Sujet Précédent Sujet Suivant

Pub énervante

brioche95 Messages postés 660 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
Lorsque je suis sur le Web des pubs vraiment (casse 'bonbon') vienne me gèné sur mon écran et fait ramé mon PC!

Voila je vient de recevoir une pub voila: http://www.goldenlounge.com/promos/nd8/fr/index_xtend.asp?anid=jwIAAOW6BABVWxYARPcGAAIAAAAAAP8AAAAGEwIIAAK3jAYAyToKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKpeOUkAAAAA

Comment faire pour bloquer c'est connerie....? quel information sur mon PC je doit vous fournir?
A voir également:

20 réponses

Réponse 1 / 20
ThEBiShOp Messages postés 9307 Date d'inscription   Statut Contributeur Dernière intervention   1 566
 
à mon avis il faut faire un bon nettoyage du pc avec un logiciel anti malware comme spybot.

(ton message n'est pas dans la bonne catégorie)
0
brioche95 Messages postés 660 Statut Membre 167
 
Désolé :s
0
Réponse 2 / 20
zum Messages postés 1462 Date d'inscription   Statut Contributeur Dernière intervention   287
 
un p'tit tour ici tant qu'à faire

http://www.commentcamarche.net/forum/affich 3494985 cherche anti pop up
0
brioche95 Messages postés 660 Statut Membre 167
 
Merci à toi j'installe Proxomitron et je regarde si sa marche bien pour mettre résolu ;)
0
Réponse 3 / 20
ThEBiShOp Messages postés 9307 Date d'inscription   Statut Contributeur Dernière intervention   1 566
 
heu je ne te conseille pas d'utiliser un logiciel qui n'a pas eu de mise à jour depuis 5 ans...

Essaye spybot
0
brioche95 Messages postés 660 Statut Membre 167
 
Ok je vais essayer sa car j'ai toujours des pubs ... Merci
0
Réponse 4 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

▶ Télécharge hijackthis

▶ Tout est expliqué sur mon site web pour l'installer et l'utiliser correctement.

▶ Poste le rapport obtenu dans le bloc note dans ta prochaine réponse.

Comment copier/coller le rapport :

▶ Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

▶ ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
0
brioche95 Messages postés 660 Statut Membre 167
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:33, on 05/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: agadoo browser enhancer - {0D54BC86-CBD0-8888-2495-D79F0E1B623C} - C:\WINDOWS\system32\fuzutapposimsgj.dll
O2 - BHO: {c7f0af9b-e0f4-7eab-4e24-61eefa469241} - {142964af-ee16-42e4-bae7-4f0eb9fa0f7c} - C:\WINDOWS\system32\vtntga.dll
O2 - BHO: mysidesearch search enhancer - {16a4f6b1-0381-3947-56b2-580623f4d942} - C:\WINDOWS\system32\vgltwrmuxreujsgds.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\opnkKArQ.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {BAD90979-E625-4C7C-831E-7D948D57453A} - C:\WINDOWS\system32\yayVnOFw.dll
O2 - BHO: (no name) - {BB5538EF-9C58-4DDA-8227-25615C83C558} - C:\WINDOWS\system32\fccyYrpn.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [SteamRS] C:\Program Files\Steam\Steam.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase.exe
O4 - HKLM\..\Run: [zvxstlpswnt] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\fuzutapposimsgj.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA1456] command /c del "C:\Documents and Settings\All Users\Documents\Foxicle\FFADVPro3.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4753] cmd /c del "C:\Documents and Settings\All Users\Documents\Foxicle\FFADVPro3.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Fournier\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5298] command /c del "C:\Documents and Settings\All Users\Documents\Foxicle\FFADVPro3.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2415] cmd /c del "C:\Documents and Settings\All Users\Documents\Foxicle\FFADVPro3.dll_old"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: GA511 Smart Wizard Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dbgeng32.dll,C:\WINDOWS\System32\dbgeng32.dll vtntga.dll
O20 - Winlogon Notify: 98547508509 - C:\WINDOWS\System32\dbgeng32.dll (file missing)
O20 - Winlogon Notify: opnkKArQ - C:\WINDOWS\SYSTEM32\opnkKArQ.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
0
brioche95 Messages postés 660 Statut Membre 167
 
J'ai aussi sa qui vient souvent: http://antivirus-computer-scan.com/2009/1/fr/_freescan.php?nu=770522171286

Avast le prend pour un Virus
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
y a des infections multiple dans ton PC... Commence par faire ceci stp :

Option 1 - Recherche :

▶ télécharge smitfraudfix et enregistre le sur le bureau

▶ Ensuite double clique sur smitfraudfix puis exécuter

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.

Voici un tutoriel sonore et animé en cas de problème d'utilisation

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
cet utilitaire pourrait arrêter des logiciels de sécurité.)
0
brioche95 Messages postés 660 Statut Membre 167
 
SmitFraudFix v2.381

Rapport fait à 23:49:42,45, 05/12/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fournier


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Fournier\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fournier\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Fournier\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\System32\\dbgeng32.dll,C:\\WINDOWS\\System32\\dbgeng32.dll vtntga.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{444263D5-9282-48A6-BD6D-EFDD7415C555}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{444263D5-9282-48A6-BD6D-EFDD7415C555}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{444263D5-9282-48A6-BD6D-EFDD7415C555}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Très bien maintenant fais ceci stp :

Option 2 - Nettoyage :

redémarre le PC en mode sans échec

▶ Double cliquer sur smitfraudfix

▶ Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

▶ A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

▶ Enregistre le rapport sur ton bureau

▶ Redémarrer en mode normal et poster le rapport. (sans les lignes 127.0.0.1.........)
0
brioche95 Messages postés 660 Statut Membre 167
 
