Aide requise pour log Hijackthis
Forum Sécurité - Virus : Aide requise pour log Hijackthis
Bonjour à tous,
Voilà, après avoir fait un certain nombre de Scans (kapersky + spybot + Adaware + jv Powertool 16) j'en passe et des meilleurs, je me suis décider avant un bon vieu reformatage de lancer un petit hijackthis. Mais voilà étant donné que je suis novice dans ce compartiment de l'ordi, je m'en remet à vous qui semblez en connaître les ficelles .
Je poste donc ici le log hijackthis suivant, dites moi si certaines choses vous semble louches car mon UC grimpe a 100 pourcents et s'y maintient du moins entre 95 et 100 pourcents si je me met à jouer à titre d'exemple.
ps: j'ai penser à refaire les divers tests en mode sans échecs , mais celui-ci ne se lance plus du moins il charge les fichiers .sys etc mais reboot en mode normal (bien sûr restauration du système désactivée au préalable).
Logfile of HijackThis v1.99.1
Scan saved at 14:06:03, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Psycho\Menu Démarrer\Programmes\Démarrage\Q3E Minimizer_v1.30.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Xfire\Xfire.exe
H:\tools\logiciels divers\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Q3E Minimizer_v1.30.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer = 192.168.1.1,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer = 192.168.1.1,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer = 192.168.1.1,80.10.246.129
O18 - Protocol: bw+0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Fichiers communs\A&W\MidRadio.ocx
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
voilà, si une âme charitable peut me dire si quelque chose semble louche .Merci d'avance.
si quelqu'un peu jeter un coup d'oeil vite fait plz
Bonjour
Relance un scan HijackThis et coche les lignes ci-dessous :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: bw+0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8FD34192-A59B-4806-AB75-DC41898B0E8B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
ok merci je vais jeter un coup d'oeil le problème c'est qu'entre temps j'ai testé des trucs donc .. j essayes de ce pas^^ attends je préfère même te reposter ce que m'a redonné hijackthis entre temps avant toute manipulation (car entre temps certaines choses ont dû être supprimé et/ou corrigé.)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:52, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Psycho\Menu Démarrer\Programmes\Démarrage\Q3E Minimizer_v1.30.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: Q3E Minimizer_v1.30.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer = 192.168.1.1,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer = 192.168.1.1,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer = 192.168.1.1,80.10.246.129
O18 - Protocol: bw+0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: exultet - {4f5f16ef-af9d-4fe6-8410-f0670b58979d} - (no file)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 17729 bytes
ps: Chercheur ,je te le repost pour qu'on parte sur la même base car effectivement les logs ont quelques peu changés
Message édité par MagmA37 le 22-09-2007 à 20:15:44
Bonjour
Effectivement, il y a un peu de changement.
Il y a même une nouvelle infection que l'on attrape avec les vidéos X ou les cracks.
Relance un scan HijackThis et coche les lignes ci-dessous :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: bw+0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {60BB1557-13C1-4C66-818C-E4845E761AEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: exultet - {4f5f16ef-af9d-4fe6-8410-f0670b58979d} - (no file)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Tu le mets sur le Bureau.
Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Poste le rapport.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
Ok Chercheur , désolé pour le temps de réponse comem je l'ai dit je suis pas expert là dedans , j'en ai donc profiter pour y jeter un coup d'oeil. Sinon , en espérant avoir là ce que tu veux sans erreurs de ma part
SmitFraudFix v2.227
Rapport fait à 21:40:07,09, 22/09/2007
Executé à partir de C:\Documents and Settings\Psycho\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Psycho
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Psycho\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Psycho\Favoris
C:\DOCUME~1\Psycho\Favoris\Online Security Test.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 80.10.246.129
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer=192.168.1.1,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer=192.168.1.1,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer=192.168.1.1,80.10.246.129
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
en parallèle sous Everest , j'ai pu voir ça sur un de mes disques durs :
ID Description de l'attribut Seuil Valeur Pire valeur Données État
05 Reallocated Sector Count 63 1 1 637 Avertissement : une perte de données imminente est prédite par le sous-système matériel (PFA)
ceci étant dans un de mes disques durs (un bon vieu et inconnu Nikimi 30 giga) . C'est pas ca qui ve me faire diminuer mon cpu usage grr
Je ne sais pas ce que veux dire ce message d'Everest.
Expose ton problème dans la section Hardware.
* Télécharge
clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
* Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarres l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuyes sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionnes le mode sans échec approprié et appuyes sur Entrée.
* Lance le nettoyage avec CCleaner.
* Relance SmitfraudFix. Choisis cette fois l’option 2 et réponds oui à tout.
*Ouvre le dossier Clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Choisis l'option 2
Enregistre le rapport une fois le scan terminé
* Redémarre normalement et communique le deuxième rapport de SmitfraudFix, le rapport qui se trouve ici C:\rapport_clean.txt avec un nouveau rapport Hijackthis.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
merci je vais tenter quand bien même ce que tu me dis mais à titre informatif Chercheur dans mon premier post j avais dis ceci "ps: j'ai penser à refaire les divers tests en mode sans échecs , mais celui-ci ne se lance plus du moins il charge les fichiers .sys etc mais reboot en mode normal (bien sûr restauration du système désactivée au préalable).
"
donc la je viens de dl cleanzip , cccleaner je l'utilise déja tous les jours mais par la force des choses qu en mod normal. J' essayes de te dire au plus vite.
Edit : je viens de ressayer le mode sans echec reboot en mode normal après m'avoir averti sur le mode sans échec blabla le message normal^^. Que je répondes oui ou non ça ne change rien. 
Message édité par MagmA37 le 22-09-2007 à 23:57:42
Re
Télécharge SafeBoot.reg http://www.malekal.com/download/SafeBoot.reg
Pour télécharger ce fichier fais un clic droit sur le lien dans ma réponse choisis pour :
* Internet Explorer : Enregistrer la cible sous
* Firefox : Enregistrer la cible du lien sous
Enregistre ce fichier sur le bureau
Déconnecte ton PC du net
Clic droit sur SafeBoot.reg choisis Fusionner dans la liste, accepte la fusion avec le registre
Tente ensuite de redémarrer en mode sans échec.
Si cela ne marche toujours pas, fais la manip en mode normal.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
ok merci je verrais ça demain, je te tiens au courant.
Bon ok Chercheur , je viens de faire tout ce que tu m'as dis mais j ai bien été encore obligé de le faire en mode normal , mode sans échecs ayant toujours ce même problème . 2eme rapport de Smitfraudfix
SmitFraudFix v2.227
Rapport fait à 12:41:58,48, 23/09/2007
Executé à partir de C:\Documents and Settings\Psycho\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 www.miosearch.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com
127.0.0.1 babeweb.de
127.0.0.1 www.babeweb.de
127.0.0.1 start-seite.com
127.0.0.1 www.start-seite.com
127.0.0.1 sexolymp.com
127.0.0.1 www.sexolymp.com
127.0.0.1 toriii.cc
127.0.0.1 www.toriii.cc
127.0.0.1 xtipp.de
127.0.0.1 www.xtipp.de
127.0.0.1 urawa.cool.ne.jp
127.0.0.1 777search.com
127.0.0.1 www.777search.com
127.0.0.1 ace-webmaster.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 aifind.info
127.0.0.1 www.aifind.info
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 anarchylolita.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 approvedlinks.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 cantfind.com
127.0.0.1 www.cantfind.com
127.0.0.1 castingsamateur.com
127.0.0.1 www.castingsamateur.com
127.0.0.1 cyberrape.com
127.0.0.1 www.cyberrape.com
