demande d'analyse de logs

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

demande d'analyse de logs

Messagede piksso » 01 Oct 2007, 10:13

Bonjour,

Je galère depuis presque une semaine avec des "alertes systemes" et autres pop-up intempestives. J'ai essayé beaucoup de chose en suivant les différents conseils sur le site, mais j'ai toujours un problème sur mon PC. Je poste ci-dessous le log HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 10:05:55, on 01/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\WD2055.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Mes documents\Personal Data\SET UP\Nettoyage\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.arinso.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - C:\WINDOWS\mscore.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://www.mediapluspro.com/mediaplus65 ... Viewer.CAB
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.mediapluspro.com/mediaplus65 ... ccinst.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://usema31.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManag ... ownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DC8DC31B-4EF2-46BA-8F33-7FD2CC604C72} (ENIInetTools2.clsManager) - http://www.mediapluspro.com/mediaplus65 ... Plugin.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://arinso.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://intranet.arinso.com/dms/xupload/XUpload.ocx
O16 - DPF: {FE35DDBA-59B1-42F0-AFA8-CABBFA7B5C36} (LSArtefact2.clsManager) - http://www.mediapluspro.com/mediaplus65 ... efact2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ext.ms.dsi.cnrs.fr
O17 - HKLM\Software\..\Telephony: DomainName = ext.ms.dsi.cnrs.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ext.ms.dsi.cnrs.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - AppInit_DLLs: AMInit.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: drvsvp - {31E688C1-3455-48F4-B9D8-77D4687DAFDF} - C:\WINDOWS\drvsvp.dll
O21 - SSODL: msmduo - {A4E3C098-49AA-409B-8E8A-667BFDCE0C8F} - C:\WINDOWS\msmduo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL501 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Merci d'avance pour votre aide précieuse.
piksso
 
Messages: 5
Inscription: 01 Oct 2007, 10:10

Messagede nickW » 01 Oct 2007, 11:22

Bonjour,

Tu as utilisé une version obsolète de HijackThis.
Installation de la nouvelle version:

HijackThis (de TrendMicro)
Télécharger HijackThis de TrendMicro depuis la page:
http://www.trendsecure.com/portal/en-US ... e=download
Cliquer sur le lien: Download HijackThis Installer
Enregistrer ce fichier sur le Bureau.

Fermer absolument toutes les applications, les connexions et les navigateurs.
Lancer l'installation par un double clic sur HJTInstall.exe
Si elle s'affiche, lire et accepter la licence (cliquer sur le bouton I Accept)
Cliquer sur le bouton "Do a system scan and save a logfile"
Attendre qu'une fenêtre du Bloc-notes s'ouvre.
Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer le fichier sous le nom HJT1.txt.
Fermer le Bloc-notes.


Création d'un autre log:
Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser en mode sans échec.



Étape 1: Ccleaner
Télécharger et installer Ccleaner Basic dans un dossier spécifique, par exemple C:\ccleaner
http://www.ccleaner.com/download/builds

Attention!
Ccleaner Basic n'existe pas encore pour la nouvelle version 2.01.507
Il faut donc télécharger la version "Standard", mais refuser l'installation de la Barre d'outils Yahoo!

Lancer le programme.
Note: il est inutile de modifier les paramètres autres que ceux décrits ci-dessous:
Si nécessaire, aller dans Options et choisir le langage: Français.
*- Dans le menu Nettoyeur - onglet Windows, cocher:
Internet Explorer: Fichiers Internet Temporaires, Cookies
Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
Avancé: Vieilles données du Prefetch
*- Dans le menu Options - sous-menu Avancé, décocher:
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
*- Dans le menu Nettoyeur - onglet Applications, cocher:
Internet: Sun Java
*- Si cela est possible, dans le menu Nettoyeur - onglet Applications, cocher:
Firefox/Mozilla: Cache Internet, Cookies

Cliquer sur Analyse
Dans le menu Options - sous-menu Cookies, faire passer dans le panneau de droite les cookies que tu veux absolument conserver.
Puis dans le menu Nettoyeur, cliquer sur le bouton Lancer le nettoyage.
Fermer le programme.


Étape 2: AVG Anti-Spyware
Lancer AVG Anti-Spyware.
Cliquer sur le menu Analyse.
Cliquer sur l'onglet Paramètres.
Dans Comment réagir?, cliquer sur Actions recommandées et choisir Quarantaine.
Dans Comment faire l'analyse?, vérifier que toutes les cases sont cochées.
Dans Programmes potentiellement dangereux, vérifier que toutes les cases sont cochées.
Vérifier que le bouton-radio Ne pas générer automatiquement de rapport est coché.

Cliquer sur le menu Mise à jour.
Si nécessaire, dans la colonne Paramètres (à droite), saisir les paramètres du proxy.
Dans le paragraphe Mise à jour manuelle, cliquer sur le bouton Commencer la mise à jour.
Attendre la fin de cette mise à jour puis fermer le programme.
Ne pas lancer d'analyse maintenant!


Étape 3: SmitfraudFix (de S!ri), option 1: Recherche
Télécharger SmitfraudFix depuis http://siri.urz.free.fr/Fix/SmitfraudFix.exe
ou http://siri.geekstogo.com/SmitfraudFix.exe
Enregistrer ce fichier sur le Bureau.

Faire un double clic sur SmitfraudFix.exe pour lancer l'outil.
Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Notes:
1/ Il faut autoriser l'exécution de l'intégralité du scipt Visual Basic (fichier de type vbs) une seule fois en cas d'alerte par ton antivirus.
2/ process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. Site officiel. Il faut le laisser s'exécuter.


Étape 4: Résultat
Envoyer en réponse:
*- le rapport de SmitfraudFix (contenu du fichier C:\rapport.txt)
*- le log HijackThis (contenu du fichier HJT1.txt)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede piksso » 01 Oct 2007, 12:03

NickW,

Voici le rapport de SmitfraudFix :

SmitFraudFix v2.230

Rapport fait à 12:48:21.00, 01/10/2007
Executé à partir de D:\Mes documents\Personal Data\SET UP\Nettoyage\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\WD2055.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\elodie.pradel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\elodie.pradel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ELODIE~1.PRA\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="AMInit.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Bluetooth Personal Area Network from TOSHIBA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2F8681F9-BF97-46C7-BE68-0FC3C701E7BF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2F8681F9-BF97-46C7-BE68-0FC3C701E7BF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2C583F88-A0D7-40E1-97E5-1C58ADB84CAB}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2F8681F9-BF97-46C7-BE68-0FC3C701E7BF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


et voici le log HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:57, on 01/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\WD2055.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.arinso.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - C:\WINDOWS\mscore.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://www.mediapluspro.com/mediaplus65 ... Viewer.CAB
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.mediapluspro.com/mediaplus65 ... ccinst.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://usema31.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManag ... ownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DC8DC31B-4EF2-46BA-8F33-7FD2CC604C72} (ENIInetTools2.clsManager) - http://www.mediapluspro.com/mediaplus65 ... Plugin.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://arinso.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://intranet.arinso.com/dms/xupload/XUpload.ocx
O16 - DPF: {FE35DDBA-59B1-42F0-AFA8-CABBFA7B5C36} (LSArtefact2.clsManager) - http://www.mediapluspro.com/mediaplus65 ... efact2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ext.ms.dsi.cnrs.fr
O17 - HKLM\Software\..\Telephony: DomainName = ext.ms.dsi.cnrs.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ext.ms.dsi.cnrs.fr
O20 - AppInit_DLLs: AMInit.dll
O21 - SSODL: drvsvp - {31E688C1-3455-48F4-B9D8-77D4687DAFDF} - C:\WINDOWS\drvsvp.dll
O21 - SSODL: msmduo - {A4E3C098-49AA-409B-8E8A-667BFDCE0C8F} - C:\WINDOWS\msmduo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL501 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13213 bytes

Merci d'avance pour ton aide
piksso
 
Messages: 5
Inscription: 01 Oct 2007, 10:10

Messagede nickW » 01 Oct 2007, 12:11

Re-Bonjour,

Tu n'as pas suivi mes instructions! :twisted: :twisted:

J'ai écrit:
Étape 3: SmitfraudFix (de S!ri), option 1: Recherche
Télécharger SmitfraudFix depuis http://siri.urz.free.fr/Fix/SmitfraudFix.exe


Si tu l'avais fait, tu aurais utilisé la version 2.234 ... qui détecte l'infection de ton PC!

Donc, il te faut recommencer l'étape 3 et envoyer le nouveau log.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede piksso » 01 Oct 2007, 12:45

Désolée, je suis allée effectivement un peu vite.
Voici le nouveau rapport :

SmitFraudFix v2.234

Rapport fait à 13:36:24.96, 01/10/2007
Executé à partir de D:\Mes documents\Personal Data\SET UP\Nettoyage\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\WD2055.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\drvsvp.dll PRESENT !
C:\WINDOWS\mscore.dll PRESENT !
C:\WINDOWS\msmduo.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\elodie.pradel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\elodie.pradel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ELODIE~1.PRA\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="AMInit.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Bluetooth Personal Area Network from TOSHIBA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2F8681F9-BF97-46C7-BE68-0FC3C701E7BF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2F8681F9-BF97-46C7-BE68-0FC3C701E7BF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2C583F88-A0D7-40E1-97E5-1C58ADB84CAB}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2F8681F9-BF97-46C7-BE68-0FC3C701E7BF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
piksso
 
Messages: 5
Inscription: 01 Oct 2007, 10:10

Messagede nickW » 01 Oct 2007, 13:48

Re-Bonjour,

La suite (... avec la bonne version :wink:)

Au vu de la longueur de la procédure, je te conseille de l'imprimer, d'enregistrer la page dans un fichier HTML (c'est la meilleure solution), ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet à partir de l'étape 1).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser en mode sans échec.



Étape 1: Mode sans échec
Redémarrer en mode sans échec.
Voir http://assiste.com.free.fr/p/comment/co ... echec.html
Fermer le plus possible de fenêtres.
Pas de connexion Internet ouverte.


Étape 2: Ccleaner
Lancer le programme.
Dans le menu Nettoyeur, cliquer sur le bouton Lancer le nettoyage.
Fermer Ccleaner.


Étape 3: SmitfraudFix (de S!ri), option 2: Nettoyage
Ouvrir le dossier SmitfraudFix situé sur le Bureau.
Faire un double clic sur smitfraudfix.cmd.
Après l'affichage du menu, taper 2 puis faire Entrée pour supprimer les fichiers responsables de l'infection.
A la question: Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de registre permettant le démarrage automatique de l'infection.
L'outil déterminera si le fichier wininet.dll est infecté. A la question: Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage.
Notes:
1/ Il faut autoriser l'exécution de l'intégralité du scipt Visual Basic (fichier de type vbs) une seule fois en cas d'alerte par ton antivirus.
2/ process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. Site officiel. Il faut le laisser s'exécuter.

