: 4
Decompression plugins: 7
General Scan SummaryItems scanned: 736278
Infected items: 19
Suspicious items: 0
Resolved items: 1
Individual viruses found: 12
Directories scanned: 15056
Boot sectors scanned: 5
Archives scanned: 20085
I/O Errors: 77
Scan time: 00:07:08:33
Files per second: 28
Summary of Scanned ProcessesScanned: 71
Infected: 0
Summary of Scanned Registry KeysScanned: 397
Infected: 0
Summary of Scanned CookiesScanned: 39
Infected: 0
Unresolved Issues:Object Name Threat Name Final State
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0019 Adware.Hotbar.B Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0003 Adware.Hotbar.BI Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0002 Adware.Hotbar.CK Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107574.exe=](NSIS 2o)=]lzma_solid_nsis0007 Adware.Navipromo.BXQ Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107575.exe=](NSIS 2o)=]lzma_solid_nsis0007 Adware.Navipromo.BXQ Deletion failed (file in an archive)
C:\Documents and Settings\philHubert\My Documents\webmediaplayer_setup.exe=](NSIS 2o)=]lzma_solid_nsis0006 Adware.Navipromo.BZJ Deletion failed (file in an archive)
C:\Documents and Settings\philHubert\My Documents\webmediaplayer_setup.exe=](NSIS 2o)=]lzma_solid_nsis0014=](NSIS g)=]lzma_solid_nsis0002 Adware.Navipromo.BZJ Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0108446.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.Navipromo.BZJ Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107574.exe=](NSIS 2o)=]lzma_solid_nsis0008 Adware.SpywareSecure.A Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107575.exe=](NSIS 2o)=]lzma_solid_nsis0008 Adware.SpywareSecure.A Deletion failed (file in an archive)
C:\WINDOWS\system32\txp\keygen.exe=](RAR Sfx o)=]winlogon.exe Application.Generic.6285 Deletion failed (file in an archive)
C:\WINDOWS\system32\txp\keygen.exe=](RAR Sfx o)=]Mssvc.exe Application.Servu.Daemon.CE Deletion failed (file in an archive)
C:\WINDOWS\system32\txp\keygen.exe=](RAR Sfx o)=]TzoLibr.dll Backdoor.RBot.BZO Deletion failed (file in an archive)
C:\104813\Access.exe=](Embedded EXE o) Trojan.Dialer.FO Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0085893.exe=](NSIS o)=]zlib_nsis0001 Trojan.Hotbar.A Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0001 Trojan.Hotbar.A Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0006=](NSIS g)=]zlib_nsis0001 Trojan.Hotbar.A Deletion failed (file in an archive)
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\A1QP652H\sp2-adtegrity-728[1].swf=][SWF command] Trojan.SwfDL.A Deletion failed (file in an archive)
Resolved Issues:Object Name Threat Name Final State
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP541\A0105436.exe Adware.SpywareSecure.A Moved to quarantine
Product: BitDefender Total Security 2008
Version: BitDefender UIScanner V.11
Log Date: 14:45:24 19/12/2007
Log Path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1198093524_1_02.xml
Path Analysis:Path0000: C:\
Path0001: D:\
Path0002: N:\
Scan Options:Scan for viruses: Yes
Detect adware: Yes
Scan for spyware: Yes
Scan applications: Yes
Detect dialers: Yes
Scan for Rootkits: Yes
Target Selection Options:Scan registry keys: Yes
Scan cookies: Yes
Scan boot sector: Yes
Scan memory processes: Yes
Scan archives: Yes
Scan packed files: Yes
Scan emails: Yes
Scan all files: Yes
Heuristic analysis: Yes
Analyzed extensions:
Excluded extensions:
Target ProcessingDefault action for infected items: disinfect
Default action for suspicious items: None
Default action for cloaked items: None
Scan SummaryNumber of virus signatures: 960481
Archive plugins: 41
Email plugins: 6
Scan plugins: 12
Archive plugins: 41
System plugins: 4
Decompression plugins: 7
General Scan SummaryItems scanned: 736278
Infected items: 19
Suspicious items: 0
Resolved items: 1
Individual viruses found: 12
Directories scanned: 15056
Boot sectors scanned: 5
Archives scanned: 20085
I/O Errors: 77
Scan time: 00:07:08:33
Files per second: 28
Summary of Scanned ProcessesScanned: 71
Infected: 0
Summary of Scanned Registry KeysScanned: 397
Infected: 0
Summary of Scanned CookiesScanned: 39
Infected: 0
Unresolved Issues:Object Name Threat Name Final State
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0019 Adware.Hotbar.B Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0003 Adware.Hotbar.BI Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0002 Adware.Hotbar.CK Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107574.exe=](NSIS 2o)=]lzma_solid_nsis0007 Adware.Navipromo.BXQ Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107575.exe=](NSIS 2o)=]lzma_solid_nsis0007 Adware.Navipromo.BXQ Deletion failed (file in an archive)
C:\Documents and Settings\philHubert\My Documents\webmediaplayer_setup.exe=](NSIS 2o)=]lzma_solid_nsis0006 Adware.Navipromo.BZJ Deletion failed (file in an archive)
C:\Documents and Settings\philHubert\My Documents\webmediaplayer_setup.exe=](NSIS 2o)=]lzma_solid_nsis0014=](NSIS g)=]lzma_solid_nsis0002 Adware.Navipromo.BZJ Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0108446.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.Navipromo.BZJ Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107574.exe=](NSIS 2o)=]lzma_solid_nsis0008 Adware.SpywareSecure.A Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP547\A0107575.exe=](NSIS 2o)=]lzma_solid_nsis0008 Adware.SpywareSecure.A Deletion failed (file in an archive)
C:\WINDOWS\system32\txp\keygen.exe=](RAR Sfx o)=]winlogon.exe Application.Generic.6285 Deletion failed (file in an archive)
C:\WINDOWS\system32\txp\keygen.exe=](RAR Sfx o)=]Mssvc.exe Application.Servu.Daemon.CE Deletion failed (file in an archive)
C:\WINDOWS\system32\txp\keygen.exe=](RAR Sfx o)=]TzoLibr.dll Backdoor.RBot.BZO Deletion failed (file in an archive)
C:\104813\Access.exe=](Embedded EXE o) Trojan.Dialer.FO Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0085893.exe=](NSIS o)=]zlib_nsis0001 Trojan.Hotbar.A Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0001 Trojan.Hotbar.A Deletion failed (file in an archive)
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP498\A0086052.exe=](NSIS o)=]lzma_nsis0017=](NSIS o)=]zlib_nsis0006=](NSIS g)=]zlib_nsis0001 Trojan.Hotbar.A Deletion failed (file in an archive)
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\A1QP652H\sp2-adtegrity-728[1].swf=][SWF command] Trojan.SwfDL.A Deletion failed (file in an archive)
Resolved Issues:Object Name Threat Name Final State
C:\System Volume Information\_restore{455E1CE2-7699-421B-A818-81927FB5CC40}\RP541\A0105436.exe Adware.SpywareSecure.A Moved to quarantine
Hello
A good part is in the restoration files, but there are still a few cracks that have resisted!!!
They are in archives,
so
disable system restore
start->right-click on My Computer then Properties
in the System Restore tab check Disable System Restore, then Apply (at the bottom right)
then uncheck Disable System Restore, and Apply (you will have a clean point)
Then
Download Hoster:
http://www.funkytoad.com/download/HostsXpert.zip
* Unzip the folder on the desktop.
* Launch Hoster and click on Restore Microsoft's Hosts File
* Then run Hijackthis again and post the report
there will be further steps to take afterward ...
--
Humor is the keystone of consciousness
A good part is in the restoration files, but there are still a few cracks that have resisted!!!
They are in archives,
so
disable system restore
start->right-click on My Computer then Properties
in the System Restore tab check Disable System Restore, then Apply (at the bottom right)
then uncheck Disable System Restore, and Apply (you will have a clean point)
Then
Download Hoster:
http://www.funkytoad.com/download/HostsXpert.zip
* Unzip the folder on the desktop.
* Launch Hoster and click on Restore Microsoft's Hosts File
* Then run Hijackthis again and post the report
there will be further steps to take afterward ...
--
Humor is the keystone of consciousness
Just before proceeding, is it dangerous to display our IP address? I went to the program provider's site HostsXpert. I translated the page http://www.mvps.org/winhelp2002/hosts.htm:
...........................................................................................................
What it does ...
The Hosts file contains mappings of IP addresses to hostnames. This file is loaded into memory (the cache) at startup, Windows then checks the Hosts file against one of the DNS server queries, which allows for the replacement of addresses in the DNS. This prevents access to the listed sites while redirecting connection attempts to the local computer. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, anticipating existing entries.
You can use a HOSTS file to block ads, banners, third-party cookies, third-party web pages, bugs, and even most hijackers. This is achieved by blocking the connection(s) that supply these little gems.
Example: the following entry 127.0.0.1 ad.doubleclick.net blocks all files delivered by this DoubleClick server to the web page you are viewing. It also prevents the server from tracking your movements. Why? ... Because in some cases, "Ad Servers" like Doubleclick (and many others) will try to open a connection on the web page you are viewing.
For XP SP2 users, you should quickly see a Security Center on this subject. [Image]
Just click No and continue. Yes, the instructions may be tedious, but at least you will know, however you shouldn't see these instructions if these entries are included in the HOSTS file.
Note: this prompt only occurs if (for example) *.doubleclick.net is included in the "restricted zone".
...........................................................................................................
There are many things about this program that I am afraid of. I am afraid of giving too much confidential information. Am I possibly mistaken? Does the program provide the IP address of the sites that infected me or does it give my IP address?
Thank you
...........................................................................................................
What it does ...
The Hosts file contains mappings of IP addresses to hostnames. This file is loaded into memory (the cache) at startup, Windows then checks the Hosts file against one of the DNS server queries, which allows for the replacement of addresses in the DNS. This prevents access to the listed sites while redirecting connection attempts to the local computer. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, anticipating existing entries.
You can use a HOSTS file to block ads, banners, third-party cookies, third-party web pages, bugs, and even most hijackers. This is achieved by blocking the connection(s) that supply these little gems.
Example: the following entry 127.0.0.1 ad.doubleclick.net blocks all files delivered by this DoubleClick server to the web page you are viewing. It also prevents the server from tracking your movements. Why? ... Because in some cases, "Ad Servers" like Doubleclick (and many others) will try to open a connection on the web page you are viewing.
For XP SP2 users, you should quickly see a Security Center on this subject. [Image]
Just click No and continue. Yes, the instructions may be tedious, but at least you will know, however you shouldn't see these instructions if these entries are included in the HOSTS file.
Note: this prompt only occurs if (for example) *.doubleclick.net is included in the "restricted zone".