127.0.0.1 dialerclub.com
127.0.0.1 www.dialerclub.com
127.0.0.1 megago.com
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com
127.0.0.1 fastmetasearch.com
127.0.0.1 www.fastmetasearch.com
127.0.0.1 findwhatevernow.com
127.0.0.1 www.findwhatevernow.com
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com
127.0.0.1 hotfreebies.com
127.0.0.1 www.hotfreebies.com
127.0.0.1 krankin.com
127.0.0.1 www.krankin.com
127.0.0.1 begin2search.com
127.0.0.1 www.begin2search.com
127.0.0.1 mainstreamdollars.com
127.0.0.1 www.mainstreamdollars.com
127.0.0.1 live.sex-explorer.com
127.0.0.1 www.live.sex-explorer.com
127.0.0.1 loveadot.com
127.0.0.1 www.loveadot.com
127.0.0.1 megaseek.net
127.0.0.1 www.megaseek.net
127.0.0.1 mixsearch.com
127.0.0.1 www.mixsearch.com
127.0.0.1 munky.com
127.0.0.1 www.munky.com
127.0.0.1 newtopsites.com
127.0.0.1 www.newtopsites.com
127.0.0.1 noblindlinks.com
127.0.0.1 www.noblindlinks.com
127.0.0.1 babenet.com
127.0.0.1 r.babenet.com
127.0.0.1 www.babenet.com
127.0.0.1 searchresult.net
127.0.0.1 www.searchresult.net
127.0.0.1 sexarena.org
127.0.0.1 www.sexarena.org
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com
127.0.0.1 superwp.by.ru
127.0.0.1 sureseeker.com
127.0.0.1 www.sureseeker.com
127.0.0.1 wethere.com
127.0.0.1 www.wethere.com
127.0.0.1 wowsearch.org
127.0.0.1 www.wowsearch.org
127.0.0.1 xxx.com
127.0.0.1 www.xxx.com
127.0.0.1 art-xxx.com
127.0.0.1 websearch.com
127.0.0.1 www.websearch.com
127.0.0.1 firehunt.com
127.0.0.1 www.firehunt.com
127.0.0.1 partner23.firehunt.com
127.0.0.1 screensaver.it
127.0.0.1 www.screensaver.it
127.0.0.1 cliks.org
127.0.0.1 www.cliks.org
127.0.0.1 xads.cliks.org
127.0.0.1 xwebsearch.biz
127.0.0.1 www.xwebsearch.biz
127.0.0.1 znext.com
127.0.0.1 www.znext.com
127.0.0.1 rawtocash.net
127.0.0.1 www.rawtocash.net
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 zestyfind.com
127.0.0.1 www.zestyfind.com
127.0.0.1 ntcor.com
127.0.0.1 www.ntcor.com
127.0.0.1 dev.ntcor.com
127.0.0.1 xrenoder.com
127.0.0.1 www.xrenoder.com
127.0.0.1 search.xrenoder.com
127.0.0.1 allcybersearch.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 tinybar.com
127.0.0.1 www.tinybar.com
127.0.0.1 topsite.us
127.0.0.1 www.topsite.us
127.0.0.1 topsites.us
127.0.0.1 www.topsites.us
127.0.0.1 topsitez.us
127.0.0.1 www.topsitez.us
127.0.0.1 true-counter.com
127.0.0.1 www.true-counter.com
127.0.0.1 out.true-counter.com
127.0.0.1 cnetadd.com
127.0.0.1 www.cnetadd.com
127.0.0.1 okmmm.com
127.0.0.1 www.okmmm.com
127.0.0.1 139mm.com
127.0.0.1 www.139mm.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 1sexparty.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 2020search.com
127.0.0.1 www.2020search.com
127.0.0.1 24teen.com
127.0.0.1 www.24teen.com
127.0.0.1 36site.com
127.0.0.1 www.36site.com
127.0.0.1 4corn.net
127.0.0.1 www.4corn.net
127.0.0.1 777top.com
127.0.0.1 www.777top.com
127.0.0.1 8ad.com
127.0.0.1 www.8ad.com
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessthefuture.net
127.0.0.1 acemedic.com
127.0.0.1 www.acemedic.com
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adipics.com
127.0.0.1 www.adipics.com
127.0.0.1 adspics.com
127.0.0.1 www.adspics.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adult-friends-finder.net
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adulttds.com
127.0.0.1 www.adulttds.com
127.0.0.1 exaccess.ru
127.0.0.1 www.exaccess.ru
127.0.0.1 advert.exaccess.ru
127.0.0.1 agentstudio.com
127.0.0.1 africaspromise.org
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 alfa-search.com
127.0.0.1 all-inet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 allhyperlinks.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 almarvideos.com
127.0.0.1 amandamountains.com
127.0.0.1 amigeek.com
127.0.0.1 amisbusiness.com
127.0.0.1 analmovi.com
127.0.0.1 anin.org
127.0.0.1 annaromeo.com
127.0.0.1 antrocity.com
127.0.0.1 anything4health.com
127.0.0.1 apsua.com
127.0.0.1 aregay.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 art-func.com
127.0.0.1 artachnid.com
127.0.0.1 asiankingkong.com
127.0.0.1 ass-gals.com
127.0.0.1 athenrye.com
127.0.0.1 avian-ads.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 bannedhost.net
127.0.0.1 barbudafarms.com
127.0.0.1 barnandfence.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bb-search.com
127.0.0.1 bbbsearch.com
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 best-counter.com
127.0.0.1 best-hardpics.com
127.0.0.1 best-winning-casino.com
127.0.0.1 bestcrawler.com
127.0.0.1 bestfor.ru
127.0.0.1 bestporngate.com
127.0.0.1 bestxporno.com
127.0.0.1 blackjack-free.net
127.0.0.1 blender.xu.pl
127.0.0.1 bodaciousbabette.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 bradcoem.org
127.0.0.1 brandiyoung.com
127.0.0.1 brookeburn.com
127.0.0.1 bucps.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 buttejazz.org
127.0.0.1 buyselldomain.net
127.0.0.1 calcioturris.com
127.0.0.1 canberracricketcoaching.com
127.0.0.1 candycantaloupes.com
127.0.0.1 careers.dulcineasystems.net
127.0.0.1 carsands.com
127.0.0.1 carsrentals.net
127.0.0.1 casino-gambling-1.net
127.0.0.1 casino-gambling-2.net
127.0.0.1 casino-onlines.net
127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
127.0.0.1 casino2win.net
127.0.0.1 casinomidas.net
127.0.0.1 casinonline.net
127.0.0.1 catallogue.com
127.0.0.1 catsss.da.ru
127.0.0.1 caxa.ru
127.0.0.1 cclebali.org
127.0.0.1 ceewawires.org
127.0.0.1 certumgroup.com
127.0.0.1 chelancatering.com
127.0.0.1 childrenvilla.com
127.0.0.1 chips-4-free.com
127.0.0.1 chrisswasey.com
127.0.0.1 chriswallace.net
127.0.0.1 ckick4thumbs.com
127.0.0.1 clackamasliteraryreview.com
127.0.0.1 clearsearch.cc
127.0.0.1 clearsearch.net
127.0.0.1 clickaire.com
127.0.0.1 clickyestoenter.net
127.0.0.1 clrsch.com
127.0.0.1 cmtapestry.com
127.0.0.1 cool-homepage.co
127.0.0.1 cool-homepage.com
127.0.0.1 cool-search.net
127.0.0.1 cool-search.netfartpost.com
127.0.0.1 cool-web-search.com
127.0.0.1 coolfetishsite.com
127.0.0.1 coolfreehost.com
127.0.0.1 coolfreepage.com
127.0.0.1 coolfreepages.com
127.0.0.1 coolmoneysearch.com
127.0.0.1 coolpornsearch.com
127.0.0.1 coolsearcher.info
127.0.0.1 coolwebsearsh.com
127.0.0.1 copmtraine.com
127.0.0.1 couldnotfind.com
127.0.0.1 count-all.com
127.0.0.1 cracks.me.uk
127.0.0.1 creamedcutties.com
127.0.0.1 creditsearchonline.com
127.0.0.1 crestring.com
127.0.0.1 crooder.com
127.0.0.1 curvedspaces.com
127.0.0.1 cvs.jps.ru
127.0.0.1 cvsymphony.com
127.0.0.1 cydom.com
127.0.0.1 daily-gals.com
127.0.0.1 dancingbabycd.com
127.0.0.1 datanotary.com
127.0.0.1 datareco.com
127.0.0.1 davemarshall.org
127.0.0.1 dcfitusa.com
127.0.0.1 defaultsearch.net
127.0.0.1 desarrollocreativo.com
127.0.0.1 develip.com
127.0.0.1 dewis.spb.ru
127.0.0.1 dewis.us
127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
127.0.0.1 dietpills4free.com
127.0.0.1 dietpussy.com
127.0.0.1 digistreamsa.com
127.0.0.1 dionforvalleycouncil.org
127.0.0.1 doctorwaldron.com
127.0.0.1 document-not-found.pornpic.org
127.0.0.1 doggyaction.com
127.0.0.1 domain-your-registration.com
127.0.0.1 domains-for-you-online.com
127.0.0.1 domains2003.net
127.0.0.1 domkrat.com
127.0.0.1 dp-host.com
127.0.0.1 dragqueen.gay-clan.com
127.0.0.1 drug-sources-exposed.com
127.0.0.1 drvvv.com
127.0.0.1 dutch-sex.com
127.0.0.1 dvdbank.org
127.0.0.1 e-localad.com
127.0.0.1 e-plus.cc
127.0.0.1 e-websitesolutions.com
127.0.0.1 eases.net
127.0.0.1 easy-search.net
127.0.0.1 easycategories.com
127.0.0.1 ecosrioplatenses.org
127.0.0.1 ecstasyporn.net
127.0.0.1 eikokoike.com
127.0.0.1 epornsex.com
127.0.0.1 euuu.com
127.0.0.1 evidence-detector.biz
127.0.0.1 evilspidercomics.com
127.0.0.1 ewebsearch.net
127.0.0.1 findloss.com
127.0.0.1 excellentsckin.com
127.0.0.1 extremeseek.net
127.0.0.1 faithstevens.com
127.0.0.1 fantasiewelten.com
127.0.0.1 farmsteadbandb.com
127.0.0.1 fartpost.com
127.0.0.1 fastwebfinder.com
127.0.0.1 faxporn.com
127.0.0.1 fickenisgeil.de
127.0.0.1 finance-loans.com
127.0.0.1 find-itnow.com
127.0.0.1 find-uk-health.co.uk
127.0.0.1 find4u.net
127.0.0.1 findit-now.com
127.0.0.1 findthesite.com
127.0.0.1 findthewebsiteyouneed.com
127.0.0.1 www.findthewebsiteyouneed.com
127.0.0.1 fionasteel.com
127.0.0.1 firstbookmark.net
127.0.0.1 fitness-free.com
127.0.0.1 foodvacations.net
127.0.0.1 forex.jps.ru
127.0.0.1 forexcredit.com
127.0.0.1 forexcredit.ru
127.0.0.1 formingfusions.com
127.0.0.1 forsythfire.net
127.0.0.1 forthline.com
127.0.0.1 free-chipes.com
127.0.0.1 free-hit.com
127.0.0.1 free-pics-and-movies.com
127.0.0.1 free-sex-movie-clips.net
127.0.0.1 free4porno.net
127.0.0.1 free64all.com
127.0.0.1 freebookmark.net