Pour rétablir le fond d'écran du Bureau (s'il a disparu):
Démarrer--->Paramètres---->Panneau de configuration---->Affichage---->Onglet Bureau---->Bouton "Personnalisation du Bureau"---->Onglet Web
Dans la zone Pages Web, ne laisser que la ligne "Ma page d'accueil" en la décochant


Étape 4: AVG Anti-Spyware
Il faut être en mode sans échec. Si ce n'est pas le cas, redémarrer en mode sans échec.
Lancer AVG Anti-Spyware et cliquer sur le menu Analyse.
Cliquer sur Analyse complète du système.
IMPORTANT: Ne pas ouvrir de fenêtre, ne pas lancer de programme pendant l'exécution de AVG Anti-Spyware, car cela pourrait interférer avec le processus de recherche.

A la fin de l'analyse, cliquer sur Appliquer toutes les actions
Ensuite, Sauver le rapport: Enregistrer le rapport d'analyse puis Enregistrer le rapport sous.
Fermer AVG Anti-Spyware.


Étape 5: Redémarrage
Redémarrer en mode normal.
Générer un nouveau log HijackThis.
Envoyer en réponse:
*- ce nouveau log HijackThis
*- le rapport de AVG Anti-Spyware enregistré lors de l'étape 4
*- le rapport de SmitfraudFix, option 2 (contenu du fichier C:\rapport.txt).

en précisant si le problème initial est toujours là.
Indiquer aussi les difficultés rencontrées au cours des différentes étapes.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede piksso » 01 Oct 2007, 17:05

Voici le nouveau log HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:47, on 01/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\MT3B61.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.arinso.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://www.mediapluspro.com/mediaplus65 ... Viewer.CAB
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.mediapluspro.com/mediaplus65 ... ccinst.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://usema31.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManag ... ownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DC8DC31B-4EF2-46BA-8F33-7FD2CC604C72} (ENIInetTools2.clsManager) - http://www.mediapluspro.com/mediaplus65 ... Plugin.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://arinso.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://intranet.arinso.com/dms/xupload/XUpload.ocx
O16 - DPF: {FE35DDBA-59B1-42F0-AFA8-CABBFA7B5C36} (LSArtefact2.clsManager) - http://www.mediapluspro.com/mediaplus65 ... efact2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ext.ms.dsi.cnrs.fr
O17 - HKLM\Software\..\Telephony: DomainName = ext.ms.dsi.cnrs.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ext.ms.dsi.cnrs.fr
O20 - AppInit_DLLs: AMInit.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL501 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13189 bytes


le rapport de AVG Anti-Spyware :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:46:18 01/10/2007

+ Résultat de l'analyse:



Rien à signaler.



Fin du rapport

le rapport de SmitfraudFix :