SmitFraudFix v2.381

Rapport fait à 12:30:16,92, 06/12/2008
Executé à partir de C:\Documents and Settings\Fournier\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 www.miosearch.com
127.0.0.1 213.131.225.2
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com
127.0.0.1 babeweb.de
127.0.0.1 www.babeweb.de
127.0.0.1 start-seite.com
127.0.0.1 www.start-seite.com
127.0.0.1 sexolymp.com
127.0.0.1 www.sexolymp.com
127.0.0.1 toriii.cc
127.0.0.1 www.toriii.cc
127.0.0.1 xtipp.de
127.0.0.1 www.xtipp.de
127.0.0.1 urawa.cool.ne.jp
127.0.0.1 777search.com
127.0.0.1 www.777search.com
127.0.0.1 ace-webmaster.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 aifind.info
127.0.0.1 www.aifind.info
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 anarchylolita.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 approvedlinks.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 cantfind.com
127.0.0.1 www.cantfind.com
127.0.0.1 castingsamateur.com
127.0.0.1 www.castingsamateur.com
127.0.0.1 cyberrape.com
127.0.0.1 www.cyberrape.com
127.0.0.1 dialerclub.com
127.0.0.1 www.dialerclub.com
127.0.0.1 megago.com
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com
127.0.0.1 fastmetasearch.com
127.0.0.1 www.fastmetasearch.com
127.0.0.1 findwhatevernow.com
127.0.0.1 www.findwhatevernow.com
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com
127.0.0.1 hotfreebies.com
127.0.0.1 www.hotfreebies.com
127.0.0.1 krankin.com
127.0.0.1 www.krankin.com
127.0.0.1 begin2search.com
127.0.0.1 www.begin2search.com
127.0.0.1 mainstreamdollars.com
127.0.0.1 www.mainstreamdollars.com
127.0.0.1 live.sex-explorer.com
127.0.0.1 www.live.sex-explorer.com
127.0.0.1 loveadot.com
127.0.0.1 www.loveadot.com
127.0.0.1 megaseek.net
127.0.0.1 www.megaseek.net
127.0.0.1 mixsearch.com
127.0.0.1 www.mixsearch.com
127.0.0.1 munky.com
127.0.0.1 www.munky.com
127.0.0.1 newtopsites.com
127.0.0.1 www.newtopsites.com
127.0.0.1 noblindlinks.com
127.0.0.1 www.noblindlinks.com
127.0.0.1 babenet.com
127.0.0.1 r.babenet.com
127.0.0.1 www.babenet.com
127.0.0.1 searchresult.net
127.0.0.1 www.searchresult.net
127.0.0.1 sexarena.org
127.0.0.1 www.sexarena.org
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com
127.0.0.1 superwp.by.ru
127.0.0.1 sureseeker.com
127.0.0.1 www.sureseeker.com
127.0.0.1 wethere.com
127.0.0.1 www.wethere.com
127.0.0.1 wowsearch.org
127.0.0.1 www.wowsearch.org
127.0.0.1 xxx.com
127.0.0.1 www.xxx.com
127.0.0.1 art-xxx.com
127.0.0.1 websearch.com
127.0.0.1 www.websearch.com
127.0.0.1 firehunt.com
127.0.0.1 www.firehunt.com
127.0.0.1 partner23.firehunt.com
127.0.0.1 screensaver.it
127.0.0.1 www.screensaver.it
127.0.0.1 cliks.org
127.0.0.1 www.cliks.org
127.0.0.1 xads.cliks.org
127.0.0.1 xwebsearch.biz
127.0.0.1 www.xwebsearch.biz
127.0.0.1 znext.com
127.0.0.1 www.znext.com
127.0.0.1 rawtocash.net
127.0.0.1 www.rawtocash.net
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 zestyfind.com
127.0.0.1 www.zestyfind.com
127.0.0.1 ntcor.com
127.0.0.1 www.ntcor.com
127.0.0.1 dev.ntcor.com
127.0.0.1 xrenoder.com
127.0.0.1 www.xrenoder.com
127.0.0.1 search.xrenoder.com
127.0.0.1 193.125.201.50
127.0.0.1 allcybersearch.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 tinybar.com
127.0.0.1 www.tinybar.com
127.0.0.1 topsite.us
127.0.0.1 www.topsite.us
127.0.0.1 topsites.us
127.0.0.1 www.topsites.us
127.0.0.1 topsitez.us
127.0.0.1 www.topsitez.us
127.0.0.1 true-counter.com
127.0.0.1 www.true-counter.com
127.0.0.1 out.true-counter.com
127.0.0.1 cnetadd.com
127.0.0.1 www.cnetadd.com
127.0.0.1 okmmm.com
127.0.0.1 www.okmmm.com
127.0.0.1 139mm.com
127.0.0.1 www.139mm.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 157.238.62.14
127.0.0.1 1sexparty.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 2020search.com
127.0.0.1 www.2020search.com
127.0.0.1 209.66.114.130
127.0.0.1 24teen.com
127.0.0.1 www.24teen.com
127.0.0.1 36site.com
127.0.0.1 www.36site.com
127.0.0.1 4corn.net
127.0.0.1 www.4corn.net
127.0.0.1 66.117.14.138
127.0.0.1 66.197.100.83
127.0.0.1 66.250.107.99
127.0.0.1 66.250.107.100
127.0.0.1 66.250.107.101
127.0.0.1 66.250.130.194
127.0.0.1 66.250.170.107
127.0.0.1 66.250.57.26
127.0.0.1 66.250.57.27
127.0.0.1 66.250.57.28
127.0.0.1 66.250.74.150
127.0.0.1 777top.com
127.0.0.1 www.777top.com
127.0.0.1 8ad.com
127.0.0.1 www.8ad.com
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessthefuture.net
127.0.0.1 acemedic.com
127.0.0.1 www.acemedic.com
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adipics.com
127.0.0.1 www.adipics.com
127.0.0.1 adspics.com
127.0.0.1 www.adspics.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adult-friends-finder.net
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adulttds.com
127.0.0.1 www.adulttds.com
127.0.0.1 exaccess.ru
127.0.0.1 www.exaccess.ru
127.0.0.1 advert.exaccess.ru
127.0.0.1 agentstudio.com
127.0.0.1 africaspromise.org
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 alfa-search.com
127.0.0.1 all-inet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 allhyperlinks.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 almarvideos.com
127.0.0.1 amandamountains.com
127.0.0.1 amigeek.com
127.0.0.1 amisbusiness.com
127.0.0.1 analmovi.com
127.0.0.1 anin.org
127.0.0.1 annaromeo.com
127.0.0.1 antrocity.com
127.0.0.1 anything4health.com
127.0.0.1 apsua.com
127.0.0.1 aregay.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 art-func.com
127.0.0.1 artachnid.com
127.0.0.1 asiankingkong.com
127.0.0.1 ass-gals.com
127.0.0.1 athenrye.com
127.0.0.1 avian-ads.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 bannedhost.net
127.0.0.1 barbudafarms.com
127.0.0.1 barnandfence.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bb-search.com
127.0.0.1 bbbsearch.com
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 best-counter.com
127.0.0.1 best-hardpics.com
127.0.0.1 best-winning-casino.com
127.0.0.1 bestcrawler.com
127.0.0.1 bestfor.ru
127.0.0.1 bestporngate.com
127.0.0.1 bestxporno.com
127.0.0.1 blackjack-free.net
127.0.0.1 blender.xu.pl
127.0.0.1 bodaciousbabette.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 bradcoem.org
127.0.0.1 brandiyoung.com
127.0.0.1 brookeburn.com
127.0.0.1 bucps.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 buttejazz.org
127.0.0.1 buyselldomain.net
127.0.0.1 calcioturris.com
127.0.0.1 canberracricketcoaching.com
127.0.0.1 candycantaloupes.com
127.0.0.1 careers.dulcineasystems.net
127.0.0.1 carsands.com
127.0.0.1 carsrentals.net
127.0.0.1 casino-gambling-1.net
127.0.0.1 casino-gambling-2.net
127.0.0.1 casino-onlines.net
127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
127.0.0.1 casino2win.net
127.0.0.1 casinomidas.net
127.0.0.1 casinonline.net
127.0.0.1 catallogue.com
127.0.0.1 catsss.da.ru
127.0.0.1 caxa.ru
127.0.0.1 cclebali.org
127.0.0.1 ceewawires.org
127.0.0.1 certumgroup.com
127.0.0.1 chelancatering.com
127.0.0.1 childrenvilla.com
127.0.0.1 chips-4-free.com
127.0.0.1 chrisswasey.com
127.0.0.1 chriswallace.net
127.0.0.1 ckick4thumbs.com
127.0.0.1 clackamasliteraryreview.com
127.0.0.1 clearsearch.cc
127.0.0.1 clearsearch.net
127.0.0.1 clickaire.com
127.0.0.1 clickyestoenter.net
127.0.0.1 clrsch.com
127.0.0.1 cmtapestry.com
127.0.0.1 cool-homepage.co
127.0.0.1 cool-homepage.com
127.0.0.1 cool-search.net
127.0.0.1 cool-search.netfartpost.com
127.0.0.1 cool-web-search.com
127.0.0.1 coolfetishsite.com
127.0.0.1 coolfreehost.com
127.0.0.1 coolfreepage.com
127.0.0.1 coolfreepages.com
127.0.0.1 coolmoneysearch.com
127.0.0.1 coolpornsearch.com
127.0.0.1 coolsearcher.info
127.0.0.1 coolwebsearsh.com
127.0.0.1 copmtraine.com
127.0.0.1 couldnotfind.com
127.0.0.1 count-all.com
127.0.0.1 cracks.me.uk
127.0.0.1 creamedcutties.com
127.0.0.1 creditsearchonline.com
127.0.0.1 crestring.com
127.0.0.1 crooder.com
127.0.0.1 curvedspaces.com
127.0.0.1 cvs.jps.ru
127.0.0.1 cvsymphony.com
127.0.0.1 cydom.com
127.0.0.1 daily-gals.com
127.0.0.1 dancingbabycd.com
127.0.0.1 datanotary.com
127.0.0.1 datareco.com
127.0.0.1 davemarshall.org
127.0.0.1 dcfitusa.com
127.0.0.1 defaultsearch.net
127.0.0.1 desarrollocreativo.com
127.0.0.1 develip.com
127.0.0.1 dewis.spb.ru
127.0.0.1 dewis.us
127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
127.0.0.1 dietpills4free.com
127.0.0.1 dietpussy.com
127.0.0.1 digistreamsa.com
127.0.0.1 dionforvalleycouncil.org
127.0.0.1 doctorwaldron.com
127.0.0.1 document-not-found.pornpic.org
127.0.0.1 doggyaction.com
127.0.0.1 domain-your-registration.com
127.0.0.1 domains-for-you-online.com
127.0.0.1 domains2003.net
127.0.0.1 domkrat.com
127.0.0.1 dp-host.com
127.0.0.1 dragqueen.gay-clan.com
127.0.0.1 drug-sources-exposed.com
127.0.0.1 drvvv.com
127.0.0.1 dutch-sex.com
127.0.0.1 dvdbank.org
127.0.0.1 e-localad.com
127.0.0.1 e-plus.cc
127.0.0.1 e-websitesolutions.com
127.0.0.1 eases.net
127.0.0.1 easy-search.net
127.0.0.1 easycategories.com
127.0.0.1 ecosrioplatenses.org
127.0.0.1 ecstasyporn.net
127.0.0.1 eikokoike.com
127.0.0.1 epornsex.com
127.0.0.1 euuu.com
127.0.0.1 evidence-detector.biz
127.0.0.1 evilspidercomics.com
127.0.0.1 ewebsearch.net
127.0.0.1 findloss.com
127.0.0.1 excellentsckin.com
127.0.0.1 extremeseek.net
127.0.0.1 f*ckdenniss.com
127.0.0.1 f*cknicepics.com
127.0.0.1 faithstevens.com
127.0.0.1 fantasiewelten.com
127.0.0.1 farmsteadbandb.com
127.0.0.1 fartpost.com
127.0.0.1 fastwebfinder.com
127.0.0.1 faxporn.com
127.0.0.1 fickenisgeil.de
127.0.0.1 finance-loans.com
127.0.0.1 find-itnow.com
127.0.0.1 find-uk-health.co.uk
127.0.0.1 find4u.net
127.0.0.1 findit-now.com
127.0.0.1 findthesite.com
127.0.0.1 findthewebsiteyouneed.com
127.0.0.1 www.findthewebsiteyouneed.com
127.0.0.1 fionasteel.com
127.0.0.1 firstbookmark.net
127.0.0.1 fitness-free.com
127.0.0.1 foodvacations.net
127.0.0.1 forex.jps.ru
127.0.0.1 forexcredit.com
127.0.0.1 forexcredit.ru
127.0.0.1 formingfusions.com
127.0.0.1 forsythfire.net
127.0.0.1 forthline.com
127.0.0.1 free-chipes.com
127.0.0.1 free-f*cking-video.com
127.0.0.1 free-hit.com
127.0.0.1 free-pics-and-movies.com
127.0.0.1 free-sex-movie-clips.net
127.0.0.1 free4porno.net
127.0.0.1 free64all.com
127.0.0.1 freebookmark.net
127.0.0.1 freebookmarks.net
127.0.0.1 freecategories.com
127.0.0.1 freecoolhost.com
127.0.0.1 freerbhost.com
127.0.0.1 freeshemalepics.net
127.0.0.1 freeyaho.com
127.0.0.1 freshseek.com
127.0.0.1 freshteensite.com
127.0.0.1 gabrielscott.com
127.0.0.1 galpostgirls.com
127.0.0.1 gals-for-free.com
127.0.0.1 gambling-online4you.com
127.0.0.1 gameterror.net
127.0.0.1 generalsmeltingofcanada.com
127.0.0.1 geteens.com
127.0.0.1 getpicshere.com
127.0.0.1 gimmezamore.com
127.0.0.1 gimnasiaer.com
127.0.0.1 glbdf.org
127.0.0.1 global-finder.com
127.0.0.1 globe-finder.cc
127.0.0.1 globe-finder.com
127.0.0.1 gocybersearch.com
127.0.0.1 golftennis.net
127.0.0.1 good-mortgages-calculator.com
127.0.0.1 good-mortgages.net
127.0.0.1 goodsexs.com
127.0.0.1 googlebar.jps.ru
127.0.0.1 googlf.com
127.0.0.1 gradforum.org
127.0.0.1 gratis-porn-movie.com
127.0.0.1 gratis-pornopics.com
127.0.0.1 guzzycats.com
127.0.0.1 gzphoenix.com
127.0.0.1 hallnetaccolade.com
127.0.0.1 hand-book.com
127.0.0.1 happyanal.com
127.0.0.1 hard-gals.com
127.0.0.1 hardbodytgp.com
127.0.0.1 hardcoreover.com
127.0.0.1 hardloved.com
127.0.0.1 hardwareseek.net
127.0.0.1 harukaigawa.com
127.0.0.1 hccsolanonapa.org
127.0.0.1 health-protein.com
127.0.0.1 hentai4u.net
127.0.0.1 here4search.com
127.0.0.1 heyrichy.com
127.0.0.1 hi-search.com
127.0.0.1 hiddenguides.com
127.0.0.1 hitlistlyrics.com
127.0.0.1 holidayautostr.com
127.0.0.1 homemortage.ws
127.0.0.1 hostssp.com
127.0.0.1 hot-cartoon-sex.anime.american-teens.net
127.0.0.1 hotbookmark.com
127.0.0.1 hotels-list.net
127.0.0.1 hotelxxxcams.com
127.0.0.1 hotpopup.com
127.0.0.1 hotsearchbox.com
127.0.0.1 hotsex-series.com
127.0.0.1 hotstartpage.com
127.0.0.1 hqsex.biz
127.0.0.1 hugeporn4u.net
127.0.0.1 hunacsa.com
127.0.0.1 hupacasath.com
127.0.0.1 hzsx.com
127.0.0.1 icansearch.net
127.0.0.1 idgsearch.com
127.0.0.1 ie-search.com
127.0.0.1 incestporngate.com
127.0.0.1 infodigger.net
127.0.0.1 infoglobus.com
127.0.0.1 inherhole.com
127.0.0.1 insertthiscock.com
127.0.0.1 insurance-flood.net
127.0.0.1 insuranceall.net
127.0.0.1 internetsearch.ru
127.0.0.1 ionichost.com
127.0.0.1 ionomist.com
127.0.0.1 ipsex.net
127.0.0.1 itsanal.com
127.0.0.1 itseasy.us
127.0.0.1 iweb-commerce.com
127.0.0.1 iwebland.com
127.0.0.1 jeannineoldfield.com
127.0.0.1 jethomepage.com
127.0.0.1 jetseeker.com