127.0.0.1 freebookmarks.net
127.0.0.1 freecategories.com
127.0.0.1 freecoolhost.com
127.0.0.1 freerbhost.com
127.0.0.1 freeshemalepics.net
127.0.0.1 freeyaho.com
127.0.0.1 freshseek.com
127.0.0.1 freshteensite.com
127.0.0.1 gabrielscott.com
127.0.0.1 galpostgirls.com
127.0.0.1 gals-for-free.com
127.0.0.1 gambling-online4you.com
127.0.0.1 gameterror.net
127.0.0.1 gay50.com
127.0.0.1 generalsmeltingofcanada.com
127.0.0.1 geteens.com
127.0.0.1 getpicshere.com
127.0.0.1 gimmezamore.com
127.0.0.1 gimnasiaer.com
127.0.0.1 girls-porn-life.com
127.0.0.1 glbdf.org
127.0.0.1 global-finder.com
127.0.0.1 globe-finder.cc
127.0.0.1 globe-finder.com
127.0.0.1 gocybersearch.com
127.0.0.1 golftennis.net
127.0.0.1 good-mortgages-calculator.com
127.0.0.1 good-mortgages.net
127.0.0.1 goodsexs.com
127.0.0.1 googlebar.jps.ru
127.0.0.1 googlf.com
127.0.0.1 gradforum.org
127.0.0.1 gratis-porn-movie.com
127.0.0.1 gratis-pornopics.com
127.0.0.1 guzzycats.com
127.0.0.1 gzphoenix.com
127.0.0.1 hallnetaccolade.com
127.0.0.1 hand-book.com
127.0.0.1 happyanal.com
127.0.0.1 hard-gals.com
127.0.0.1 hardbodytgp.com
127.0.0.1 hardcoreover.com
127.0.0.1 hardloved.com
127.0.0.1 hardwareseek.net
127.0.0.1 harukaigawa.com
127.0.0.1 hccsolanonapa.org
127.0.0.1 health-protein.com
127.0.0.1 hentai4u.net
127.0.0.1 here4search.com
127.0.0.1 heyrichy.com
127.0.0.1 hi-search.com
127.0.0.1 hiddenguides.com
127.0.0.1 hitlistlyrics.com
127.0.0.1 holidayautostr.com
127.0.0.1 homemortage.ws
127.0.0.1 hostssp.com
127.0.0.1 hot-cartoon-sex.anime.american-teens.net
127.0.0.1 hotbookmark.com
127.0.0.1 hotels-list.net
127.0.0.1 hotelxxxcams.com
127.0.0.1 hotpopup.com
127.0.0.1 hotsearchbox.com
127.0.0.1 hotsex-series.com
127.0.0.1 hotstartpage.com
127.0.0.1 hqsex.biz
127.0.0.1 hugeporn4u.net
127.0.0.1 hunacsa.com
127.0.0.1 hupacasath.com
127.0.0.1 hzsx.com
127.0.0.1 icansearch.net
127.0.0.1 idgsearch.com
127.0.0.1 ie-search.com
127.0.0.1 incestporngate.com
127.0.0.1 infodigger.net
127.0.0.1 infoglobus.com
127.0.0.1 inherhole.com
127.0.0.1 insertthiscock.com
127.0.0.1 insurance-flood.net
127.0.0.1 insuranceall.net
127.0.0.1 internetsearch.ru
127.0.0.1 ionichost.com
127.0.0.1 ionomist.com
127.0.0.1 ipsex.net
127.0.0.1 itsanal.com
127.0.0.1 itseasy.us
127.0.0.1 iweb-commerce.com
127.0.0.1 iwebland.com
127.0.0.1 jeannineoldfield.com
127.0.0.1 jethomepage.com
127.0.0.1 jetseeker.com
127.0.0.1 jmhgallery.org
127.0.0.1 joannelatham.com
127.0.0.1 judin.ru
127.0.0.1 junkysex.com
127.0.0.1 karleyt.narod.ru
127.0.0.1 kathisomers.com
127.0.0.1 kazaa-lite.ws
127.0.0.1 keithgreenpro.com
127.0.0.1 kenmccaul.com
127.0.0.1 kilosex.com
127.0.0.1 kimhines.com
127.0.0.1 kinoru.com
127.0.0.1 ksdspups.org
127.0.0.1 landrape.com
127.0.0.1 lauraroebuck.com
127.0.0.1 leannalovelace.com
127.0.0.1 lesobank.ru
127.0.0.1 libertyonlinehosting.com
127.0.0.1 lingerie-mania.com
127.0.0.1 lisamatthew.com
127.0.0.1 liveholio.com
127.0.0.1 livenewspaper.com
127.0.0.1 louiseleeds.com
127.0.0.1 love-pix.com
127.0.0.1 lovelas.com
127.0.0.1 lovelysearch.com
127.0.0.1 low-taxes.com
127.0.0.1 luckysearch.net
127.0.0.1 lunitaweb.net
127.0.0.1 lustful-porno.com
127.0.0.1 mackinnonsbrook.org
127.0.0.1 madfinder.com
127.0.0.1 madisonmoons.com
127.0.0.1 madisonoilco.com
127.0.0.1 madonalive.com
127.0.0.1 majuozawa.com
127.0.0.1 makin-do.com
127.0.0.1 male4free.com
127.0.0.1 map-quest.org
127.0.0.1 marilynchamber.com
127.0.0.1 martfinder.com
127.0.0.1 massearch.com
127.0.0.1 matetrava.com
127.0.0.1 mature50.com
127.0.0.1 matureporngate.com
127.0.0.1 maxdzines.com
127.0.0.1 mcgeeforlabor.com
127.0.0.1 mdstunisie.org
127.0.0.1 medicare-insurance.net
127.0.0.1 medicare-supplemental.com
127.0.0.1 mega-dating-tips.com
127.0.0.1 megumikanzaki.com
127.0.0.1 meshalynn.com
127.0.0.1 meta-adult.com
127.0.0.1 meta-casino.com
127.0.0.1 meta-mobile.com
127.0.0.1 meta-porn.com
127.0.0.1 metafora.ru
127.0.0.1 metapoisk.ru
127.0.0.1 michiyonakajima.com
127.0.0.1 miconsultamedica.com
127.0.0.1 mikasakamoto.com
127.0.0.1 mikoni.com
127.0.0.1 militarygods.porn4porn.net
127.0.0.1 millennialpeople.org
127.0.0.1 mipham.org
127.0.0.1 missingcommand.com
127.0.0.1 mommykiss.com
127.0.0.1 moneyhunters.com
127.0.0.1 montgomeryhospitalanesthesia.com
127.0.0.1 morflot.com
127.0.0.1 mortgage-debt.net
127.0.0.1 mortismaximus.com
127.0.0.1 moscowwhores.com
127.0.0.1 moviecategories.com
127.0.0.1 mp3-pix.com
127.0.0.1 mrtg.jps.ru
127.0.0.1 msn-info.net
127.0.0.1 multipussy.com
127.0.0.1 mundopolar.com
127.0.0.1 mustv.com
127.0.0.1 mywebsearch.net
127.0.0.1 nativehardcore.com
127.0.0.1 naturalspy.com
127.0.0.1 nbasportsbook.net
127.0.0.1 nellyslyrics.com
127.0.0.1 nepgyan.com
127.0.0.1 nesrecords.com
127.0.0.1 netshastra.net
127.0.0.1 nettime.ru
127.0.0.1 nettracker.jps.ru
127.0.0.1 netyellowpages.info
127.0.0.1 new-incest.com
127.0.0.1 newcategories.com
127.0.0.1 newcracks.com
127.0.0.1 newcracks.net
127.0.0.1 newlife-lajolla.com
127.0.0.1 newsexgate.com
127.0.0.1 newtonsracks.com
127.0.0.1 newxpics.com
127.0.0.1 nhlsportsbook.net
127.0.0.1 niagaracapital.com
127.0.0.1 niche-tv.com
127.0.0.1 nmrba.com
127.0.0.1 nocalories.net
127.0.0.1 nocensor.com
127.0.0.1 ormandcompany.com
127.0.0.1 nsbabes.com
127.0.0.1 nuclearwitness.org
127.0.0.1 nursemania.com
127.0.0.1 nvntour.com
127.0.0.1 nvphall.org
127.0.0.1 oborot.com
127.0.0.1 ocalalivestockmarket.com
127.0.0.1 ocsff.com
127.0.0.1 oeatlanta.com
127.0.0.1 oharrowsearch.com
127.0.0.1 ok-search.com
127.0.0.1 okulta.com
127.0.0.1 omegabrains.net
127.0.0.1 online-casino-1.net
127.0.0.1 online-casino-bonus.info
127.0.0.1 online-casinos-x.com
127.0.0.1 online-winning.net
127.0.0.1 onlineserverz.com
127.0.0.1 onlinetradings.net
127.0.0.1 onlycunt.com
127.0.0.1 onlyinsured.com
127.0.0.1 operanabuco.com
127.0.0.1 opsex.com
127.0.0.1 oregoncharters.org
127.0.0.1 otrlives.com
127.0.0.1 ozawamadoka.com
127.0.0.1 paigesummer.com
127.0.0.1 pamelacollections.com
127.0.0.1 panamcup.com
127.0.0.1 pantygirls4u.com
127.0.0.1 pantyhoserealm.com
127.0.0.1 pantyplace.com
127.0.0.1 pastubes.com
127.0.0.1 paulapage.com
127.0.0.1 paulhoover.com
127.0.0.1 payfortraffic.net
127.0.0.1 pedo.ws
127.0.0.1 people.1gb.ru
127.0.0.1 pervertbot.com
127.0.0.1 pharma-diet-pills.com
127.0.0.1 pharmacy2003.com
127.0.0.1 pharmalocator.com
127.0.0.1 phendimetrazine-tenuate-adipex.com
127.0.0.1 pics-videos.com
127.0.0.1 picsdir.com
127.0.0.1 picsforbucks.com
127.0.0.1 picsofseductiveladies.com
127.0.0.1 pills-birth-control.com
127.0.0.1 pillsmall.com
127.0.0.1 pilotronix.com
127.0.0.1 pixpox.com
127.0.0.1 planemusic.com
127.0.0.1 poiska.net
127.0.0.1 poker-casino-free.com
127.0.0.1 poker-games-free.net
127.0.0.1 polradiologia.com
127.0.0.1 pooi.net
127.0.0.1 porn-teacher.com
127.0.0.1 porncamz.com
127.0.0.1 pornfree.info
127.0.0.1 pornnightdreams.com
127.0.0.1 pornokopec.com
127.0.0.1 porntetris.com
127.0.0.1 porntwist.com
127.0.0.1 powerwebsearch.com
127.0.0.1 prblitz.com
127.0.0.1 pretypics.com
127.0.0.1 pribalt.com
127.0.0.1 privacy-support.biz
127.0.0.1 privateporn.net
127.0.0.1 prostactive.com
127.0.0.1 prostol.com
127.0.0.1 protect-yourself.biz
127.0.0.1 prsainlandempire.org
127.0.0.1 put-your-link-here.com
127.0.0.1 pyrocorp.com
127.0.0.1 quick-search.ws
127.0.0.1 quiksearchgenealogy.com
127.0.0.1 radfrall.org
127.0.0.1 ramgo.com
127.0.0.1 ranafrog.ne
127.0.0.1 rapegate.com
127.0.0.1 redbudbmx.com
127.0.0.1 refinance-help.com
127.0.0.1 removeearthkeepers.org
127.0.0.1 rightfinder.net
127.0.0.1 robbsproshop.com
127.0.0.1 robertferencz.com
127.0.0.1 rotocasters.com
127.0.0.1 royalsearch.net
127.0.0.1 runsearch.com
127.0.0.1 russiansponsor.com
127.0.0.1 russogay.com
127.0.0.1 s2.exocrew.com
127.0.0.1 sacitylife.com
127.0.0.1 samplegals.com
127.0.0.1 sbssurvivor.com
127.0.0.1 scarypix.com
127.0.0.1 sccdnet.com
127.0.0.1 schoolforest.com
127.0.0.1 search-1.net
127.0.0.1 search-2003.com
127.0.0.1 search-about.net
127.0.0.1 search-hawk.com
127.0.0.1 search-log.com
127.0.0.1 search-meta.com
127.0.0.1 search-safe.com
127.0.0.1 search.psn.cn
127.0.0.1 searchadultweb.com
127.0.0.1 searchbutler.com
127.0.0.1 searchbuttler.com
127.0.0.1 searchbutler.org
127.0.0.1 searchcomplete.com
127.0.0.1 searchdesire.com
127.0.0.1 searchdot.net
127.0.0.1 searchexpander.com
127.0.0.1 searchfastnet.com
127.0.0.1 searchforge.com
127.0.0.1 searching-the-net.com
127.0.0.1 searchmeta.md
127.0.0.1 searchmeta.net
127.0.0.1 searchmeta.ru
127.0.0.1 searchmeta.webhost.ru
127.0.0.1 searchnow.ws
127.0.0.1 searchonfly.com
127.0.0.1 searchv.com
127.0.0.1 searchxl.com
127.0.0.1 searchxp.com
127.0.0.1 sebot.com
127.0.0.1 securenp.org
127.0.0.1 security-warning.biz
127.0.0.1 seehardcore.com
127.0.0.1 seekwell.net