SmitFraudFix v2.234

Rapport fait à 15:36:18,81, 01/10/2007
Executé à partir de D:\Mes documents\Personal Data\SET UP\Nettoyage\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
10.54.172.10 slbr3poc.arinso.com
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 cts.180solutions.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 installs.180solutions.com
127.0.0.1 nowhere.180solutions.com
127.0.0.1 ping.180solutions.com
127.0.0.1 tv.180solutions.com
127.0.0.1 uploads.180solutions.com
127.0.0.1 public.zangocash.com
127.0.0.1 www.public.zangocash.com
127.0.0.1 static.zangocash.com
127.0.0.1 www.static.zangocash.com
127.0.0.1 www.zangocash.com
127.0.0.1 zangocash.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 2search.com
127.0.0.1 www.2search.com
127.0.0.1 2search.org
127.0.0.1 www.2search.org
127.0.0.1 bardownload.com
127.0.0.1 www.bardownload.com
127.0.0.1 download.bardownload.com
127.0.0.1 www.download.bardownload.com
127.0.0.1 feeds.2search.com
127.0.0.1 www.feeds.2search.com
127.0.0.1 feeds2.2search.org
127.0.0.1 www.feeds2.2search.org
127.0.0.1 install.007guard.com
127.0.0.1 www.install.007guard.com
127.0.0.1 the.007guard.com
127.0.0.1 www.the.007guard.com
127.0.0.1 topbrowsing.com
127.0.0.1 www.topbrowsing.com
127.0.0.1 2squared.com
127.0.0.1 www.2squared.com
127.0.0.1 play3w.com
127.0.0.1 www.play3w.com
127.0.0.1 playon.play3w.com
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 3abetterinternet.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 bigtrafficnetwork.com
127.0.0.1 www.bigtrafficnetwork.com
127.0.0.1 download.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.toolbar3.trafficgeneration.biz
127.0.0.1 www.toolbar5.trafficgeneration.biz
127.0.0.1 trafficgeneration.biz
127.0.0.1 www.trafficgeneration.biz
127.0.0.1 www3.bigtrafficnetwork.com
127.0.0.1 iframebiz.com
127.0.0.1 www.iframebiz.com
127.0.0.1 absolutee.com
127.0.0.1 www.absolutee.com
127.0.0.1 pornohome.net
127.0.0.1 www.pornohome.net
127.0.0.1 adarmor.com
127.0.0.1 www.adarmor.com
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 admin2cash.biz
127.0.0.1 www.admin2cash.biz
127.0.0.1 ad.mokead.com
127.0.0.1 www.ad.mokead.com
127.0.0.1 mokead.com
127.0.0.1 www.mokead.com
127.0.0.1 adprotect.com
127.0.0.1 www.adprotect.com
127.0.0.1 adscontex.com
127.0.0.1 www.adscontex.com
127.0.0.1 miaminews365.net
127.0.0.1 www.miaminews365.net
127.0.0.1 redir.ws
127.0.0.1 www.redir.ws
127.0.0.1 www.zestyfind.com
127.0.0.1 zestyfind.com
127.0.0.1 miosearch.com
127.0.0.1 www.miosearch.com
127.0.0.1 advcash.biz
127.0.0.1 www.advcash.biz
127.0.0.1 adwarebazooka.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 get.adwarebazooka.com
127.0.0.1 adwarefinder.com
127.0.0.1 www.adwarefinder.com
127.0.0.1 nbcsearch.com
127.0.0.1 www.nbcsearch.com
127.0.0.1 adwarepunisher.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 hu15.ru
127.0.0.1 hut1.ru
127.0.0.1 all4internet.com
127.0.0.1 www.all4internet.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 www.tinybar.com
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 i-used.cc
127.0.0.1 k-lined.com
127.0.0.1 antispyware.com
127.0.0.1 www.antispyware.com
127.0.0.1 spysoldier.com
127.0.0.1 www.spysoldier.com
127.0.0.1 antivermins.com
127.0.0.1 www.antivermins.com
127.0.0.1 anti-vermins.com
127.0.0.1 www.anti-vermins.com
127.0.0.1 dl1.antivermins.com
127.0.0.1 antivirgear.com
127.0.0.1 www.antivirgear.com
127.0.0.1 dl1.antivirgear.com
127.0.0.1 sigmadown.biz
127.0.0.1 www.sigmadown.biz
127.0.0.1 anti-virus-pro.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 iwon.com
127.0.0.1 goldenfreehost.com
127.0.0.1 www.goldenfreehost.com
127.0.0.1 logs.vapochille.com
127.0.0.1 www.logs.vapochille.com
127.0.0.1 asta-killer.com
127.0.0.1 realphx.com
127.0.0.1 antivirusgolden.com
127.0.0.1 www.antivirusgolden.com
127.0.0.1 azebar.com
127.0.0.1 toolbar.azebar.com
127.0.0.1 www.toolbar.azebar.com
127.0.0.1 n3.net
127.0.0.1 sdbot.n3.net
127.0.0.1 www.supernet.speedserv.com
127.0.0.1 topsite.us
127.0.0.1 www.topsite.us
127.0.0.1 topsites.us
127.0.0.1 www.topsites.us
127.0.0.1 topsitez.us
127.0.0.1 www.topsitez.us
127.0.0.1 lfxmsc.gov.cn
127.0.0.1 www.lfxmsc.gov.cn
127.0.0.1 www.zjkjw.gov.cn
127.0.0.1 zjkjw.gov.cn
127.0.0.1 multitrader.info
127.0.0.1 www.multitrader.info
127.0.0.1 arquivojpgs.smtp.ru
127.0.0.1 www.arquivojpgs.smtp.ru
127.0.0.1 pochta.ru
127.0.0.1 www.pochta.ru
127.0.0.1 smtp.ru
127.0.0.1 www.smtp.ru
127.0.0.1 cartoes.uol.com.br
127.0.0.1 hobbypesca.com.br
127.0.0.1 www.hobbypesca.com.br
127.0.0.1 ofuxico.uol.com.br
127.0.0.1 newmediaidea.com
127.0.0.1 www.newmediaidea.com
127.0.0.1 bettersearch.biz
127.0.0.1 www.bettersearch.biz
127.0.0.1 asdeykuddq.com
127.0.0.1 www.asdeykuddq.com
127.0.0.1 asidseiupc.com
127.0.0.1 www.asidseiupc.com
127.0.0.1 fjsynebcod.com
127.0.0.1 www.fjsynebcod.com
127.0.0.1 qiudheadsd.com
127.0.0.1 www.qiudheadsd.com
127.0.0.1 superbgirlz.com
127.0.0.1 www.superbgirlz.com
127.0.0.1 blazefind.com
127.0.0.1 jerrynews.com
127.0.0.1 www.jerrynews.com
127.0.0.1 bonzi.com
127.0.0.1 www.bonzi.com
127.0.0.1 bookedspace.com
127.0.0.1 www.bookedspace.com
127.0.0.1 bravesentry.com
127.0.0.1 www.bravesentry.com
127.0.0.1 download.bravesentry.com
127.0.0.1 www.download.bravesentry.com
127.0.0.1 featured-results.com
127.0.0.1 searchmadesafe.net
127.0.0.1 quicklaunch.com
127.0.0.1 aavc.com
127.0.0.1 acjp.com
127.0.0.1 ebav.com
127.0.0.1 ebaw.com
127.0.0.1 ebch.com
127.0.0.1 ebdv.com
127.0.0.1 ebdw.com
127.0.0.1 ebgo.com
127.0.0.1 ebjp.com
127.0.0.1 ebkb.com
127.0.0.1 ebkn.com
127.0.0.1 ebky.com
127.0.0.1 eblv.com
127.0.0.1 ebmu.com
127.0.0.1 ebvr.com
127.0.0.1 ecmh.com
127.0.0.1 ecmp.com
127.0.0.1 ecpm.com
127.0.0.1 ecwz.com
127.0.0.1 ecyb.com
127.0.0.1 edhq.com
127.0.0.1 edty.com
127.0.0.1 eduy.com
127.0.0.1 eeev.com
127.0.0.1 emch.com
127.0.0.1 farse.com
127.0.0.1 germany.rub.to
127.0.0.1 H24413.tfil.com
127.0.0.1 ibmx.com
127.0.0.1 icwb.com
127.0.0.1 icwo.com
127.0.0.1 icwp.com
127.0.0.1 iddh.com
127.0.0.1 idhh.com
127.0.0.1 ifiz.com
127.0.0.1 iguu.com
127.0.0.1 lop.com
127.0.0.1 rub.to
127.0.0.1 samz.com
127.0.0.1 saoe.com
127.0.0.1 sbee.com
127.0.0.1 sbjr.com
127.0.0.1 sbnl.com
127.0.0.1 sbnt.com
127.0.0.1 sbvr.com
127.0.0.1 scbm.com
127.0.0.1 sckr.com
127.0.0.1 scrk.com
127.0.0.1 sdry.com
127.0.0.1 search.rub.to
127.0.0.1 seld.com
127.0.0.1 sfux.com
127.0.0.1 sheat.com
127.0.0.1 sipo.com
127.0.0.1 smds.com
127.0.0.1 srib.com
127.0.0.1 srox.com
127.0.0.1 srsf.com
127.0.0.1 ssaw.com
127.0.0.1 ssby.com
127.0.0.1 surj.com
127.0.0.1 tbvg.com
127.0.0.1 tdak.com
127.0.0.1 tdko.com
127.0.0.1 tdmy.com
127.0.0.1 tefs.com
127.0.0.1 tfil.com
127.0.0.1 thko.com
127.0.0.1 tjar.com
127.0.0.1 tjaw.com
127.0.0.1 tjdo.com
127.0.0.1 tjem.com
127.0.0.1 tjgo.com
127.0.0.1 torc.com
127.0.0.1 unitedstates.rub.to
127.0.0.1 wabq.com
127.0.0.1 wabu.com
127.0.0.1 wbkb.com
127.0.0.1 wethere.com
127.0.0.1 www.wethere.com
127.0.0.1 wfix.com
127.0.0.1 wflu.com
127.0.0.1 c4tdownload.com
127.0.0.1 www.c4tdownload.com
127.0.0.1 hostance.net
127.0.0.1 www.hostance.net
127.0.0.1 b.casalemedia.com
127.0.0.1 casalemedia.com
127.0.0.1 www.casalemedia.com
127.0.0.1 cashsurfers.com
127.0.0.1 www.cashsurfers.com
127.0.0.1 cashdeluxe.net
127.0.0.1 www.cashdeluxe.net
127.0.0.1 CashUnlim.com
127.0.0.1 www.CashUnlim.com
127.0.0.1 stats.cashdeluxe.net
127.0.0.1 www.stats.cashdeluxe.net
127.0.0.1 tsx.org
127.0.0.1 upx.tsx.org
127.0.0.1 888.com
127.0.0.1 www.888.com
127.0.0.1 images.888.com
127.0.0.1 whoisprivacyprotect.com
127.0.0.1 www.whoisprivacyprotect.com
127.0.0.1 data-hoster.com
127.0.0.1 www.data-hoster.com
127.0.0.1 netsearchsoft.com
127.0.0.1 www.netsearchsoft.com
127.0.0.1 pcgewinnen.de
127.0.0.1 www.pcgewinnen.de
127.0.0.1 breenten.biz
127.0.0.1 www.breenten.biz
127.0.0.1 ozonung.biz
127.0.0.1 www.ozonung.biz
127.0.0.1 troonety.biz
127.0.0.1 www.troonety.biz
127.0.0.1 votreenton.biz
127.0.0.1 www.votreenton.biz
127.0.0.1 www.zurrusco.com
127.0.0.1 zurrusco.com
127.0.0.1 1987324.com
127.0.0.1 www.1987324.com
127.0.0.1 out.true-counter.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 c.centralmedia.ws
127.0.0.1 centralmedia.ws
127.0.0.1 Sexxpassport.com
127.0.0.1 www.Sexxpassport.com
127.0.0.1 clickspring.net
127.0.0.1 www.clickspring.net
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 ac66.cn
127.0.0.1 www.ac66.cn
127.0.0.1 bigwww.com
127.0.0.1 www.bigwww.com
127.0.0.1 chenshijituan.com
127.0.0.1 www.chenshijituan.com
127.0.0.1 cnzz.com
127.0.0.1 www.cnzz.com
127.0.0.1 down.136136.net
127.0.0.1 ert0003.e76.163ns.com
127.0.0.1 jhzjyj.bigwww.com
127.0.0.1 mir.100888290cs.com
127.0.0.1 q36.cn
127.0.0.1 www.q36.cn
127.0.0.1 s59.cnzz.com
127.0.0.1 tzxsj.com
127.0.0.1 www.tzxsj.com
127.0.0.1 u7u.cn
127.0.0.1 www.u7u.cn
127.0.0.1 wg581.com
127.0.0.1 www.wg581.com
127.0.0.1 woool.100888290cs.com
127.0.0.1 cnetadd.com
127.0.0.1 www.cnetadd.com
127.0.0.1 3721.com
127.0.0.1 139mm.com
127.0.0.1 www.139mm.com
127.0.0.1 okmmm.com
127.0.0.1 www.okmmm.com
127.0.0.1 adservs.com
127.0.0.1 command.adservs.com
127.0.0.1 csx.adservs.com
127.0.0.1 www.csx.adservs.com
127.0.0.1 nonameforthisdomain.com
127.0.0.1 www.nonameforthisdomain.com
127.0.0.1 www.commonname.com
127.0.0.1 contentmatch.net
127.0.0.1 www.contentmatch.net
127.0.0.1 contra-virus.com
127.0.0.1 www.contra-virus.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1-extreme.biz
127.0.0.1 www.1-extreme.biz
127.0.0.1 1sexparty.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 2020search.com
127.0.0.1 www.2020search.com
127.0.0.1 20x2p.com
127.0.0.1 24teen.com
127.0.0.1 www.24teen.com