127.0.0.1 jmhgallery.org
127.0.0.1 joannelatham.com
127.0.0.1 judin.ru
127.0.0.1 junkysex.com
127.0.0.1 karleyt.narod.ru
127.0.0.1 kathisomers.com
127.0.0.1 kazaa-lite.ws
127.0.0.1 keithgreenpro.com
127.0.0.1 kenmccaul.com
127.0.0.1 kilosex.com
127.0.0.1 kimhines.com
127.0.0.1 kinoru.com
127.0.0.1 ksdspups.org
127.0.0.1 landrape.com
127.0.0.1 lauraroebuck.com
127.0.0.1 leannalovelace.com
127.0.0.1 lesobank.ru
127.0.0.1 libertyonlinehosting.com
127.0.0.1 lingerie-mania.com
127.0.0.1 lisamatthew.com
127.0.0.1 liveholio.com
127.0.0.1 livenewspaper.com
127.0.0.1 louiseleeds.com
127.0.0.1 love-pix.com
127.0.0.1 lovelas.com
127.0.0.1 lovelysearch.com
127.0.0.1 low-taxes.com
127.0.0.1 luckysearch.net
127.0.0.1 lunitaweb.net
127.0.0.1 lustful-porno.com
127.0.0.1 mackinnonsbrook.org
127.0.0.1 madfinder.com
127.0.0.1 madisonmoons.com
127.0.0.1 madisonoilco.com
127.0.0.1 madonalive.com
127.0.0.1 majuozawa.com
127.0.0.1 makin-do.com
127.0.0.1 male4free.com
127.0.0.1 map-quest.org
127.0.0.1 marilynchamber.com
127.0.0.1 martfinder.com
127.0.0.1 massearch.com
127.0.0.1 matetrava.com
127.0.0.1 mature50.com
127.0.0.1 matureporngate.com
127.0.0.1 maxdzines.com
127.0.0.1 mcgeeforlabor.com
127.0.0.1 mdstunisie.org
127.0.0.1 medicare-insurance.net
127.0.0.1 medicare-supplemental.com
127.0.0.1 mega-dating-tips.com
127.0.0.1 megumikanzaki.com
127.0.0.1 meshalynn.com
127.0.0.1 meta-adult.com
127.0.0.1 meta-casino.com
127.0.0.1 meta-mobile.com
127.0.0.1 meta-porn.com
127.0.0.1 metafora.ru
127.0.0.1 metapoisk.ru
127.0.0.1 michiyonakajima.com
127.0.0.1 miconsultamedica.com
127.0.0.1 mikasakamoto.com
127.0.0.1 mikoni.com
127.0.0.1 militarygods.porn4porn.net
127.0.0.1 millennialpeople.org
127.0.0.1 mipham.org
127.0.0.1 missingcommand.com
127.0.0.1 mommykiss.com
127.0.0.1 moneyhunters.com
127.0.0.1 montgomeryhospitalanesthesia.com
127.0.0.1 morflot.com
127.0.0.1 mortgage-debt.net
127.0.0.1 mortismaximus.com
127.0.0.1 moscowwhores.com
127.0.0.1 moviecategories.com
127.0.0.1 mp3-pix.com
127.0.0.1 mrtg.jps.ru
127.0.0.1 msn-info.net
127.0.0.1 multipussy.com
127.0.0.1 mundopolar.com
127.0.0.1 mustv.com
127.0.0.1 mywebsearch.net
127.0.0.1 nativehardcore.com
127.0.0.1 naturalspy.com
127.0.0.1 nbasportsbook.net
127.0.0.1 needf*cknow.com
127.0.0.1 nellyslyrics.com
127.0.0.1 nepgyan.com
127.0.0.1 nesrecords.com
127.0.0.1 netshastra.net
127.0.0.1 nettime.ru
127.0.0.1 nettracker.jps.ru
127.0.0.1 netyellowpages.info
127.0.0.1 new-incest.com
127.0.0.1 newcategories.com
127.0.0.1 newcracks.com
127.0.0.1 newcracks.net
127.0.0.1 newlife-lajolla.com
127.0.0.1 newsexgate.com
127.0.0.1 newtonsracks.com
127.0.0.1 newxpics.com
127.0.0.1 nhlsportsbook.net
127.0.0.1 niagaracapital.com
127.0.0.1 niche-tv.com
127.0.0.1 nmrba.com
127.0.0.1 nocalories.net
127.0.0.1 nocensor.com
127.0.0.1 ormandcompany.com
127.0.0.1 nsbabes.com
127.0.0.1 nuclearwitness.org
127.0.0.1 nursemania.com
127.0.0.1 nvntour.com
127.0.0.1 nvphall.org
127.0.0.1 oborot.com
127.0.0.1 ocalalivestockmarket.com
127.0.0.1 ocsff.com
127.0.0.1 oeatlanta.com
127.0.0.1 oharrowsearch.com
127.0.0.1 ok-search.com
127.0.0.1 okulta.com
127.0.0.1 omegabrains.net
127.0.0.1 online-casino-1.net
127.0.0.1 online-casino-bonus.info
127.0.0.1 online-casinos-x.com
127.0.0.1 online-winning.net
127.0.0.1 onlineserverz.com
127.0.0.1 onlinetradings.net
127.0.0.1 onlycunt.com
127.0.0.1 onlyinsured.com
127.0.0.1 operanabuco.com
127.0.0.1 opsex.com
127.0.0.1 oregoncharters.org
127.0.0.1 otrlives.com
127.0.0.1 ozawamadoka.com
127.0.0.1 paigesummer.com
127.0.0.1 pamelacollections.com
127.0.0.1 panamcup.com
127.0.0.1 pantygirls4u.com
127.0.0.1 pantyhoserealm.com
127.0.0.1 pantyplace.com
127.0.0.1 pastubes.com
127.0.0.1 paulapage.com
127.0.0.1 paulhoover.com
127.0.0.1 payfortraffic.net
127.0.0.1 pedo.ws
127.0.0.1 people.1gb.ru
127.0.0.1 pervertbot.com
127.0.0.1 pharma-diet-pills.com
127.0.0.1 pharmacy2003.com
127.0.0.1 pharmalocator.com
127.0.0.1 phendimetrazine-tenuate-adipex.com
127.0.0.1 pics-videos.com
127.0.0.1 picsdir.com
127.0.0.1 picsforbucks.com
127.0.0.1 picsofseductiveladies.com
127.0.0.1 pills-birth-control.com
127.0.0.1 pillsmall.com
127.0.0.1 pilotronix.com
127.0.0.1 pixpox.com
127.0.0.1 planemusic.com
127.0.0.1 poiska.net
127.0.0.1 poker-casino-free.com
127.0.0.1 poker-games-free.net
127.0.0.1 polradiologia.com
127.0.0.1 pooi.net
127.0.0.1 porn-teacher.com
127.0.0.1 porncamz.com
127.0.0.1 pornfree.info
127.0.0.1 pornnightdreams.com
127.0.0.1 pornokopec.com
127.0.0.1 porntetris.com
127.0.0.1 porntwist.com
127.0.0.1 powerwebsearch.com
127.0.0.1 prblitz.com
127.0.0.1 pretypics.com
127.0.0.1 pribalt.com
127.0.0.1 privacy-support.biz
127.0.0.1 privateporn.net
127.0.0.1 prostactive.com
127.0.0.1 prostol.com
127.0.0.1 protect-yourself.biz
127.0.0.1 prsainlandempire.org
127.0.0.1 put-your-link-here.com
127.0.0.1 pyrocorp.com
127.0.0.1 quick-search.ws
127.0.0.1 quiksearchgenealogy.com
127.0.0.1 radfrall.org
127.0.0.1 ramgo.com
127.0.0.1 ranafrog.ne
127.0.0.1 rapegate.com
127.0.0.1 redbudbmx.com
127.0.0.1 refinance-help.com
127.0.0.1 removeearthkeepers.org
127.0.0.1 rightfinder.net
127.0.0.1 robbsproshop.com
127.0.0.1 robertferencz.com
127.0.0.1 rotocasters.com
127.0.0.1 royalsearch.net
127.0.0.1 runsearch.com
127.0.0.1 russiansponsor.com
127.0.0.1 russogay.com
127.0.0.1 s2.exocrew.com
127.0.0.1 sacitylife.com
127.0.0.1 samplegals.com
127.0.0.1 satisf*cktion.net
127.0.0.1 sbssurvivor.com
127.0.0.1 scarypix.com
127.0.0.1 sccdnet.com
127.0.0.1 schoolforest.com
127.0.0.1 search-1.net
127.0.0.1 search-2003.com
127.0.0.1 search-about.net
127.0.0.1 search-hawk.com
127.0.0.1 search-log.com
127.0.0.1 search-meta.com
127.0.0.1 search-safe.com
127.0.0.1 search.psn.cn
127.0.0.1 searchadultweb.com
127.0.0.1 searchbutler.com
127.0.0.1 searchbuttler.com
127.0.0.1 searchbutler.org
127.0.0.1 searchcomplete.com
127.0.0.1 searchdesire.com
127.0.0.1 searchdot.net
127.0.0.1 searchexpander.com
127.0.0.1 searchfastnet.com
127.0.0.1 searchforge.com
127.0.0.1 searching-the-net.com
127.0.0.1 searchmeta.md
127.0.0.1 searchmeta.net
127.0.0.1 searchmeta.ru
127.0.0.1 searchmeta.webhost.ru
127.0.0.1 searchnow.ws
127.0.0.1 searchonfly.com
127.0.0.1 searchv.com
127.0.0.1 searchxl.com
127.0.0.1 searchxp.com
127.0.0.1 sebot.com
127.0.0.1 securenp.org
127.0.0.1 security-warning.biz
127.0.0.1 seehardcore.com
127.0.0.1 seekwell.net
127.0.0.1 selfbookmark.com
127.0.0.1 selfbookmark.info
127.0.0.1 selfbookmark.net
127.0.0.1 sex.free4porno.net
127.0.0.1 sex-coach.com
127.0.0.1 sex-festival.com
127.0.0.1 sex-video-galleries.com
127.0.0.1 sexgalleries4all.com
127.0.0.1 sexmoviesnet.com
127.0.0.1 sexpatriot.net
127.0.0.1 sexy18.cc
127.0.0.1 sexycat.adult-host.org
127.0.0.1 sfbayfolkboats.com
127.0.0.1 sgirls.net
127.0.0.1 sharempeg.com
127.0.0.1 shopcards.net
127.0.0.1 shopknights.com
127.0.0.1 sic02.com
127.0.0.1 sintrader.com
127.0.0.1 site1.ru
127.0.0.1 sites-in-web.com
127.0.0.1 sitevictoria.com
127.0.0.1 sixroads.com
127.0.0.1 skakalka.ru
127.0.0.1 slawsearch.com
127.0.0.1 slotch.com
127.0.0.1 slotchbar.com
127.0.0.1 smartsumo.com
127.0.0.1 smutarchive.net
127.0.0.1 solongas.com
127.0.0.1 sonomaevents.com
127.0.0.1 spermatrix.com
127.0.0.1 sportbooks-free4you.com
127.0.0.1 spros.com
127.0.0.1 spyass.com
127.0.0.1 spyorgy.net
127.0.0.1 staceyowens.com
127.0.0.1 stacistaxx.com
127.0.0.1 stacystaxx.com
127.0.0.1 start-space.com
127.0.0.1 steamycock.com
127.0.0.1 sterva.com
127.0.0.1 stevecashdollar.com
127.0.0.1 stop-tracking.biz
127.0.0.1 stopvotefraud.com
127.0.0.1 stopxxxpics.com
127.0.0.1 strekoza.com
127.0.0.1 stuffstore.com
127.0.0.1 styleclickink.com
127.0.0.1 summercollins.com
127.0.0.1 summitcross.com
127.0.0.1 super-spider.com
127.0.0.1 super-websearch.com
127.0.0.1 supersexmachine.com
127.0.0.1 superwebsearch.com
127.0.0.1 supret.com
127.0.0.1 suzannebrecht.com
127.0.0.1 sweeteenz.com
127.0.0.1 tacil.org
127.0.0.1 tangounion.com
127.0.0.1 tastethemusic.com
127.0.0.1 tax-refund4you.com
127.0.0.1 tech-jobs.ws
127.0.0.1 technology-related.com
127.0.0.1 teen-biz.com
127.0.0.1 teen-pic-post.com
127.0.0.1 teenpornosex.com
127.0.0.1 teens4free.net
127.0.0.1 teensact.com
127.0.0.1 teensgate.com
127.0.0.1 teensguru.com
127.0.0.1 teenswamp.com
127.0.0.1 testosterone-birth-control.com
127.0.0.1 the-exit.com
127.0.0.1 the-huns-yellow-pages.com
127.0.0.1 thefakejournal.com
127.0.0.1 thehuy.net
127.0.0.1 theproxy.org
127.0.0.1 therealsearch.com
127.0.0.1 thesten.com
127.0.0.1 thornleygroup.com
127.0.0.1 tings.org
127.0.0.1 tit-x.com
127.0.0.1 titanvision.com
127.0.0.1 titsianna.com
127.0.0.1 toddhayes.com
127.0.0.1 toon-comics.com
127.0.0.1 tooncomics.com
127.0.0.1 topsearcher.com
127.0.0.1 trafficback.com
127.0.0.1 trafficswitcher.com
127.0.0.1 travel.picture-posters.com
127.0.0.1 true-portal.com
127.0.0.1 trytechnical.com
127.0.0.1 ufindall.click-now.net
127.0.0.1 umaxsearch.com
127.0.0.1 une-autre-france.com
127.0.0.1 unigays.com
127.0.0.1 unipages.cc
127.0.0.1 up2you.ru
127.0.0.1 urlstat.com
127.0.0.1 urlstat.ru
127.0.0.1 uralitel.ru
127.0.0.1 ursie.net
127.0.0.1 utahsweet.com
127.0.0.1 utopicportal.com
127.0.0.1 uusocialjustice.org
127.0.0.1 v61.com
127.0.0.1 vaginpics.com
127.0.0.1 valmyers.com
127.0.0.1 vegas-free.com
127.0.0.1 vegbuy.com
127.0.0.1 veloventures.com
127.0.0.1 verzila.com
127.0.0.1 victoriaadam.com
127.0.0.1 videocategories.com
127.0.0.1 vitamins-for-each.com
127.0.0.1 votehowe.org
127.0.0.1 vxebony.com
127.0.0.1 wakeupdick.com
127.0.0.1 warnomore.org
127.0.0.1 watersport-specialties.com
127.0.0.1 web-homepage.net
127.0.0.1 web-search.tk
127.0.0.1 webcoolsearch.com
127.0.0.1 websearchdot.com
127.0.0.1 weekend-movies.com
127.0.0.1 wetpornostars.com
127.0.0.1 whatsyoursearch.com
127.0.0.1 white-pages.ws
127.0.0.1 whittierblvd.com
127.0.0.1 win-in-casino.com
127.0.0.1 wiresearch.com
127.0.0.1 wolfpacracing.com
127.0.0.1 wordlist.jps.ru
127.0.0.1 wpc2001.org
127.0.0.1 wspzone.sexpornonline.com
127.0.0.1 wwwbet.net
127.0.0.1 wwwbetting.net
127.0.0.1 wwwpokergames.com
127.0.0.1 wwwpokerplayers.com
127.0.0.1 wwwroulette.net
127.0.0.1 x-library.com
127.0.0.1 x-webdesign.com
127.0.0.1 xcomics4u.com
127.0.0.1 xic-bs.com
127.0.0.1 xldr.com
127.0.0.1 xp18.com
127.0.0.1 xrenosearch.com
127.0.0.1 xtragay.com
127.0.0.1 xu.xu.pl
127.0.0.1 xxxcategories.com
127.0.0.1 xxxemailxxx.com
127.0.0.1 y-e-l-l-o-w.com
127.0.0.1 yellow500.com
127.0.0.1 yezol.com
127.0.0.1 you-search.com
127.0.0.1 you-search.com.ru
127.0.0.1 youfindall.com
127.0.0.1 youfindall.net
127.0.0.1 your-prescriptions.net
127.0.0.1 yourbookmarks.info
127.0.0.1 yourbookmarks.ws
127.0.0.1 ypir.com
127.0.0.1 ysa-info.net
127.0.0.1 yukohamano.com
127.0.0.1 ywebsearch.info
127.0.0.1 zapros.com
127.0.0.1 zesearch.com
127.0.0.1 ziportal.com
127.0.0.1 zipportal.com
127.0.0.1 zoneoffreeporn.com
127.0.0.1 zoomegasite.com
127.0.0.1 zvimigdal.com
127.0.0.1 zyban-zocor-levitra.com
127.0.0.1 t.rack.cc
127.0.0.1 omega-search.com
127.0.0.1 cool-xxx.net
127.0.0.1 revolto3.da.ru
127.0.0.1 dating-search.net
127.0.0.1 linksummary.com
127.0.0.1 duolaimi.net
127.0.0.1 ez-searching.com
127.0.0.1 freehqmovies.com
127.0.0.1 xzoomy.com
127.0.0.1 freescratchandwin.com
127.0.0.1 globalwebsearch.com
127.0.0.1 www.gocybersearch.com
127.0.0.1 mayancasino.com
127.0.0.1 www.hastalavista.com
127.0.0.1 www.free-popup-killer.com
127.0.0.1 www.digitalfan.com
127.0.0.1 google123.web1000.com
127.0.0.1 search.ieplugin.com
127.0.0.1 i-lookup.com
127.0.0.1 spidersearch.com
127.0.0.1 istarthere.com
127.0.0.1 xxxtoolbar.com
127.0.0.1 www.seekporn.org
127.0.0.1 17-plus.com
127.0.0.1 lolita4all1.xrensmagpost.com
127.0.0.1 mafiapics.com
127.0.0.1 www.teenmonster.com
127.0.0.1 ie.marketdart.com
127.0.0.1 masterbar.com
127.0.0.1 search.netzany.co
127.0.0.1 only-virgins.com
127.0.0.1 passthison.com
127.0.0.1 blondetgp.com
127.0.0.1 prolivation.com
127.0.0.1 server-au.imrworldwide.com
127.0.0.1 rocketsearch.com
127.0.0.1 .roar.com
127.0.0.1 searchaccurate.com
127.0.0.1 searchalot.com
127.0.0.1 searchandbrowse.com
127.0.0.1 gtawarehouse.com
127.0.0.1 startium.com
127.0.0.1 searchandclick.com
127.0.0.1 searchby.net
127.0.0.1 searchdot.com
127.0.0.1 search-exe.com
127.0.0.1 secret-crush.com
127.0.0.1 seekseek.com
127.0.0.1 sexarena.com
127.0.0.1 sexocean.play-lolita.com
127.0.0.1 startsurfing.com
127.0.0.1 66.197.138.235
127.0.0.1 srng.net
127.0.0.1 apps.webservicehost.com
127.0.0.1 search.shopnav.com
127.0.0.1 wish7.com
127.0.0.1 216.65.3.68
127.0.0.1 www.supersexpass.com