127.0.0.1 selfbookmark.com
127.0.0.1 selfbookmark.info
127.0.0.1 selfbookmark.net
127.0.0.1 sex.free4porno.net
127.0.0.1 sex-coach.com
127.0.0.1 sex-festival.com
127.0.0.1 sex-video-galleries.com
127.0.0.1 sexgalleries4all.com
127.0.0.1 sexmoviesnet.com
127.0.0.1 sexpatriot.net
127.0.0.1 sexy18.cc
127.0.0.1 sexycat.adult-host.org
127.0.0.1 sfbayfolkboats.com
127.0.0.1 sgirls.net
127.0.0.1 sharempeg.com
127.0.0.1 shopcards.net
127.0.0.1 shopknights.com
127.0.0.1 sic02.com
127.0.0.1 sintrader.com
127.0.0.1 site1.ru
127.0.0.1 sites-in-web.com
127.0.0.1 sitevictoria.com
127.0.0.1 sixroads.com
127.0.0.1 skakalka.ru
127.0.0.1 slawsearch.com
127.0.0.1 slotch.com
127.0.0.1 slotchbar.com
127.0.0.1 smartsumo.com
127.0.0.1 smutarchive.net
127.0.0.1 solongas.com
127.0.0.1 sonomaevents.com
127.0.0.1 spermatrix.com
127.0.0.1 sportbooks-free4you.com
127.0.0.1 spros.com
127.0.0.1 spyass.com
127.0.0.1 spyorgy.net
127.0.0.1 staceyowens.com
127.0.0.1 stacistaxx.com
127.0.0.1 stacystaxx.com
127.0.0.1 start-space.com
127.0.0.1 steamycock.com
127.0.0.1 sterva.com
127.0.0.1 stevecashdollar.com
127.0.0.1 stop-tracking.biz
127.0.0.1 stopvotefraud.com
127.0.0.1 stopxxxpics.com
127.0.0.1 strekoza.com
127.0.0.1 stuffstore.com
127.0.0.1 styleclickink.com
127.0.0.1 summercollins.com
127.0.0.1 summitcross.com
127.0.0.1 super-spider.com
127.0.0.1 super-websearch.com
127.0.0.1 supersexmachine.com
127.0.0.1 superwebsearch.com
127.0.0.1 supret.com
127.0.0.1 suzannebrecht.com
127.0.0.1 sweeteenz.com
127.0.0.1 tacil.org
127.0.0.1 tangounion.com
127.0.0.1 tastethemusic.com
127.0.0.1 tax-refund4you.com
127.0.0.1 tech-jobs.ws
127.0.0.1 technology-related.com
127.0.0.1 teen-biz.com
127.0.0.1 teen-pic-post.com
127.0.0.1 teenpornosex.com
127.0.0.1 teens4free.net
127.0.0.1 teensact.com
127.0.0.1 teensgate.com
127.0.0.1 teensguru.com
127.0.0.1 teenswamp.com
127.0.0.1 testosterone-birth-control.com
127.0.0.1 the-exit.com
127.0.0.1 the-huns-yellow-pages.com
127.0.0.1 thefakejournal.com
127.0.0.1 thehuy.net
127.0.0.1 theproxy.org
127.0.0.1 therealsearch.com
127.0.0.1 thesten.com
127.0.0.1 thornleygroup.com
127.0.0.1 tings.org
127.0.0.1 tit-x.com
127.0.0.1 titanvision.com
127.0.0.1 titsianna.com
127.0.0.1 toddhayes.com
127.0.0.1 toon-comics.com
127.0.0.1 tooncomics.com
127.0.0.1 topsearcher.com
127.0.0.1 trafficback.com
127.0.0.1 trafficswitcher.com
127.0.0.1 travel.picture-posters.com
127.0.0.1 true-portal.com
127.0.0.1 trytechnical.com
127.0.0.1 ufindall.click-now.net
127.0.0.1 umaxsearch.com
127.0.0.1 une-autre-france.com
127.0.0.1 unigays.com
127.0.0.1 unipages.cc
127.0.0.1 up2you.ru
127.0.0.1 urlstat.com
127.0.0.1 urlstat.ru
127.0.0.1 uralitel.ru
127.0.0.1 ursie.net
127.0.0.1 utahsweet.com
127.0.0.1 utopicportal.com
127.0.0.1 uusocialjustice.org
127.0.0.1 v61.com
127.0.0.1 vaginpics.com
127.0.0.1 valmyers.com
127.0.0.1 vegas-free.com
127.0.0.1 vegbuy.com
127.0.0.1 veloventures.com
127.0.0.1 verzila.com
127.0.0.1 victoriaadam.com
127.0.0.1 videocategories.com
127.0.0.1 vitamins-for-each.com
127.0.0.1 votehowe.org
127.0.0.1 vxebony.com
127.0.0.1 wakeupdick.com
127.0.0.1 warnomore.org
127.0.0.1 watersport-specialties.com
127.0.0.1 web-homepage.net
127.0.0.1 web-search.tk
127.0.0.1 webcoolsearch.com
127.0.0.1 websearchdot.com
127.0.0.1 weekend-movies.com
127.0.0.1 wetpornostars.com
127.0.0.1 whatsyoursearch.com
127.0.0.1 white-pages.ws
127.0.0.1 whittierblvd.com
127.0.0.1 win-in-casino.com
127.0.0.1 wiresearch.com
127.0.0.1 wolfpacracing.com
127.0.0.1 wordlist.jps.ru
127.0.0.1 wpc2001.org
127.0.0.1 wspzone.sexpornonline.com
127.0.0.1 wwwbet.net
127.0.0.1 wwwbetting.net
127.0.0.1 wwwpokergames.com
127.0.0.1 wwwpokerplayers.com
127.0.0.1 wwwroulette.net
127.0.0.1 x-library.com
127.0.0.1 x-webdesign.com
127.0.0.1 xcomics4u.com
127.0.0.1 xic-bs.com
127.0.0.1 xldr.com
127.0.0.1 xp18.com
127.0.0.1 xrenosearch.com
127.0.0.1 xtragay.com
127.0.0.1 xu.xu.pl
127.0.0.1 xxxcategories.com
127.0.0.1 xxxemailxxx.com
127.0.0.1 y-e-l-l-o-w.com
127.0.0.1 yellow500.com
127.0.0.1 yezol.com
127.0.0.1 you-search.com
127.0.0.1 you-search.com.ru
127.0.0.1 youfindall.com
127.0.0.1 youfindall.net
127.0.0.1 your-prescriptions.net
127.0.0.1 yourbookmarks.info
127.0.0.1 yourbookmarks.ws
127.0.0.1 ypir.com
127.0.0.1 ysa-info.net
127.0.0.1 yukohamano.com
127.0.0.1 ywebsearch.info
127.0.0.1 zapros.com
127.0.0.1 zesearch.com
127.0.0.1 ziportal.com
127.0.0.1 zipportal.com
127.0.0.1 zoneoffreeporn.com
127.0.0.1 zoomegasite.com
127.0.0.1 zvimigdal.com
127.0.0.1 zyban-zocor-levitra.com
127.0.0.1 t.rack.cc
127.0.0.1 omega-search.com
127.0.0.1 cool-xxx.net
127.0.0.1 revolto3.da.ru
127.0.0.1 dating-search.net
127.0.0.1 linksummary.com
127.0.0.1 duolaimi.net
127.0.0.1 ez-searching.com
127.0.0.1 freehqmovies.com
127.0.0.1 xzoomy.com
127.0.0.1 freescratchandwin.com
127.0.0.1 globalwebsearch.com
127.0.0.1 www.gocybersearch.com
127.0.0.1 mayancasino.com
127.0.0.1 www.hastalavista.com
127.0.0.1 www.free-popup-killer.com
127.0.0.1 www.digitalfan.com
127.0.0.1 google123.web1000.com
127.0.0.1 search.ieplugin.com
127.0.0.1 i-lookup.com
127.0.0.1 spidersearch.com
127.0.0.1 istarthere.com
127.0.0.1 xxxtoolbar.com
127.0.0.1 www.seekporn.org
127.0.0.1 17-plus.com
127.0.0.1 lolita4all1.xrensmagpost.com
127.0.0.1 mafiapics.com
127.0.0.1 www.teenmonster.com
127.0.0.1 ie.marketdart.com
127.0.0.1 masterbar.com
127.0.0.1 search.netzany.co
127.0.0.1 only-virgins.com
127.0.0.1 passthison.com
127.0.0.1 blondetgp.com
127.0.0.1 prolivation.com
127.0.0.1 server-au.imrworldwide.com
127.0.0.1 rocketsearch.com
127.0.0.1 roar.com
127.0.0.1 searchaccurate.com
127.0.0.1 searchalot.com
127.0.0.1 searchandbrowse.com
127.0.0.1 gtawarehouse.com
127.0.0.1 startium.com
127.0.0.1 searchandclick.com
127.0.0.1 searchby.net
127.0.0.1 searchdot.com
127.0.0.1 search-exe.com
127.0.0.1 secret-crush.com
127.0.0.1 seekseek.com
127.0.0.1 sexarena.com
127.0.0.1 sexocean.play-lolita.com
127.0.0.1 startsurfing.com
127.0.0.1 srng.net
127.0.0.1 apps.webservicehost.com
127.0.0.1 search.shopnav.com
127.0.0.1 wish7.com
127.0.0.1 www.supersexpass.com
127.0.0.1 surferbar.com
127.0.0.1 xlola.underagehost.com
127.0.0.1 hotlolitas.underagehost.com
127.0.0.1 loading-lolita.com
127.0.0.1 www.xupiter.com
127.0.0.1 xjupiter.com
127.0.0.1 www.xjupiter.com
127.0.0.1 www.browserwise.com
127.0.0.1 sqwire.com
127.0.0.1 orbitexplorer.com
127.0.0.1 searchcentrix.com
127.0.0.1 categories.mygeek.com
127.0.0.1 web-entrance.co
127.0.0.1 whazit.com
127.0.0.1 windowenhancer.com
127.0.0.1 buz.ru
127.0.0.1 iwon.com
127.0.0.1 www.bonzi.com
127.0.0.1 featured-results.com
127.0.0.1 searchmadesafe.net
127.0.0.1 quicklaunch.com
127.0.0.1 www.cashsurfers.com
127.0.0.1 lop.com
127.0.0.1 tjdo.com
127.0.0.1 ebav.com
127.0.0.1 ebgo.com
127.0.0.1 ebaw.com
127.0.0.1 ebkb.com
127.0.0.1 ebmu.com
127.0.0.1 ecmp.com
127.0.0.1 edhq.com
127.0.0.1 edty.com
127.0.0.1 sbee.com
127.0.0.1 aavc.com
127.0.0.1 acjp.com
127.0.0.1 ecmh.com
127.0.0.1 emch.com
127.0.0.1 ecpm.com
127.0.0.1 wabu.com
127.0.0.1 wabq.com
127.0.0.1 ebch.com
127.0.0.1 ebdv.com
127.0.0.1 ebdw.com
127.0.0.1 ebjp.com
127.0.0.1 ebkn.com
127.0.0.1 ebky.com
127.0.0.1 eblv.com
127.0.0.1 wbkb.com
127.0.0.1 ebvr.com
127.0.0.1 ecwz.com
127.0.0.1 ecyb.com
127.0.0.1 eduy.com
127.0.0.1 eeev.com
127.0.0.1 farse.com
127.0.0.1 ibmx.com
127.0.0.1 icwb.com
127.0.0.1 icwo.com
127.0.0.1 icwp.com
127.0.0.1 iddh.com
127.0.0.1 idhh.com
127.0.0.1 ifiz.com
127.0.0.1 iguu.com
127.0.0.1 samz.com
127.0.0.1 saoe.com
127.0.0.1 sbjr.com
127.0.0.1 sbnl.com
127.0.0.1 sbnt.com
127.0.0.1 sbvr.com
127.0.0.1 scbm.com
127.0.0.1 sckr.com
127.0.0.1 scrk.com
127.0.0.1 sdry.com
127.0.0.1 seld.com
127.0.0.1 sfux.com
127.0.0.1 sheat.com
127.0.0.1 sipo.com
127.0.0.1 smds.com
127.0.0.1 srib.com
127.0.0.1 srox.com
127.0.0.1 srsf.com
127.0.0.1 ssaw.com
127.0.0.1 ssby.com
127.0.0.1 surj.com
127.0.0.1 tbvg.com
127.0.0.1 tdak.com
127.0.0.1 tdmy.com
127.0.0.1 tefs.com
127.0.0.1 tfil.com
127.0.0.1 tjar.com
127.0.0.1 tjaw.com
127.0.0.1 tjgo.com
127.0.0.1 tjem.com
127.0.0.1 torc.com
127.0.0.1 wfix.com
127.0.0.1 wflu.com
127.0.0.1 tdko.com
127.0.0.1 thko.com
127.0.0.1 H24413.tfil.com
127.0.0.1 germany.rub.to
127.0.0.1 search.rub.to
127.0.0.1 unitedstates.rub.to
127.0.0.1 www.commonname.com
127.0.0.1 www.ezcybersearch.com
127.0.0.1 www.jethomepage.com
127.0.0.1 www.gohip.com
127.0.0.1 hotbar.com
127.0.0.1 www.huntbar.com
127.0.0.1 search.imiserver.com
127.0.0.1 searchenhancement.com
127.0.0.1 newtonknows.com
127.0.0.1 search-explorer.net
127.0.0.1 searchsquire.com
127.0.0.1 secondpower.com
127.0.0.1 2ndpower.com
127.0.0.1 searchgateway.net
127.0.0.1 worldusa.com
127.0.0.1 www.topsearcher.com