...........................................................................................................
There are many things about this program that I am afraid of. I am afraid of giving too much confidential information. Am I possibly mistaken? Does the program provide the IP address of the sites that infected me or does it give my IP address?
Thank you
Hello
I suggested hosting because of these lines
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
Your hosts file is corrupted, this is to restore it
There are still issues
Download SDFix (created by AndyManchesta) and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double click on SDFix.exe and choose Install to extract it into a dedicated folder on the Desktop. Restart your computer in Safe Mode by following the procedure below:
• Restart your computer in Safe Mode
• After hearing the computer beep during startup, but before the Windows icon appears, tap the F8 key (one press per second).
• Instead of the normal Windows loading, a menu with different options should appear.
• Choose the first option to run Windows in Safe Mode, then press "Enter".
• Choose your account.
Roll down the list of instructions below:
• Open the SDFix folder that was just created in the C:\ directory and double click on RunThis.bat to launch the script.
• Press Y to start the cleaning process.
• It will remove the services and registry entries of certain trojans found, then prompt you to press a key to restart.
• Press a key to restart the PC.
• Your system will take longer to restart than usual because the tool will continue to run and delete files.
• After loading the Desktop, the tool will finish its work and display Finished.
• Press a key to finish executing the script and load your Desktop icons.
• Once the Desktop icons are displayed, the SDFix report will open on the screen and will also be saved in the SDFix folder as Report.txt.
• Finally, copy/paste the content of the Report.txt file into your next response on the forum, along with a new Hijackthis log!
See you
--
Humor is the keystone of consciousness
I suggested hosting because of these lines
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
Your hosts file is corrupted, this is to restore it
There are still issues
Download SDFix (created by AndyManchesta) and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double click on SDFix.exe and choose Install to extract it into a dedicated folder on the Desktop. Restart your computer in Safe Mode by following the procedure below:
• Restart your computer in Safe Mode
• After hearing the computer beep during startup, but before the Windows icon appears, tap the F8 key (one press per second).
• Instead of the normal Windows loading, a menu with different options should appear.
• Choose the first option to run Windows in Safe Mode, then press "Enter".
• Choose your account.
Roll down the list of instructions below:
• Open the SDFix folder that was just created in the C:\ directory and double click on RunThis.bat to launch the script.
• Press Y to start the cleaning process.
• It will remove the services and registry entries of certain trojans found, then prompt you to press a key to restart.
• Press a key to restart the PC.
• Your system will take longer to restart than usual because the tool will continue to run and delete files.
• After loading the Desktop, the tool will finish its work and display Finished.
• Press a key to finish executing the script and load your Desktop icons.
• Once the Desktop icons are displayed, the SDFix report will open on the screen and will also be saved in the SDFix folder as Report.txt.
• Finally, copy/paste the content of the Report.txt file into your next response on the forum, along with a new Hijackthis log!
See you
--
Humor is the keystone of consciousness
Search Navipromo version 3.3.8 started on 12/29/2007 at 0:27:35.68
!!! Warning, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfecting part without the advice of a specialist!!!
Tool executed from C:\Program Files\navilog1
Updated on 12.11.2007 at 6:00 PM by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 7.0.5730.13
File system: NTFS
Executed in normal mode
*** Searching Installed Programs ***
*** Searching folders in C:\WINDOWS ***
*** Searching folders in C:\Program Files ***
*** Searching folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Searching folders in "C:\Documents and Settings\paco\application data" ***
*** Searching folders in C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***
*** Searching with Catchme-rootkit/stealth malware detector by gmer ***
for more info: http://www.gmer.net
No Files found
*** Searching with GenericNaviSearch ***
!!! All these results may reveal legitimate files!!!
!!! Must verify before any manual deletion!!!
* Searching in C:\WINDOWS\system32 *
* Searching in "C:\Documents and Settings\paco\local settings\application data" *
*** Searching files ***
*** Searching specific keys in the Registry ***
*** Additional Search Module ***
(Searching specific files)
1) Searching for new Instant Access files:
2) Heuristic Search:
* In C:\WINDOWS\system32:
* In "C:\Documents and Settings\paco\local settings\application data":
3) Searching for Certificates:
Certificate Egroup missing!
4) Searching for known files:
*** Analysis completed on 12/29/2007 at 0:28:49.76 ***
!!! Warning, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfecting part without the advice of a specialist!!!
Tool executed from C:\Program Files\navilog1
Updated on 12.11.2007 at 6:00 PM by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 7.0.5730.13
File system: NTFS
Executed in normal mode
*** Searching Installed Programs ***
*** Searching folders in C:\WINDOWS ***
*** Searching folders in C:\Program Files ***
*** Searching folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Searching folders in "C:\Documents and Settings\paco\application data" ***
*** Searching folders in C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***
*** Searching with Catchme-rootkit/stealth malware detector by gmer ***
for more info: http://www.gmer.net
No Files found
*** Searching with GenericNaviSearch ***
!!! All these results may reveal legitimate files!!!
!!! Must verify before any manual deletion!!!
* Searching in C:\WINDOWS\system32 *
* Searching in "C:\Documents and Settings\paco\local settings\application data" *
*** Searching files ***
*** Searching specific keys in the Registry ***
*** Additional Search Module ***
(Searching specific files)
1) Searching for new Instant Access files:
2) Heuristic Search:
* In C:\WINDOWS\system32:
* In "C:\Documents and Settings\paco\local settings\application data":
3) Searching for Certificates:
Certificate Egroup missing!
4) Searching for known files:
*** Analysis completed on 12/29/2007 at 0:28:49.76 ***
You had already done that
Download this: (thanks to S!RI for this program).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
or
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Run it, double click on Smitfraudfix.cmd, choose option 1, it will generate a report
Copy/paste it on the post please.
--
Humor is the keystone of consciousness
Download this: (thanks to S!RI for this program).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
or
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Run it, double click on Smitfraudfix.cmd, choose option 1, it will generate a report
Copy/paste it on the post please.
--
Humor is the keystone of consciousness
SmitFraudFix v2.274
Report made at 1:04:21.18, 29/12/2007
Executed from C:\Program Files\AOL 9.0 VR\download\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
File system type is NTFS
Fix executed in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1198412413\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\NeroVision\NeroVision.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Corrupted hosts file!
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paco
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paco\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\paco\Favorites
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop items
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My homepage"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, the following keys may not be infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, the following keys may not be infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, the following keys may not be infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, the following keys may not be infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 86.64.145.140
DNS Server Search Order: 84.103.237.140
Description: Alcatel SpeedTouch(tm) USB ADSL RFC1483 - Packet Scheduling Miniport
DNS Server Search Order: 132.165.195.1
DNS Server Search Order: 152.163.154.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer=86.64.145.140 84.103.237.140
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer=86.64.145.145 84.103.237.145
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer=86.64.145.140 84.103.237.140
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
»»»»»»»»»»»»»»»»»»»»»»»» Searching wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Report made at 1:04:21.18, 29/12/2007
Executed from C:\Program Files\AOL 9.0 VR\download\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
File system type is NTFS
Fix executed in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1198412413\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\NeroVision\NeroVision.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Corrupted hosts file!
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paco
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paco\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\paco\Favorites
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop items
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My homepage"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, the following keys may not be infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, the following keys may not be infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, the following keys may not be infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, the following keys may not be infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 86.64.145.140
DNS Server Search Order: 84.103.237.140
Description: Alcatel SpeedTouch(tm) USB ADSL RFC1483 - Packet Scheduling Miniport
DNS Server Search Order: 132.165.195.1
DNS Server Search Order: 152.163.154.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer=86.64.145.140 84.103.237.140
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer=86.64.145.145 84.103.237.145
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer=86.64.145.140 84.103.237.140
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer=132.165.195.1,152.163.154.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer=158.165.156.1,123.156.189.1
»»»»»»»»»»»»»»»»»»»»»»»» Searching wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Boot in safe mode:
To do this, tap the F8 key right at the start of the PC booting without stopping
A window will open, use the arrow keys to navigate to start in safe mode and then press enter.
Once on the desktop, if there are no colors and other things, that’s normal!
(If F8 doesn’t work, use the F5 key).
----------------------------------------------------------------------------
Restart the Smitfraud program,
This time choose option 2, answer yes to all;
Save the report, restart in normal mode, copy/paste the saved report on the forum
See you later
--
Humor is the keystone of consciousness.
To do this, tap the F8 key right at the start of the PC booting without stopping
A window will open, use the arrow keys to navigate to start in safe mode and then press enter.
Once on the desktop, if there are no colors and other things, that’s normal!
(If F8 doesn’t work, use the F5 key).
----------------------------------------------------------------------------
Restart the Smitfraud program,
This time choose option 2, answer yes to all;
Save the report, restart in normal mode, copy/paste the saved report on the forum
See you later
--
Humor is the keystone of consciousness.