127.0.0.1 36site.com
127.0.0.1 www.36site.com
127.0.0.1 4corn.net
127.0.0.1 www.4corn.net
127.0.0.1 4klm.com
127.0.0.1 6sek.com
127.0.0.1 www.6sek.com
127.0.0.1 75tz.com
127.0.0.1 777top.com
127.0.0.1 www.777top.com
127.0.0.1 8ad.com
127.0.0.1 www.8ad.com
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessthefuture.net
127.0.0.1 acemedic.com
127.0.0.1 www.acemedic.com
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 ad25.com
127.0.0.1 ad45.com
127.0.0.1 ad77.com
127.0.0.1 ad86.com
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adipics.com
127.0.0.1 www.adipics.com
127.0.0.1 adspics.com
127.0.0.1 www.adspics.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adult-friends-finder.net
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adultgambling.org
127.0.0.1 adult-host.org
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adultsgames.net
127.0.0.1 adulttds.com
127.0.0.1 www.adulttds.com
127.0.0.1 advert.exaccess.ru
127.0.0.1 africaspromise.org
127.0.0.1 agentstudio.com
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 alfa-search.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 allcybersearch.com
127.0.0.1 allhyperlinks.com
127.0.0.1 all-inet.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 almarvideos.com
127.0.0.1 amandamountains.com
127.0.0.1 american-teens.net
127.0.0.1 amigeek.com
127.0.0.1 amisbusiness.com
127.0.0.1 analmovi.com
127.0.0.1 anin.org
127.0.0.1 annaromeo.com
127.0.0.1 antrocity.com
127.0.0.1 anything4health.com
127.0.0.1 approvedlinks.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 apsua.com
127.0.0.1 aregay.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 artachnid.com
127.0.0.1 art-func.com
127.0.0.1 art-xxx.com
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdbiz.biz
127.0.0.1 asiankingkong.com
127.0.0.1 ass-gals.com
127.0.0.1 athenrye.com
127.0.0.1 avian-ads.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 backup.mabou.org
127.0.0.1 bannedhost.net
127.0.0.1 barbudafarms.com
127.0.0.1 barnandfence.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bbbsearch.com
127.0.0.1 bb-search.com
127.0.0.1 bdsmlibrary.net
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 best-counter.com
127.0.0.1 bestcrawler.com
127.0.0.1 bestfor.ru
127.0.0.1 best-hardpics.com
127.0.0.1 bestporngate.com
127.0.0.1 best-winning-casino.com
127.0.0.1 bestxporno.com
127.0.0.1 bitchesonline.net
127.0.0.1 blackjack-free.net
127.0.0.1 blender.xu.pl
127.0.0.1 bodaciousbabette.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 bradcoem.org
127.0.0.1 brandiyoung.com
127.0.0.1 brookeburn.com
127.0.0.1 bucps.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 buttejazz.org
127.0.0.1 buyselldomain.net
127.0.0.1 calcioturris.com
127.0.0.1 camup.net
127.0.0.1 canberracricketcoaching.com
127.0.0.1 candycantaloupes.com
127.0.0.1 cantfind.com
127.0.0.1 careers.dulcineasystems.net
127.0.0.1 carsands.com
127.0.0.1 carsrentals.net
127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
127.0.0.1 casino2win.net
127.0.0.1 casino-gambling-1.net
127.0.0.1 casino-gambling-2.net
127.0.0.1 casinomidas.net
127.0.0.1 casinonline.net
127.0.0.1 casino-onlines.net
127.0.0.1 catallogue.com
127.0.0.1 catsss.da.ru
127.0.0.1 caxa.ru
127.0.0.1 cc.panet.org
127.0.0.1 ccecaedbebfcaf.com
127.0.0.1 www.ccecaedbebfcaf.com
127.0.0.1 cclebali.org
127.0.0.1 ceewawires.org
127.0.0.1 certumgroup.com
127.0.0.1 chelancatering.com
127.0.0.1 childrenvilla.com
127.0.0.1 chips-4-free.com
127.0.0.1 chrisswasey.com
127.0.0.1 chriswallace.net
127.0.0.1 ckick4thumbs.com
127.0.0.1 clackamasliteraryreview.com
127.0.0.1 clearsearch.cc
127.0.0.1 clearsearch.net
127.0.0.1 clickaire.com
127.0.0.1 click-now.net
127.0.0.1 clickyestoenter.net
127.0.0.1 clrsch.com
127.0.0.1 cmtapestry.com
127.0.0.1 coolfetishsite.com
127.0.0.1 coolfreehost.com
127.0.0.1 coolfreepage.com
127.0.0.1 coolfreepages.com
127.0.0.1 cool-homepage.co
127.0.0.1 cool-homepage.com
127.0.0.1 coolmoneysearch.com
127.0.0.1 coolpornsearch.com
127.0.0.1 cool-search.net
127.0.0.1 cool-search.netfartpost.com
127.0.0.1 coolsearcher.info
127.0.0.1 coolservecorp.net
127.0.0.1 www.coolservecorp.net
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 cool-web-search.com
127.0.0.1 coolwebsearsh.com
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 copmtraine.com
127.0.0.1 couldnotfind.com
127.0.0.1 count.cc
127.0.0.1 count-all.com
127.0.0.1 cracks.me.uk
127.0.0.1 creamedcutties.com
127.0.0.1 creditsearchonline.com
127.0.0.1 crestring.com
127.0.0.1 crooder.com
127.0.0.1 curvedspaces.com
127.0.0.1 cvs.jps.ru
127.0.0.1 cvsymphony.com
127.0.0.1 cydom.com
127.0.0.1 daily-gals.com
127.0.0.1 dancingbabycd.com
127.0.0.1 datanotary.com
127.0.0.1 datareco.com
127.0.0.1 davemarshall.org
127.0.0.1 db105.com
127.0.0.1 dcfitusa.com
127.0.0.1 defaultsearch.net
127.0.0.1 derklaif.biz
127.0.0.1 www.derklaif.biz
127.0.0.1 desarrollocreativo.com
127.0.0.1 dev.ntcor.com
127.0.0.1 develip.com
127.0.0.1 dewis.spb.ru
127.0.0.1 dewis.us
127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
127.0.0.1 dietpills4free.com
127.0.0.1 dietpussy.com
127.0.0.1 digistreamsa.com
127.0.0.1 dionforvalleycouncil.org
127.0.0.1 dnl.mabou.org
127.0.0.1 doctorwaldron.com
127.0.0.1 document-not-found.pornpic.org
127.0.0.1 doggyaction.com
127.0.0.1 domains2003.net
127.0.0.1 domains-for-you-online.com
127.0.0.1 domain-your-registration.com
127.0.0.1 domkrat.com
127.0.0.1 download.secureyournet.biz
127.0.0.1 www.download.secureyournet.biz
127.0.0.1 dp-host.com
127.0.0.1 dragqueen.gay-clan.com
127.0.0.1 drug-sources-exposed.com
127.0.0.1 drvvv.com
127.0.0.1 dulcineasystems.net
127.0.0.1 dutch-sex.com
127.0.0.1 dvdbank.org
127.0.0.1 eases.net
127.0.0.1 easyantispy.com
127.0.0.1 easycategories.com
127.0.0.1 easy-search.net
127.0.0.1 easysearchingtips.com
127.0.0.1 ecosrioplatenses.org
127.0.0.1 ecstasyporn.net
127.0.0.1 eikokoike.com
127.0.0.1 e-localad.com
127.0.0.1 enjoywebsurf.com
127.0.0.1 e-plus.cc
127.0.0.1 epornsex.com
127.0.0.1 euuu.com
127.0.0.1 evidence-detector.biz
127.0.0.1 evilspidercomics.com
127.0.0.1 evko.biz
127.0.0.1 www.evko.biz
127.0.0.1 ewebsearch.net
127.0.0.1 e-websitesolutions.com
127.0.0.1 ewizard.cc
127.0.0.1 exaccess.ru
127.0.0.1 www.exaccess.ru
127.0.0.1 excellentsckin.com
127.0.0.1 extremeseek.net
127.0.0.1 faithstevens.com
127.0.0.1 fantasiewelten.com
127.0.0.1 farmsteadbandb.com
127.0.0.1 fartpost.com
127.0.0.1 fastwebfinder.com
127.0.0.1 faxporn.com
127.0.0.1 fhg.panet.org
127.0.0.1 finance-loans.com
127.0.0.1 find4u.net
127.0.0.1 find-itnow.com
127.0.0.1 findit-now.com
127.0.0.1 findloss.com
127.0.0.1 findthesite.com
127.0.0.1 find-uk-health.co.uk
127.0.0.1 fine-search.net
127.0.0.1 fionasteel.com
127.0.0.1 firstbookmark.net
127.0.0.1 fitness-free.com
127.0.0.1 foodvacations.net
127.0.0.1 forex.jps.ru
127.0.0.1 forexcredit.com
127.0.0.1 forexcredit.ru
127.0.0.1 formingfusions.com
127.0.0.1 forsythfire.net
127.0.0.1 forthline.com
127.0.0.1 free4porno.net
127.0.0.1 free64all.com
127.0.0.1 freebookmark.net
127.0.0.1 freebookmarks.net
127.0.0.1 freecategories.com
127.0.0.1 free-chipes.com
127.0.0.1 freecoolhost.com
127.0.0.1 free-hit.com
127.0.0.1 free-pics-and-movies.com
127.0.0.1 freerbhost.com
127.0.0.1 free-sex-movie-clips.net
127.0.0.1 freeshemalepics.net
127.0.0.1 freeyaho.com
127.0.0.1 freshseek.com
127.0.0.1 freshteensite.com
127.0.0.1 full-search.net
127.0.0.1 funny-girls.com
127.0.0.1 ga31.com
127.0.0.1 gabrielscott.com
127.0.0.1 galpostgirls.com
127.0.0.1 gals-for-free.com
127.0.0.1 gambling-online4you.com
127.0.0.1 gameterror.net
127.0.0.1 gay50.com
127.0.0.1 gay-clan.com
127.0.0.1 generalsmeltingofcanada.com
127.0.0.1 geteens.com
127.0.0.1 getpicshere.com
127.0.0.1 gimmezamore.com
127.0.0.1 gimnasiaer.com
127.0.0.1 girls4rent.net
127.0.0.1 girls-porn-life.com
127.0.0.1 glbdf.org
127.0.0.1 global-finder.com
127.0.0.1 globe-finder.cc
127.0.0.1 globe-finder.com
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com
127.0.0.1 go2-search.com
127.0.0.1 gocybersearch.com
127.0.0.1 golftennis.net
127.0.0.1 good-mortgages.net
127.0.0.1 good-mortgages-calculator.com
127.0.0.1 goodsexs.com
127.0.0.1 google.panet.org
127.0.0.1 googlebar.jps.ru
127.0.0.1 googlf.com
127.0.0.1 gradforum.org
127.0.0.1 gratisdownloads.nl
127.0.0.1 gratis-porn-movie.com
127.0.0.1 gratis-pornopics.com
127.0.0.1 guzzycats.com
127.0.0.1 gzphoenix.com
127.0.0.1 hallnetaccolade.com
127.0.0.1 hand-book.com
127.0.0.1 happyanal.com
127.0.0.1 hardbodytgp.com
127.0.0.1 hardcoreover.com
127.0.0.1 hard-gals.com
127.0.0.1 hardloved.com
127.0.0.1 hardwareseek.net
127.0.0.1 harukaigawa.com
127.0.0.1 havy.biz
127.0.0.1 hccsolanonapa.org
127.0.0.1 health-protein.com
127.0.0.1 hentai4u.net
127.0.0.1 here4search.com
127.0.0.1 heyrichy.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 hiddenguides.com
127.0.0.1 himen.biz
127.0.0.1 hi-search.com
127.0.0.1 hitlistlyrics.com
127.0.0.1 holidayautostr.com
127.0.0.1 homemortage.ws
127.0.0.1 hostssp.com
127.0.0.1 hotbookmark.com
127.0.0.1 hot-cartoon-sex.anime.american-teens.net
127.0.0.1 hotels-list.net
127.0.0.1 hotelxxxcams.com
127.0.0.1 hotfreebies.com
127.0.0.1 www.hotfreebies.com
127.0.0.1 hotpopup.com
127.0.0.1 hotsearchbox.com
127.0.0.1 hotsex-series.com
127.0.0.1 hotstartpage.com
127.0.0.1 hqsex.biz
127.0.0.1 hugeporn4u.net
127.0.0.1 hunacsa.com
127.0.0.1 hupacasath.com
127.0.0.1 hzsx.com
127.0.0.1 icansearch.net
127.0.0.1 iefeadsl.com
127.0.0.1 ie-search.com
127.0.0.1 incestporngate.com
127.0.0.1 infodigger.net
127.0.0.1 infoglobus.com
127.0.0.1 inherhole.com
127.0.0.1 insertthiscock.com
127.0.0.1 insuranceall.net