127.0.0.1 smutserver.com
127.0.0.1 searchmeup.com
127.0.0.1 cameup.com
127.0.0.1 kliksearch.com
127.0.0.1 realphx.com
127.0.0.1 blazefind.com
127.0.0.1 zoofil.com
127.0.0.1 terafinder.com
127.0.0.1 008i.com
127.0.0.1 171203.com
127.0.0.1 39-93.com
127.0.0.1 adult-personal.us
127.0.0.1 cashsearch.biz
127.0.0.1 cl55.biz
127.0.0.1 dailyteenspic.com
127.0.0.1 dialer2004.com
127.0.0.1 digital-pornography.com
127.0.0.1 eager-sex.com
127.0.0.1 ergosites.com
127.0.0.1 freecj.com
127.0.0.1 greg-search.com
127.0.0.1 incest-host.com
127.0.0.1 ironcarteam.com
127.0.0.1 is-best.com
127.0.0.1 killerpornstars.com
127.0.0.1 lollitop.com
127.0.0.1 love-host.com
127.0.0.1 myexexex.com
127.0.0.1 my-finder.com
127.0.0.1 onlineclick.net
127.0.0.1 onlysex.ws
127.0.0.1 regfreeze.com
127.0.0.1 ruworld.com
127.0.0.1 selltraffic.biz
127.0.0.1 sexunique.net
127.0.0.1 sinpussy.com
127.0.0.1 teenhost.net
127.0.0.1 ultraload.net
127.0.0.1 vse-moe.biz
127.0.0.1 xsex.ws
127.0.0.1 75tz.com
127.0.0.1 iefeadsl.com
127.0.0.1 rf104.com
127.0.0.1 www.v61.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 c.centralmedia.ws
127.0.0.1 count.cc
127.0.0.1 topx.cc
127.0.0.1 sidefind.com
127.0.0.1 thenewsearch.com
127.0.0.1 new-search.net
127.0.0.1 x-google.net
127.0.0.1 adultgambling.org
127.0.0.1 bitchesonline.net
127.0.0.1 girls4rent.net
127.0.0.1 usefullsoft.net
127.0.0.1 livegambling.com
127.0.0.1 adultsgames.net
127.0.0.1 easyantispy.com
127.0.0.1 spybotremover.net
127.0.0.1 winprotect.net
127.0.0.1 funny-girls.com
127.0.0.1 winmsn.com
127.0.0.1 oneclicksearches.com
127.0.0.1 bestweblinks.com
127.0.0.1 iqsearch.net
127.0.0.1 dumpserv.com
127.0.0.1 helpyoursearch.com
127.0.0.1 sgrunt.biz
127.0.0.1 yeak.net
127.0.0.1 u45.cx
127.0.0.1 u46.cx
127.0.0.1 u47.cc
127.0.0.1 u48.cc
127.0.0.1 sfonditalia.biz
127.0.0.1 realarea.biz
127.0.0.1 archiviosex.net
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 hut1.ru
127.0.0.1 hu15.ru
127.0.0.1 winfixer.com
127.0.0.1 3721.com
127.0.0.1 easysearchingtips.com
127.0.0.1 fine-search.net
127.0.0.1 noproblemsurf.com
127.0.0.1 pcspyremover.com
127.0.0.1 search-motor.com
127.0.0.1 searchwhatuwant.com
127.0.0.1 ad25.com
127.0.0.1 ad45.com
127.0.0.1 ad77.com
127.0.0.1 ad86.com
127.0.0.1 full-search.net
127.0.0.1 go2-search.com
127.0.0.1 onemoresearch.net
127.0.0.1 search-777.com
127.0.0.1 search-to-find.com
127.0.0.1 search-what.net
127.0.0.1 winshow.biz
127.0.0.1 lookfor.cc
127.0.0.1 looking-for.cc
127.0.0.1 tgp-4-you.com
127.0.0.1 veryeasysearch.com
127.0.0.1 010402.com
127.0.0.1 20x2p.com
127.0.0.1 db105.com
127.0.0.1 ga31.com
127.0.0.1 mpeg-look.com
127.0.0.1 n-udd.com
127.0.0.1 p-uud.com
127.0.0.1 porn-screen.com
127.0.0.1 rb37.com
127.0.0.1 t058.com
127.0.0.1 u-239.com
127.0.0.1 v-224.com
127.0.0.1 trackhits.cc
127.0.0.1 tracktraff.cc
127.0.0.1 power-cleaner.com
127.0.0.1 yoursitebar.com
127.0.0.1 ysbweb.com
127.0.0.1 www.ysbweb.com
127.0.0.1 installcash.com
127.0.0.1 toolbarcash.com
127.0.0.1 enjoywebsurf.com
127.0.0.1 msnguard.cc
127.0.0.1 searchclick.cc
127.0.0.1 havy.biz
127.0.0.1 ewizard.cc
127.0.0.1 4klm.com
127.0.0.1 camup.net
127.0.0.1 bdsmlibrary.net
127.0.0.1 n-glx.s-redirect.com
127.0.0.1 aaasexypics.com
127.0.0.1 allforadult.com
127.0.0.1 autoescrowpay.com
127.0.0.1 awmcash.biz
127.0.0.1 awmdabest.com
127.0.0.1 buldog-stats.com
127.0.0.1 counter.sexmaniack.com
127.0.0.1 fregat.drocherway.com
127.0.0.1 greg-tut.com
127.0.0.1 iframe.biz
127.0.0.1 megapornix.com
127.0.0.1 newiframe.biz
127.0.0.1 nylonsexy.com
127.0.0.1 pizdato.biz
127.0.0.1 sexfiles.nu
127.0.0.1 slutmania.biz
127.0.0.1 sp2fucked.biz
127.0.0.1 toolbarpartner.com
127.0.0.1 vesbiz.biz
127.0.0.1 virgin-tgp.net
127.0.0.1 vparivalka.com
127.0.0.1 x.full-tgp.net
127.0.0.1 toolbar.cc
127.0.0.1 himen.biz
127.0.0.1 msupdater.net
127.0.0.1 www.msupdater.net
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 971searchbox.com
127.0.0.1 www.971searchbox.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 clickhere4search.com
127.0.0.1 www.clickhere4search.com
127.0.0.1 clicktomakeasearch.com
127.0.0.1 www.clicktomakeasearch.com
127.0.0.1 directsearchzone.com
127.0.0.1 www.directsearchzone.com
127.0.0.1 easysearch4you.com
127.0.0.1 www.easysearch4you.com
127.0.0.1 enterthesearch.com
127.0.0.1 www.enterthesearch.com
127.0.0.1 esearch2005.com
127.0.0.1 www.esearch2005.com
127.0.0.1 eza1netsearch.com
127.0.0.1 www.eza1netsearch.com
127.0.0.1 ezwebsearching.com
127.0.0.1 www.ezwebsearching.com
127.0.0.1 globalefinder.com
127.0.0.1 www.globalefinder.com
127.0.0.1 go2realsearch.com
127.0.0.1 www.go2realsearch.com
127.0.0.1 myseachexplorer.com
127.0.0.1 www.myseachexplorer.com
127.0.0.1 quicksearch360.com
127.0.0.1 www.quicksearch360.com
127.0.0.1 s1s1s1search.com
127.0.0.1 www.s1s1s1search.com
127.0.0.1 search101online.com
127.0.0.1 www.search101online.com
127.0.0.1 search123forme.com
127.0.0.1 www.search123forme.com
127.0.0.1 search345quest.com
127.0.0.1 www.search345quest.com
127.0.0.1 searchmiracle.com
127.0.0.1 www.searchmiracle.com
127.0.0.1 searchtheworld4you.com
127.0.0.1 www.searchtheworld4you.com
127.0.0.1 searchwebzone.com
127.0.0.1 www.searchwebzone.com
127.0.0.1 seektheglobe.com
127.0.0.1 www.seektheglobe.com
127.0.0.1 sitesearchcentral.com
127.0.0.1 www.sitesearchcentral.com
127.0.0.1 the818search-co.com
127.0.0.1 www.the818search-co.com
127.0.0.1 type2find.com
127.0.0.1 www.type2find.com
127.0.0.1 xosearchox.com
127.0.0.1 www.xosearchox.com
127.0.0.1 yoursearchspace.com
127.0.0.1 www.yoursearchspace.com
127.0.0.1 httpwwwads.com
127.0.0.1 www.httpwwwads.com
127.0.0.1 adshttp.com
127.0.0.1 www.adshttp.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adsonwww.com
127.0.0.1 dnaads.com
127.0.0.1 www.dnaads.com
127.0.0.1 marketengines.com
127.0.0.1 www.marketengines.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 a-d-w-a-r-e.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 securityindex.net
127.0.0.1 www.securityindex.net
127.0.0.1 sexpicsporn.com
127.0.0.1 www.sexpicsporn.com
127.0.0.1 free-spybot.com
127.0.0.1 www.free-spybot.com
127.0.0.1 cashengines.com
127.0.0.1 www.cashengines.com
127.0.0.1 microsoftantispyware.net
127.0.0.1 www.microsoftantispyware.net
127.0.0.1 mircosoftantispy.com
127.0.0.1 www.mircosoftantispy.com
127.0.0.1 msantispy.com
127.0.0.1 www.msantispy.com
127.0.0.1 netspyprotector.com
127.0.0.1 www.netspyprotector.com
127.0.0.1 avforce.com
127.0.0.1 www.avforce.com
127.0.0.1 savehits.com
127.0.0.1 www.savehits.com
127.0.0.1 saveli.com
127.0.0.1 www.saveli.com
127.0.0.1 metastop.com
127.0.0.1 www.metastop.com
127.0.0.1 perlink.biz
127.0.0.1 www.perlink.biz
127.0.0.1 highdialer.com
127.0.0.1 www.highdialer.com
127.0.0.1 online-more.com
127.0.0.1 www.online-more.com
127.0.0.1 www.syserrors.com
127.0.0.1 www.vcodec.com
127.0.0.1 toolbartraff.biz
127.0.0.1 www.toolbartraff.biz
127.0.0.1 pcadprotector.cc
127.0.0.1 www.pcadprotector.cc
127.0.0.1 airtleworld.com
127.0.0.1 www.airtleworld.com
127.0.0.1 domaincar.com
127.0.0.1 www.domaincar.com
127.0.0.1 worldray.com
127.0.0.1 www.worldray.com
127.0.0.1 www5.worldray.com
127.0.0.1 www6.worldray.com
127.0.0.1 www.spytrooper.com
127.0.0.1 spytrooper.com
127.0.0.1 dl.ad-ware.cc
127.0.0.1 ad-ware.cc
127.0.0.1 downloads.adaware.cc
127.0.0.1 adaware.cc
127.0.0.1 hitscount.net
127.0.0.1 count.hitscount.net
127.0.0.1 fined.biz
127.0.0.1 de.ag
127.0.0.1 games.de.ag
127.0.0.1 www.games.de.ag
127.0.0.1 little-download.net
127.0.0.1 www.little-download.net
127.0.0.1 little-help.com
127.0.0.1 www.little-help.com
127.0.0.1 www.spyaxe.net
127.0.0.1 www.spyaxe.com
127.0.0.1 www.spyaxe.biz
127.0.0.1 www.malwarewipe.com
127.0.0.1 dl.malwarewipe.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 unionseek.com
127.0.0.1 www.unionseek.com
127.0.0.1 sirh0t.blackhats.tc
127.0.0.1 blackhats.tc
127.0.0.1 www.blackhats.tc
127.0.0.1 ritztours.com
127.0.0.1 www.ritztours.com
127.0.0.1 flashflashmx.3322.org
127.0.0.1 3322.org
127.0.0.1 www.3322.org
127.0.0.1 jupitersatellites.biz
127.0.0.1 www.jupitersatellites.biz
127.0.0.1 yops.biz
127.0.0.1 www.yops.biz
127.0.0.1 goldengr.hypermart.net
127.0.0.1 web-nexus.net
127.0.0.1 safe-sales.biz
127.0.0.1 www.safe-sales.biz
127.0.0.1 jerrynews.com
127.0.0.1 www.jerrynews.com
127.0.0.1 Teslaplus.com
127.0.0.1 www.Teslaplus.com
127.0.0.1 WorldAntiSpy.com
127.0.0.1 www.WorldAntiSpy.com
127.0.0.1 www.securitycaution.com
127.0.0.1 securitycaution.com
127.0.0.1 adservs.com
127.0.0.1 csx.adservs.com
127.0.0.1 www.csx.adservs.com
127.0.0.1 toolbarbest.biz
127.0.0.1 www.toolbarbest.biz
127.0.0.1 game4all.biz
127.0.0.1 www.game4all.biz
127.0.0.1 wm.kannylizaciya.info
127.0.0.1 www.wm.kannylizaciya.info