127.0.0.1 surferbar.com
127.0.0.1 xlola.underagehost.com
127.0.0.1 hotlolitas.underagehost.com
127.0.0.1 loading-lolita.com
127.0.0.1 www.xupiter.com
127.0.0.1 xjupiter.com
127.0.0.1 www.xjupiter.com
127.0.0.1 www.browserwise.com
127.0.0.1 sqwire.com
127.0.0.1 orbitexplorer.com
127.0.0.1 searchcentrix.com
127.0.0.1 categories.mygeek.com
127.0.0.1 web-entrance.co
127.0.0.1 whazit.com
127.0.0.1 windowenhancer.com
127.0.0.1 buz.ru
127.0.0.1 iwon.com
127.0.0.1 www.bonzi.com
127.0.0.1 featured-results.com
127.0.0.1 searchmadesafe.net
127.0.0.1 quicklaunch.com
127.0.0.1 www.cashsurfers.com
127.0.0.1 .lop.com
127.0.0.1 .tjdo.com
127.0.0.1 /tjdo.com
127.0.0.1 .ebav.com
127.0.0.1 /ebav.com
127.0.0.1 .ebgo.com
127.0.0.1 /ebgo.com
127.0.0.1 .ebaw.com
127.0.0.1 /ebaw.com
127.0.0.1 .ebkb.com
127.0.0.1 /ebkb.com
127.0.0.1 .ebmu.com
127.0.0.1 /ebmu.com
127.0.0.1 .ecmp.com
127.0.0.1 /ecmp.com
127.0.0.1 .edhq.com
127.0.0.1 /edhq.com
127.0.0.1 .edty.com
127.0.0.1 /edty.com
127.0.0.1 .sbee.com
127.0.0.1 /sbee.com
127.0.0.1 .aavc.com
127.0.0.1 /aavc.com
127.0.0.1 .acjp.com
127.0.0.1 /acjp.com
127.0.0.1 .ecmh.com
127.0.0.1 /ecmh.com
127.0.0.1 .emch.com
127.0.0.1 /emch.com
127.0.0.1 .ecpm.com
127.0.0.1 /ecpm.com
127.0.0.1 .wabu.com
127.0.0.1 /wabu.com
127.0.0.1 .wabq.com
127.0.0.1 /wabq.com
127.0.0.1 .ebch.com
127.0.0.1 /ebch.com
127.0.0.1 .ebdv.com
127.0.0.1 /ebdv.com
127.0.0.1 .ebdw.com
127.0.0.1 /ebdw.com
127.0.0.1 .ebjp.com
127.0.0.1 /ebjp.com
127.0.0.1 .ebkn.com
127.0.0.1 /ebkn.com
127.0.0.1 .ebky.com
127.0.0.1 /ebky.com
127.0.0.1 .eblv.com
127.0.0.1 /eblv.com
127.0.0.1 .wbkb.com
127.0.0.1 /wbkb.com
127.0.0.1 .ebvr.com
127.0.0.1 /ebvr.com
127.0.0.1 .ecwz.com
127.0.0.1 /ecwz.com
127.0.0.1 .ecyb.com
127.0.0.1 /ecyb.com
127.0.0.1 .eduy.com
127.0.0.1 /eduy.com
127.0.0.1 .eeev.com
127.0.0.1 /eeev.com
127.0.0.1 .farse.com
127.0.0.1 /farse.com
127.0.0.1 .ibmx.com
127.0.0.1 /ibmx.com
127.0.0.1 .icwb.com
127.0.0.1 /icwb.com
127.0.0.1 .icwo.com
127.0.0.1 /icwo.com
127.0.0.1 .icwp.com
127.0.0.1 /icwp.com
127.0.0.1 .iddh.com
127.0.0.1 /iddh.com
127.0.0.1 .idhh.com
127.0.0.1 /idhh.com
127.0.0.1 .ifiz.com
127.0.0.1 /ifiz.com
127.0.0.1 .iguu.com
127.0.0.1 /iguu.com
127.0.0.1 .samz.com
127.0.0.1 /samz.com
127.0.0.1 .saoe.com
127.0.0.1 /saoe.com
127.0.0.1 .sbjr.com
127.0.0.1 /sbjr.com
127.0.0.1 .sbnl.com
127.0.0.1 /sbnl.com
127.0.0.1 .sbnt.com
127.0.0.1 /sbnt.com
127.0.0.1 .sbvr.com
127.0.0.1 /sbvr.com
127.0.0.1 .scbm.com
127.0.0.1 /scbm.com
127.0.0.1 .sckr.com
127.0.0.1 /sckr.com
127.0.0.1 .scrk.com
127.0.0.1 /scrk.com
127.0.0.1 .sdry.com
127.0.0.1 /sdry.com
127.0.0.1 .seld.com
127.0.0.1 /seld.com
127.0.0.1 .sfux.com
127.0.0.1 /sfux.com
127.0.0.1 .sheat.com
127.0.0.1 /sheat.com
127.0.0.1 .sipo.com
127.0.0.1 /sipo.com
127.0.0.1 .smds.com
127.0.0.1 /smds.com
127.0.0.1 .srib.com
127.0.0.1 /srib.com
127.0.0.1 .srox.com
127.0.0.1 /srox.com
127.0.0.1 .srsf.com
127.0.0.1 /srsf.com
127.0.0.1 .ssaw.com
127.0.0.1 /ssaw.com
127.0.0.1 .ssby.com
127.0.0.1 /ssby.com
127.0.0.1 .surj.com
127.0.0.1 /surj.com
127.0.0.1 .tbvg.com
127.0.0.1 /tbvg.com
127.0.0.1 .tdak.com
127.0.0.1 /tdak.com
127.0.0.1 .tdmy.com
127.0.0.1 /tdmy.com
127.0.0.1 .tefs.com
127.0.0.1 /tefs.com
127.0.0.1 .tfil.com
127.0.0.1 /tfil.com
127.0.0.1 .tjar.com
127.0.0.1 /tjar.com
127.0.0.1 .tjaw.com
127.0.0.1 /tjaw.com
127.0.0.1 .tjgo.com
127.0.0.1 /tjgo.com
127.0.0.1 .tjem.com
127.0.0.1 /tjem.com
127.0.0.1 .torc.com
127.0.0.1 /torc.com
127.0.0.1 .wfix.com
127.0.0.1 /wfix.com
127.0.0.1 .wflu.com
127.0.0.1 /wflu.com
127.0.0.1 .tdko.com
127.0.0.1 /tdko.com
127.0.0.1 .thko.com
127.0.0.1 /thko.com
127.0.0.1 H24413.tfil.com
127.0.0.1 germany.rub.to
127.0.0.1 search.rub.to
127.0.0.1 unitedstates.rub.to
127.0.0.1 www.commonname.com
127.0.0.1 www.ezcybersearch.com
127.0.0.1 www.jethomepage.com
127.0.0.1 www.gohip.com
127.0.0.1 hotbar.com
127.0.0.1 www.huntbar.com
127.0.0.1 search.imiserver.com
127.0.0.1 infospace.com/blsrch.dp.toolbar
127.0.0.1 searchenhancement.com
127.0.0.1 newtonknows.com
127.0.0.1 search-explorer.net
127.0.0.1 searchsquire.com
127.0.0.1 secondpower.com
127.0.0.1 2ndpower.com
127.0.0.1 searchgateway.net
127.0.0.1 worldusa.com
127.0.0.1 www.topsearcher.com
127.0.0.1 smutserver.com
127.0.0.1 searchmeup.com
127.0.0.1 cameup.com
127.0.0.1 kliksearch.com
127.0.0.1 realphx.com
127.0.0.1 blazefind.com
127.0.0.1 66.40.16.198
127.0.0.1 zoofil.com
127.0.0.1 terafinder.com
127.0.0.1 008i.com
127.0.0.1 171203.com
127.0.0.1 39-93.com
127.0.0.1 adult-personal.us
127.0.0.1 cashsearch.biz
127.0.0.1 cl55.biz
127.0.0.1 dailyteenspic.com
127.0.0.1 dialer2004.com
127.0.0.1 digital-pornography.com
127.0.0.1 eager-sex.com
127.0.0.1 ergosites.com
127.0.0.1 freecj.com
127.0.0.1 greg-search.com
127.0.0.1 incest-host.com
127.0.0.1 ironcarteam.com
127.0.0.1 is-best.com
127.0.0.1 killerpornstars.com
127.0.0.1 lollitop.com
127.0.0.1 love-host.com
127.0.0.1 myexexex.com
127.0.0.1 my-finder.com
127.0.0.1 onlineclick.net
127.0.0.1 onlysex.ws
127.0.0.1 regfreeze.com
127.0.0.1 ruworld.com
127.0.0.1 selltraffic.biz
127.0.0.1 sexunique.net
127.0.0.1 sinpussy.com
127.0.0.1 teenhost.net
127.0.0.1 ultraload.net
127.0.0.1 vse-moe.biz
127.0.0.1 xsex.ws
127.0.0.1 .75tz.com
127.0.0.1 /75tz.com
127.0.0.1 .iefeadsl.com
127.0.0.1 /iefeadsl.com
127.0.0.1 /rf104.com
127.0.0.1 .rf104.com
127.0.0.1 www.v61.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 c.centralmedia.ws
127.0.0.1 .count.cc
127.0.0.1 /count.cc
127.0.0.1 .topx.cc
127.0.0.1 /topx.cc
127.0.0.1 sidefind.com
127.0.0.1 thenewsearch.com
127.0.0.1 new-search.net
127.0.0.1 x-google.net
127.0.0.1 adultgambling.org
127.0.0.1 bitchesonline.net
127.0.0.1 girls4rent.net
127.0.0.1 usefullsoft.net
127.0.0.1 livegambling.com
127.0.0.1 adultsgames.net
127.0.0.1 easyantispy.com
127.0.0.1 spybotremover.net
127.0.0.1 winprotect.net
127.0.0.1 funny-girls.com
127.0.0.1 winmsn.com
127.0.0.1 oneclicksearches.com
127.0.0.1 bestweblinks.com
127.0.0.1 iqsearch.net
127.0.0.1 dumpserv.com
127.0.0.1 helpyoursearch.com
127.0.0.1 sgrunt.biz
127.0.0.1 yeak.net
127.0.0.1 u45.cx
127.0.0.1 u46.cx
127.0.0.1 u47.cc
127.0.0.1 u48.cc
127.0.0.1 sfonditalia.biz
127.0.0.1 realarea.biz
127.0.0.1 archiviosex.net
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 hut1.ru
127.0.0.1 hu15.ru
127.0.0.1 winfixer.com
127.0.0.1 3721.com
127.0.0.1 easysearchingtips.com
127.0.0.1 fine-search.net
127.0.0.1 noproblemsurf.com
127.0.0.1 pcspyremover.com
127.0.0.1 search-motor.com
127.0.0.1 searchwhatuwant.com
127.0.0.1 ad25.com
127.0.0.1 ad45.com
127.0.0.1 ad77.com
127.0.0.1 ad86.com
127.0.0.1 full-search.net
127.0.0.1 go2-search.com
127.0.0.1 onemoresearch.net
127.0.0.1 search-777.com
127.0.0.1 search-to-find.com
127.0.0.1 search-what.net
127.0.0.1 winshow.biz
127.0.0.1 lookfor.cc
127.0.0.1 looking-for.cc
127.0.0.1 tgp-4-you.com
127.0.0.1 veryeasysearch.com
127.0.0.1 010402.com
127.0.0.1 20x2p.com
127.0.0.1 db105.com
127.0.0.1 ga31.com
127.0.0.1 mpeg-look.com
127.0.0.1 n-udd.com
127.0.0.1 p-uud.com
127.0.0.1 porn-screen.com
127.0.0.1 rb37.com
127.0.0.1 t058.com
127.0.0.1 u-239.com
127.0.0.1 v-224.com
127.0.0.1 trackhits.cc
127.0.0.1 tracktraff.cc
127.0.0.1 power-cleaner.com
127.0.0.1 yoursitebar.com
127.0.0.1 ysbweb.com
127.0.0.1 www.ysbweb.com
127.0.0.1 installcash.com
127.0.0.1 toolbarcash.com
127.0.0.1 enjoywebsurf.com
127.0.0.1 msnguard.cc
127.0.0.1 searchclick.cc
127.0.0.1 havy.biz
127.0.0.1 ewizard.cc
127.0.0.1 4klm.com
127.0.0.1 camup.net
127.0.0.1 bdsmlibrary.net
127.0.0.1 n-glx.s-redirect.com
127.0.0.1 aaasexypics.com
127.0.0.1 allforadult.com
127.0.0.1 autoescrowpay.com
127.0.0.1 awmcash.biz
127.0.0.1 awmdabest.com
127.0.0.1 buldog-stats.com
127.0.0.1 counter.sexmaniack.com
127.0.0.1 fregat.drocherway.com
127.0.0.1 greg-tut.com
127.0.0.1 iframe.biz
127.0.0.1 megapornix.com
127.0.0.1 newiframe.biz
127.0.0.1 nylonsexy.com
127.0.0.1 pizdato.biz
127.0.0.1 sexfiles.nu
127.0.0.1 slutmania.biz
127.0.0.1 sp2fucked.biz
127.0.0.1 toolbarpartner.com
127.0.0.1 vesbiz.biz
127.0.0.1 virgin-tgp.net
127.0.0.1 vparivalka.com
127.0.0.1 x.full-tgp.net
127.0.0.1 toolbar.cc
127.0.0.1 himen.biz
127.0.0.1 msupdater.net
127.0.0.1 www.msupdater.net
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 971searchbox.com
127.0.0.1 www.971searchbox.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 clickhere4search.com
127.0.0.1 www.clickhere4search.com
127.0.0.1 clicktomakeasearch.com
127.0.0.1 www.clicktomakeasearch.com
127.0.0.1 directsearchzone.com
127.0.0.1 www.directsearchzone.com
127.0.0.1 easysearch4you.com
127.0.0.1 www.easysearch4you.com
127.0.0.1 enterthesearch.com
127.0.0.1 www.enterthesearch.com
127.0.0.1 esearch2005.com
127.0.0.1 www.esearch2005.com
127.0.0.1 eza1netsearch.com
127.0.0.1 www.eza1netsearch.com
127.0.0.1 ezwebsearching.com
127.0.0.1 www.ezwebsearching.com
127.0.0.1 globalefinder.com
127.0.0.1 www.globalefinder.com
127.0.0.1 go2realsearch.com
127.0.0.1 www.go2realsearch.com
127.0.0.1 myseachexplorer.com
127.0.0.1 www.myseachexplorer.com
127.0.0.1 quicksearch360.com
127.0.0.1 www.quicksearch360.com
127.0.0.1 s1s1s1search.com
127.0.0.1 www.s1s1s1search.com
127.0.0.1 search101online.com
127.0.0.1 www.search101online.com
127.0.0.1 search123forme.com
127.0.0.1 www.search123forme.com
127.0.0.1 search345quest.com
127.0.0.1 www.search345quest.com
127.0.0.1 searchmiracle.com
127.0.0.1 www.searchmiracle.com
127.0.0.1 searchtheworld4you.com
127.0.0.1 www.searchtheworld4you.com
127.0.0.1 searchwebzone.com
127.0.0.1 www.searchwebzone.com
127.0.0.1 seektheglobe.com
127.0.0.1 www.seektheglobe.com
127.0.0.1 sitesearchcentral.com
127.0.0.1 www.sitesearchcentral.com
127.0.0.1 the818search-co.com
127.0.0.1 www.the818search-co.com
127.0.0.1 type2find.com
127.0.0.1 www.type2find.com
127.0.0.1 xosearchox.com
127.0.0.1 www.xosearchox.com
127.0.0.1 yoursearchspace.com
127.0.0.1 www.yoursearchspace.com
127.0.0.1 httpwwwads.com
127.0.0.1 www.httpwwwads.com
127.0.0.1 adshttp.com
127.0.0.1 www.adshttp.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adsonwww.com
127.0.0.1 216.152.240.14
127.0.0.1 216.152.240.13
127.0.0.1 216.152.240.10
127.0.0.1 216.152.240.16
127.0.0.1 dnaads.com
127.0.0.1 www.dnaads.com
127.0.0.1 marketengines.com
127.0.0.1 www.marketengines.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 a-d-w-a-r-e.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 securityindex.net
127.0.0.1 www.securityindex.net
127.0.0.1 sexpicsporn.com
127.0.0.1 www.sexpicsporn.com
127.0.0.1 free-spybot.com
127.0.0.1 www.free-spybot.com
127.0.0.1 cashengines.com
127.0.0.1 www.cashengines.com
127.0.0.1 microsoftantispyware.net
127.0.0.1 www.microsoftantispyware.net
127.0.0.1 mircosoftantispy.com
127.0.0.1 www.mircosoftantispy.com
127.0.0.1 msantispy.com
127.0.0.1 www.msantispy.com
127.0.0.1 netspyprotector.com
127.0.0.1 www.netspyprotector.com
127.0.0.1 avforce.com
127.0.0.1 www.avforce.com
127.0.0.1 savehits.com
127.0.0.1 www.savehits.com
127.0.0.1 saveli.com
127.0.0.1 www.saveli.com
127.0.0.1 metastop.com
127.0.0.1 www.metastop.com
127.0.0.1 perlink.biz
127.0.0.1 www.perlink.biz
127.0.0.1 highdialer.com
127.0.0.1 www.highdialer.com
127.0.0.1 66.230.175.129
127.0.0.1 online-more.com
127.0.0.1 www.online-more.com
127.0.0.1 66.117.37.7
127.0.0.1 www.syserrors.com
127.0.0.1 www.vcodec.com
127.0.0.1 toolbartraff.biz
127.0.0.1 www.toolbartraff.biz
127.0.0.1 pcadprotector.cc
127.0.0.1 www.pcadprotector.cc
127.0.0.1 airtleworld.com
127.0.0.1 www.airtleworld.com
127.0.0.1 domaincar.com
127.0.0.1 www.domaincar.com
127.0.0.1 worldray.com
127.0.0.1 www.worldray.com
127.0.0.1 www5.worldray.com
127.0.0.1 www6.worldray.com
127.0.0.1 www.spytrooper.com
127.0.0.1 spytrooper.com
127.0.0.1 dl.ad-ware.cc
127.0.0.1 ad-ware.cc
127.0.0.1 82.179.170.11
127.0.0.1 195.255.177.28
127.0.0.1 downloads.adaware.cc
127.0.0.1 adaware.cc
127.0.0.1 hitscount.net
127.0.0.1 count.hitscount.net
127.0.0.1 fined.biz
127.0.0.1 de.ag
127.0.0.1 games.de.ag
127.0.0.1 www.games.de.ag
127.0.0.1 little-download.net
127.0.0.1 www.little-download.net
127.0.0.1 little-help.com
127.0.0.1 www.little-help.com
127.0.0.1 www.spyaxe.net
127.0.0.1 www.spyaxe.com
127.0.0.1 www.spyaxe.biz
127.0.0.1 www.malwarewipe.com
127.0.0.1 dl.malwarewipe.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 24.244.71.239
127.0.0.1 unionseek.com
127.0.0.1 www.unionseek.com
127.0.0.1 sirh0t.blackhats.tc
127.0.0.1 blackhats.tc
127.0.0.1 www.blackhats.tc
127.0.0.1 ritztours.com
127.0.0.1 www.ritztours.com
127.0.0.1 flashflashmx.3322.org