127.0.0.1 insurance-flood.net
127.0.0.1 internetsearch.ru
127.0.0.1 ionichost.com
127.0.0.1 ionomist.com
127.0.0.1 ipsex.net
127.0.0.1 itsanal.com
127.0.0.1 itseasy.us
127.0.0.1 iweb-commerce.com
127.0.0.1 iwebland.com
127.0.0.1 jeannineoldfield.com
127.0.0.1 jetseeker.com
127.0.0.1 jmhgallery.org
127.0.0.1 joannelatham.com
127.0.0.1 jps.ru
127.0.0.1 judin.ru
127.0.0.1 junkysex.com
127.0.0.1 karleyt.narod.ru
127.0.0.1 kathisomers.com
127.0.0.1 kazaa-lite.ws
127.0.0.1 keithgreenpro.com
127.0.0.1 kenmccaul.com
127.0.0.1 kilosex.com
127.0.0.1 kimhines.com
127.0.0.1 kinoru.com
127.0.0.1 ksdspups.org
127.0.0.1 landrape.com
127.0.0.1 lauraroebuck.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 leannalovelace.com
127.0.0.1 lesobank.ru
127.0.0.1 libertyonlinehosting.com
127.0.0.1 lingerie-mania.com
127.0.0.1 lisamatthew.com
127.0.0.1 livegambling.com
127.0.0.1 liveholio.com
127.0.0.1 livenewspaper.com
127.0.0.1 lookfor.cc
127.0.0.1 looking-for.cc
127.0.0.1 louiseleeds.com
127.0.0.1 lovelas.com
127.0.0.1 lovelysearch.com
127.0.0.1 love-pix.com
127.0.0.1 low-taxes.com
127.0.0.1 luckysearch.net
127.0.0.1 lunitaweb.net
127.0.0.1 lustful-porno.com
127.0.0.1 mabou.org
127.0.0.1 www.mabou.org
127.0.0.1 mackinnonsbrook.org
127.0.0.1 madfinder.com
127.0.0.1 madisonmoons.com
127.0.0.1 madisonoilco.com
127.0.0.1 madonalive.com
127.0.0.1 majuozawa.com
127.0.0.1 makin-do.com
127.0.0.1 male4free.com
127.0.0.1 map-quest.org
127.0.0.1 marilynchamber.com
127.0.0.1 martfinder.com
127.0.0.1 massearch.com
127.0.0.1 matetrava.com
127.0.0.1 mature50.com
127.0.0.1 matureporngate.com
127.0.0.1 maxdzines.com
127.0.0.1 mcgeeforlabor.com
127.0.0.1 mdstunisie.org
127.0.0.1 medicare-insurance.net
127.0.0.1 medicare-supplemental.com
127.0.0.1 mega-dating-tips.com
127.0.0.1 megumikanzaki.com
127.0.0.1 meshalynn.com
127.0.0.1 meta-adult.com
127.0.0.1 meta-casino.com
127.0.0.1 metafora.ru
127.0.0.1 meta-mobile.com
127.0.0.1 metapoisk.ru
127.0.0.1 meta-porn.com
127.0.0.1 michiyonakajima.com
127.0.0.1 miconsultamedica.com
127.0.0.1 mikasakamoto.com
127.0.0.1 mikoni.com
127.0.0.1 militarygods.porn4porn.net
127.0.0.1 millennialpeople.org
127.0.0.1 mipham.org
127.0.0.1 missingcommand.com
127.0.0.1 mommykiss.com
127.0.0.1 moneyhunters.com
127.0.0.1 montgomeryhospitalanesthesia.com
127.0.0.1 morflot.com
127.0.0.1 mortgage-debt.net
127.0.0.1 mortismaximus.com
127.0.0.1 moscowwhores.com
127.0.0.1 moviecategories.com
127.0.0.1 mp3-pix.com
127.0.0.1 mpeg-look.com
127.0.0.1 mrtg.jps.ru
127.0.0.1 msnguard.cc
127.0.0.1 msn-info.net
127.0.0.1 multipussy.com
127.0.0.1 mundopolar.com
127.0.0.1 mustv.com
127.0.0.1 mywebsearch.net
127.0.0.1 nativehardcore.com
127.0.0.1 naturalspy.com
127.0.0.1 nav.mabou.org
127.0.0.1 nbasportsbook.net
127.0.0.1 nellyslyrics.com
127.0.0.1 nepgyan.com
127.0.0.1 nesrecords.com
127.0.0.1 net.mabou.org
127.0.0.1 net.xibu315.com
127.0.0.1 netfartpost.com
127.0.0.1 netshastra.net
127.0.0.1 nettime.ru
127.0.0.1 nettracker.jps.ru
127.0.0.1 netyellowpages.info
127.0.0.1 nevest.net
127.0.0.1 newcategories.com
127.0.0.1 newcracks.com
127.0.0.1 newcracks.net
127.0.0.1 new-incest.com
127.0.0.1 newlife-lajolla.com
127.0.0.1 new-search.net
127.0.0.1 newsexgate.com
127.0.0.1 newtonsracks.com
127.0.0.1 newxpics.com
127.0.0.1 nhlsportsbook.net
127.0.0.1 niagaracapital.com
127.0.0.1 niche-tv.com
127.0.0.1 nmrba.com
127.0.0.1 noblindlinks.com
127.0.0.1 www.noblindlinks.com
127.0.0.1 nocalories.net
127.0.0.1 nocensor.com
127.0.0.1 noproblemsurf.com
127.0.0.1 nsbabes.com
127.0.0.1 ntcor.com
127.0.0.1 www.ntcor.com
127.0.0.1 nuclearwitness.org
127.0.0.1 n-udd.com
127.0.0.1 nursemania.com
127.0.0.1 nvntour.com
127.0.0.1 nvphall.org
127.0.0.1 oborot.com
127.0.0.1 ocalalivestockmarket.com
127.0.0.1 ocsff.com
127.0.0.1 oeatlanta.com
127.0.0.1 oharrowsearch.com
127.0.0.1 ok-search.com
127.0.0.1 okulta.com
127.0.0.1 omegabrains.net
127.0.0.1 onemoresearch.net
127.0.0.1 online-casino-1.net
127.0.0.1 online-casino-bonus.info
127.0.0.1 online-casinos-x.com
127.0.0.1 onlineserverz.com
127.0.0.1 onlinetradings.net
127.0.0.1 online-winning.net
127.0.0.1 onlycunt.com
127.0.0.1 onlyinsured.com
127.0.0.1 operanabuco.com
127.0.0.1 opsex.com
127.0.0.1 oregoncharters.org
127.0.0.1 ormandcompany.com
127.0.0.1 otrlives.com
127.0.0.1 ozawamadoka.com
127.0.0.1 paigesummer.com
127.0.0.1 pamelacollections.com
127.0.0.1 panamcup.com
127.0.0.1 panet.org
127.0.0.1 www.panet.org
127.0.0.1 pantygirls4u.com
127.0.0.1 pantyhoserealm.com
127.0.0.1 pantyplace.com
127.0.0.1 pastubes.com
127.0.0.1 paulapage.com
127.0.0.1 paulhoover.com
127.0.0.1 payfortraffic.net
127.0.0.1 pcspyremover.com
127.0.0.1 pedo.ws
127.0.0.1 people.1gb.ru
127.0.0.1 pervertbot.com
127.0.0.1 pharmacy2003.com
127.0.0.1 pharma-diet-pills.com
127.0.0.1 pharmalocator.com
127.0.0.1 phendimetrazine-tenuate-adipex.com
127.0.0.1 picsdir.com
127.0.0.1 picsforbucks.com
127.0.0.1 picsofseductiveladies.com
127.0.0.1 pics-videos.com
127.0.0.1 picture-posters.com
127.0.0.1 pills-birth-control.com
127.0.0.1 pillsmall.com
127.0.0.1 pilotronix.com
127.0.0.1 pixpox.com
127.0.0.1 planemusic.com
127.0.0.1 poiska.net
127.0.0.1 poker-casino-free.com
127.0.0.1 poker-games-free.net
127.0.0.1 polradiologia.com
127.0.0.1 pooi.net
127.0.0.1 porn4porn.net
127.0.0.1 porncamz.com
127.0.0.1 pornfree.info
127.0.0.1 pornnightdreams.com
127.0.0.1 pornokopec.com
127.0.0.1 pornpic.org
127.0.0.1 porn-screen.com
127.0.0.1 porn-teacher.com
127.0.0.1 porntetris.com
127.0.0.1 porntwist.com
127.0.0.1 powerwebsearch.com
127.0.0.1 prblitz.com
127.0.0.1 pretypics.com
127.0.0.1 pribalt.com
127.0.0.1 privacy-support.biz
127.0.0.1 privateporn.net
127.0.0.1 prosearching.com
127.0.0.1 www.prosearching.com
127.0.0.1 prostactive.com
127.0.0.1 prostol.com
127.0.0.1 protect-yourself.biz
127.0.0.1 prsainlandempire.org
127.0.0.1 psn.cn
127.0.0.1 put-your-link-here.com
127.0.0.1 p-uud.com
127.0.0.1 pyrocorp.com
127.0.0.1 quick-search.ws
127.0.0.1 quiksearchgenealogy.com
127.0.0.1 r16254.coolservecorp.net
127.0.0.1 rack.cc
127.0.0.1 radfrall.org
127.0.0.1 ramgo.com
127.0.0.1 ranafrog.ne
127.0.0.1 rapegate.com
127.0.0.1 rb37.com
127.0.0.1 redbudbmx.com
127.0.0.1 refinance-help.com
127.0.0.1 removeearthkeepers.org
127.0.0.1 rf104.com
127.0.0.1 rightfinder.net
127.0.0.1 robbsproshop.com
127.0.0.1 robertferencz.com
127.0.0.1 rotocasters.com
127.0.0.1 royalsearch.net
127.0.0.1 runsearch.com
127.0.0.1 russiansponsor.com
127.0.0.1 russogay.com
127.0.0.1 s2.exocrew.com
127.0.0.1 sacitylife.com
127.0.0.1 samplegals.com
127.0.0.1 sbssurvivor.com
127.0.0.1 scarypix.com
127.0.0.1 sccdnet.com
127.0.0.1 schoolforest.com
127.0.0.1 search.psn.cn
127.0.0.1 search.xrenoder.com
127.0.0.1 search-1.net
127.0.0.1 search-2003.com
127.0.0.1 search-777.com
127.0.0.1 search-about.net
127.0.0.1 searchadultweb.com
127.0.0.1 searchbutler.com
127.0.0.1 searchbutler.org
127.0.0.1 searchbuttler.com
127.0.0.1 searchclick.cc
127.0.0.1 searchcomplete.com
127.0.0.1 searchdesire.com
127.0.0.1 searchdot.net
127.0.0.1 searchexpander.com
127.0.0.1 searchfastnet.com
127.0.0.1 searchforge.com
127.0.0.1 search-hawk.com
127.0.0.1 searching-the-net.com
127.0.0.1 search-log.com
127.0.0.1 search-meta.com
127.0.0.1 searchmeta.md
127.0.0.1 searchmeta.net
127.0.0.1 www.searchmeta.net
127.0.0.1 searchmeta.ru
127.0.0.1 searchmeta.webhost.ru
127.0.0.1 search-motor.com
127.0.0.1 searchnow.ws
127.0.0.1 searchonfly.com
127.0.0.1 search-safe.com
127.0.0.1 search-to-find.com
127.0.0.1 SEARCHTOFIND.NET
127.0.0.1 www.SEARCHTOFIND.NET
127.0.0.1 search-what.net
127.0.0.1 searchwhatuwant.com
127.0.0.1 searchxp.com
127.0.0.1 sebot.com
127.0.0.1 securenp.org
127.0.0.1 secureyournet.biz
127.0.0.1 www.secureyournet.biz
127.0.0.1 security-warning.biz
127.0.0.1 seehardcore.com
127.0.0.1 seekwell.net
127.0.0.1 selfbookmark.com
127.0.0.1 selfbookmark.info
127.0.0.1 selfbookmark.net
127.0.0.1 sex.free4porno.net
127.0.0.1 sex-coach.com
127.0.0.1 sex-festival.com
127.0.0.1 sexgalleries4all.com
127.0.0.1 sexmoviesnet.com
127.0.0.1 sexpatriot.net
127.0.0.1 sexpornonline.com
127.0.0.1 sex-video-galleries.com
127.0.0.1 sexy18.cc
127.0.0.1 sexycat.adult-host.org
127.0.0.1 sfbayfolkboats.com
127.0.0.1 sgirls.net
127.0.0.1 sharempeg.com
127.0.0.1 shopcards.net
127.0.0.1 shopknights.com
127.0.0.1 sic02.com
127.0.0.1 sintrader.com
127.0.0.1 site1.ru
127.0.0.1 sites-in-web.com
127.0.0.1 sitevictoria.com
127.0.0.1 sixroads.com
127.0.0.1 skakalka.ru
127.0.0.1 slawsearch.com
127.0.0.1 smartsumo.com
127.0.0.1 smutarchive.net
127.0.0.1 solongas.com
127.0.0.1 sonomaevents.com
127.0.0.1 spermatrix.com
127.0.0.1 sportbooks-free4you.com
127.0.0.1 spros.com
127.0.0.1 spyass.com
127.0.0.1 spybotremover.net
127.0.0.1 spyorgy.net
127.0.0.1 ss.panet.org
127.0.0.1 staceyowens.com
127.0.0.1 stacistaxx.com
127.0.0.1 stacystaxx.com
127.0.0.1 start-space.com
127.0.0.1 steamycock.com
127.0.0.1 sterva.com
127.0.0.1 stevecashdollar.com
127.0.0.1 stop-tracking.biz
127.0.0.1 stopvotefraud.com
127.0.0.1 stopxxxpics.com
127.0.0.1 strekoza.com
127.0.0.1 studioaperto.net
127.0.0.1 stuffstore.com
127.0.0.1 styleclickink.com
127.0.0.1 summercollins.com
127.0.0.1 summitcross.com
127.0.0.1 supersexmachine.com
127.0.0.1 superwebsearch.com
127.0.0.1 super-websearch.com
127.0.0.1 supret.com
127.0.0.1 suzannebrecht.com
127.0.0.1 sweeteenz.com
127.0.0.1 t.rack.cc
127.0.0.1 t058.com
127.0.0.1 tacil.org
127.0.0.1 tangounion.com
127.0.0.1 tastethemusic.com
127.0.0.1 tax-refund4you.com
127.0.0.1 tech-jobs.ws
127.0.0.1 technology-related.com
127.0.0.1 teen-biz.com
127.0.0.1 teen-pic-post.com
127.0.0.1 teenpornosex.com
127.0.0.1 teens4free.net