127.0.0.1 wm.buhartes.info
127.0.0.1 www.wm.buhartes.info
127.0.0.1 login.fric.cn
127.0.0.1 www.login.fric.cn
127.0.0.1 xsremover.com
127.0.0.1 www.xsremover.com
127.0.0.1 spydeface.com
127.0.0.1 www.spydeface.com
127.0.0.1 alfacleaner.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 innovagest2000.com
127.0.0.1 www.innovagest2000.com
127.0.0.1 www.thespyguard.com
127.0.0.1 thespyguard.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 adwarepunisher.com
127.0.0.1 www.spyiblock.com
127.0.0.1 spyiblock.com
127.0.0.1 www.uvu-channel.com
127.0.0.1 uvu-channel.com
127.0.0.1 www.hachimitsu-lemon.com
127.0.0.1 hachimitsu-lemon.com
127.0.0.1 SEARCHTOFIND.NET
127.0.0.1 www.SEARCHTOFIND.NET
127.0.0.1 www.pestrap.com
127.0.0.1 pestrap.com
127.0.0.1 uptodatesecurity.com
127.0.0.1 www.uptodatesecurity.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 download.abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 qmex.psyche-evolution.com
127.0.0.1 www.qmex.psyche-evolution.com
127.0.0.1 core.psyche-evolution.com
127.0.0.1 www.core.psyche-evolution.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 scanandrepair.com
127.0.0.1 www.scanandrepair.com
127.0.0.1 uydsiygeds.com
127.0.0.1 www.uydsiygeds.com
127.0.0.1 pesttrap.com
127.0.0.1 www.pesttrap.com
127.0.0.1 adwarebazooka.com
127.0.0.1 get.adwarebazooka.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 kliksoftware.com
127.0.0.1 www.kliksoftware.com
127.0.0.1 hitvirus.com
127.0.0.1 get.hitvirus.com
127.0.0.1 www.hitvirus.com
127.0.0.1 promo.dollarrevenue.com
127.0.0.1 www.promo.dollarrevenue.com
127.0.0.1 maxifile.com
127.0.0.1 www.maxifile.com
127.0.0.1 targetsaver.com
127.0.0.1 www.targetsaver.com
127.0.0.1 dl.targetsaver.com
127.0.0.1 www.dl.targetsaver.com
127.0.0.1 nonameforthisdomain.com
127.0.0.1 www.nonameforthisdomain.com
127.0.0.1 hypoteches.com
127.0.0.1 www.hypoteches.com
127.0.0.1 www.earthllnk.net
127.0.0.1 earthllnk.net
127.0.0.1 hostance.net
127.0.0.1 www.hostance.net
127.0.0.1 my-dedik-one.com
127.0.0.1 www.my-dedik-one.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 6sek.com
127.0.0.1 www.6sek.com
127.0.0.1 cashdeluxe.net
127.0.0.1 www.cashdeluxe.net
127.0.0.1 stats.cashdeluxe.net
127.0.0.1 www.stats.cashdeluxe.net
127.0.0.1 www.2006ooo.com
127.0.0.1 www.spyware-stop.com
127.0.0.1 spyware-stop.com
127.0.0.1 www.SpyShield.org
127.0.0.1 SpyShield.org
127.0.0.1 utils.winfixer.com
127.0.0.1 www.utils.winfixer.com
127.0.0.1 toolbarbucks.biz
127.0.0.1 www.toolbarbucks.biz
127.0.0.1 derklaif.biz
127.0.0.1 www.derklaif.biz
127.0.0.1 www.v-codec.com
127.0.0.1 v-codec.com
127.0.0.1 www.emediacodec.com
127.0.0.1 emediacodec.com
127.0.0.1 www.popentertain.com
127.0.0.1 popentertain.com
127.0.0.1 softwareprofit.com
127.0.0.1 www.softwareprofit.com
127.0.0.1 de.winantivirus.com
127.0.0.1 download.winantivirus.com
127.0.0.1 winantivirus.com
127.0.0.1 www.winantivirus.com
127.0.0.1 offers.bullseye-network.com
127.0.0.1 www.offers.bullseye-network.com
127.0.0.1 bullseye-network.com
127.0.0.1 www.bullseye-network.com
127.0.0.1 sponsor2.ucmore.com
127.0.0.1 www.sponsor2.ucmore.com
127.0.0.1 hostthesky.com
127.0.0.1 www.hostthesky.com
127.0.0.1 dbdecicated.com
127.0.0.1 www.dbdecicated.com
127.0.0.1 readagreement.net
127.0.0.1 www.readagreement.net
127.0.0.1 gl.secdep.info
127.0.0.1 www.gl.secdep.info
127.0.0.1 spyfalcon.com
127.0.0.1 www.spyfalcon.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 spy-shield.com
127.0.0.1 www.spy-shield.com
127.0.0.1 winnanny.com
127.0.0.1 www.winnanny.com
127.0.0.1 winsoftware.com
127.0.0.1 www.winsoftware.com
127.0.0.1 winfirewall.com
127.0.0.1 www.winfirewall.com
127.0.0.1 winantispyware.com
127.0.0.1 www.winantispyware.com
127.0.0.1 udefender.com
127.0.0.1 www.udefender.com
127.0.0.1 bravesentry.com
127.0.0.1 www.bravesentry.com
127.0.0.1 content.dollarrevenue.com
127.0.0.1 www.content.dollarrevenue.com
127.0.0.1 toolbar.azebar.com
127.0.0.1 www.toolbar.azebar.com
127.0.0.1 traffsale1.biz
127.0.0.1 www.traffsale1.biz
127.0.0.1 spywaredisinfector.com
127.0.0.1 www.spywaredisinfector.com
127.0.0.1 SpyCut.com
127.0.0.1 www.SpyCut.com
127.0.0.1 almanah.biz
127.0.0.1 www.almanah.biz
127.0.0.1 antispydns.biz
127.0.0.1 www.antispydns.biz
127.0.0.1 spyaxeupdate.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 malwarewipesupport.com
127.0.0.1 www.malwarewipesupport.com
127.0.0.1 remedyantispy.com
127.0.0.1 www.remedyantispy.com
127.0.0.1 systemstable.com
127.0.0.1 www.systemstable.com
127.0.0.1 whoisprivacyprotect.com
127.0.0.1 www.whoisprivacyprotect.com
127.0.0.1 prime.webhancer.com
127.0.0.1 www.prime.webhancer.com
127.0.0.1 webhancer.com
127.0.0.1 www.webhancer.com
127.0.0.1 dr.webhancer.com
127.0.0.1 www.dr.webhancer.com
127.0.0.1 dr2.webhancer.com
127.0.0.1 www.dr2.webhancer.com
127.0.0.1 www.onli-ne.com
127.0.0.1 spycontra.com
127.0.0.1 www.spycontra.com
127.0.0.1 anti-virus-pro.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 check.jupitersatellites.biz
127.0.0.1 www.check.jupitersatellites.biz
127.0.0.1 necessaryupdates.com
127.0.0.1 www.necessaryupdates.com
127.0.0.1 bestworldgirls-for-u.net
127.0.0.1 www.bestworldgirls-for-u.net
127.0.0.1 stejax.pl
127.0.0.1 www.stejax.pl
127.0.0.1 kitehosting.com
127.0.0.1 www.kitehosting.com
127.0.0.1 ware2006.com
127.0.0.1 www.ware2006.com
127.0.0.1 filestore.com
127.0.0.1 www.filestore.com
127.0.0.1 systemupdates.net
127.0.0.1 www.systemupdates.net
127.0.0.1 logs.vapochille.com
127.0.0.1 www.logs.vapochille.com
127.0.0.1 goldenfreehost.com
127.0.0.1 www.goldenfreehost.com
127.0.0.1 todaywarnings.com
127.0.0.1 www.todaywarnings.com
127.0.0.1 spywarequake.com
127.0.0.1 spywarequake.info
127.0.0.1 www.spywarequake.info
127.0.0.1 www.spywarequake.com
127.0.0.1 download2.spywarequake.com
127.0.0.1 download3.spywarequake.com
127.0.0.1 download4.spywarequake.com
127.0.0.1 download5.spywarequake.com
127.0.0.1 download7.spywarequake.com
127.0.0.1 download8.spywarequake.com
127.0.0.1 download9.spywarequake.com
127.0.0.1 download10.spywarequake.com
127.0.0.1 download11.spywarequake.com
127.0.0.1 download12.spywarequake.com
127.0.0.1 download13.spywarequake.com
127.0.0.1 download15.spywarequake.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 urgentsystemupdate.com
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 dl2.spywarestrike.com
127.0.0.1 dl3.spywarestrike.com
127.0.0.1 dl4.spywarestrike.com
127.0.0.1 dl5.spywarestrike.com
127.0.0.1 dl6.spywarestrike.com
127.0.0.1 dl7.spywarestrike.com
127.0.0.1 dl8.spywarestrike.com
127.0.0.1 nospywaresoft.com
127.0.0.1 spywarestrike.com
127.0.0.1 www.nospywaresoft.com
127.0.0.1 www.spywarestrike.com
127.0.0.1 spyaxesupport.com
127.0.0.1 www.spyaxesupport.com
127.0.0.1 download3.spyaxe.com
127.0.0.1 download4.spyaxe.com
127.0.0.1 download5.spyaxe.com
127.0.0.1 download6.spyaxe.com
127.0.0.1 dl2.spyfalcon.com
127.0.0.1 dl3.spyfalcon.com
127.0.0.1 dl4.spyfalcon.com
127.0.0.1 dl5.spyfalcon.com
127.0.0.1 dl9.spyfalcon.com
127.0.0.1 dl10.spyfalcon.com
127.0.0.1 dl16.spyfalcon.com
127.0.0.1 www.sgrunt.biz
127.0.0.1 traffbest.biz
127.0.0.1 www.traffbest.biz
127.0.0.1 securityfeature.com
127.0.0.1 www.securityfeature.com
127.0.0.1 pimasoft.com
127.0.0.1 www.pimasoft.com
127.0.0.1 blackhawksoftware.com
127.0.0.1 www.blackhawksoftware.com
127.0.0.1 spy-sniper.com
127.0.0.1 www.spy-sniper.com
127.0.0.1 safetydefender.com
127.0.0.1 www.safetydefender.com
127.0.0.1 securitywarnings.net
127.0.0.1 www.securitywarnings.net
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 antispylab.com
127.0.0.1 www.antispylab.com
127.0.0.1 spywaresheriff.com
127.0.0.1 www.spywaresheriff.com
127.0.0.1 allmegabucks.com
127.0.0.1 www.allmegabucks.com
127.0.0.1 rizalof.com
127.0.0.1 www.rizalof.com
127.0.0.1 rc.rizalof.com
127.0.0.1 media-codec.com
127.0.0.1 www.media-codec.com
127.0.0.1 SpywareScraper.com
127.0.0.1 www.SpywareScraper.com
127.0.0.1 crystalysmedia.com
127.0.0.1 www.crystalysmedia.com
127.0.0.1 180solutions.com
127.0.0.1 cts.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 uploads.180solutions.com
127.0.0.1 installs.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 ping.180solutions.com
127.0.0.1 tv.180solutions.com
127.0.0.1 nowhere.180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 theguardservices.com
127.0.0.1 www.theguardservices.com
127.0.0.1 securitybulletin.net
127.0.0.1 www.securitybulletin.net
127.0.0.1 www.supernet.speedserv.com
127.0.0.1 spyonthis.net
127.0.0.1 download.spyonthis.net
127.0.0.1 www.spyonthis.net
127.0.0.1 hijack-this.net
127.0.0.1 www.hijack-this.net
127.0.0.1 errorsafe.com
127.0.0.1 de.errorsafe.com