SmitFraudFix v2.274
Report made at 1:38:55.20, 29/12/2007
Executed from C:\Documents and Settings\paco\My Documents\My Pictures\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!! Warning, the following keys are not necessarily infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Stopping processes
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 1001-search.info
127.0.0.1 www.1001-search.info
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 139mm.com
127.0.0.1 www.139mm.com
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 181.365soft.info
127.0.0.1 www.181.365soft.info
127.0.0.1 1987324.com
127.0.0.1 www.1987324.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1-extreme.biz
127.0.0.1 www.1-extreme.biz
127.0.0.1 1sexparty.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 2.82211.net
127.0.0.1 www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 2020search.com
127.0.0.1 www.2020search.com
127.0.0.1 20x2p.com
127.0.0.1 24.365soft.info
127.0.0.1 www.24.365soft.info
127.0.0.1 24-7pharmacy.info
127.0.0.1 www.24-7pharmacy.info
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 24teen.com
127.0.0.1 www.24teen.com
127.0.0.1 2every.net
127.0.0.1 www.2every.net
127.0.0.1 2ndpower.com
127.0.0.1 2search.com
127.0.0.1 www.2search.com
127.0.0.1 2search.org
127.0.0.1 www.2search.org
127.0.0.1 2squared.com
127.0.0.1 www.2squared.com
127.0.0.1 3322.org
127.0.0.1 www.3322.org
127.0.0.1 365soft.info
127.0.0.1 36site.com
127.0.0.1 www.36site.com
127.0.0.1 3721.com
127.0.0.1 39-93.com
127.0.0.1 3abetterinternet.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 3bay.it
127.0.0.1 www.3bay.it
127.0.0.1 3ebay.it
127.0.0.1 www.3ebay.it
127.0.0.1 404dns.com
127.0.0.1 www.404dns.com
127.0.0.1 4199.com
127.0.0.1 www.4199.com
127.0.0.1 4corn.net
127.0.0.1 www.4corn.net
127.0.0.1 4ebay.it
127.0.0.1 www.4ebay.it
127.0.0.1 4klm.com
127.0.0.1 4repubblica.it
127.0.0.1 www.4repubblica.it
127.0.0.1 4softget.com
127.0.0.1 www.4softget.com
127.0.0.1 5iscali.it
127.0.0.1 www.5iscali.it
127.0.0.1 5repubblica.it
127.0.0.1 www.5repubblica.it
127.0.0.1 5starvideos.com
127.0.0.1 www.5starvideos.com
127.0.0.1 5tiscali.it
127.0.0.1 www.5tiscali.it
127.0.0.1 5zgmu7o20kt5d8yq.com
127.0.0.1 www.5zgmu7o20kt5d8yq.com
127.0.0.1 6iscali.it
127.0.0.1 www.6iscali.it
127.0.0.1 6sek.com
127.0.0.1 www.6sek.com
127.0.0.1 6tiscali.it
127.0.0.1 www.6tiscali.it
127.0.0.1 7322.com
127.0.0.1 www.7322.com
127.0.0.1 75tz.com
127.0.0.1 777search.com
127.0.0.1 www.777search.com
127.0.0.1 777top.com
127.0.0.1 www.777top.com
127.0.0.1 7939.com
127.0.0.1 www.7939.com
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
127.0.0.1 82211.net
127.0.0.1 8866.org
127.0.0.1 888.com
127.0.0.1 www.888.com
127.0.0.1 8ad.com
127.0.0.1 www.8ad.com
127.0.0.1 9505.com
127.0.0.1 www.9505.com
127.0.0.1 971searchbox.com
127.0.0.1 www.971searchbox.com
127.0.0.1 a.bestmanage.org
127.0.0.1 aaasexypics.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 aavc.com
127.0.0.1 abc-find.info
127.0.0.1 www.abc-find.info
127.0.0.1 abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 abnetsoft.info
127.0.0.1 www.abnetsoft.info
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 absolutee.com
127.0.0.1 www.absolutee.com
127.0.0.1 abyssmedia.com
127.0.0.1 www.abyssmedia.com
127.0.0.1 ac66.cn
127.0.0.1 www.ac66.cn
127.0.0.1 access.Navinetwork.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 accessactivexvideo.com
127.0.0.1 www.accessactivexvideo.com
127.0.0.1 accessclips.com
127.0.0.1 www.accessclips.com
127.0.0.1 access-dvd.com
127.0.0.1 www.access-dvd.com
127.0.0.1 accesskeygenerator.com
127.0.0.1 www.accesskeygenerator.com
127.0.0.1 accessorygeeks.com
127.0.0.1 www.accessorygeeks.com
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessthefuture.net
127.0.0.1 accessvid.net
127.0.0.1 www.accessvid.net
127.0.0.1 acemedic.com
127.0.0.1 www.acemedic.com
127.0.0.1 ace-webmaster.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 acjp.com
127.0.0.1 acrobat-2007.com
127.0.0.1 www.acrobat-2007.com
127.0.0.1 acrobat-8.com
127.0.0.1 www.acrobat-8.com
127.0.0.1 acrobat-center.com
127.0.0.1 www.acrobat-center.com
127.0.0.1 acrobat-hq.com
127.0.0.1 www.acrobat-hq.com
127.0.0.1 acrobatreader-8.com
127.0.0.1 www.acrobatreader-8.com
127.0.0.1 acrobat-reader-8.de
127.0.0.1 www.acrobat-reader-8.de
127.0.0.1 acrobat-stop.com
127.0.0.1 www.acrobat-stop.com
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 activesearcher.info
127.0.0.1 www.activesearcher.info
127.0.0.1 activexaccessobject.com
127.0.0.1 www.activexaccessobject.com
127.0.0.1 activexaccessvideo.com
127.0.0.1 www.activexaccessvideo.com
127.0.0.1 activexemedia.com
127.0.0.1 www.activexemedia.com
127.0.0.1 activexmediaobject.com
127.0.0.1 www.activexmediaobject.com
127.0.0.1 activexmediapro.com
127.0.0.1 www.activexmediapro.com
127.0.0.1 activexmediasite.com
127.0.0.1 www.activexmediasite.com
127.0.0.1 activexmediasoftware.com
127.0.0.1 www.activexmediasoftware.com
127.0.0.1 activexmediasource.com
127.0.0.1 www.activexmediasource.com
127.0.0.1 activexmediatool.com
127.0.0.1 www.activexmediatool.com
127.0.0.1 activexmediatour.com
127.0.0.1 www.activexmediatour.com
127.0.0.1 activexsoftwares.com
127.0.0.1 www.activexsoftwares.com
127.0.0.1 activexsource.com
127.0.0.1 www.activexsource.com
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 activexvideo.com
127.0.0.1 www.activexvideo.com
127.0.0.1 activexvideotool.com
127.0.0.1 www.activexvideotool.com
127.0.0.1 ad.marketingsector.com
127.0.0.1 www.ad.marketingsector.com
127.0.0.1 ad.mokead.com
127.0.0.1 www.ad.mokead.com
127.0.0.1 ad.yieldmanager.com
127.0.0.1 www.ad.yieldmanager.com
127.0.0.1 ad25.com
127.0.0.1 ad45.com
127.0.0.1 ad77.com
127.0.0.1 ad86.com
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adarmor.com
127.0.0.1 www.adarmor.com
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adaware.cc
127.0.0.1 adawarenow.com
127.0.0.1 www.adawarenow.com
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 add-manager.com
127.0.0.1 www.add-manager.com
127.0.0.1 adgate.info
127.0.0.1 www.adgate.info
127.0.0.1 adipics.com
127.0.0.1 www.adipics.com
127.0.0.1 admin2cash.biz
127.0.0.1 www.admin2cash.biz
127.0.0.1 adnet-plus.com
127.0.0.1 adobe-download-now.com
127.0.0.1 adobe-downloads.com
127.0.0.1 www.adobe-downloads.com
127.0.0.1 adobe-reader-8.fr
127.0.0.1 www.adobe-reader-8.fr
127.0.0.1 adprotect.com
127.0.0.1 www.adprotect.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 ads.k8l.info
127.0.0.1 ads.kmpads.com
127.0.0.1 ads.marketingsector.com
127.0.0.1 ads.searchingbooth.com
127.0.0.1 ads.z-quest.com
127.0.0.1 ads183.com
127.0.0.1 www.ads183.com
127.0.0.1 adscontex.com
127.0.0.1 www.adscontex.com
127.0.0.1 adservices1.enhance.com
127.0.0.1 www.adservices1.enhance.com
127.0.0.1 adservs.com
127.0.0.1 adsextend.net
127.0.0.1 www.adsextend.net
127.0.0.1 adshttp.com
127.0.0.1 www.adshttp.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adsonwww.com
127.0.0.1 adspics.com
127.0.0.1 www.adspics.com
127.0.0.1 adtrak.net
127.0.0.1 www.adtrak.net
127.0.0.1 adtrgt.com
127.0.0.1 adult777search.info
127.0.0.1 www.adult777search.info
127.0.0.1 adultan.com
127.0.0.1 www.adultan.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adultfilmsite.com
127.0.0.1 www.adultfilmsite.com
127.0.0.1 adult-friends-finder.net
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adultgambling.org
127.0.0.1 adult-host.org
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adultmovieplus.com
127.0.0.1 www.adultmovieplus.com
127.0.0.1 adult-personal.us
127.0.0.1 adultsgames.net
127.0.0.1 adultsper.com
127.0.0.1 www.adultsper.com
127.0.0.1 adulttds.com
127.0.0.1 www.adulttds.com
127.0.0.1 adultzoneworld.com
127.0.0.1 www.adultzoneworld.com
127.0.0.1 advcash.biz
127.0.0.1 www.advcash.biz
127.0.0.1 advert.exaccess.ru
127.0.0.1 advertisemoney.info
127.0.0.1 www.advertisemoney.info
127.0.0.1 advertising.paltalk.com
127.0.0.1 advertising-money.info
127.0.0.1 www.advertising-money.info
127.0.0.1 ad-ware.cc
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 a-d-w-a-r-e.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 adwarebazooka.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 adwarefinder.com
127.0.0.1 www.adwarefinder.com
127.0.0.1 adwareprotectionsite.com
127.0.0.1 www.adwareprotectionsite.com