127.0.0.1 teensact.com
127.0.0.1 teensgate.com
127.0.0.1 teensguru.com
127.0.0.1 teenswamp.com
127.0.0.1 testosterone-birth-control.com
127.0.0.1 tgp-4-you.com
127.0.0.1 the-exit.com
127.0.0.1 thefakejournal.com
127.0.0.1 the-huns-yellow-pages.com
127.0.0.1 thehuy.net
127.0.0.1 theproxy.org
127.0.0.1 therealsearch.com
127.0.0.1 thesten.com
127.0.0.1 thornleygroup.com
127.0.0.1 tings.org
127.0.0.1 tinybar.com
127.0.0.1 titanvision.com
127.0.0.1 titsianna.com
127.0.0.1 tit-x.com
127.0.0.1 toddhayes.com
127.0.0.1 toolbar.cc
127.0.0.1 toolbarbucks.biz
127.0.0.1 www.toolbarbucks.biz
127.0.0.1 toon-comics.com
127.0.0.1 topx.cc
127.0.0.1 trackhits.cc
127.0.0.1 tracktraff.cc
127.0.0.1 traff5all.biz
127.0.0.1 www.traff5all.biz
127.0.0.1 trafficback.com
127.0.0.1 trafficswitcher.com
127.0.0.1 travel.picture-posters.com
127.0.0.1 true-counter.com
127.0.0.1 www.true-counter.com
127.0.0.1 true-portal.com
127.0.0.1 trytechnical.com
127.0.0.1 u-239.com
127.0.0.1 u45.cx
127.0.0.1 u46.cx
127.0.0.1 u47.cc
127.0.0.1 u48.cc
127.0.0.1 ufindall.click-now.net
127.0.0.1 umaxsearch.com
127.0.0.1 une-autre-france.com
127.0.0.1 unigays.com
127.0.0.1 unipages.cc
127.0.0.1 up2you.ru
127.0.0.1 uralitel.ru
127.0.0.1 urlstat.com
127.0.0.1 urlstat.ru
127.0.0.1 ursie.net
127.0.0.1 usefullsoft.net
127.0.0.1 utahsweet.com
127.0.0.1 utopicportal.com
127.0.0.1 uusocialjustice.org
127.0.0.1 uydsiygeds.com
127.0.0.1 www.uydsiygeds.com
127.0.0.1 v-224.com
127.0.0.1 v61.com
127.0.0.1 www.v61.com
127.0.0.1 vaginpics.com
127.0.0.1 valmyers.com
127.0.0.1 vegas-free.com
127.0.0.1 vegbuy.com
127.0.0.1 veloventures.com
127.0.0.1 veryeasysearch.com
127.0.0.1 verzila.com
127.0.0.1 victoriaadam.com
127.0.0.1 videocategories.com
127.0.0.1 vipru.com
127.0.0.1 www.vipru.com
127.0.0.1 vitamins-for-each.com
127.0.0.1 votehowe.org
127.0.0.1 vxebony.com
127.0.0.1 wakeupdick.com
127.0.0.1 warnomore.org
127.0.0.1 watersport-specialties.com
127.0.0.1 webcoolsearch.com
127.0.0.1 web-homepage.net
127.0.0.1 web-search.tk
127.0.0.1 websearchdot.com
127.0.0.1 weekend-movies.com
127.0.0.1 wetpornostars.com
127.0.0.1 whatsyoursearch.com
127.0.0.1 white-pages.ws
127.0.0.1 whittierblvd.com
127.0.0.1 win-in-casino.com
127.0.0.1 winmsn.com
127.0.0.1 winprotect.net
127.0.0.1 winshow.biz
127.0.0.1 wiresearch.com
127.0.0.1 wolfpacracing.com
127.0.0.1 wordlist.jps.ru
127.0.0.1 wpc2001.org
127.0.0.1 wspzone.sexpornonline.com
127.0.0.1 wwwbet.net
127.0.0.1 wwwbetting.net
127.0.0.1 wwwpokergames.com
127.0.0.1 wwwpokerplayers.com
127.0.0.1 wwwroulette.net
127.0.0.1 xcomics4u.com
127.0.0.1 x-google.net
127.0.0.1 www.xibu315.com
127.0.0.1 xibu315.com
127.0.0.1 xic-bs.com
127.0.0.1 xldr.com
127.0.0.1 x-library.com
127.0.0.1 xp18.com
127.0.0.1 www.xrenoder.com
127.0.0.1 xrenoder.com
127.0.0.1 xrenosearch.com
127.0.0.1 xtragay.com
127.0.0.1 xu.pl
127.0.0.1 xu.xu.pl
127.0.0.1 x-webdesign.com
127.0.0.1 www.xwebsearch.biz
127.0.0.1 xwebsearch.biz
127.0.0.1 xxxcategories.com
127.0.0.1 xxxemailxxx.com
127.0.0.1 yahoo.panet.org
127.0.0.1 y-e-l-l-o-w.com
127.0.0.1 yellow500.com
127.0.0.1 yezol.com
127.0.0.1 youfindall.com
127.0.0.1 youfindall.net
127.0.0.1 yourbookmarks.info
127.0.0.1 yourbookmarks.ws
127.0.0.1 your-prescriptions.net
127.0.0.1 you-search.com.ru
127.0.0.1 you-search.com
127.0.0.1 ypir.com
127.0.0.1 ysa-info.net
127.0.0.1 yukohamano.com
127.0.0.1 ywebsearch.info
127.0.0.1 zapros.com
127.0.0.1 www.zelaznyworld.com
127.0.0.1 zelaznyworld.com
127.0.0.1 zesearch.com
127.0.0.1 ziportal.com
127.0.0.1 zipportal.com
127.0.0.1 www.znext.com
127.0.0.1 znext.com
127.0.0.1 zoneoffreeporn.com
127.0.0.1 zoomegasite.com
127.0.0.1 zvimigdal.com
127.0.0.1 zyban-zocor-levitra.com
127.0.0.1 idgsearch.com
127.0.0.1 cameup.com
127.0.0.1 kliksearch.com
127.0.0.1 searchmeup.com
127.0.0.1 msupdate.net
127.0.0.1 www.msupdate.net
127.0.0.1 redirect.msupdate.net
127.0.0.1 omega-search.com
127.0.0.1 adaware.cc
127.0.0.1 ad-ware.cc
127.0.0.1 count.hitscount.net
127.0.0.1 dl.ad-ware.cc
127.0.0.1 downloads.adaware.cc
127.0.0.1 fined.biz
127.0.0.1 hitscount.net
127.0.0.1 magicsearch.ws
127.0.0.1 www.magicsearch.ws
127.0.0.1 aulde.net
127.0.0.1 www.aulde.net
127.0.0.1 searchdrive.info
127.0.0.1 wwwsearchdrive.info
127.0.0.1 tooncomics.com
127.0.0.1 hervam.com
127.0.0.1 www.hervam.com
127.0.0.1 komforochka.info
127.0.0.1 www.komforochka.info
127.0.0.1 nunah.info
127.0.0.1 www.nunah.info
127.0.0.1 vother.info
127.0.0.1 www.vother.info
127.0.0.1 wm.komforochka.info
127.0.0.1 www.wm.komforochka.info
127.0.0.1 wm.vother.info
127.0.0.1 www.wm.vother.info
127.0.0.1 cool-xxx.net
127.0.0.1 www.cantfind.com
127.0.0.1 crazywinnings.com
127.0.0.1 www.crazywinnings.com
127.0.0.1 frame.crazywinnings.com
127.0.0.1 topconverting.com
127.0.0.1 www.topconverting.com
127.0.0.1 crystalysmedia.com
127.0.0.1 www.crystalysmedia.com
127.0.0.1 curepcsolutions.com
127.0.0.1 www.curepcsolutions.com
127.0.0.1 pcflashsoft.com
127.0.0.1 www.pcflashsoft.com
127.0.0.1 spylog.com
127.0.0.1 www.spylog.com
127.0.0.1 game4all.biz
127.0.0.1 www.game4all.biz
127.0.0.1 canidetect.org
127.0.0.1 www.canidetect.org
127.0.0.1 ebestfind.org
127.0.0.1 www.ebestfind.org
127.0.0.1 findanyshow.org
127.0.0.1 www.findanyshow.org
127.0.0.1 findwapsite.org
127.0.0.1 www.findwapsite.org
127.0.0.1 itfindout.org
127.0.0.1 www.itfindout.org
127.0.0.1 nowsearchonline.org
127.0.0.1 www.nowsearchonline.org
127.0.0.1 asianpornmag.com
127.0.0.1 www.asianpornmag.com
127.0.0.1 ebony-pornmag.com
127.0.0.1 www.ebony-pornmag.com
127.0.0.1 lesbianspornmag.com
127.0.0.1 www.lesbianspornmag.com
127.0.0.1 nylonpornmag.com
127.0.0.1 www.nylonpornmag.com
127.0.0.1 shemalespornmag.com
127.0.0.1 www.shemalespornmag.com
127.0.0.1 asiantoolbar.com
127.0.0.1 www.asiantoolbar.com
127.0.0.1 dailytoolbar.com
127.0.0.1 www.dailytoolbar.com
127.0.0.1 maturetoolbar.com
127.0.0.1 www.maturetoolbar.com
127.0.0.1 revolto3.da.ru
127.0.0.1 dating-search.net
127.0.0.1 andromedical.com
127.0.0.1 www.andromedical.com
127.0.0.1 deskbar.worldtostart.com
127.0.0.1 www.deskbar.worldtostart.com
127.0.0.1 worldtostart.com
127.0.0.1 www.worldtostart.com
127.0.0.1 dialer-shop.com
127.0.0.1 www.dialer-shop.com
127.0.0.1 dialoff.com
127.0.0.1 www.dialoff.com
127.0.0.1 5starvideos.com
127.0.0.1 www.5starvideos.com
127.0.0.1 digikeygen.com
127.0.0.1 www.digikeygen.com
127.0.0.1 moviereality.com
127.0.0.1 www.moviereality.com
127.0.0.1 securityindex.net
127.0.0.1 www.securityindex.net
127.0.0.1 sexpicsporn.com
127.0.0.1 www.sexpicsporn.com
127.0.0.1 dcdl.dmcast.com
127.0.0.1 dcww.dmcast.com
127.0.0.1 dmcast.com
127.0.0.1 www.dmcast.com
127.0.0.1 dudu.com
127.0.0.1 www.dudu.com
127.0.0.1 ibm.dmcast.com
127.0.0.1 ulink13.dudu.com
127.0.0.1 ulink7.dudu.com
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 dotcomtoolbar.com
127.0.0.1 www.dotcomtoolbar.com
127.0.0.1 easywww.info
127.0.0.1 www.easywww.info
127.0.0.1 search.findthewebsiteyouneed.com
127.0.0.1 www.search.findthewebsiteyouneed.com
127.0.0.1 linksummary.com
127.0.0.1 downloadmax.net
127.0.0.1 www.downloadmax.net
127.0.0.1 flrxtools.greatnuke.com
127.0.0.1 flrx-tools.net
127.0.0.1 www.flrx-tools.net
127.0.0.1 de.drivecleaner.com
127.0.0.1 fr.drivecleaner.com
127.0.0.1 www.fr.drivecleaner.com
127.0.0.1 gomyron.com
127.0.0.1 www.gomyron.com
127.0.0.1 helpyourpcnow.com
127.0.0.1 www.helpyourpcnow.com
127.0.0.1 best-targeted-traffic.com
127.0.0.1 www.best-targeted-traffic.com
127.0.0.1 www.xsec.org
127.0.0.1 xsec.org
127.0.0.1 wanfuchina.com
127.0.0.1 www.wanfuchina.com
127.0.0.1 www.zxlinks.com
127.0.0.1 zxlinks.com
127.0.0.1 duolaimi.net
127.0.0.1 cdn.movies-etc.com
127.0.0.1 cdn2.movies-etc.com
127.0.0.1 internet-optimizer.com
127.0.0.1 www.internet-optimizer.com
127.0.0.1 movies-etc.com
127.0.0.1 www.yoogee.com
127.0.0.1 yoogee.com
127.0.0.1 de.ag
127.0.0.1 games.de.ag
127.0.0.1 www.games.de.ag
127.0.0.1 little-download.net
127.0.0.1 www.little-download.net
127.0.0.1 little-help.com
127.0.0.1 www.little-help.com
127.0.0.1 toolbarbest.biz
127.0.0.1 www.toolbarbest.biz
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 971searchbox.com
127.0.0.1 www.971searchbox.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 adshttp.com
127.0.0.1 www.adshttp.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adsonwww.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 clickhere4search.com
127.0.0.1 www.clickhere4search.com
127.0.0.1 clicktomakeasearch.com
127.0.0.1 www.clicktomakeasearch.com
127.0.0.1 directsearchzone.com
127.0.0.1 www.directsearchzone.com
127.0.0.1 dnaads.com
127.0.0.1 www.dnaads.com
127.0.0.1 easysearch4you.com
127.0.0.1 www.easysearch4you.com
127.0.0.1 enterthesearch.com
127.0.0.1 www.enterthesearch.com
127.0.0.1 esearch2005.com
127.0.0.1 www.esearch2005.com
127.0.0.1 eza1netsearch.com
127.0.0.1 www.eza1netsearch.com
127.0.0.1 ezwebsearching.com
127.0.0.1 www.ezwebsearching.com
127.0.0.1 globalefinder.com
127.0.0.1 www.globalefinder.com
127.0.0.1 go2realsearch.com
127.0.0.1 www.go2realsearch.com
127.0.0.1 httpwwwads.com
127.0.0.1 www.httpwwwads.com
127.0.0.1 msupdater.net
127.0.0.1 www.msupdater.net
127.0.0.1 myseachexplorer.com
127.0.0.1 www.myseachexplorer.com
127.0.0.1 quicksearch360.com
127.0.0.1 www.quicksearch360.com
127.0.0.1 s1s1s1search.com
127.0.0.1 www.s1s1s1search.com
127.0.0.1 search101online.com
127.0.0.1 www.search101online.com
127.0.0.1 search123forme.com
127.0.0.1 www.search123forme.com
127.0.0.1 search345quest.com
127.0.0.1 www.search345quest.com
127.0.0.1 searchmiracle.com
127.0.0.1 www.searchmiracle.com
127.0.0.1 searchtheworld4you.com
127.0.0.1 www.searchtheworld4you.com