127.0.0.1 3322.org
127.0.0.1 www.3322.org
127.0.0.1 jupitersatellites.biz
127.0.0.1 www.jupitersatellites.biz
127.0.0.1 yops.biz
127.0.0.1 www.yops.biz
127.0.0.1 69.50.171.122
127.0.0.1 goldengr.hypermart.net
127.0.0.1 web-nexus.net
127.0.0.1 safe-sales.biz
127.0.0.1 www.safe-sales.biz
127.0.0.1 jerrynews.com
127.0.0.1 www.jerrynews.com
127.0.0.1 Teslaplus.com
127.0.0.1 www.Teslaplus.com
127.0.0.1 82.179.170.82
127.0.0.1 WorldAntiSpy.com
127.0.0.1 www.WorldAntiSpy.com
127.0.0.1 www.securitycaution.com
127.0.0.1 securitycaution.com
127.0.0.1 adservs.com
127.0.0.1 csx.adservs.com
127.0.0.1 www.csx.adservs.com
127.0.0.1 toolbarbest.biz
127.0.0.1 www.toolbarbest.biz
127.0.0.1 65.75.151.192
127.0.0.1 game4all.biz
127.0.0.1 www.game4all.biz
127.0.0.1 game4all.biz/adv/018
127.0.0.1 www.game4all.biz/adv/018
127.0.0.1 wm.kannylizaciya.info
127.0.0.1 www.wm.kannylizaciya.info
127.0.0.1 wm.buhartes.info
127.0.0.1 www.wm.buhartes.info
127.0.0.1 login.fric.cn
127.0.0.1 www.login.fric.cn
127.0.0.1 xsremover.com
127.0.0.1 www.xsremover.com
127.0.0.1 spydeface.com
127.0.0.1 www.spydeface.com
127.0.0.1 alfacleaner.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 innovagest2000.com
127.0.0.1 www.innovagest2000.com
127.0.0.1 www.thespyguard.com
127.0.0.1 thespyguard.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 adwarepunisher.com
127.0.0.1 www.spyiblock.com
127.0.0.1 spyiblock.com
127.0.0.1 www.uvu-channel.com
127.0.0.1 uvu-channel.com
127.0.0.1 www.hachimitsu-lemon.com
127.0.0.1 hachimitsu-lemon.com
127.0.0.1 SEARCHTOFIND.NET
127.0.0.1 www.SEARCHTOFIND.NET
127.0.0.1 www.pestrap.com
127.0.0.1 pestrap.com
127.0.0.1 uptodatesecurity.com
127.0.0.1 www.uptodatesecurity.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 download.abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 216.255.179.234
127.0.0.1 qmex.psyche-evolution.com
127.0.0.1 www.qmex.psyche-evolution.com
127.0.0.1 core.psyche-evolution.com
127.0.0.1 www.core.psyche-evolution.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 scanandrepair.com
127.0.0.1 www.scanandrepair.com
127.0.0.1 uydsiygeds.com
127.0.0.1 www.uydsiygeds.com
127.0.0.1 pesttrap.com
127.0.0.1 www.pesttrap.com
127.0.0.1 adwarebazooka.com
127.0.0.1 get.adwarebazooka.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 kliksoftware.com
127.0.0.1 www.kliksoftware.com
127.0.0.1 hitvirus.com
127.0.0.1 get.hitvirus.com
127.0.0.1 www.hitvirus.com
127.0.0.1 promo.dollarrevenue.com
127.0.0.1 www.promo.dollarrevenue.com
127.0.0.1 maxifile.com
127.0.0.1 www.maxifile.com
127.0.0.1 targetsaver.com
127.0.0.1 www.targetsaver.com
127.0.0.1 dl.targetsaver.com
127.0.0.1 www.dl.targetsaver.com
127.0.0.1 nonameforthisdomain.com
127.0.0.1 www.nonameforthisdomain.com
127.0.0.1 hypoteches.com
127.0.0.1 www.hypoteches.com
127.0.0.1 www.earthllnk.net
127.0.0.1 earthllnk.net
127.0.0.1 hostance.net
127.0.0.1 www.hostance.net
127.0.0.1 my-dedik-one.com
127.0.0.1 www.my-dedik-one.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 6sek.com
127.0.0.1 www.6sek.com
127.0.0.1 cashdeluxe.net
127.0.0.1 www.cashdeluxe.net
127.0.0.1 stats.cashdeluxe.net
127.0.0.1 www.stats.cashdeluxe.net
127.0.0.1 www.2006ooo.com
127.0.0.1 www.spyware-stop.com
127.0.0.1 spyware-stop.com
127.0.0.1 www.SpyShield.org
127.0.0.1 SpyShield.org
127.0.0.1 utils.winfixer.com
127.0.0.1 www.utils.winfixer.com
127.0.0.1 toolbarbucks.biz
127.0.0.1 www.toolbarbucks.biz
127.0.0.1 derklaif.biz
127.0.0.1 www.derklaif.biz
127.0.0.1 www.v-codec.com
127.0.0.1 v-codec.com
127.0.0.1 www.emediacodec.com
127.0.0.1 emediacodec.com
127.0.0.1 www.popentertain.com
127.0.0.1 popentertain.com
127.0.0.1 softwareprofit.com
127.0.0.1 www.softwareprofit.com
127.0.0.1 de.winantivirus.com
127.0.0.1 download.winantivirus.com
127.0.0.1 winantivirus.com
127.0.0.1 www.winantivirus.com
127.0.0.1 205.209.152.121
127.0.0.1 offers.bullseye-network.com
127.0.0.1 www.offers.bullseye-network.com
127.0.0.1 bullseye-network.com
127.0.0.1 www.bullseye-network.com
127.0.0.1 sponsor2.ucmore.com
127.0.0.1 www.sponsor2.ucmore.com
127.0.0.1 apps.deskwizz
127.0.0.1 www.apps.deskwizz
127.0.0.1 hostthesky.com
127.0.0.1 www.hostthesky.com
127.0.0.1 dbdecicated.com
127.0.0.1 www.dbdecicated.com
127.0.0.1 readagreement.net
127.0.0.1 www.readagreement.net
127.0.0.1 gl.secdep.info
127.0.0.1 www.gl.secdep.info
127.0.0.1 spyfalcon.com
127.0.0.1 www.spyfalcon.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 spy-shield.com
127.0.0.1 www.spy-shield.com
127.0.0.1 winnanny.com
127.0.0.1 www.winnanny.com
127.0.0.1 winsoftware.com
127.0.0.1 www.winsoftware.com
127.0.0.1 winfirewall.com
127.0.0.1 www.winfirewall.com
127.0.0.1 winantispyware.com
127.0.0.1 www.winantispyware.com
127.0.0.1 udefender.com
127.0.0.1 www.udefender.com
127.0.0.1 bravesentry.com
127.0.0.1 www.bravesentry.com
127.0.0.1 content.dollarrevenue.com
127.0.0.1 www.content.dollarrevenue.com
127.0.0.1 toolbar.azebar.com
127.0.0.1 www.toolbar.azebar.com
127.0.0.1 traffsale1.biz
127.0.0.1 www.traffsale1.biz
127.0.0.1 194.187.45.55
127.0.0.1 82.146.60.36
127.0.0.1 spywaredisinfector.com
127.0.0.1 www.spywaredisinfector.com
127.0.0.1 SpyCut.com
127.0.0.1 www.SpyCut.com
127.0.0.1 almanah.biz
127.0.0.1 www.almanah.biz
127.0.0.1 antispydns.biz
127.0.0.1 www.antispydns.biz
127.0.0.1 spyaxeupdate.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 malwarewipesupport.com
127.0.0.1 www.malwarewipesupport.com
127.0.0.1 remedyantispy.com
127.0.0.1 www.remedyantispy.com
127.0.0.1 systemstable.com
127.0.0.1 www.systemstable.com
127.0.0.1 whoisprivacyprotect.com
127.0.0.1 www.whoisprivacyprotect.com
127.0.0.1 85.249.22.240
127.0.0.1 prime.webhancer.com
127.0.0.1 www.prime.webhancer.com
127.0.0.1 webhancer.com
127.0.0.1 www.webhancer.com
127.0.0.1 dr.webhancer.com
127.0.0.1 www.dr.webhancer.com
127.0.0.1 dr2.webhancer.com
127.0.0.1 www.dr2.webhancer.com
127.0.0.1 www.onli-ne.com
127.0.0.1 spycontra.com
127.0.0.1 www.spycontra.com
127.0.0.1 anti-virus-pro.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 check.jupitersatellites.biz
127.0.0.1 www.check.jupitersatellites.biz
127.0.0.1 necessaryupdates.com
127.0.0.1 www.necessaryupdates.com
127.0.0.1 bestworldgirls-for-u.net
127.0.0.1 www.bestworldgirls-for-u.net
127.0.0.1 stejax.pl
127.0.0.1 www.stejax.pl
127.0.0.1 kitehosting.com
127.0.0.1 www.kitehosting.com
127.0.0.1 ware2006.com
127.0.0.1 www.ware2006.com
127.0.0.1 filestore.com
127.0.0.1 www.filestore.com
127.0.0.1 systemupdates.net
127.0.0.1 www.systemupdates.net
127.0.0.1 logs.vapochille.com
127.0.0.1 www.logs.vapochille.com
127.0.0.1 goldenfreehost.com
127.0.0.1 www.goldenfreehost.com
127.0.0.1 todaywarnings.com
127.0.0.1 www.todaywarnings.com
127.0.0.1 spywarequake.com
127.0.0.1 spywarequake.info
127.0.0.1 www.spywarequake.info
127.0.0.1 www.spywarequake.com
127.0.0.1 download2.spywarequake.com
127.0.0.1 download3.spywarequake.com
127.0.0.1 download4.spywarequake.com
127.0.0.1 download5.spywarequake.com
127.0.0.1 download7.spywarequake.com
127.0.0.1 download8.spywarequake.com
127.0.0.1 download9.spywarequake.com
127.0.0.1 download10.spywarequake.com
127.0.0.1 download11.spywarequake.com
127.0.0.1 download12.spywarequake.com
127.0.0.1 download13.spywarequake.com
127.0.0.1 download15.spywarequake.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 206.161.124.98
127.0.0.1 69.31.131.82
127.0.0.1 207.226.162.34
127.0.0.1 urgentsystemupdate.com
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 dl2.spywarestrike.com
127.0.0.1 dl3.spywarestrike.com
127.0.0.1 dl4.spywarestrike.com
127.0.0.1 dl5.spywarestrike.com
127.0.0.1 dl6.spywarestrike.com
127.0.0.1 dl7.spywarestrike.com
127.0.0.1 dl8.spywarestrike.com
127.0.0.1 nospywaresoft.com
127.0.0.1 spywarestrike.com
127.0.0.1 www.nospywaresoft.com
127.0.0.1 www.spywarestrike.com
127.0.0.1 69.31.81.82
127.0.0.1 spyaxesupport.com
127.0.0.1 www.spyaxesupport.com
127.0.0.1 download3.spyaxe.com
127.0.0.1 download4.spyaxe.com
127.0.0.1 download5.spyaxe.com
127.0.0.1 download6.spyaxe.com
127.0.0.1 dl2.spyfalcon.com
127.0.0.1 dl3.spyfalcon.com
127.0.0.1 dl4.spyfalcon.com
127.0.0.1 dl5.spyfalcon.com
127.0.0.1 dl9.spyfalcon.com
127.0.0.1 dl10.spyfalcon.com
127.0.0.1 dl16.spyfalcon.com
127.0.0.1 www.sgrunt.biz
127.0.0.1 traffbest.biz
127.0.0.1 www.traffbest.biz
127.0.0.1 securityfeature.com
127.0.0.1 www.securityfeature.com
127.0.0.1 pimasoft.com
127.0.0.1 www.pimasoft.com
127.0.0.1 blackhawksoftware.com
127.0.0.1 www.blackhawksoftware.com
127.0.0.1 spy-sniper.com
127.0.0.1 www.spy-sniper.com
127.0.0.1 safetydefender.com
127.0.0.1 www.safetydefender.com
127.0.0.1 securitywarnings.net
127.0.0.1 www.securitywarnings.net
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 antispylab.com
127.0.0.1 www.antispylab.com
127.0.0.1 spywaresheriff.com
127.0.0.1 www.spywaresheriff.com
127.0.0.1 allmegabucks.com
127.0.0.1 www.allmegabucks.com
127.0.0.1 rizalof.com
127.0.0.1 www.rizalof.com
127.0.0.1 rc.rizalof.com
127.0.0.1 media-codec.com
127.0.0.1 www.media-codec.com
127.0.0.1 SpywareScraper.com
127.0.0.1 www.SpywareScraper.com
127.0.0.1 crystalysmedia.com
127.0.0.1 www.crystalysmedia.com
127.0.0.1 180solutions.com
127.0.0.1 cts.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 uploads.180solutions.com
127.0.0.1 installs.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 ping.180solutions.com
127.0.0.1 tv.180solutions.com
127.0.0.1 nowhere.180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 theguardservices.com
127.0.0.1 www.theguardservices.com
127.0.0.1 securitybulletin.net
127.0.0.1 www.securitybulletin.net
127.0.0.1 www.supernet.speedserv.com
127.0.0.1 spyonthis.net
127.0.0.1 download.spyonthis.net
127.0.0.1 www.spyonthis.net
127.0.0.1 hijack-this.net
127.0.0.1 www.hijack-this.net
127.0.0.1 errorsafe.com
127.0.0.1 de.errorsafe.com
127.0.0.1 download.errorsafe.com
127.0.0.1 www.errorsafe.com
127.0.0.1 amaena.com
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 instlog.winfixer.com
127.0.0.1 winfixer2006.com
127.0.0.1 www.winfixer2006.com
127.0.0.1 webtopsecurity.com
127.0.0.1 www.webtopsecurity.com
127.0.0.1 traff5all.biz
127.0.0.1 www.traff5all.biz
127.0.0.1 1-extreme.biz
127.0.0.1 www.1-extreme.biz
127.0.0.1 download.bravesentry.com
127.0.0.1 www.download.bravesentry.com
127.0.0.1 evko.biz
127.0.0.1 www.evko.biz
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 download.secureyournet.biz
127.0.0.1 www.download.secureyournet.biz
127.0.0.1 secureyournet.biz
127.0.0.1 www.secureyournet.biz
127.0.0.1 windupdates.com
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdbiz.biz
127.0.0.1 spywarelabs.com
127.0.0.1 www.spywarelabs.com
127.0.0.1 traffweb1.biz
127.0.0.1 www.traffweb1.biz
127.0.0.1 newtoolbar.biz
127.0.0.1 www.newtoolbar.biz
127.0.0.1 buytraff.biz
127.0.0.1 www.buytraff.biz
127.0.0.1 safetyuptodate.com
127.0.0.1 www.safetyuptodate.com
127.0.0.1 crazywinnings.com
127.0.0.1 frame.crazywinnings.com
127.0.0.1 www.crazywinnings.com
127.0.0.1 topconverting.com
127.0.0.1 www.topconverting.com
127.0.0.1 casalemedia.com
127.0.0.1 b.casalemedia.com
127.0.0.1 www.casalemedia.com
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 admin2cash.biz
127.0.0.1 www.admin2cash.biz
127.0.0.1 advcash.biz
127.0.0.1 www.advcash.biz
127.0.0.1 all4internet.com
127.0.0.1 www.all4internet.com
127.0.0.1 bettersearch.biz
127.0.0.1 www.bettersearch.biz
127.0.0.1 c4tdownload.com
127.0.0.1 www.c4tdownload.com
127.0.0.1 clickspring.net
127.0.0.1 www.clickspring.net
127.0.0.1 contentmatch.net
127.0.0.1 www.contentmatch.net
127.0.0.1 dialer-shop.com
127.0.0.1 www.dialer-shop.com
127.0.0.1 dialoff.com
127.0.0.1 www.dialoff.com
127.0.0.1 energy-factor.com
127.0.0.1 www.energy-factor.com
127.0.0.1 hardcorefantasyland.com
127.0.0.1 www.hardcorefantasyland.com
127.0.0.1 hardfootballbabes.com
127.0.0.1 www.hardfootballbabes.com
127.0.0.1 linkautomatici.com
127.0.0.1 www.linkautomatici.com
127.0.0.1 master69.biz
127.0.0.1 www.master69.biz
127.0.0.1 master70.biz
127.0.0.1 www.master70.biz
127.0.0.1 master71.biz
127.0.0.1 www.master71.biz
127.0.0.1 mcdial.biz
127.0.0.1 www.mcdial.biz
127.0.0.1 mt-download.com
127.0.0.1 www.mt-download.com
127.0.0.1 my-teensex.com
127.0.0.1 overpro.com
127.0.0.1 private-dialer.biz
127.0.0.1 private-iframe.biz
127.0.0.1 redfunny.com
127.0.0.1 scoobidoo.com
127.0.0.1 skoobidoo.com
127.0.0.1 sexvideopro.com
127.0.0.1 storage-tasp.com
1
0
Réponse 7 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