127.0.0.1 download.errorsafe.com
127.0.0.1 www.errorsafe.com
127.0.0.1 amaena.com
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 instlog.winfixer.com
127.0.0.1 winfixer2006.com
127.0.0.1 www.winfixer2006.com
127.0.0.1 webtopsecurity.com
127.0.0.1 www.webtopsecurity.com
127.0.0.1 traff5all.biz
127.0.0.1 www.traff5all.biz
127.0.0.1 1-extreme.biz
127.0.0.1 www.1-extreme.biz
127.0.0.1 download.bravesentry.com
127.0.0.1 www.download.bravesentry.com
127.0.0.1 evko.biz
127.0.0.1 www.evko.biz
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 download.secureyournet.biz
127.0.0.1 www.download.secureyournet.biz
127.0.0.1 secureyournet.biz
127.0.0.1 www.secureyournet.biz
127.0.0.1 windupdates.com
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdbiz.biz
127.0.0.1 spywarelabs.com
127.0.0.1 www.spywarelabs.com
127.0.0.1 traffweb1.biz
127.0.0.1 www.traffweb1.biz
127.0.0.1 newtoolbar.biz
127.0.0.1 www.newtoolbar.biz
127.0.0.1 buytraff.biz
127.0.0.1 www.buytraff.biz
127.0.0.1 safetyuptodate.com
127.0.0.1 www.safetyuptodate.com
127.0.0.1 crazywinnings.com
127.0.0.1 frame.crazywinnings.com
127.0.0.1 www.crazywinnings.com
127.0.0.1 topconverting.com
127.0.0.1 www.topconverting.com
127.0.0.1 casalemedia.com
127.0.0.1 b.casalemedia.com
127.0.0.1 www.casalemedia.com
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 admin2cash.biz
127.0.0.1 www.admin2cash.biz
127.0.0.1 advcash.biz
127.0.0.1 www.advcash.biz
127.0.0.1 all4internet.com
127.0.0.1 www.all4internet.com
127.0.0.1 bettersearch.biz
127.0.0.1 www.bettersearch.biz
127.0.0.1 c4tdownload.com
127.0.0.1 www.c4tdownload.com
127.0.0.1 clickspring.net
127.0.0.1 www.clickspring.net
127.0.0.1 contentmatch.net
127.0.0.1 www.contentmatch.net
127.0.0.1 dialer-shop.com
127.0.0.1 www.dialer-shop.com
127.0.0.1 dialoff.com
127.0.0.1 www.dialoff.com
127.0.0.1 energy-factor.com
127.0.0.1 www.energy-factor.com
127.0.0.1 hardcorefantasyland.com
127.0.0.1 www.hardcorefantasyland.com
127.0.0.1 hardfootballbabes.com
127.0.0.1 www.hardfootballbabes.com
127.0.0.1 linkautomatici.com
127.0.0.1 www.linkautomatici.com
127.0.0.1 master69.biz
127.0.0.1 www.master69.biz
127.0.0.1 master70.biz
127.0.0.1 www.master70.biz
127.0.0.1 master71.biz
127.0.0.1 www.master71.biz
127.0.0.1 mcdial.biz
127.0.0.1 www.mcdial.biz
127.0.0.1 mt-download.com
127.0.0.1 www.mt-download.com
127.0.0.1 my-teensex.com
127.0.0.1 overpro.com
127.0.0.1 private-dialer.biz
127.0.0.1 private-iframe.biz
127.0.0.1 redfunny.com
127.0.0.1 scoobidoo.com
127.0.0.1 skoobidoo.com
127.0.0.1 sexvideopro.com
127.0.0.1 storage-tasp.com
127.0.0.1 xbeta69.com
127.0.0.1 securityuptodate.net
127.0.0.1 www.securityuptodate.net
127.0.0.1 troonety.biz
127.0.0.1 www.troonety.biz
127.0.0.1 zurrusco.com
127.0.0.1 www.zurrusco.com
127.0.0.1 breenten.biz
127.0.0.1 www.breenten.biz
127.0.0.1 votreenton.biz
127.0.0.1 www.votreenton.biz
127.0.0.1 ozonung.biz
127.0.0.1 www.ozonung.biz
127.0.0.1 digikeygen.com
127.0.0.1 www.digikeygen.com
127.0.0.1 5starvideos.com
127.0.0.1 www.5starvideos.com
127.0.0.1 moviereality.com
127.0.0.1 www.moviereality.com
127.0.0.1 perfectedsecurity.com
127.0.0.1 www.perfectedsecurity.com
127.0.0.1 securityprecaution.net
127.0.0.1 www.securityprecaution.net
127.0.0.1 securityupdatesite.com
127.0.0.1 www.securityupdatesite.com
127.0.0.1 dns-look-up.com
127.0.0.1 www.dns-look-up.com
127.0.0.1 ayb.dns-look-up.com
127.0.0.1 search200.com
127.0.0.1 www.search200.com
127.0.0.1 404dns.com
127.0.0.1 www.404dns.com
127.0.0.1 mcboo.com
127.0.0.1 dr.mcboo.com
127.0.0.1 www.mcboo.com
127.0.0.1 appealcircuit.com
127.0.0.1 www.appealcircuit.com
127.0.0.1 balotierra.com
127.0.0.1 www.balotierra.com
127.0.0.1 oldflock.com
127.0.0.1 www.oldflock.com
127.0.0.1 pornmagpass.com
127.0.0.1 www.pornmagpass.com
127.0.0.1 dailypornmag.com
127.0.0.1 www.dailypornmag.com
127.0.0.1 babespornmag.com
127.0.0.1 www.babespornmag.com
127.0.0.1 teenspornmag.com
127.0.0.1 www.teenspornmag.com
127.0.0.1 maturespornmag.com
127.0.0.1 www.maturespornmag.com
127.0.0.1 hardcorepornmag.com
127.0.0.1 www.hardcorepornmag.com
127.0.0.1 gayspornmag.com
127.0.0.1 www.gayspornmag.com
127.0.0.1 topsecuritysite.net
127.0.0.1 www.topsecuritysite.net
127.0.0.1 bestsafetyguide.net
127.0.0.1 www.bestsafetyguide.net
127.0.0.1 searchweb2.com
127.0.0.1 www.searchweb2.com
127.0.0.1 www.lop.com
127.0.0.1 vidscodec.com
127.0.0.1 www.vidscodec.com
127.0.0.1 newvidscodec.net
127.0.0.1 www.newvidscodec.net
127.0.0.1 media-codec.net
127.0.0.1 www.media-codec.net
127.0.0.1 mediacodec.net
127.0.0.1 www.mediacodec.net
127.0.0.1 imediacodec.com
127.0.0.1 www.imediacodec.com
127.0.0.1 emcodec.com
127.0.0.1 www.emcodec.com
127.0.0.1 vicodec.com
127.0.0.1 www.vicodec.com
127.0.0.1 xpasswordmanager.com
127.0.0.1 www.xpasswordmanager.com
127.0.0.1 cracks4all.com
127.0.0.1 www.cracks4all.com
127.0.0.1 media-motor.net
127.0.0.1 mmm.media-motor.net
127.0.0.1 bins.media-motor.net
127.0.0.1 bins2.media-motor.net
127.0.0.1 logs.media-motor.net
127.0.0.1 mmohsix.com
127.0.0.1 www.mmohsix.com
127.0.0.1 pops.mmohsix.com
127.0.0.1 megalocast.net
127.0.0.1 js.megalocast.net
127.0.0.1 www.megalocast.net
127.0.0.1 dl.web-nexus.net
127.0.0.1 movies-etc.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 cdn2.movies-etc.com
127.0.0.1 internet-optimizer.com
127.0.0.1 www.internet-optimizer.com
127.0.0.1 888.com
127.0.0.1 www.888.com
127.0.0.1 images.888.com
127.0.0.1 surfsidekick.com
127.0.0.1 www.surfsidekick.com
127.0.0.1 sdl.surfsidekick.com
127.0.0.1 kmpads.com
127.0.0.1 www.kmpads.com
127.0.0.1 ads.kmpads.com
127.0.0.1 zipcodec.com
127.0.0.1 www.zipcodec.com
127.0.0.1 ibankis.org
127.0.0.1 www.ibankis.org
127.0.0.1 adwarefinder.com
127.0.0.1 www.adwarefinder.com
127.0.0.1 nbcsearch.com
127.0.0.1 www.nbcsearch.com
127.0.0.1 TBCODE.COM
127.0.0.1 www.TBCODE.COM
127.0.0.1 1987324.com
127.0.0.1 www.1987324.com
127.0.0.1 www.archiviosex.net
127.0.0.1 sysnetsecurity.com
127.0.0.1 www.sysnetsecurity.com
127.0.0.1 sysnetsecurity.net
127.0.0.1 www.sysnetsecurity.net
127.0.0.1 error404site.com
127.0.0.1 www.error404site.com
127.0.0.1 error404site.net
127.0.0.1 www.error404site.net
127.0.0.1 wm.vother.info
127.0.0.1 www.wm.vother.info
127.0.0.1 vother.info
127.0.0.1 www.vother.info
127.0.0.1 wm.komforochka.info
127.0.0.1 www.wm.komforochka.info
127.0.0.1 komforochka.info
127.0.0.1 www.komforochka.info
127.0.0.1 hervam.com
127.0.0.1 www.hervam.com
127.0.0.1 www.nunah.info
127.0.0.1 nunah.info
127.0.0.1 www.searchmeup.com
127.0.0.1 www.searchcolours.com
127.0.0.1 searchcolours.com
127.0.0.1 brodbfm.net
127.0.0.1 www.brodbfm.net
127.0.0.1 easybestdeals.com
127.0.0.1 www.easybestdeals.com
127.0.0.1 spywareno.com
127.0.0.1 www.spywareno.com
127.0.0.1 spyheal.com
127.0.0.1 www.spyheal.com
127.0.0.1 www.streamxs.ws
127.0.0.1 streamxs.ws
127.0.0.1 asta-killer.com
127.0.0.1 newmediaidea.com
127.0.0.1 www.newmediaidea.com
127.0.0.1 syssecuritysite.net
127.0.0.1 www.syssecuritysite.net
127.0.0.1 aulde.net
127.0.0.1 www.aulde.net
127.0.0.1 searchdrive.info
127.0.0.1 wwwsearchdrive.info
127.0.0.1 download.bardownload.com
127.0.0.1 www.download.bardownload.com
127.0.0.1 bardownload.com
127.0.0.1 www.bardownload.com
127.0.0.1 intcodec.com
127.0.0.1 www.intcodec.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 uptofind.com
127.0.0.1 www.uptofind.com
127.0.0.1 homelandnetwork.COM
127.0.0.1 www.homelandnetwork.COM
127.0.0.1 getmirar.com
127.0.0.1 mirarsearch.com
127.0.0.1 net-nucleus.com
127.0.0.1 zenotecnico.com
127.0.0.1 www.zenotecnico.com
127.0.0.1 zenotecnico2.com
127.0.0.1 www.zenotecnico2.com
127.0.0.1 surfaccuracy.com
127.0.0.1 www.surfaccuracy.com
127.0.0.1 cache.surfaccuracy.com
127.0.0.1 www.cache.surfaccuracy.com
127.0.0.1 www.the.007guard.com
127.0.0.1 the.007guard.com
127.0.0.1 install.007guard.com
127.0.0.1 www.install.007guard.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 feeds.2search.com
127.0.0.1 www.feeds.2search.com
127.0.0.1 2search.com
127.0.0.1 www.2search.com
127.0.0.1 feeds2.2search.org
127.0.0.1 www.feeds2.2search.org
127.0.0.1 2search.org
127.0.0.1 www.2search.org
127.0.0.1 zangocash.com
127.0.0.1 www.zangocash.com
127.0.0.1 static.zangocash.com
127.0.0.1 www.static.zangocash.com
127.0.0.1 public.zangocash.com
127.0.0.1 www.public.zangocash.com
127.0.0.1 code.ignphrases.com
127.0.0.1 www.ignphrases.com
127.0.0.1 ignphrases.com
127.0.0.1 www.igetnet.com
127.0.0.1 igetnet.com
127.0.0.1 www.topbrowsing.com
127.0.0.1 topbrowsing.com
127.0.0.1 www.download.jupitersatellites.biz
127.0.0.1 download.jupitersatellites.biz
127.0.0.1 voghp.com
127.0.0.1 www.voghp.com
127.0.0.1 zhmbscwdgk.biz
127.0.0.1 www.zhmbscwdgk.biz
127.0.0.1 zabywjwzlr.biz.biz