127.0.0.1 searchwebzone.com
127.0.0.1 www.searchwebzone.com
127.0.0.1 seektheglobe.com
127.0.0.1 www.seektheglobe.com
127.0.0.1 sitesearchcentral.com
127.0.0.1 www.sitesearchcentral.com
127.0.0.1 the818search-co.com
127.0.0.1 www.the818search-co.com
127.0.0.1 type2find.com
127.0.0.1 www.type2find.com
127.0.0.1 www.xosearchox.com
127.0.0.1 xosearchox.com
127.0.0.1 www.yoursearchspace.com
127.0.0.1 yoursearchspace.com
127.0.0.1 savehits.com
127.0.0.1 www.savehits.com
127.0.0.1 energy-factor.com
127.0.0.1 www.energy-factor.com
127.0.0.1 errorkiller.com
127.0.0.1 www.errorkiller.com
127.0.0.1 bin.errorprotector.com
127.0.0.1 errorprotector.com
127.0.0.1 www.errorprotector.com
127.0.0.1 404dns.com
127.0.0.1 www.404dns.com
127.0.0.1 br.errorsafe.com
127.0.0.1 cdn.errorsafe.com
127.0.0.1 de.errorsafe.com
127.0.0.1 download.cdn.errorsafe.com
127.0.0.1 download.errorsafe.com
127.0.0.1 errorsafe.com
127.0.0.1 www.errorsafe.com
127.0.0.1 errorsdns.com
127.0.0.1 www.errorsdns.com
127.0.0.1 go.errorsafe.com
127.0.0.1 idnserror.com
127.0.0.1 www.idnserror.com
127.0.0.1 iednserror.com
127.0.0.1 www.iednserror.com
127.0.0.1 iesecurepage.com
127.0.0.1 www.iesecurepage.com
127.0.0.1 instlog.errorsafe.com
127.0.0.1 kb.errorsafe.com
127.0.0.1 nl.errorsafe.com
127.0.0.1 se.errorsafe.com
127.0.0.1 secure.errorsafe.com
127.0.0.1 utils.errorsafe.com
127.0.0.1 kr62.com
127.0.0.1 www.kr62.com
127.0.0.1 bullseye-network.com
127.0.0.1 www.bullseye-network.com
127.0.0.1 offers.bullseye-network.com
127.0.0.1 www.offers.bullseye-network.com
127.0.0.1 ezcybersearch.com
127.0.0.1 www.ezcybersearch.com
127.0.0.1 www.jethomepage.com
127.0.0.1 otcmomo.com
127.0.0.1 ez-searching.com
127.0.0.1 geil-de.info
127.0.0.1 www.geil-de.info
127.0.0.1 souljah.com
127.0.0.1 www.souljah.com
127.0.0.1 cameouk.co.uk
127.0.0.1 www.cameouk.co.uk
127.0.0.1 floorsovertexas.com
127.0.0.1 www.floorsovertexas.com
127.0.0.1 graceinthedesert.org
127.0.0.1 www.graceinthedesert.org
127.0.0.1 hiboss.com
127.0.0.1 www.hiboss.com
127.0.0.1 northernsoulclub.com
127.0.0.1 www.northernsoulclub.com
127.0.0.1 oxfordclockrepairs.co.uk
127.0.0.1 www.oxfordclockrepairs.co.uk
127.0.0.1 releaseforlife.com
127.0.0.1 www.releaseforlife.com
127.0.0.1 starcleaningservice.com.au
127.0.0.1 www.starcleaningservice.com.au
127.0.0.1 airtleworld.com
127.0.0.1 www.airtleworld.com
127.0.0.1 domaincar.com
127.0.0.1 www.domaincar.com
127.0.0.1 worldray.com
127.0.0.1 www.worldray.com
127.0.0.1 www5.worldray.com
127.0.0.1 www6.worldray.com
127.0.0.1 lavl-vicky.com
127.0.0.1 www.lavl-vicky.com
127.0.0.1 marketing-know-how.com
127.0.0.1 www.marketing-know-how.com
127.0.0.1 findthewebsiteyouneed.com
127.0.0.1 www.findthewebsiteyouneed.com
127.0.0.1 fixerantispy.com
127.0.0.1 www.fixerantispy.com
127.0.0.1 flashdollars.com
127.0.0.1 www.flashdollars.com
127.0.0.1 signupprocess.com
127.0.0.1 www.signupprocess.com
127.0.0.1 americancarbargains.com
127.0.0.1 www.americancarbargains.com
127.0.0.1 dogproblemswebsite.com
127.0.0.1 www.dogproblemswebsite.com
127.0.0.1 dvdtocdsite.com
127.0.0.1 www.dvdtocdsite.com
127.0.0.1 edietprogram.com
127.0.0.1 www.edietprogram.com
127.0.0.1 extremepaidsurveys.com
127.0.0.1 www.extremepaidsurveys.com
127.0.0.1 hotmp3music.com
127.0.0.1 www.hotmp3music.com
127.0.0.1 sharedgamesite.com
127.0.0.1 www.sharedgamesite.com
127.0.0.1 sharedmoviesite.com
127.0.0.1 www.sharedmoviesite.com
127.0.0.1 sharedtvsite.com
127.0.0.1 www.sharedtvsite.com
127.0.0.1 adwareprotectionsite.com
127.0.0.1 www.adwareprotectionsite.com
127.0.0.1 antivirusprotector.com
127.0.0.1 www.antivirusprotector.com
127.0.0.1 registrycleanersite.com
127.0.0.1 www.registrycleanersite.com
127.0.0.1 spywareremoversite.com
127.0.0.1 www.spywareremoversite.com
127.0.0.1 freehqmovies.com
127.0.0.1 freescratchandwin.com
127.0.0.1 xzoomy.com
127.0.0.1 myfuncards.smileycentral.com
127.0.0.1 www.myfuncards.smileycentral.com
127.0.0.1 smileycentral.com
127.0.0.1 findwhatevernow.com
127.0.0.1 www.findwhatevernow.com
127.0.0.1 fickenisgeil.de
127.0.0.1 www.gocybersearch.com
127.0.0.1 gohip.com
127.0.0.1 www.gohip.com
127.0.0.1 goldengr.hypermart.net
127.0.0.1 antiddos.us
127.0.0.1 www.antiddos.us
127.0.0.1 earthllnk.net
127.0.0.1 www.earthllnk.net
127.0.0.1 getpatytoday.info
127.0.0.1 www.getpatytoday.info
127.0.0.1 my-dedik-one.com
127.0.0.1 www.my-dedik-one.com
127.0.0.1 mayancasino.com
127.0.0.1 hachimitsu-lemon.com
127.0.0.1 www.hachimitsu-lemon.com
127.0.0.1 hardcorefantasyland.com
127.0.0.1 www.hardcorefantasyland.com
127.0.0.1 hardfootballbabes.com
127.0.0.1 www.hardfootballbabes.com
127.0.0.1 www.digitalfan.com
127.0.0.1 free-popup-killer.com
127.0.0.1 www.free-popup-killer.com
127.0.0.1 hastalavista.com
127.0.0.1 www.hastalavista.com
127.0.0.1 ibankis.org
127.0.0.1 www.ibankis.org
127.0.0.1 get.hitvirus.com
127.0.0.1 hitvirus.com
127.0.0.1 www.hitvirus.com
127.0.0.1 homelandnetwork.COM
127.0.0.1 www.homelandnetwork.COM
127.0.0.1 google123.web1000.com
127.0.0.1 web1000.com
127.0.0.1 hotbar.com
127.0.0.1 begin2search.com
127.0.0.1 www.begin2search.com
127.0.0.1 mainstreamdollars.com
127.0.0.1 www.mainstreamdollars.com
127.0.0.1 huntbar.com
127.0.0.1 www.huntbar.com
127.0.0.1 infport.com
127.0.0.1 www.infport.com
127.0.0.1 srfgate.com
127.0.0.1 www.srfgate.com
127.0.0.1 totalvelocity.com
127.0.0.1 www.totalvelocity.com
127.0.0.1 webnetinfo.net
127.0.0.1 www.webnetinfo.net
127.0.0.1 imiserver.com
127.0.0.1 search.imiserver.com
127.0.0.1 ieplugin.com
127.0.0.1 search.ieplugin.com
127.0.0.1 onlinesecurityworld.com
127.0.0.1 www.onlinesecurityworld.com
127.0.0.1 smutserver.com
127.0.0.1 code.ignphrases.com
127.0.0.1 igetnet.com
127.0.0.1 www.igetnet.com
127.0.0.1 ignphrases.com
127.0.0.1 www.ignphrases.com
127.0.0.1 i-lookup.com
127.0.0.1 spidersearch.com
127.0.0.1 globalwebsearch.com
127.0.0.1 innovagest2000.com
127.0.0.1 www.innovagest2000.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 alfacleaner.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 spydeface.com
127.0.0.1 www.spydeface.com
127.0.0.1 www.xsremover.com
127.0.0.1 xsremover.com
127.0.0.1 instafinder.com
127.0.0.1 www.instafinder.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 acrobat-2007.com
127.0.0.1 www.acrobat-2007.com
127.0.0.1 acrobat-8.com
127.0.0.1 www.acrobat-8.com
127.0.0.1 acrobat-center.com
127.0.0.1 www.acrobat-center.com
127.0.0.1 acrobat-hq.com
127.0.0.1 www.acrobat-hq.com
127.0.0.1 acrobatreader-8.com
127.0.0.1 www.acrobatreader-8.com
127.0.0.1 acrobat-reader-8.de
127.0.0.1 www.acrobat-reader-8.de
127.0.0.1 acrobat-stop.com
127.0.0.1 www.acrobat-stop.com
127.0.0.1 adawarenow.com
127.0.0.1 www.adawarenow.com
127.0.0.1 adobe-download-now.com
127.0.0.1 adobe-downloads.com
127.0.0.1 www.adobe-downloads.com
127.0.0.1 adobe-reader-8.fr
127.0.0.1 www.adobe-reader-8.fr
127.0.0.1 all-bittorrent.com
127.0.0.1 www.all-bittorrent.com
127.0.0.1 all-downloads-now.com
127.0.0.1 www.all-downloads-now.com
127.0.0.1 all-edonkey.com
127.0.0.1 www.all-edonkey.com
127.0.0.1 all-limewire.com
127.0.0.1 www.all-limewire.com
127.0.0.1 antivir2007.com
127.0.0.1 www.antivir2007.com
127.0.0.1 antivirus.fastfreedownload.com
127.0.0.1 www.antivirus.fastfreedownload.com
127.0.0.1 antivirus-hq.net
127.0.0.1 www.antivirus-hq.net
127.0.0.1 antivirus-stop.com
127.0.0.1 www.antivirus-stop.com
127.0.0.1 ares-freebie.com
127.0.0.1 www.ares-freebie.com
127.0.0.1 arespro2007.com
127.0.0.1 aresultra.com
127.0.0.1 www.aresultra.com
127.0.0.1 ares-usa.com
127.0.0.1 www.ares-usa.com
127.0.0.1 avast.free-software-center.com
127.0.0.1 www.avast.free-software-center.com
127.0.0.1 avast-2007.com
127.0.0.1 www.avast-2007.com
127.0.0.1 avast-downloads.com
127.0.0.1 www.avast-downloads.com
127.0.0.1 avast-hq.com
127.0.0.1 www.avast-hq.com
127.0.0.1 avg.grab-it-today.net
127.0.0.1 www.avg.grab-it-today.net
127.0.0.1 avg.softwarecenterz.com
127.0.0.1 www.avg.softwarecenterz.com
127.0.0.1 avg-secure.com
127.0.0.1 www.avg-secure.com
127.0.0.1 azureusclub.com
127.0.0.1 www.azureusclub.com
127.0.0.1 azureus-freebie.com
127.0.0.1 www.azureus-freebie.com
127.0.0.1 bearshare.download-me.info
127.0.0.1 www.bearshare.download-me.info
127.0.0.1 bearshare.mp3-muzic.com
127.0.0.1 www.bearshare.mp3-muzic.com
127.0.0.1 bearshare-download.org
127.0.0.1 www.bearshare-download.org
127.0.0.1 bearshare-downloads.net
127.0.0.1 www.bearshare-downloads.net
127.0.0.1 bearsharelive.co.uk
127.0.0.1 www.bearsharelive.co.uk
127.0.0.1 bearshare-music-downloads.com
127.0.0.1 www.bearshare-music-downloads.com
127.0.0.1 bearsharepro2007.com
127.0.0.1 www.bearsharepro2007.com
127.0.0.1 bearshare-usa.com
127.0.0.1 www.bearshare-usa.com
127.0.0.1 bitcomet-freebie.com
127.0.0.1 www.bitcomet-freebie.com
127.0.0.1 click-to-download.com
127.0.0.1 www.click-to-download.com
127.0.0.1 directdvdpro.com
127.0.0.1 www.directdvdpro.com
127.0.0.1 download-2007.com
127.0.0.1 www.download-2007.com
127.0.0.1 download-ad-aware.com
127.0.0.1 www.download-ad-aware.com
127.0.0.1 download-all-4-free.com
127.0.0.1 www.download-all-4-free.com
127.0.0.1 download-all-area.com
127.0.0.1 www.download-all-area.com
127.0.0.1 download-antivir.com
127.0.0.1 www.download-antivir.com
127.0.0.1 downloadanysong.com
127.0.0.1 www.downloadanysong.com
127.0.0.1 download-avast.com
127.0.0.1 www.download-avast.com
127.0.0.1 downloadcorporation.com
127.0.0.1 www.downloadcorporation.com
127.0.0.1 download-dvdshrink.com
127.0.0.1 www.download-dvdshrink.com
127.0.0.1 download-for-free.net
127.0.0.1 www.download-for-free.net
127.0.0.1 downloadfreesoft.com
127.0.0.1 www.downloadfreesoft
piksso
 