poster le rapport. (sans les lignes 127.0.0.1.........)
0
jojo
 
Bonjour Geoffrey,

j'ai excatement el meme probleme avec ces pubs intempestives qui apparaissent des que je me ballade sur le web. J'ai suivi toutes les etapes que tu as donné mais cela ne disparait pas.
J'ai également fait un spybot.
Voici mon rapport hijackthis:
:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Webamaster\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\System32\cmd.exe
C:\Documents and Settings\Webamaster\Bureau\spy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {83f2e35f-567a-4bbb-aaa9-630c0c68c843} - C:\WINDOWS\System32\wefenure.dll (file missing)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SService] C:\DOCUME~1\WEBAMA~1\LOCALS~1\Temp\winjfe4Wj.exe
O4 - HKLM\..\Run: [modemazovo] Rundll32.exe "C:\WINDOWS\System32\juriyuyi.dll",s
O4 - HKLM\..\Run: [a8b2315f] rundll32.exe "C:\WINDOWS\System32\tosigupa.dll",b
O4 - HKLM\..\Run: [CPMab8102c3] Rundll32.exe "c:\windows\system32\weziyolo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - AppInit_DLLs: c:\windows\system32\seretisa.dll C:\WINDOWS\System32\kupageli.dll c:\windows\system32\weziyolo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\weziyolo.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


et voici mon rapport smitfraudifix:
SmitFraudFix v2.381

Rapport fait à 15:34:58,62, 07/12/2008
Executé à partir de C:\Documents and Settings\Webamaster\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Webamaster\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Webamaster


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WEBAMA~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Webamaster\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WEBAMA~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CDEFEE3D-EDCB-4226-931B-90E184C11CAC}"="rjgoitr"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"

[HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\weziyolo.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\weziyolo.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\system32\\seretisa.dll C:\\WINDOWS\\System32\\kupageli.dll c:\\windows\\system32\\weziyolo.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: ASUS USB Wireless Network Adapter #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DAFA2D9-9055-40D4-BFC4-7ACCB3ADCA0A}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2DAFA2D9-9055-40D4-BFC4-7ACCB3ADCA0A}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2DAFA2D9-9055-40D4-BFC4-7ACCB3ADCA0A}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Si tu peux m'aider.