127.0.0.1 adwarepunisher.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 aflgate.com
127.0.0.1 www.aflgate.com
127.0.0.1 africaspromise.org
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 agentstudio.com
127.0.0.1 aginegialle.it
127.0.0.1 www.aginegialle.it
127.0.0.1 www.aifind.info
127.0.0.1 aifind.info
127.0.0.1 airtleworld.com
127.0.0.1 www.airtleworld.com
127.0.0.1 aitalia.it
127.0.0.1 www.aitalia.it
127.0.0.1 akamai.downloadv3.com
127.0.0.1 aklitalia.it
127.0.0.1 www.aklitalia.it
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 alfacleaner.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 alfa-search.com
127.0.0.1 alialia.it
127.0.0.1 www.alialia.it
127.0.0.1 aliotalia.it
127.0.0.1 www.aliotalia.it
127.0.0.1 alirtalia.it
127.0.0.1 www.alirtalia.it
127.0.0.1 alitaia.it
127.0.0.1 www.alitaia.it
127.0.0.1 alitaklia.it
127.0.0.1 www.alitaklia.it
127.0.0.1 alitala.it
127.0.0.1 www.alitala.it
127.0.0.1 alitali.it
127.0.0.1 www.alitali.it
127.0.0.1 alitaliaq.it
127.0.0.1 www.alitaliaq.it
127.0.0.1 alitalias.it
127.0.0.1 www.alitalias.it
127.0.0.1 alitaliaz.it
127.0.0.1 www.alitaliaz.it
127.0.0.1 alitalioa.it
127.0.0.1 www.alitalioa.it
127.0.0.1 alitalisa.it
127.0.0.1 www.alitalisa.it
127.0.0.1 alitaliua.it
127.0.0.1 www.alitaliua.it
127.0.0.1 alitalkia.it
127.0.0.1 www.alitalkia.it
127.0.0.1 alitaloia.it
127.0.0.1 www.alitaloia.it
127.0.0.1 alitaluia.it
127.0.0.1 www.alitaluia.it
127.0.0.1 alitaslia.it
127.0.0.1 www.alitaslia.it
127.0.0.1 alitlia.it
127.0.0.1 www.alitlia.it
127.0.0.1 alitralia.it
127.0.0.1 www.alitralia.it
127.0.0.1 alitsalia.it
127.0.0.1 www.alitsalia.it
127.0.0.1 aliutalia.it
127.0.0.1 www.aliutalia.it
127.0.0.1 ALL1COUNT.NET
127.0.0.1 www.ALL1COUNT.NET
127.0.0.1 all4internet.com
127.0.0.1 www.all4internet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 all-bittorrent.com
127.0.0.1 www.all-bittorrent.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 allcybersearch.com
127.0.0.1 alldnserrors.com
127.0.0.1 www.alldnserrors.com
127.0.0.1 all-downloads-now.com
127.0.0.1 www.all-downloads-now.com
127.0.0.1 all-edonkey.com
127.0.0.1 www.all-edonkey.com
127.0.0.1 allforadult.com
127.0.0.1 allhyperlinks.com
127.0.0.1 alliesecurity.com
127.0.0.1 www.alliesecurity.com
127.0.0.1 all-inet.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 all-limewire.com
127.0.0.1 www.all-limewire.com
127.0.0.1 allmegabucks.com
127.0.0.1 www.allmegabucks.com
127.0.0.1 allprotections.com
127.0.0.1 www.allprotections.com
127.0.0.1 allresultz.net
127.0.0.1 www.allresultz.net
127.0.0.1 allsecuritynotes.com
127.0.0.1 www.allsecuritynotes.com
127.0.0.1 allsecuritysite.com
127.0.0.1 www.allsecuritysite.com
127.0.0.1 allstarsvideos.net
127.0.0.1 www.allstarsvideos.net
127.0.0.1 alltruesoftware.com
127.0.0.1 www.alltruesoftware.com
127.0.0.1 allvideoactivex.com
127.0.0.1 www.allvideoactivex.com
127.0.0.1 almanah.biz
127.0.0.1 www.almanah.biz
127.0.0.1 almarvideos.com
127.0.0.1 aloitalia.it
127.0.0.1 www.aloitalia.it
127.0.0.1 aluitalia.it
127.0.0.1 www.aluitalia.it
127.0.0.1 amaena.com
127.0.0.1 www.amaena.com
127.0.0.1 amandamountains.com
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 amediasoftware.com
127.0.0.1 www.amediasoftware.com
127.0.0.1 amediasource.com
127.0.0.1 www.amediasource.com
127.0.0.1 americancarbargains.com
127.0.0.1 www.americancarbargains.com
127.0.0.1 american-teens.net
127.0.0.1 amigeek.com
127.0.0.1 amisbusiness.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 analcord.com
127.0.0.1 www.analcord.com
127.0.0.1 analmovi.com
127.0.0.1 anarchylolita.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 andromedical.com
127.0.0.1 www.andromedical.com
127.0.0.1 animepornmag.com
127.0.0.1 www.animepornmag.com
127.0.0.1 anin.org
127.0.0.1 anjpn-avxiz.biz
127.0.0.1 www.anjpn-avxiz.biz
127.0.0.1 anjpnzqav.biz
127.0.0.1 www.anjpnzqav.biz
127.0.0.1 anjpn-zqav.biz
127.0.0.1 www.anjpn-zqav.biz
127.0.0.1 annaromeo.com
127.0.0.1 antiddos.us
127.0.0.1 www.antiddos.us
127.0.0.1 Antiespiadorado.com
127.0.0.1 www.Antiespiadorado.com
127.0.0.1 Antiespionspack.com
127.0.0.1 www.Antiespionspack.com
127.0.0.1 Antigusanos2008.com
127.0.0.1 www.Antigusanos2008.com
127.0.0.1 Antispionage.com
127.0.0.1 www.Antispionage.com
127.0.0.1 Antispionagepro.com
127.0.0.1 www.Antispionagepro.com
127.0.0.1 antispydns.biz
127.0.0.1 www.antispydns.biz
127.0.0.1 antispylab.com
127.0.0.1 www.antispylab.com
127.0.0.1 antispysolutions.com
127.0.0.1 www.antispysolutions.com
127.0.0.1 antispyware.com
127.0.0.1 www.antispyware.com
127.0.0.1 antispywarebot.com
127.0.0.1 www.antispywarebot.com
127.0.0.1 antispywarebox.com
127.0.0.1 www.antispywarebox.com
127.0.0.1 antispywaredownloads.com
127.0.0.1 www.antispywaredownloads.com
127.0.0.1 Antispywaresuite.com
127.0.0.1 www.Antispywaresuite.com
127.0.0.1 Antispyweb.net
127.0.0.1 www.Antispyweb.net
127.0.0.1 Antiver2008.com
127.0.0.1 www.Antiver2008.com
127.0.0.1 antivermins.com
127.0.0.1 www.antivermins.com
127.0.0.1 anti-vermins.com
127.0.0.1 www.anti-vermins.com
127.0.0.1 antivir2007.com
127.0.0.1 www.antivir2007.com
127.0.0.1 antivirgear.com
127.0.0.1 www.antivirgear.com
127.0.0.1 antivirus.fastfreedownload.com
127.0.0.1 www.antivirus.fastfreedownload.com
127.0.0.1 antivirusgolden.com
127.0.0.1 www.antivirusgolden.com
127.0.0.1 antivirus-hq.net
127.0.0.1 www.antivirus-hq.net
127.0.0.1 anti-virus-pro.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 antivirusprotector.com
127.0.0.1 www.antivirusprotector.com
127.0.0.1 antivirussecuritypro.com
127.0.0.1 www.antivirussecuritypro.com
127.0.0.1 antivirus-stop.com
127.0.0.1 www.antivirus-stop.com
127.0.0.1 Antiworm2008.com
127.0.0.1 www.Antiworm2008.com
127.0.0.1 Antiwurm2008.com
127.0.0.1 www.Antiwurm2008.com
127.0.0.1 antrocity.com
127.0.0.1 anyofus.com
127.0.0.1 www.anyofus.com
127.0.0.1 anysn.seproger.com
127.0.0.1 www.anysn.seproger.com
127.0.0.1 anything4health.com
127.0.0.1 apicpreview.com
127.0.0.1 www.apicpreview.com
127.0.0.1 appealcircuit.com
127.0.0.1 www.appealcircuit.com
127.0.0.1 approvedlinks.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 apps.deskwizz.com
127.0.0.1 apps.webservicehost.com
127.0.0.1 aprotectedpage.com
127.0.0.1 www.aprotectedpage.com
127.0.0.1 apsua.com
127.0.0.1 archiviosex.net
127.0.0.1 www.archiviosex.net
127.0.0.1 aregay.com
127.0.0.1 ares-freebie.com
127.0.0.1 www.ares-freebie.com
127.0.0.1 arespro2007.com
127.0.0.1 www.arespro2007.com
127.0.0.1 aresultra.com
127.0.0.1 www.aresultra.com
127.0.0.1 ares-usa.com
127.0.0.1 www.ares-usa.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 arquivojpgs.smtp.ru
127.0.0.1 www.arquivojpgs.smtp.ru
127.0.0.1 artachnid.com
127.0.0.1 art-func.com
127.0.0.1 art-xxx.com
127.0.0.1 asafebrowser.com
127.0.0.1 www.asafebrowser.com
127.0.0.1 asafetynotice.com
127.0.0.1 www.asafetynotice.com
127.0.0.1 asafetypage.com
127.0.0.1 www.asafetypage.com
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdbiz.biz
127.0.0.1 asdeykuddq.com
127.0.0.1 www.asdeykuddq.com
127.0.0.1 asecurebar.com
127.0.0.1 www.asecurebar.com
127.0.0.1 asecureboard.com
127.0.0.1 www.asecureboard.com
127.0.0.1 asecurevalue.com
127.0.0.1 www.asecurevalue.com
127.0.0.1 asecurityissue.com
127.0.0.1 www.asecurityissue.com
127.0.0.1 asecuritynotice.com
127.0.0.1 www.asecuritynotice.com
127.0.0.1 asecuritypaper.com
127.0.0.1 www.asecuritypaper.com
127.0.0.1 asecuritystuff.com
127.0.0.1 www.asecuritystuff.com
127.0.0.1 asiankingkong.com
127.0.0.1 asianpornmag.com
127.0.0.1 www.asianpornmag.com
127.0.0.1 asiantoolbar.com
127.0.0.1 www.asiantoolbar.com
127.0.0.1 asidseiupc.com
127.0.0.1 www.asidseiupc.com
127.0.0.1 aslitalia.it
127.0.0.1 www.aslitalia.it
127.0.0.1 ass-gals.com
127.0.0.1 assureprotection.com
127.0.0.1 www.assureprotection.com
127.0.0.1 asta-killer.com
127.0.0.1 asupereva.it
127.0.0.1 www.asupereva.it
127.0.0.1 athenrye.com
127.0.0.1 atotalsafety.com
127.0.0.1 www.atotalsafety.com
127.0.0.1 atrueprotection.com
127.0.0.1 www.atrueprotection.com
127.0.0.1 atruesecurity.com
127.0.0.1 www.atruesecurity.com
127.0.0.1 attackware.com
127.0.0.1 www.attackware.com
127.0.0.1 attrezzi.biz
127.0.0.1 www.attrezzi.biz
127.0.0.1 aulde.net
127.0.0.1 www.aulde.net
127.0.0.1 aupereva.it
127.0.0.1 www.aupereva.it
127.0.0.1 autocontext.begun.ru
127.0.0.1 www.autocontext.begun.ru