Messages: 5
Inscription: 01 Oct 2007, 10:10

Messagede nickW » 01 Oct 2007, 22:42

Bonsoir,

Il faudrait envoyer le rapport de SmitfraudFix, option 2 (contenu du fichier C:\rapport.txt) après avoir enlevé toutes les lignes commençant par 127.0.0.1

Édité:
... et me dire si tu reçois toujours des publicités.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede piksso » 03 Oct 2007, 09:51

nickW,

Il semble que le pb soit résolu, les pop-up ne sont pas apprues depuis 2 jours Plutôt bon signe.
Je te remercie beaucoup pour ton aide.
piksso
 
Messages: 5
Inscription: 01 Oct 2007, 10:10

Messagede nickW » 03 Oct 2007, 23:35

Bonsoir,

Peux-tu demander une analyse en ligne du fichier C:\WINDOWS\TEMP\MT3B61.EXE

Mode d'emploi: http://assiste.com.free.fr/p/antivirus_ ... ligne.html
Site: http://www.virustotal.com/fr/


Un petit nettoyage à faire:
HijackThis
Fermer toutes les fenêtres de programme, fermer les navigateurs.
Lancer HijackThis.
Cliquer sur le bouton "Do a system scan only" ou "Scan"
Vérifier que HijackThis fera des sauvegardes: Dans "Config", cocher "Make backups before fixing items", puis cliquer sur le bouton "Back".
Cocher la case située devant la ligne ci-dessous, puis cliquer sur Fix checked:
(si cette ligne est absente, le signaler en réponse, après la fin de l'ensemble des étapes).

O2 - BHO: (no name) - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - (no file)
Fermer HijackThis.


Envoyer en réponse:
*- un nouveau log HijackThis
*- le résultat de l'analyse par VirusTotal

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 18 invités