Merci
0
brioche95 Messages postés 660 Statut Membre 167 > jojo
 
Stp jojo tu peux faire ton propre topic STP
0
Réponse 8 / 20
brioche95 Messages postés 660 Statut Membre 167
 
tFraudFix v2.381

Rapport fait à 19:27:24,68, 07/12/2008
Executé à partir de C:\Documents and Settings\Fournier\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{444263D5-9282-48A6-BD6D-EFDD7415C555}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{444263D5-9282-48A6-BD6D-EFDD7415C555}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{444263D5-9282-48A6-BD6D-EFDD7415C555}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 9 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Tu ne devais pas le relancer mais me poster le rapport de suppression que tu avais fais hier... Mais bon tampis.

fais ceci maintenant stp :

▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

▶ Lance l'installation du programme en exécutant le fichier téléchargé.

▶ Double-clique maintenant sur le raccourci de Toolbar-S&D.

▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

▶ Poste le rapport généré. (C:\TB.txt)
0
brioche95 Messages postés 660 Statut Membre 167
 
-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Fournier ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081206-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:63 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 07/12/2008|19:55 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\WINDOWS\iun6002.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\wFOnVyay.ini
C:\WINDOWS\system32\wFOnVyay.ini2
C:\WINDOWS\system32\yayVnOFw.dll
[b]==> VUNDO <==/b
0
Réponse 10 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok maintenant :

▶ Relance Toolbar-S&D en double-cliquant sur le raccourci.
▶ Tape sur "2" puis valide en appuyant sur "Entrée".
/!\ Ne ferme pas la fenêtre lors de la suppression !
▶ Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

ensuite :

▶ Télécharge malwarebyte's anti-malware

▶ Un tutoriel sera à ta disposition sur mon site pour t'aider à l'utiliser.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée

Et ensuite refais un nouveau rapport hijackthis stp
0
brioche95 Messages postés 660 Statut Membre 167
 
1 er Rapport:



-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Fournier ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081206-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:63 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [2] ( 07/12/2008|20:04 )

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\iun6002.exe

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\wFOnVyay.ini
C:\WINDOWS\system32\wFOnVyay.ini2
C:\WINDOWS\system32\yayVnOFw.dll
[b]==> VUNDO <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Fournier\Mes documents\LimeWire\Incomplete\T-78308-gta psp crack by [ssg].zip



1 - "C:\ToolBar SD\TB_1.txt" - 07/12/2008|19:58 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 07/12/2008|20:06 - Option : [2]

-----------\\ Fin du rapport a 20:06:43,71



l'autre arrive la recherche est long je suis a 19 minutes là...
0
Réponse 11 / 20
brioche95 Messages postés 660 Statut Membre 167
 
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 5.1.2600 Service Pack 2

07/12/2008 20:48:23
mbam-log-2008-12-07 (20-48-16).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 83501
Temps écoulé: 34 minute(s), 5 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
C:\Documents and Settings\Fournier\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\intqbuas.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yayVnOFw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\opnkKArQ.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49c4131f-9f5e-46b6-931b-af832c642364} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{49c4131f-9f5e-46b6-931b-af832c642364} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkkarq (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49c4131f-9f5e-46b6-931b-af832c642364} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d54bc86-cbd0-8888-2495-d79f0e1b623c} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0d54bc86-cbd0-8888-2495-d79f0e1b623c} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16a4f6b1-0381-3947-56b2-580623f4d942} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{16a4f6b1-0381-3947-56b2-580623f4d942} (Adware.BHO) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\985475a7 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zvxstlpswnt (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayvnofw -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayvnofw
0
Réponse 12 / 20
brioche95 Messages postés 660 Statut Membre 167
 
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 5.1.2600 Service Pack 2

07/12/2008 20:50:13
mbam-log-2008-12-07 (20-50-13).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 83501
Temps écoulé: 34 minute(s), 5 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
C:\Documents and Settings\Fournier\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\intqbuas.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayVnOFw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnkKArQ.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49c4131f-9f5e-46b6-931b-af832c642364} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{49c4131f-9f5e-46b6-931b-af832c642364} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkkarq (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49c4131f-9f5e-46b6-931b-af832c642364} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d54bc86-cbd0-8888-2495-d79f0e1b623c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0d54bc86-cbd0-8888-2495-d79f0e1b623c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16a4f6b1-0381-3947-56b2-580623f4d942} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{16a4f6b1-0381-3947-56b2-580623f4d942} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\985475a7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zvxstlpswnt (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayvnofw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayvnofw
0
Réponse 13 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Est-ce que tu as supprimé la sélection comme expliqué dans le tuto ??
0
Réponse 14 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok maintenant refais un nouveau rapport hijackthis stp
0
brioche95 Messages postés 660 Statut Membre 167
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:53, on 07/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0D54BC86-CBD0-8888-2495-D79F0E1B623C} - (no file)
O2 - BHO: (no name) - {16a4f6b1-0381-3947-56b2-580623f4d942} - (no file)
O2 - BHO: (no name) - {3ADAF420-6C37-4936-BB88-154B6432ED9F} - (no file)
O2 - BHO: (no name) - {49C4131F-9F5E-46B6-931B-AF832C642364} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {BB5538EF-9C58-4DDA-8227-25615C83C558} - C:\WINDOWS\system32\fccyYrpn.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [SteamRS] C:\Program Files\Steam\Steam.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [zvxstlpswnt] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\fuzutapposimsgj.dll"
O4 - HKLM\..\Run: [985475a7] rundll32.exe "C:\WINDOWS\system32\jipwaoyw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Fournier\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: GA511 Smart Wizard Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - AppInit_DLLs: C:\WINDOWS\System32\dbgeng32.dll,C:\WINDOWS\System32\dbgeng32.dll bnxysg.dll
O20 - Winlogon Notify: 98547508509 - C:\WINDOWS\System32\dbgeng32.dll (file missing)
O20 - Winlogon Notify: opnkKArQ - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
0
Réponse 15 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
▶ Télécharger et enregistrer lopSD sur le Bureau

▶ Double-clic Lop S&D

▶ Faire l'installation

▶ Fermer toutes les applications

▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

▶ Taper F pour français , puis presser entrée

▶ Taper 1

▶ Presser Entrée

▶ Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

▶ Attendre l'apparition du rapport
▶ Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
0
brioche95 Messages postés 660 Statut Membre 167
 
j'ai eu le rapport sans que l'ordinateur redémarre, es normal?

voici le rapport lopR:



--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Fournier ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081206-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:63 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 07/12/2008|21:14 )

--------------------\\ Listing des dossiers dans APPLIC~1

[23/11/2008|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[10/11/2008|00:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[05/11/2008|01:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[23/11/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[23/11/2008|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[25/11/2008|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[05/11/2008|01:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/12/2008|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[05/11/2008|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[05/12/2008|21:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn
[17/11/2008|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[07/12/2008|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[23/11/2008|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/11/2008|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[05/11/2008|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[15/11/2008|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[06/12/2008|12:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[03/11/2008|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[24/11/2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[03/11/2008|21:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[04/12/2008|10:58] C:\DOCUME~1\Fournier\APPLIC~1\Adobe
[23/11/2008|18:53] C:\DOCUME~1\Fournier\APPLIC~1\Apple Computer
[27/11/2008|21:45] C:\DOCUME~1\Fournier\APPLIC~1\Azureus
[07/12/2008|03:20] C:\DOCUME~1\Fournier\APPLIC~1\foobar2000
[05/11/2008|01:34] C:\DOCUME~1\Fournier\APPLIC~1\Google
[03/11/2008|22:01] C:\DOCUME~1\Fournier\APPLIC~1\Identities
[10/11/2008|00:12] C:\DOCUME~1\Fournier\APPLIC~1\InstallShield
[04/12/2008|20:36] C:\DOCUME~1\Fournier\APPLIC~1\LimeWire
[03/11/2008|22:16] C:\DOCUME~1\Fournier\APPLIC~1\Macromedia
[07/12/2008|20:10] C:\DOCUME~1\Fournier\APPLIC~1\Malwarebytes
[23/11/2008|01:37] C:\DOCUME~1\Fournier\APPLIC~1\Microsoft
[16/11/2008|04:49] C:\DOCUME~1\Fournier\APPLIC~1\Mozilla
[23/11/2008|01:37] C:\DOCUME~1\Fournier\APPLIC~1\Sun
[06/12/2008|00:50] C:\DOCUME~1\Fournier\APPLIC~1\TeamViewer
[26/11/2008|09:58] C:\DOCUME~1\Fournier\APPLIC~1\vlc
[22/11/2008|02:01] C:\DOCUME~1\Fournier\APPLIC~1\WinRAR

[03/11/2008|21:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[05/12/2008|21:17] C:\DOCUME~1\LOGMEI~1\APPLIC~1\Microsoft

[06/12/2008|00:06] C:\DOCUME~1\LOGMEI~1.ORD\APPLIC~1\Microsoft

[03/11/2008|21:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[07/12/2008 18:57][--a------] C:\WINDOWS\tasks\Norton Security Scan for Fournier.job
[24/11/2008 10:18][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[07/12/2008 20:52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 19:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[05/11/2008|01:52] C:\Program Files\Adobe
[04/12/2008|21:52] C:\Program Files\Alwil Software
[09/11/2008|02:32] C:\Program Files\AnalogX
[23/11/2008|18:50] C:\Program Files\Apple Software Update
[07/12/2008|03:21] C:\Program Files\Audacity
[26/11/2008|20:09] C:\Program Files\Azureus
[23/11/2008|18:52] C:\Program Files\Bonjour
[26/11/2008|21:59] C:\Program Files\Capturino V2
[04/12/2008|20:46] C:\Program Files\CCleaner
[03/11/2008|21:04] C:\Program Files\ComPlus Applications
[07/12/2008|20:35] C:\Program Files\eMule
[06/12/2008|12:09] C:\Program Files\End It All
[24/11/2008|14:55] C:\Program Files\Fichiers communs
[07/12/2008|03:19] C:\Program Files\foobar2000
[06/12/2008|12:31] C:\Program Files\Google
[05/11/2008|03:22] C:\Program Files\Hewlett-Packard
[05/11/2008|03:25] C:\Program Files\HP
[25/11/2008|18:12] C:\Program Files\InstallShield Installation Information
[05/11/2008|03:20] C:\Program Files\Internet Explorer
[23/11/2008|18:52] C:\Program Files\iPod
[23/11/2008|18:52] C:\Program Files\iTunes
[03/12/2008|20:24] C:\Program Files\Java
[04/12/2008|19:55] C:\Program Files\LimeWire
[17/11/2008|18:46] C:\Program Files\ma-config.com
[07/12/2008|20:10] C:\Program Files\Malwarebytes' Anti-Malware
[21/11/2008|22:06] C:\Program Files\Megaware
[22/11/2008|02:45] C:\Program Files\Messenger Plus! Live
[03/11/2008|22:24] C:\Program Files\Microsoft
[07/12/2008|21:00] C:\Program Files\Mozilla Firefox
[03/11/2008|21:15] C:\Program Files\MSXML 4.0
[03/11/2008|21:16] C:\Program Files\MSXML 6.0
[10/11/2008|00:10] C:\Program Files\NETGEAR GA511 Adapter
[03/11/2008|21:05] C:\Program Files\NetMeeting
[07/12/2008|18:00] C:\Program Files\Norton Security Scan
[05/11/2008|02:02] C:\Program Files\NOS
[03/11/2008|21:05] C:\Program Files\Outlook Express
[05/12/2008|18:28] C:\Program Files\Proxomitron Naoko v4.5
[23/11/2008|18:51] C:\Program Files\QuickTime
[10/11/2008|00:12] C:\Program Files\Realtek
[05/11/2008|17:14] C:\Program Files\Realtek AC97
[03/11/2008|21:05] C:\Program Files\Services en ligne
[06/12/2008|12:21] C:\Program Files\Spybot - Search & Destroy
[07/12/2008|20:55] C:\Program Files\Steam
[06/12/2008|00:35] C:\Program Files\TeamViewer3
[03/12/2008|20:30] C:\Program Files\TightVNC
[22/11/2008|23:59] C:\Program Files\tmallet
[05/12/2008|19:02] C:\Program Files\Trend Micro
[03/11/2008|22:00] C:\Program Files\Uninstall Information
[04/11/2008|23:57] C:\Program Files\VIA
[26/11/2008|09:55] C:\Program Files\VideoLAN
[24/11/2008|14:55] C:\Program Files\Windows Live
[23/11/2008|19:21] C:\Program Files\Windows Live Safety Center
[04/11/2008|22:44] C:\Program Files\Windows Media Player
[03/11/2008|21:03] C:\Program Files\Windows NT
[03/11/2008|21:05] C:\Program Files\WindowsUpdate
[22/11/2008|02:00] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[05/11/2008|01:53] C:\Program Files\Fichiers communs\Adobe
[23/11/2008|18:49] C:\Program Files\Fichiers communs\Apple
[05/11/2008|03:21] C:\Program Files\Fichiers communs\Hewlett-Packard
[05/11/2008|03:23] C:\Program Files\Fichiers communs\HP
[10/11/2008|00:10] C:\Program Files\Fichiers communs\InstallShield
[24/11/2008|14:55] C:\Program Files\Fichiers communs\Microsoft Shared
[03/11/2008|21:05] C:\Program Files\Fichiers communs\MSSoap
[03/11/2008|21:57] C:\Program Files\Fichiers communs\ODBC
[03/11/2008|21:05] C:\Program Files\Fichiers communs\Services
[23/11/2008|20:18] C:\Program Files\Fichiers communs\snp2std
[03/11/2008|21:57] C:\Program Files\Fichiers communs\SpeechEngines
[07/12/2008|18:09] C:\Program Files\Fichiers communs\Symantec Shared
[03/11/2008|21:04] C:\Program Files\Fichiers communs\System
[03/11/2008|22:22] C:\Program Files\Fichiers communs\Windows Live
[24/11/2008|14:55] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 33 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Fournier\Cookies\fournier@advertstream[1].txt
C:\DOCUME~1\Fournier\Cookies\fournier@advertising[2].txt
C:\DOCUME~1\Fournier\Cookies\fournier@bigpoint[2].txt
C:\DOCUME~1\Fournier\Cookies\fournier@fr.thepimps.bigpoint[2].txt
C:\DOCUME~1\Fournier\Cookies\fournier@fr1.darkorbit.bigpoint[1].txt
C:\DOCUME~1\Fournier\Cookies\fournier@banner.cotedazurpalace[2].txt
C:\DOCUME~1\Fournier\Cookies\fournier@cotedazurpalace[1].txt
C:\DOCUME~1\Fournier\Cookies\fournier@www.cotedazurpalace[1].txt
C:\DOCUME~1\Fournier\Cookies\fournier@adopt.euroclick[2].txt
C:\DOCUME~1\Fournier\Cookies\fournier@2xmoinscher[1].txt
C:\DOCUME~1\Fournier\Cookies\fournier@cc.2xmoinscher[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 21:18:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Fournier\Mes documents\LimeWire\Incomplete\T-78308-gta psp crack by [ssg].zip