127.0.0.1 autoescrowpay.com
127.0.0.1 avast.free-software-center.com
127.0.0.1 www.avast.free-software-center.com
127.0.0.1 avast-2007.com
127.0.0.1 www.avast-2007.com
127.0.0.1 avast-downloads.com
127.0.0.1 www.avast-downloads.com
127.0.0.1 avast-hq.com
127.0.0.1 www.avast-hq.com
127.0.0.1 avforce.com
127.0.0.1 www.avforce.com
127.0.0.1 avg.grab-it-today.net
127.0.0.1 www.avg.grab-it-today.net
127.0.0.1 avg.softwarecenterz.com
127.0.0.1 www.avg.softwarecenterz.com
127.0.0.1 avg-secure.com
127.0.0.1 www.avg-secure.com
127.0.0.1 avian-ads.com
127.0.0.1 avideoaxaccess.com
127.0.0.1 www.avideoaxaccess.com
127.0.0.1 avideosurfer.com
127.0.0.1 www.avideosurfer.com
127.0.0.1 aviewersoft.com
127.0.0.1 www.aviewersoft.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avxizaaqada.biz
127.0.0.1 www.avxizaaqada.biz
127.0.0.1 avxiz-anjpn.biz
127.0.0.1 www.avxiz-anjpn.biz
127.0.0.1 avxizueorn.biz
127.0.0.1 www.avxizueorn.biz
127.0.0.1 avxiz-ueorn.biz
127.0.0.1 www.avxiz-ueorn.biz
127.0.0.1 avxiz-vtvcp.biz
127.0.0.1 www.avxiz-vtvcp.biz
127.0.0.1 avxiz-ygco.biz
127.0.0.1 www.avxiz-ygco.biz
127.0.0.1 avxiz-zqav.biz
127.0.0.1 www.avxiz-zqav.biz
127.0.0.1 awarninglist.com
127.0.0.1 www.awarninglist.com
127.0.0.1 awbeta.net-nucleus.com
127.0.0.1 awesomehomepage.com
127.0.0.1 www.awesomehomepage.com
127.0.0.1 awmcash.biz
127.0.0.1 awmdabest.com
127.0.0.1 axemediasoftware.com
127.0.0.1 www.axemediasoftware.com
127.0.0.1 aximageobject.com
127.0.0.1 www.aximageobject.com
127.0.0.1 axmediaproject.com
127.0.0.1 www.axmediaproject.com
127.0.0.1 axmediasoftware.com
127.0.0.1 www.axmediasoftware.com
127.0.0.1 axmediasolutions.com
127.0.0.1 www.axmediasolutions.com
127.0.0.1 axobjectpage.com
127.0.0.1 www.axobjectpage.com
127.0.0.1 axobjectsource.com
127.0.0.1 www.axobjectsource.com
127.0.0.1 axsoftwaretool.com
127.0.0.1 www.axsoftwaretool.com
127.0.0.1 axvideoproject.com
127.0.0.1 www.axvideoproject.com
127.0.0.1 axvideosetup.com
127.0.0.1 www.axvideosetup.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayb.dns-look-up.com
127.0.0.1 ayb.netbios-wait.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 azebar.com
127.0.0.1 azureusclub.com
127.0.0.1 www.azureusclub.com
127.0.0.1 azureus-freebie.com
127.0.0.1 www.azureus-freebie.com
127.0.0.1 azzetta.it
127.0.0.1 www.azzetta.it
127.0.0.1 b.casalemedia.com
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babenet.com
127.0.0.1 www.babenet.com
127.0.0.1 babespornmag.com
127.0.0.1 www.babespornmag.com
127.0.0.1 babeweb.de
127.0.0.1 www.babeweb.de
127.0.0.1 baccarat-other.info
127.0.0.1 www.baccarat-other.info
127.0.0.1 Backstripgirls.com
127.0.0.1 www.Backstripgirls.com
127.0.0.1 backup.mabou.org
127.0.0.1 balotierra.com
127.0.0.1 www.balotierra.com
127.0.0.1 bannedhost.net
127.0.0.1 barbudafarms.com
127.0.0.1 bardownload.com
127.0.0.1 www.bardownload.com
127.0.0.1 barnandfence.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bbbsearch.com
127.0.0.1 bb-search.com
127.0.0.1 bdsmlibrary.net
127.0.0.1 bdsmpornmag.com
127.0.0.1 www.bdsmpornmag.com
127.0.0.1 bearshare.download-me.info
127.0.0.1 www.bearshare.download-me.info
127.0.0.1 bearshare.mp3-muzic.com
127.0.0.1 www.bearshare.mp3-muzic.com
127.0.0.1 bearshare-download.org
127.0.0.1 www.bearshare-download.org
127.0.0.1 bearshare-downloads.net
127.0.0.1 www.bearshare-downloads.net
127.0.0.1 bearsharelive.co.uk
127.0.0.1 www.bearsharelive.co.uk
127.0.0.1 bearshare-music-downloads.com
127.0.0.1 www.bearshare-music-downloads.com
127.0.0.1 bearsharepro2007.com
127.0.0.1 www.bearsharepro2007.com
127.0.0.1 bearshare-usa.com
127.0.0.1 www.bearshare-usa.com
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 beebappyy.biz
127.0.0.1 www.beebappyy.biz
127.0.0.1 begin2search.com
127.0.0.1 www.begin2search.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 best-counter.com
127.0.0.1 bestcrawler.com
127.0.0.1 bestfor.ru
127.0.0.1 best-hardpics.com
127.0.0.1 bestmanage.org
127.0.0.1 www.bestmanage.org
127.0.0.1 bestmanage0.org
127.0.0.1 www.bestmanage0.org
127.0.0.1 bestmanage1.org
127.0.0.1 www.bestmanage1.org
127.0.0.1 bestmanage2.org
127.0.0.1 www.bestmanage2.org
127.0.0.1 bestmanage3.org
127.0.0.1 www.bestmanage3.org
127.0.0.1 bestmanage4.org
127.0.0.1 www.bestmanage4.org
127.0.0.1 bestmanage5.org
127.0.0.1 www.bestmanage5.org
127.0.0.1 bestmanage6.org
127.0.0.1 www.bestmanage6.org
127.0.0.1 bestmanage7.org
127.0.0.1 www.bestmanage7.org
127.0.0.1 bestmanage8.org
127.0.0.1 www.bestmanage8.org
127.0.0.1 bestmanage9.org
127.0.0.1 www.bestmanage9.org
127.0.0.1 bestporngate.com
127.0.0.1 bestsafetyguide.net
127.0.0.1 www.bestsafetyguide.net
127.0.0.1 best-spyware.info
127.0.0.1 www.best-spyware.info
127.0.0.1 best-targeted-traffic.com
127.0.0.1 www.best-targeted-traffic.com
127.0.0.1 best-voyeur.info
127.0.0.1 www.best-voyeur.info
127.0.0.1 bestweblinks.com
127.0.0.1 best-winning-casino.com
127.0.0.1 bestworldgirls-for-u.net
127.0.0.1 www.bestworldgirls-for-u.net
127.0.0.1 bestxporno.com
127.0.0.1 bettersearch.biz
127.0.0.1 www.bettersearch.biz
127.0.0.1 bgazzetta.it
127.0.0.1 www.bgazzetta.it
127.0.0.1 bgoogle.it
127.0.0.1 www.bgoogle.it
127.0.0.1 bigtrafficnetwork.com
127.0.0.1 www.bigtrafficnetwork.com
127.0.0.1 bigwww.com
127.0.0.1 www.bigwww.com
127.0.0.1 bin.errorprotector.com
127.0.0.1 bins.media-motor.net
127.0.0.1 bins2.media-motor.net
127.0.0.1 bis.180solutions.com
127.0.0.1 bitchesonline.net
127.0.0.1 bitcomet-freebie.com
127.0.0.1 www.bitcomet-freebie.com
127.0.0.1 biz.biz
127.0.0.1 blackblues00.com
127.0.0.1 www.blackblues00.com
127.0.0.1 blackhats.tc
127.0.0.1 www.blackhats.tc
127.0.0.1 blackhawksoftware.com
127.0.0.1 www.blackhawksoftware.com
127.0.0.1 blackjack-free.net
127.0.0.1 blazefind.com
127.0.0.1 blender.xu.pl
127.0.0.1 blondetgp.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com
127.0.0.1 bm.theaimonline.com
127.0.0.1 www.bm.theaimonline.com
127.0.0.1 bnmgate.com
127.0.0.1 www.bnmgate.com
127.0.0.1 bodaciousbabette.com
127.0.0.1 bonzi.com
127.0.0.1 www.bonzi.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 bookedspace.com
127.0.0.1 www.bookedspace.com
127.0.0.1 boom.com.vn
127.0.0.1 www.boom.com.vn
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 bpfq02.com
127.0.0.1 www.bpfq02.com
127.0.0.1 bqgate.com
127.0.0.1 www.bqgate.com
127.0.0.1 br.errorsafe.com
127.0.0.1 br.winantivirus.com
127.0.0.1 br.winfixer.com
127.0.0.1 bradcoem.org
127.0.0.1 braincodec.com
127.0.0.1 www.braincodec.com
127.0.0.1 brandiyoung.com
127.0.0.1 bravesentry.com
127.0.0.1 www.bravesentry.com
127.0.0.1 breenten.biz
127.0.0.1 www.breenten.biz
127.0.0.1 brodbfm.net
127.0.0.1 www.brodbfm.net
127.0.0.1 brookeburn.com
127.0.0.1 browserwise.com
127.0.0.1 www.browserwise.com
127.0.0.1 bucps.com
127.0.0.1 buhartes.info
127.0.0.1 buldog-stats.com
127.0.0.1 bullseye-network.com
127.0.0.1 www.bullseye-network.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 burnsrecyclinginc.com
127.0.0.1 www.burnsrecyclinginc.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 busysearch.net
127.0.0.1 www.busysearch.net
127.0.0.1 buttejazz.org
127.0.0.1 buy-find.info
127.0.0.1 www.buy-find.info
127.0.0.1 buyselldomain.net
127.0.0.1 buytraff.biz
127.0.0.1 www.buytraff.biz
127.0.0.1 buz.ru
127.0.0.1 bvirgilio.it
127.0.0.1 www.bvirgilio.it
127.0.0.1 c.centralmedia.ws
127.0.0.1 c.enhance.com
127.0.0.1 www.c.enhance.com
127.0.0.1 c.goclick.com
127.0.0.1 c4tdownload.com
127.0.0.1
Report made at 1:38:55.20, 29/12/2007
Executed from C:\Documents and Settings\paco\My Documents\My Pictures\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!! Warning, the following keys are not necessarily infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Stopping processes
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 1001-search.info
127.0.0.1 www.1001-search.info
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 139mm.com
127.0.0.1 www.139mm.com
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 181.365soft.info
127.0.0.1 www.181.365soft.info
127.0.0.1 1987324.com
127.0.0.1 www.1987324.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1-extreme.biz
127.0.0.1 www.1-extreme.biz
127.0.0.1 1sexparty.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 2.82211.net
127.0.0.1 www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 2020search.com
127.0.0.1 www.2020search.com