[F:89][D:6]-> C:\DOCUME~1\Fournier\LOCALS~1\Temp
[F:232][D:0]-> C:\DOCUME~1\Fournier\Cookies
[F:196][D:4]-> C:\DOCUME~1\Fournier\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 07/12/2008|21:19 - Option : [1]

--------------------\\ Fin du rapport a 21:19:36
0
Réponse 16 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Oui ça se pourrait qu'il ne redémarre pas...

▶ Relance Lop S&D

▶ Choisis cette fois-ci l'option 2 (Suppression)

▶ Ne ferme pas la fenêtre lors de la suppression !

▶ Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

et ensuite refais un nouveau rapport hijackthis stp
0
Réponse 17 / 20
brioche95 Messages postés 660 Statut Membre 167
 
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Fournier ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081206-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:63 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 07/12/2008|21:28 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@advertstream[1].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@advertising[2].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@bigpoint[2].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@fr.thepimps.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@fr1.darkorbit.bigpoint[1].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@www.cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\Fournier\Cookies\fournier@cc.2xmoinscher[2].txt
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[23/11/2008|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[10/11/2008|00:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[05/11/2008|01:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[23/11/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[23/11/2008|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[25/11/2008|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[05/11/2008|01:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/12/2008|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[05/11/2008|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[05/12/2008|21:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn
[17/11/2008|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[07/12/2008|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[23/11/2008|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/11/2008|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[05/11/2008|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[15/11/2008|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[06/12/2008|12:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[03/11/2008|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[24/11/2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[03/11/2008|21:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[04/12/2008|10:58] C:\DOCUME~1\Fournier\APPLIC~1\Adobe
[23/11/2008|18:53] C:\DOCUME~1\Fournier\APPLIC~1\Apple Computer
[27/11/2008|21:45] C:\DOCUME~1\Fournier\APPLIC~1\Azureus
[07/12/2008|03:20] C:\DOCUME~1\Fournier\APPLIC~1\foobar2000
[05/11/2008|01:34] C:\DOCUME~1\Fournier\APPLIC~1\Google
[03/11/2008|22:01] C:\DOCUME~1\Fournier\APPLIC~1\Identities
[10/11/2008|00:12] C:\DOCUME~1\Fournier\APPLIC~1\InstallShield
[04/12/2008|20:36] C:\DOCUME~1\Fournier\APPLIC~1\LimeWire
[03/11/2008|22:16] C:\DOCUME~1\Fournier\APPLIC~1\Macromedia
[07/12/2008|20:10] C:\DOCUME~1\Fournier\APPLIC~1\Malwarebytes
[23/11/2008|01:37] C:\DOCUME~1\Fournier\APPLIC~1\Microsoft
[16/11/2008|04:49] C:\DOCUME~1\Fournier\APPLIC~1\Mozilla
[23/11/2008|01:37] C:\DOCUME~1\Fournier\APPLIC~1\Sun
[06/12/2008|00:50] C:\DOCUME~1\Fournier\APPLIC~1\TeamViewer
[26/11/2008|09:58] C:\DOCUME~1\Fournier\APPLIC~1\vlc
[22/11/2008|02:01] C:\DOCUME~1\Fournier\APPLIC~1\WinRAR

[03/11/2008|21:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[05/12/2008|21:17] C:\DOCUME~1\LOGMEI~1\APPLIC~1\Microsoft

[06/12/2008|00:06] C:\DOCUME~1\LOGMEI~1.ORD\APPLIC~1\Microsoft

[03/11/2008|21:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[07/12/2008 18:57][--a------] C:\WINDOWS\tasks\Norton Security Scan for Fournier.job
[24/11/2008 10:18][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[07/12/2008 20:52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 19:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[05/11/2008|01:52] C:\Program Files\Adobe
[04/12/2008|21:52] C:\Program Files\Alwil Software
[09/11/2008|02:32] C:\Program Files\AnalogX
[23/11/2008|18:50] C:\Program Files\Apple Software Update
[07/12/2008|03:21] C:\Program Files\Audacity
[26/11/2008|20:09] C:\Program Files\Azureus
[23/11/2008|18:52] C:\Program Files\Bonjour
[26/11/2008|21:59] C:\Program Files\Capturino V2
[04/12/2008|20:46] C:\Program Files\CCleaner
[03/11/2008|21:04] C:\Program Files\ComPlus Applications
[07/12/2008|20:35] C:\Program Files\eMule
[06/12/2008|12:09] C:\Program Files\End It All
[24/11/2008|14:55] C:\Program Files\Fichiers communs
[07/12/2008|03:19] C:\Program Files\foobar2000
[06/12/2008|12:31] C:\Program Files\Google
[05/11/2008|03:22] C:\Program Files\Hewlett-Packard
[05/11/2008|03:25] C:\Program Files\HP
[25/11/2008|18:12] C:\Program Files\InstallShield Installation Information
[05/11/2008|03:20] C:\Program Files\Internet Explorer
[23/11/2008|18:52] C:\Program Files\iPod
[23/11/2008|18:52] C:\Program Files\iTunes
[03/12/2008|20:24] C:\Program Files\Java
[04/12/2008|19:55] C:\Program Files\LimeWire
[17/11/2008|18:46] C:\Program Files\ma-config.com
[07/12/2008|20:10] C:\Program Files\Malwarebytes' Anti-Malware
[21/11/2008|22:06] C:\Program Files\Megaware
[22/11/2008|02:45] C:\Program Files\Messenger Plus! Live
[03/11/2008|22:24] C:\Program Files\Microsoft
[07/12/2008|21:19] C:\Program Files\Mozilla Firefox
[03/11/2008|21:15] C:\Program Files\MSXML 4.0
[03/11/2008|21:16] C:\Program Files\MSXML 6.0
[10/11/2008|00:10] C:\Program Files\NETGEAR GA511 Adapter
[03/11/2008|21:05] C:\Program Files\NetMeeting
[07/12/2008|18:00] C:\Program Files\Norton Security Scan
[05/11/2008|02:02] C:\Program Files\NOS
[03/11/2008|21:05] C:\Program Files\Outlook Express
[05/12/2008|18:28] C:\Program Files\Proxomitron Naoko v4.5
[23/11/2008|18:51] C:\Program Files\QuickTime
[10/11/2008|00:12] C:\Program Files\Realtek
[05/11/2008|17:14] C:\Program Files\Realtek AC97
[03/11/2008|21:05] C:\Program Files\Services en ligne
[06/12/2008|12:21] C:\Program Files\Spybot - Search & Destroy
[07/12/2008|20:55] C:\Program Files\Steam
[06/12/2008|00:35] C:\Program Files\TeamViewer3
[03/12/2008|20:30] C:\Program Files\TightVNC
[22/11/2008|23:59] C:\Program Files\tmallet
[05/12/2008|19:02] C:\Program Files\Trend Micro
[03/11/2008|22:00] C:\Program Files\Uninstall Information
[04/11/2008|23:57] C:\Program Files\VIA
[26/11/2008|09:55] C:\Program Files\VideoLAN
[24/11/2008|14:55] C:\Program Files\Windows Live
[23/11/2008|19:21] C:\Program Files\Windows Live Safety Center
[04/11/2008|22:44] C:\Program Files\Windows Media Player
[03/11/2008|21:03] C:\Program Files\Windows NT
[03/11/2008|21:05] C:\Program Files\WindowsUpdate
[22/11/2008|02:00] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[05/11/2008|01:53] C:\Program Files\Fichiers communs\Adobe
[23/11/2008|18:49] C:\Program Files\Fichiers communs\Apple
[05/11/2008|03:21] C:\Program Files\Fichiers communs\Hewlett-Packard
[05/11/2008|03:23] C:\Program Files\Fichiers communs\HP
[10/11/2008|00:10] C:\Program Files\Fichiers communs\InstallShield
[24/11/2008|14:55] C:\Program Files\Fichiers communs\Microsoft Shared
[03/11/2008|21:05] C:\Program Files\Fichiers communs\MSSoap
[03/11/2008|21:57] C:\Program Files\Fichiers communs\ODBC
[03/11/2008|21:05] C:\Program Files\Fichiers communs\Services
[23/11/2008|20:18] C:\Program Files\Fichiers communs\snp2std
[03/11/2008|21:57] C:\Program Files\Fichiers communs\SpeechEngines
[07/12/2008|18:09] C:\Program Files\Fichiers communs\Symantec Shared
[03/11/2008|21:04] C:\Program Files\Fichiers communs\System
[03/11/2008|22:22] C:\Program Files\Fichiers communs\Windows Live
[24/11/2008|14:55] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 33 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 21:36:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Fournier\Mes documents\LimeWire\Incomplete\T-78308-gta psp crack by [ssg].zip

[F:92][D:6]-> C:\DOCUME~1\Fournier\LOCALS~1\Temp
[F:221][D:0]-> C:\DOCUME~1\Fournier\Cookies
[F:196][D:4]-> C:\DOCUME~1\Fournier\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 07/12/2008|21:19 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 07/12/2008|21:37 - Option : [2]

--------------------\\ Fin du rapport a 21:37:46
0
Réponse 18 / 20
brioche95 Messages postés 660 Statut Membre 167
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:50, on 07/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0D54BC86-CBD0-8888-2495-D79F0E1B623C} - (no file)
O2 - BHO: (no name) - {16a4f6b1-0381-3947-56b2-580623f4d942} - (no file)
O2 - BHO: (no name) - {3ADAF420-6C37-4936-BB88-154B6432ED9F} - (no file)
O2 - BHO: (no name) - {49C4131F-9F5E-46B6-931B-AF832C642364} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {BB5538EF-9C58-4DDA-8227-25615C83C558} - C:\WINDOWS\system32\fccyYrpn.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [SteamRS] C:\Program Files\Steam\Steam.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [zvxstlpswnt] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\fuzutapposimsgj.dll"
O4 - HKLM\..\Run: [985475a7] rundll32.exe "C:\WINDOWS\system32\jipwaoyw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Fournier\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: GA511 Smart Wizard Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - AppInit_DLLs: C:\WINDOWS\System32\dbgeng32.dll,C:\WINDOWS\System32\dbgeng32.dll bnxysg.dll
O20 - Winlogon Notify: 98547508509 - C:\WINDOWS\System32\dbgeng32.dll (file missing)
O20 - Winlogon Notify: opnkKArQ - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
0
Réponse 19 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
▶ Télécharge Combofix de sUBs

▶ et enregistre le sur le Bureau.

▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

ensuite envois le rapport et refais un nouveau rapport hijackthis stp
0
brioche95 Messages postés 660 Statut Membre 167
 
Bon si sa te dérange pas, je continuerait demain soir, car demain matin j'ai cour et un contrôle, je doit révisé, Merci à toi à demain.
0
Réponse 20 / 20
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok pas de problèmes ;-)

Bonne fin de soirée @+
0

Discussions similaires

Ouvrir un fichier .pub sans Publisher
baissaoui -
baissaoui -

0 réponse
Ouvrir document Publisher sans Publisher
Curtis Hayes -
Curtis Hayes -

7 réponses
lire un fichier .pub
xycoco -
Valou -

38 réponses
Lire, afficher, exécuter un fichier *.pub sans Publisher
jeannoellaurenti -
informatique_fujitsu -

1 réponse
Recherche nom acteur Pub
Visu -
Lorenzo -

4 réponses