127.0.0.1 20x2p.com
127.0.0.1 24.365soft.info
127.0.0.1 www.24.365soft.info
127.0.0.1 24-7pharmacy.info
127.0.0.1 www.24-7pharmacy.info
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 24teen.com
127.0.0.1 www.24teen.com
127.0.0.1 2every.net
127.0.0.1 www.2every.net
127.0.0.1 2ndpower.com
127.0.0.1 2search.com
127.0.0.1 www.2search.com
127.0.0.1 2search.org
127.0.0.1 www.2search.org
127.0.0.1 2squared.com
127.0.0.1 www.2squared.com
127.0.0.1 3322.org
127.0.0.1 www.3322.org
127.0.0.1 365soft.info
127.0.0.1 36site.com
127.0.0.1 www.36site.com
127.0.0.1 3721.com
127.0.0.1 39-93.com
127.0.0.1 3abetterinternet.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 3bay.it
127.0.0.1 www.3bay.it
127.0.0.1 3ebay.it
127.0.0.1 www.3ebay.it
127.0.0.1 404dns.com
127.0.0.1 www.404dns.com
127.0.0.1 4199.com
127.0.0.1 www.4199.com
127.0.0.1 4corn.net
127.0.0.1 www.4corn.net
127.0.0.1 4ebay.it
127.0.0.1 www.4ebay.it
127.0.0.1 4klm.com
127.0.0.1 4repubblica.it
127.0.0.1 www.4repubblica.it
127.0.0.1 4softget.com
127.0.0.1 www.4softget.com
127.0.0.1 5iscali.it
127.0.0.1 www.5iscali.it
127.0.0.1 5repubblica.it
127.0.0.1 www.5repubblica.it
127.0.0.1 5starvideos.com
127.0.0.1 www.5starvideos.com
127.0.0.1 5tiscali.it
127.0.0.1 www.5tiscali.it
127.0.0.1 5zgmu7o20kt5d8yq.com
127.0.0.1 www.5zgmu7o20kt5d8yq.com
127.0.0.1 6iscali.it
127.0.0.1 www.6iscali.it
127.0.0.1 6sek.com
127.0.0.1 www.6sek.com
127.0.0.1 6tiscali.it
127.0.0.1 www.6tiscali.it
127.0.0.1 7322.com
127.0.0.1 www.7322.com
127.0.0.1 75tz.com
127.0.0.1 777search.com
127.0.0.1 www.777search.com
127.0.0.1 777top.com
127.0.0.1 www.777top.com
127.0.0.1 7939.com
127.0.0.1 www.7939.com
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
127.0.0.1 82211.net
127.0.0.1 8866.org
127.0.0.1 888.com
127.0.0.1 www.888.com
127.0.0.1 8ad.com
127.0.0.1 www.8ad.com
127.0.0.1 9505.com
127.0.0.1 www.9505.com
127.0.0.1 971searchbox.com
127.0.0.1 www.971searchbox.com
127.0.0.1 a.bestmanage.org
127.0.0.1 aaasexypics.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 aavc.com
127.0.0.1 abc-find.info
127.0.0.1 www.abc-find.info
127.0.0.1 abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 abnetsoft.info
127.0.0.1 www.abnetsoft.info
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 absolutee.com
127.0.0.1 www.absolutee.com
127.0.0.1 abyssmedia.com
127.0.0.1 www.abyssmedia.com
127.0.0.1 ac66.cn
127.0.0.1 www.ac66.cn
127.0.0.1 access.Navinetwork.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 accessactivexvideo.com
127.0.0.1 www.accessactivexvideo.com
127.0.0.1 accessclips.com
127.0.0.1 www.accessclips.com
127.0.0.1 access-dvd.com
127.0.0.1 www.access-dvd.com
127.0.0.1 accesskeygenerator.com
127.0.0.1 www.accesskeygenerator.com
127.0.0.1 accessorygeeks.com
127.0.0.1 www.accessorygeeks.com
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessthefuture.net
127.0.0.1 accessvid.net
127.0.0.1 www.accessvid.net
127.0.0.1 acemedic.com
127.0.0.1 www.acemedic.com
127.0.0.1 ace-webmaster.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 acjp.com
127.0.0.1 acrobat-2007.com
127.0.0.1 www.acrobat-2007.com
127.0.0.1 acrobat-8.com
127.0.0.1 www.acrobat-8.com
127.0.0.1 acrobat-center.com
127.0.0.1 www.acrobat-center.com
127.0.0.1 acrobat-hq.com
127.0.0.1 www.acrobat-hq.com
127.0.0.1 acrobatreader-8.com
127.0.0.1 www.acrobatreader-8.com
127.0.0.1 acrobat-reader-8.de
127.0.0.1 www.acrobat-reader-8.de
127.0.0.1 acrobat-stop.com
127.0.0.1 www.acrobat-stop.com
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 activesearcher.info
127.0.0.1 www.activesearcher.info
127.0.0.1 activexaccessobject.com
127.0.0.1 www.activexaccessobject.com
127.0.0.1 activexaccessvideo.com
127.0.0.1 www.activexaccessvideo.com
127.0.0.1 activexemedia.com
127.0.0.1 www.activexemedia.com
127.0.0.1 activexmediaobject.com
127.0.0.1 www.activexmediaobject.com
127.0.0.1 activexmediapro.com
127.0.0.1 www.activexmediapro.com
127.0.0.1 activexmediasite.com
127.0.0.1 www.activexmediasite.com
127.0.0.1 activexmediasoftware.com
127.0.0.1 www.activexmediasoftware.com
127.0.0.1 activexmediasource.com
127.0.0.1 www.activexmediasource.com
127.0.0.1 activexmediatool.com
127.0.0.1 www.activexmediatool.com
127.0.0.1 activexmediatour.com
127.0.0.1 www.activexmediatour.com
127.0.0.1 activexsoftwares.com
127.0.0.1 www.activexsoftwares.com
127.0.0.1 activexsource.com
127.0.0.1 www.activexsource.com
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 activexvideo.com
127.0.0.1 www.activexvideo.com
127.0.0.1 activexvideotool.com
127.0.0.1 www.activexvideotool.com
127.0.0.1 ad.marketingsector.com
127.0.0.1 www.ad.marketingsector.com
127.0.0.1 ad.mokead.com
127.0.0.1 www.ad.mokead.com
127.0.0.1 ad.yieldmanager.com
127.0.0.1 www.ad.yieldmanager.com
127.0.0.1 ad25.com
127.0.0.1 ad45.com
127.0.0.1 ad77.com
127.0.0.1 ad86.com
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adarmor.com
127.0.0.1 www.adarmor.com
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adaware.cc
127.0.0.1 adawarenow.com
127.0.0.1 www.adawarenow.com
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 add-manager.com
127.0.0.1 www.add-manager.com
127.0.0.1 adgate.info
127.0.0.1 www.adgate.info
127.0.0.1 adipics.com
127.0.0.1 www.adipics.com
127.0.0.1 admin2cash.biz
127.0.0.1 www.admin2cash.biz
127.0.0.1 adnet-plus.com
127.0.0.1 adobe-download-now.com
127.0.0.1 adobe-downloads.com
127.0.0.1 www.adobe-downloads.com
127.0.0.1 adobe-reader-8.fr
127.0.0.1 www.adobe-reader-8.fr
127.0.0.1 adprotect.com
127.0.0.1 www.adprotect.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 ads.k8l.info
127.0.0.1 ads.kmpads.com
127.0.0.1 ads.marketingsector.com
127.0.0.1 ads.searchingbooth.com
127.0.0.1 ads.z-quest.com
127.0.0.1 ads183.com
127.0.0.1 www.ads183.com
127.0.0.1 adscontex.com
127.0.0.1 www.adscontex.com
127.0.0.1 adservices1.enhance.com
127.0.0.1 www.adservices1.enhance.com
127.0.0.1 adservs.com
127.0.0.1 adsextend.net
127.0.0.1 www.adsextend.net
127.0.0.1 adshttp.com
127.0.0.1 www.adshttp.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adsonwww.com
127.0.0.1 adspics.com
127.0.0.1 www.adspics.com
127.0.0.1 adtrak.net
127.0.0.1 www.adtrak.net
127.0.0.1 adtrgt.com
127.0.0.1 adult777search.info
127.0.0.1 www.adult777search.info
127.0.0.1 adultan.com
127.0.0.1 www.adultan.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adultfilmsite.com
127.0.0.1 www.adultfilmsite.com
127.0.0.1 adult-friends-finder.net
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adultgambling.org
127.0.0.1 adult-host.org
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adultmovieplus.com
127.0.0.1 www.adultmovieplus.com
127.0.0.1 adult-personal.us
127.0.0.1 adultsgames.net
127.0.0.1 adultsper.com
127.0.0.1 www.adultsper.com
127.0.0.1 adulttds.com
127.0.0.1 www.adulttds.com
127.0.0.1 adultzoneworld.com
127.0.0.1 www.adultzoneworld.com
127.0.0.1 advcash.biz
127.0.0.1 www.advcash.biz
127.0.0.1 advert.exaccess.ru
127.0.0.1 advertisemoney.info
127.0.0.1 www.advertisemoney.info
127.0.0.1 advertising.paltalk.com
127.0.0.1 advertising-money.info
127.0.0.1 www.advertising-money.info
127.0.0.1 ad-ware.cc
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 a-d-w-a-r-e.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 adwarebazooka.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 adwarefinder.com
127.0.0.1 www.adwarefinder.com
127.0.0.1 adwareprotectionsite.com
127.0.0.1 www.adwareprotectionsite.com
127.0.0.1 adwarepunisher.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 aflgate.com
127.0.0.1 www.aflgate.com
127.0.0.1 africaspromise.org
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 agentstudio.com
127.0.0.1 aginegialle.it
127.0.0.1 www.aginegialle.it
127.0.0.1 www.aifind.info
127.0.0.1 aifind.info
127.0.0.1 airtleworld.com
127.0.0.1 www.airtleworld.com
127.0.0.1 aitalia.it
127.0.0.1 www.aitalia.it
127.0.0.1 akamai.downloadv3.com
127.0.0.1 aklitalia.it
127.0.0.1 www.aklitalia.it
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 alfacleaner.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 alfa-search.com
127.0.0.1 alialia.it
127.0.0.1 www.alialia.it
127.0.0.1 aliotalia.it
127.0.0.1 www.aliotalia.it
127.0.0.1 alirtalia.it
127.0.0.1 www.alirtalia.it
127.0.0.1 alitaia.it
127.0.0.1 www.alitaia.it
127.0.0.1 alitaklia.it
127.0.0.1 www.alitaklia.it
127.0.0.1 alitala.it
127.0.0.1 www.alitala.it
127.0.0.1 alitali.it
127.0.0.1 www.alitali.it
127.0.0.1 alitaliaq.it
127.0.0.1 www.alitaliaq.it
127.0.0.1 alitalias.it
127.0.0.1 www.alitalias.it
127.0.0.1 alitaliaz.it
127.0.0.1 www.alitaliaz.it
127.0.0.1 alitalioa.it
127.0.0.1 www.alitalioa.it
127.0.0.1 alitalisa.it
127.0.0.1 www.alitalisa.it
127.0.0.1 alitaliua.it
127.0.0.1 www.alitaliua.it
127.0.0.1 alitalkia.it
127.0.0.1 www.alitalkia.it
127.0.0.1 alitaloia.it
127.0.0.1 www.alitaloia.it
127.0.0.1 alitaluia.it
127.0.0.1 www.alitaluia.it
127.0.0.1 alitaslia.it
127.0.0.1 www.alitaslia.it
127.0.0.1 alitlia.it
127.0.0.1 www.alitlia.it
127.0.0.1 alitralia.it
127.0.0.1 www.alitralia.it
127.0.0.1 alitsalia.it
127.0.0.1 www.alitsalia.it
127.0.0.1 aliutalia.it
127.0.0.1 www.aliutalia.it
127.0.0.1 ALL1COUNT.NET
127.0.0.1 www.ALL1COUNT.NET
127.0.0.1 all4internet.com
127.0.0.1 www.all4internet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 all-bittorrent.com
127.0.0.1 www.all-bittorrent.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 allcybersearch.com
127.0.0.1 alldnserrors.com
127.0.0.1 www.alldnserrors.com
127.0.0.1 all-downloads-now.com
127.0.0.1 www.all-downloads-now.com
127.0.0.1 all-edonkey.com
127.0.0.1 www.all-edonkey.com
127.0.0.1 allforadult.com
127.0.0.1 allhyperlinks.com
127.0.0.1 alliesecurity.com
127.0.0.1 www.alliesecurity.com
127.0.0.1 all-inet.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 all-limewire.com
127.0.0.1 www.all-limewire.com
127.0.0.1 allmegabucks.com
127.0.0.1 www.allmegabucks.com
127.0.0.1 allprotections.com
127.0.0.1 www.allprotections.com
127.0.0.1 allresultz.net
127.0.0.1 www.allresultz.net
127.0.0.1 allsecuritynotes.com
127.0.0.1 www.allsecuritynotes.com
127.0.0.1 allsecuritysite.com
127.0.0.1 www.allsecuritysite.com
127.0.0.1 allstarsvideos.net
127.0.0.1 www.allstarsvideos.net
127.0.0.1 alltruesoftware.com
127.0.0.1 www.alltruesoftware.com
127.0.0.1 allvideoactivex.com
127.0.0.1 www.allvideoactivex.com
127.0.0.1 almanah.biz
127.0.0.1 www.almanah.biz
127.0.0.1 almarvideos.com
127.0.0.1 aloitalia.it
127.0.0.1 www.aloitalia.it
127.0.0.1 aluitalia.it
127.0.0.1 www.aluitalia.it
127.0.0.1 amaena.com
127.0.0.1 www.amaena.com
127.0.0.1 amandamountains.com
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 amediasoftware.com
127.0.0.1 www.amediasoftware.com
127.0.0.1 amediasource.com
127.0.0.1 www.amediasource.com
127.0.0.1 americancarbargains.com
127.0.0.1 www.americancarbargains.com
127.0.0.1 american-teens.net
127.0.0.1 amigeek.com
127.0.0.1 amisbusiness.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 analcord.com
127.0.0.1 www.analcord.com
127.0.0.1 analmovi.com
127.0.0.1 anarchylolita.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 andromedical.com
127.0.0.1 www.andromedical.com
127.0.0.1 animepornmag.com
127.0.0.1 www.animepornmag.com
127.0.0.1 anin.org
127.0.0.1 anjpn-avxiz.biz
127.0.0.1 www.anjpn-avxiz.biz
127.0.0.1 anjpnzqav.biz
127.0.0.1 www.anjpnzqav.biz
127.0.0.1 anjpn-zqav.biz
127.0.0.1 www.anjpn-zqav.biz
127.0.0.1 annaromeo.com
127.0.0.1 antiddos.us
127.0.0.1 www.antiddos.us
127.0.0.1 Antiespiadorado.com
127.0.0.1 www.Antiespiadorado.com
127.0.0.1 Antiespionspack.com
127.0.0.1 www.Antiespionspack.com
127.0.0.1 Antigusanos2008.com
127.0.0.1 www.Antigusanos2008.com
127.0.0.1 Antispionage.com
127.0.0.1 www.Antispionage.com
127.0.0.1 Antispionagepro.com
127.0.0.1 www.Antispionagepro.com
127.0.0.1 antispydns.biz
127.0.0.1 www.antispydns.biz
127.0.0.1 antispylab.com
127.0.0.1 www.antispylab.com
127.0.0.1 antispysolutions.com
127.0.0.1 www.antispysolutions.com
127.0.0.1 antispyware.com
127.0.0.1 www.antispyware.com
127.0.0.1 antispywarebot.com
127.0.0.1 www.antispywarebot.com
127.0.0.1 antispywarebox.com
127.0.0.1 www.antispywarebox.com
127.0.0.1 antispywaredownloads.com
127.0.0.1 www.antispywaredownloads.com
127.0.0.1 Antispywaresuite.com
127.0.0.1 www.Antispywaresuite.com
127.0.0.1 Antispyweb.net
127.0.0.1 www.Antispyweb.net
127.0.0.1 Antiver2008.com
127.0.0.1 www.Antiver2008.com
127.0.0.1 antivermins.com
127.0.0.1 www.antivermins.com
127.0.0.1 anti-vermins.com
127.0.0.1 www.anti-vermins.com
127.0.0.1 antivir2007.com
127.0.0.1 www.antivir2007.com
127.0.0.1 antivirgear.com
127.0.0.1 www.antivirgear.com
127.0.0.1 antivirus.fastfreedownload.com
127.0.0.1 www.antivirus.fastfreedownload.com
127.0.0.1 antivirusgolden.com
127.0.0.1 www.antivirusgolden.com
127.0.0.1 antivirus-hq.net
127.0.0.1 www.antivirus-hq.net
127.0.0.1 anti-virus-pro.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 antivirusprotector.com
127.0.0.1 www.antivirusprotector.com
127.0.0.1 antivirussecuritypro.com
127.0.0.1 www.antivirussecuritypro.com
127.0.0.1 antivirus-stop.com
127.0.0.1 www.antivirus-stop.com
127.0.0.1 Antiworm2008.com
127.0.0.1 www.Antiworm2008.com
127.0.0.1 Antiwurm2008.com
127.0.0.1 www.Antiwurm2008.com
127.0.0.1 antrocity.com
127.0.0.1 anyofus.com
127.0.0.1 www.anyofus.com
127.0.0.1 anysn.seproger.com
127.0.0.1 www.anysn.seproger.com
127.0.0.1 anything4health.com
127.0.0.1 apicpreview.com
127.0.0.1 www.apicpreview.com
127.0.0.1 appealcircuit.com
127.0.0.1 www.appealcircuit.com
127.0.0.1 approvedlinks.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 apps.deskwizz.com
127.0.0.1 apps.webservicehost.com
127.0.0.1 aprotectedpage.com
127.0.0.1 www.aprotectedpage.com
127.0.0.1 apsua.com
127.0.0.1 archiviosex.net
127.0.0.1 www.archiviosex.net
127.0.0.1 aregay.com
127.0.0.1 ares-freebie.com
127.0.0.1 www.ares-freebie.com
127.0.0.1 arespro2007.com
127.0.0.1 www.arespro2007.com
127.0.0.1 aresultra.com
127.0.0.1 www.aresultra.com
127.0.0.1 ares-usa.com
127.0.0.1 www.ares-usa.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 arquivojpgs.smtp.ru
127.0.0.1 www.arquivojpgs.smtp.ru
127.0.0.1 artachnid.com
127.0.0.1 art-func.com
127.0.0.1 art-xxx.com
127.0.0.1 asafebrowser.com
127.0.0.1 www.asafebrowser.com
127.0.0.1 asafetynotice.com
127.0.0.1 www.asafetynotice.com
127.0.0.1 asafetypage.com
127.0.0.1 www.asafetypage.com
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdbiz.biz
127.0.0.1 asdeykuddq.com
127.0.0.1 www.asdeykuddq.com
127.0.0.1 asecurebar.com
127.0.0.1 www.asecurebar.com
127.0.0.1 asecureboard.com
127.0.0.1 www.asecureboard.com
127.0.0.1 asecurevalue.com
127.0.0.1 www.asecurevalue.com
127.0.0.1 asecurityissue.com
127.0.0.1 www.asecurityissue.com
127.0.0.1 asecuritynotice.com
127.0.0.1 www.asecuritynotice.com
127.0.0.1 asecuritypaper.com
127.0.0.1 www.asecuritypaper.com
127.0.0.1 asecuritystuff.com
127.0.0.1 www.asecuritystuff.com
127.0.0.1 asiankingkong.com
127.0.0.1 asianpornmag.com
127.0.0.1 www.asianpornmag.com
127.0.0.1 asiantoolbar.com
127.0.0.1 www.asiantoolbar.com
127.0.0.1 asidseiupc.com
127.0.0.1 www.asidseiupc.com
127.0.0.1 aslitalia.it
127.0.0.1 www.aslitalia.it
127.0.0.1 ass-gals.com
127.0.0.1 assureprotection.com
127.0.0.1 www.assureprotection.com
127.0.0.1 asta-killer.com
127.0.0.1 asupereva.it
127.0.0.1 www.asupereva.it
127.0.0.1 athenrye.com
127.0.0.1 atotalsafety.com
127.0.0.1 www.atotalsafety.com
127.0.0.1 atrueprotection.com
127.0.0.1 www.atrueprotection.com
127.0.0.1 atruesecurity.com
127.0.0.1 www.atruesecurity.com
127.0.0.1 attackware.com
127.0.0.1 www.attackware.com
127.0.0.1 attrezzi.biz
127.0.0.1 www.attrezzi.biz
127.0.0.1 aulde.net
127.0.0.1 www.aulde.net
127.0.0.1 aupereva.it
127.0.0.1 www.aupereva.it
127.0.0.1 autocontext.begun.ru
127.0.0.1 www.autocontext.begun.ru
127.0.0.1 autoescrowpay.com
127.0.0.1 avast.free-software-center.com
127.0.0.1 www.avast.free-software-center.com
127.0.0.1 avast-2007.com
127.0.0.1 www.avast-2007.com
127.0.0.1 avast-downloads.com
127.0.0.1 www.avast-downloads.com
127.0.0.1 avast-hq.com
127.0.0.1 www.avast-hq.com
127.0.0.1 avforce.com
127.0.0.1 www.avforce.com
127.0.0.1 avg.grab-it-today.net
127.0.0.1 www.avg.grab-it-today.net
127.0.0.1 avg.softwarecenterz.com
127.0.0.1 www.avg.softwarecenterz.com
127.0.0.1 avg-secure.com
127.0.0.1 www.avg-secure.com
127.0.0.1 avian-ads.com
127.0.0.1 avideoaxaccess.com
127.0.0.1 www.avideoaxaccess.com
127.0.0.1 avideosurfer.com
127.0.0.1 www.avideosurfer.com
127.0.0.1 aviewersoft.com
127.0.0.1 www.aviewersoft.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avxizaaqada.biz
127.0.0.1 www.avxizaaqada.biz
127.0.0.1 avxiz-anjpn.biz
127.0.0.1 www.avxiz-anjpn.biz
127.0.0.1 avxizueorn.biz
127.0.0.1 www.avxizueorn.biz
127.0.0.1 avxiz-ueorn.biz
127.0.0.1 www.avxiz-ueorn.biz
127.0.0.1 avxiz-vtvcp.biz
127.0.0.1 www.avxiz-vtvcp.biz
127.0.0.1 avxiz-ygco.biz
127.0.0.1 www.avxiz-ygco.biz
127.0.0.1 avxiz-zqav.biz
127.0.0.1 www.avxiz-zqav.biz
127.0.0.1 awarninglist.com
127.0.0.1 www.awarninglist.com
127.0.0.1 awbeta.net-nucleus.com
127.0.0.1 awesomehomepage.com
127.0.0.1 www.awesomehomepage.com
127.0.0.1 awmcash.biz
127.0.0.1 awmdabest.com
127.0.0.1 axemediasoftware.com
127.0.0.1 www.axemediasoftware.com
127.0.0.1 aximageobject.com
127.0.0.1 www.aximageobject.com
127.0.0.1 axmediaproject.com
127.0.0.1 www.axmediaproject.com
127.0.0.1 axmediasoftware.com
127.0.0.1 www.axmediasoftware.com
127.0.0.1 axmediasolutions.com
127.0.0.1 www.axmediasolutions.com
127.0.0.1 axobjectpage.com
127.0.0.1 www.axobjectpage.com
127.0.0.1 axobjectsource.com
127.0.0.1 www.axobjectsource.com
127.0.0.1 axsoftwaretool.com
127.0.0.1 www.axsoftwaretool.com
127.0.0.1 axvideoproject.com
127.0.0.1 www.axvideoproject.com
127.0.0.1 axvideosetup.com
127.0.0.1 www.axvideosetup.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayb.dns-look-up.com
127.0.0.1 ayb.netbios-wait.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 azebar.com
127.0.0.1 azureusclub.com
127.0.0.1 www.azureusclub.com
127.0.0.1 azureus-freebie.com
127.0.0.1 www.azureus-freebie.com
127.0.0.1 azzetta.it
127.0.0.1 www.azzetta.it
127.0.0.1 b.casalemedia.com
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babenet.com
127.0.0.1 www.babenet.com
127.0.0.1 babespornmag.com
127.0.0.1 www.babespornmag.com
127.0.0.1 babeweb.de
127.0.0.1 www.babeweb.de
127.0.0.1 baccarat-other.info
127.0.0.1 www.baccarat-other.info
127.0.0.1 Backstripgirls.com
127.0.0.1 www.Backstripgirls.com
127.0.0.1 backup.mabou.org
127.0.0.1 balotierra.com
127.0.0.1 www.balotierra.com
127.0.0.1 bannedhost.net
127.0.0.1 barbudafarms.com
127.0.0.1 bardownload.com
127.0.0.1 www.bardownload.com
127.0.0.1 barnandfence.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bbbsearch.com
127.0.0.1 bb-search.com
127.0.0.1 bdsmlibrary.net
127.0.0.1 bdsmpornmag.com
127.0.0.1 www.bdsmpornmag.com
127.0.0.1 bearshare.download-me.info
127.0.0.1 www.bearshare.download-me.info
127.0.0.1 bearshare.mp3-muzic.com
127.0.0.1 www.bearshare.mp3-muzic.com
127.0.0.1 bearshare-download.org
127.0.0.1 www.bearshare-download.org
127.0.0.1 bearshare-downloads.net
127.0.0.1 www.bearshare-downloads.net
127.0.0.1 bearsharelive.co.uk
127.0.0.1 www.bearsharelive.co.uk
127.0.0.1 bearshare-music-downloads.com
127.0.0.1 www.bearshare-music-downloads.com
127.0.0.1 bearsharepro2007.com
127.0.0.1 www.bearsharepro2007.com
127.0.0.1 bearshare-usa.com
127.0.0.1 www.bearshare-usa.com
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 beebappyy.biz
127.0.0.1 www.beebappyy.biz
127.0.0.1 begin2search.com
127.0.0.1 www.begin2search.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 best-counter.com
127.0.0.1 bestcrawler.com
127.0.0.1 bestfor.ru
127.0.0.1 best-hardpics.com
127.0.0.1 bestmanage.org
127.0.0.1 www.bestmanage.org
127.0.0.1 bestmanage0.org
127.0.0.1 www.bestmanage0.org
127.0.0.1 bestmanage1.org
127.0.0.1 www.bestmanage1.org
127.0.0.1 bestmanage2.org
127.0.0.1 www.bestmanage2.org
127.0.0.1 bestmanage3.org
127.0.0.1 www.bestmanage3.org
127.0.0.1 bestmanage4.org
127.0.0.1 www.bestmanage4.org
127.0.0.1 bestmanage5.org
127.0.0.1 www.bestmanage5.org
127.0.0.1 bestmanage6.org
127.0.0.1 www.bestmanage6.org
127.0.0.1 bestmanage7.org
127.0.0.1 www.bestmanage7.org
127.0.0.1 bestmanage8.org
127.0.0.1 www.bestmanage8.org
127.0.0.1 bestmanage9.org
127.0.0.1 www.bestmanage9.org
127.0.0.1 bestporngate.com
127.0.0.1 bestsafetyguide.net
127.0.0.1 www.bestsafetyguide.net
127.0.0.1 best-spyware.info
127.0.0.1 www.best-spyware.info
127.0.0.1 best-targeted-traffic.com
127.0.0.1 www.best-targeted-traffic.com
127.0.0.1 best-voyeur.info
127.0.0.1 www.best-voyeur.info
127.0.0.1 bestweblinks.com
127.0.0.1 best-winning-casino.com
127.0.0.1 bestworldgirls-for-u.net
127.0.0.1 www.bestworldgirls-for-u.net
127.0.0.1 bestxporno.com
127.0.0.1 bettersearch.biz
127.0.0.1 www.bettersearch.biz
127.0.0.1 bgazzetta.it
127.0.0.1 www.bgazzetta.it
127.0.0.1 bgoogle.it
127.0.0.1 www.bgoogle.it
127.0.0.1 bigtrafficnetwork.com
127.0.0.1 www.bigtrafficnetwork.com
127.0.0.1 bigwww.com
127.0.0.1 www.bigwww.com
127.0.0.1 bin.errorprotector.com
127.0.0.1 bins.media-motor.net
127.0.0.1 bins2.media-motor.net
127.0.0.1 bis.180solutions.com
127.0.0.1 bitchesonline.net
127.0.0.1 bitcomet-freebie.com
127.0.0.1 www.bitcomet-freebie.com
127.0.0.1 biz.biz
127.0.0.1 blackblues00.com
127.0.0.1 www.blackblues00.com
127.0.0.1 blackhats.tc
127.0.0.1 www.blackhats.tc
127.0.0.1 blackhawksoftware.com
127.0.0.1 www.blackhawksoftware.com
127.0.0.1 blackjack-free.net
127.0.0.1 blazefind.com
127.0.0.1 blender.xu.pl
127.0.0.1 blondetgp.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com
127.0.0.1 bm.theaimonline.com
127.0.0.1 www.bm.theaimonline.com
127.0.0.1 bnmgate.com
127.0.0.1 www.bnmgate.com
127.0.0.1 bodaciousbabette.com
127.0.0.1 bonzi.com
127.0.0.1 www.bonzi.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 bookedspace.com
127.0.0.1 www.bookedspace.com
127.0.0.1 boom.com.vn
127.0.0.1 www.boom.com.vn
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 bpfq02.com
127.0.0.1 www.bpfq02.com
127.0.0.1 bqgate.com
127.0.0.1 www.bqgate.com
127.0.0.1 br.errorsafe.com
127.0.0.1 br.winantivirus.com
127.0.0.1 br.winfixer.com
127.0.0.1 bradcoem.org
127.0.0.1 braincodec.com
127.0.0.1 www.braincodec.com
127.0.0.1 brandiyoung.com
127.0.0.1 bravesentry.com
127.0.0.1 www.bravesentry.com
127.0.0.1 breenten.biz
127.0.0.1 www.breenten.biz
127.0.0.1 brodbfm.net
127.0.0.1 www.brodbfm.net
127.0.0.1 brookeburn.com
127.0.0.1 browserwise.com
127.0.0.1 www.browserwise.com
127.0.0.1 bucps.com
127.0.0.1 buhartes.info
127.0.0.1 buldog-stats.com
127.0.0.1 bullseye-network.com
127.0.0.1 www.bullseye-network.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 burnsrecyclinginc.com
127.0.0.1 www.burnsrecyclinginc.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 busysearch.net
127.0.0.1 www.busysearch.net
127.0.0.1 buttejazz.org
127.0.0.1 buy-find.info
127.0.0.1 www.buy-find.info
127.0.0.1 buyselldomain.net
127.0.0.1 buytraff.biz
127.0.0.1 www.buytraff.biz
127.0.0.1 buz.ru
127.0.0.1 bvirgilio.it
127.0.0.1 www.bvirgilio.it
127.0.0.1 c.centralmedia.ws
127.0.0.1 c.enhance.com
127.0.0.1 www.c.enhance.com
127.0.0.1 c.goclick.com
127.0.0.1 c4tdownload.com
127.0.0.1
you can put back a hijackthis
and see you tomorrow for sure
--
Humor is the keystone of consciousness
and see you tomorrow for sure
--
Humor is the keystone of consciousness
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:00, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\AOL\1198412413\ee\aolsoftware.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Yahoo! Toolbar with popup blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar with popup blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Shortcut to High Definition Audio Properties Page] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1198412413\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer = 132.165.195.1,152.163.154.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer = 84.103.237.147 86.64.145.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer = 158.165.156.1,123.156.189.1
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8032 bytes
Scan saved at 14:41:00, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\AOL\1198412413\ee\aolsoftware.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Yahoo! Toolbar with popup blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar with popup blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Shortcut to High Definition Audio Properties Page] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1198412413\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{041B06E4-3CE0-4C4E-ABF8-BBF69D03CF72}: NameServer = 132.165.195.1,152.163.154.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC9939C-E317-4A5A-AD47-81339BD2BF5B}: NameServer = 84.103.237.147 86.64.145.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1BD5CA-7AC8-44E9-93DA-ECB188905320}: NameServer = 158.165.156.1,123.156.189.1
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8032 bytes
- 1
- 2
- 3
Suivant