127.0.0.1 www.zabywjwzlr.biz.biz
127.0.0.1 i-femdom.com
127.0.0.1 www.i-femdom.com
127.0.0.1 buy-find.info
127.0.0.1 www.buy-find.info
127.0.0.1 searche.info
127.0.0.1 www.searche.info
127.0.0.1 easy-pharmacy.info
127.0.0.1 www.easy-pharmacy.info
127.0.0.1 good-casino.net
127.0.0.1 www.good-casino.net
127.0.0.1 busysearch.net
127.0.0.1 www.busysearch.net
127.0.0.1 1001-search.info
127.0.0.1 www.1001-search.info
127.0.0.1 24-7pharmacy.info
127.0.0.1 www.24-7pharmacy.info
127.0.0.1 dating-galaxy.info
127.0.0.1 www.dating-galaxy.info
127.0.0.1 spyware-best.com
127.0.0.1 www.spyware-best.com
127.0.0.1 easyspyware.com
127.0.0.1 www.easyspyware.com
127.0.0.1 best-spyware.info
127.0.0.1 www.best-spyware.info
127.0.0.1 anyofus.com
127.0.0.1 www.anyofus.com
127.0.0.1 specialoems.com
127.0.0.1 www.specialoems.com
127.0.0.1 svideocodec.com
127.0.0.1 www.svideocodec.com
127.0.0.1 getpornmag.com
127.0.0.1 www.getpornmag.com
127.0.0.1 animepornmag.com
127.0.0.1 www.animepornmag.com
127.0.0.1 syssecuritypage.com
127.0.0.1 www.syssecuritypage.com
127.0.0.1 safetyhomepage.com
127.0.0.1 www.safetyhomepage.com
127.0.0.1 CashUnlim.com
127.0.0.1 www.CashUnlim.com
127.0.0.1 bdsmpornmag.com
127.0.0.1 www.bdsmpornmag.com
127.0.0.1 ebonypornmag.com
127.0.0.1 www.ebonypornmag.com
127.0.0.1 nylonporn.com
127.0.0.1 www.nylonporn.com
127.0.0.1 uniformpornmag.com
127.0.0.1 www.uniformpornmag.com
127.0.0.1 maturepornmag.com
127.0.0.1 www.maturepornmag.com
127.0.0.1 pornstarspornmag.com
127.0.0.1 www.pornstarspornmag.com
127.0.0.1 shemalepornmag.com
127.0.0.1 www.shemalepornmag.com
127.0.0.1 lesbianpornmag.com
127.0.0.1 www.lesbianpornmag.com
127.0.0.1 dailytoolbar.com
127.0.0.1 www.dailytoolbar.com
127.0.0.1 maturetoolbar.com
127.0.0.1 www.maturetoolbar.com
127.0.0.1 asiantoolbar.com
127.0.0.1 www.asiantoolbar.com
127.0.0.1 www.ac66.cn
127.0.0.1 ac66.cn
127.0.0.1 mir.100888290cs.com
127.0.0.1 woool.100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 ert0003.e76.163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 www.chenshijituan.com
127.0.0.1 chenshijituan.com
127.0.0.1 www.u7u.cn
127.0.0.1 u7u.cn
127.0.0.1 www.wg581.com
127.0.0.1 wg581.com
127.0.0.1 jhzjyj.bigwww.com
127.0.0.1 www.bigwww.com
127.0.0.1 bigwww.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.tzxsj.com
127.0.0.1 tzxsj.com
127.0.0.1 www.q36.cn
127.0.0.1 q36.cn
127.0.0.1 down.136136.net
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 s59.cnzz.com
127.0.0.1 www.cnzz.com
127.0.0.1 cnzz.com
127.0.0.1 ulink13.dudu.com
127.0.0.1 ulink7.dudu.com
127.0.0.1 www.dudu.com
127.0.0.1 dudu.com
127.0.0.1 dcdl.dmcast.com
127.0.0.1 www.dmcast.com
127.0.0.1 dcww.dmcast.com
127.0.0.1 ibm.dmcast.com
127.0.0.1 dmcast.com
127.0.0.1 worldtostart.com
127.0.0.1 www.worldtostart.com
127.0.0.1 deskbar.worldtostart.com
127.0.0.1 www.deskbar.worldtostart.com
127.0.0.1 www.dotcomtoolbar.com
127.0.0.1 dotcomtoolbar.com
127.0.0.1 search.findthewebsiteyouneed.com
127.0.0.1 www.search.findthewebsiteyouneed.com
127.0.0.1 easywww.info
127.0.0.1 www.easywww.info
127.0.0.1 f1organizer.com
127.0.0.1 www.f1organizer.com
127.0.0.1 gamehouse.com
127.0.0.1 www.gamehouse.com
127.0.0.1 totalvelocity.com
127.0.0.1 www.totalvelocity.com
127.0.0.1 webnetinfo.net
127.0.0.1 www.webnetinfo.net
127.0.0.1 srfgate.com
127.0.0.1 www.srfgate.com
127.0.0.1 infport.com
127.0.0.1 www.infport.com
127.0.0.1 instafinder.com
127.0.0.1 www.instafinder.com
127.0.0.1 megasearchbar.com
127.0.0.1 www.megasearchbar.com
127.0.0.1 ccecaedbebfcaf.com
127.0.0.1 www.ccecaedbebfcaf.com
127.0.0.1 pcodec.com
127.0.0.1 www.pcodec.com
127.0.0.1 lightspeedsearch.net
127.0.0.1 www.lightspeedsearch.net
127.0.0.1 websopot.com
127.0.0.1 www.websopot.com
127.0.0.1 superbgirlz.com
127.0.0.1 asdeykuddq.com
127.0.0.1 asidseiupc.com
127.0.0.1 fjsynebcod.com
127.0.0.1 qiudheadsd.com
127.0.0.1 www.superbgirlz.com
127.0.0.1 www.asdeykuddq.com
127.0.0.1 www.asidseiupc.com
127.0.0.1 www.fjsynebcod.com
127.0.0.1 www.qiudheadsd.com
127.0.0.1 www.trackhits.cc
127.0.0.1 resultplacement.com
127.0.0.1 www.resultplacement.com
127.0.0.1 smartprotect.info
127.0.0.1 www.smartprotect.info
127.0.0.1 best-voyeur.info
127.0.0.1 www.best-voyeur.info
127.0.0.1 Search-Daily.com
127.0.0.1 www.Search-Daily.com
127.0.0.1 yahabags.com
127.0.0.1 www.yahabags.com
127.0.0.1 www.freecat.biz
127.0.0.1 freecat.biz
127.0.0.1 www.beebappyy.biz
127.0.0.1 beebappyy.biz
127.0.0.1 costrike.com
127.0.0.1 www.costrike.com
127.0.0.1 tgpie.com
127.0.0.1 www.tgpie.com
127.0.0.1 searcher.tgpie.com
127.0.0.1 www.searcher.tgpie.com
127.0.0.1 seproger.com
127.0.0.1 www.seproger.com
127.0.0.1 anysn.seproger.com
127.0.0.1 www.anysn.seproger.com
127.0.0.1 thereall.realfet.com
127.0.0.1 www.thereall.realfet.com
127.0.0.1 greatbahamas.com
127.0.0.1 www.greatbahamas.com
127.0.0.1 fn777.greatbahamas.com
127.0.0.1 www.fn777.greatbahamas.com
127.0.0.1 sef516.greatbahamas.com
127.0.0.1 www.sef516.greatbahamas.com
127.0.0.1 rich777.greatbahamas.com
127.0.0.1 www.rich777.greatbahamas.com
127.0.0.1 rng650.greatbahamas.com
127.0.0.1 www.rng650.greatbahamas.com
127.0.0.1 realm.superbahamas.com
127.0.0.1 www.realm.superbahamas.com
127.0.0.1 enhance.com
127.0.0.1 www.enhance.com
127.0.0.1 c.enhance.com
127.0.0.1 www.c.enhance.com
127.0.0.1 adservices1.enhance.com
127.0.0.1 www.adservices1.enhance.com
127.0.0.1 traffic-ssl1.com
127.0.0.1 www.traffic-ssl1.com
127.0.0.1 traffic-acc.com
127.0.0.1 www.traffic-acc.com
127.0.0.1 filetretporn.com
127.0.0.1 www.filetretporn.com
127.0.0.1 uncj.filetretporn.com
127.0.0.1 www.uncj.filetretporn.com
127.0.0.1 rzvonporn.com
127.0.0.1 www.rzvonporn.com
127.0.0.1 theaimonline.com
127.0.0.1 www.theaimonline.com
127.0.0.1 bm.theaimonline.com
127.0.0.1 www.bm.theaimonline.com
127.0.0.1 kqzyfj.com
127.0.0.1 www.kqzyfj.com
127.0.0.1 apmebf.com
127.0.0.1 www.apmebf.com
127.0.0.1 emjcd.com
127.0.0.1 www.emjcd.com
127.0.0.1 upspiral.com
127.0.0.1 www.upspiral.com
127.0.0.1 lovezest.com
127.0.0.1 www.lovezest.com
127.0.0.1 maxysize.com
127.0.0.1 www.maxysize.com
127.0.0.1 camouflageclothingonline.net
127.0.0.1 www.camouflageclothingonline.net
127.0.0.1 getfound.com
127.0.0.1 www.getfound.com
127.0.0.1 search.getfound.com
127.0.0.1 www.search.getfound.com
127.0.0.1 searchfeed.com
127.0.0.1 www.searchfeed.com
127.0.0.1 netster.com
127.0.0.1 www.netster.com
127.0.0.1 ireit.com
127.0.0.1 www.ireit.com
127.0.0.1 content.ireit.com
127.0.0.1 www.content.ireit.com
127.0.0.1 toseeka.com
127.0.0.1 www.toseeka.com
127.0.0.1 zcodec.com
127.0.0.1 www.zcodec.com
127.0.0.1 strcodec.com
127.0.0.1 www.strcodec.com
127.0.0.1 uglyphotos.net
127.0.0.1 www.uglyphotos.net
127.0.0.1 imcodec.com
127.0.0.1 www.imcodec.com
127.0.0.1 softcodec.com
127.0.0.1 www.softcodec.com
127.0.0.1 dvdcodec.net
127.0.0.1 www.dvdcodec.net
127.0.0.1 playercodec.net
127.0.0.1 www.playercodec.net
127.0.0.1 lightcodec.com
127.0.0.1 www.lightcodec.com
127.0.0.1 winmediacodec.com
127.0.0.1 www.winmediacodec.com
127.0.0.1 videoscodec.com
127.0.0.1 www.videoscodec.com
127.0.0.1 mmcodec.com
127.0.0.1 www.mmcodec.com
127.0.0.1 xpassgenerator.com
127.0.0.1 www.xpassgenerator.com
127.0.0.1 mypornmagpass.com
127.0.0.1 www.mypornmagpass.com
127.0.0.1 searchbee.net
127.0.0.1 www.searchbee.net
127.0.0.1 warez.com
127.0.0.1 www.warez.com
127.0.0.1 srv.warez.com
127.0.0.1 prosearching.com
127.0.0.1 www.prosearching.com
127.0.0.1 zelaznyworld.com
127.0.0.1 www.zelaznyworld.com
127.0.0.1 mabou.org
127.0.0.1 net.mabou.org
127.0.0.1 www.mabou.org
127.0.0.1 infectedkernel.com
127.0.0.1 www.infectedkernel.com
127.0.0.1 qippi.com
127.0.0.1 www.qippi.com
127.0.0.1 ad.yieldmanager.com
127.0.0.1 www.ad.yieldmanager.com
127.0.0.1 ad.marketingsector.com
127.0.0.1 www.ad.marketingsector.com
127.0.0.1 adnet-plus.com
127.0.0.1 wwww.adnet-plus.com
127.0.0.1 firstgoodsearch.com
127.0.0.1 www.firstgoodsearch.com
127.0.0.1 myfuncards.smileycentral.com
et le second repport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:08, on 23/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Psycho\Menu Démarrer\Programmes\Démarrage\Q3E Minimizer_v1.30.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\HiJackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: Q3E Minimizer_v1.30.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer = 192.168.1.1,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer = 192.168.1.1,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer = 192.168.1.1,80.10.246.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5016 bytes
Bonjour
Le rapport de Smifraudfix est incomplet, car ton fichier hosts est infecté.
Reposte le sans les lignes 127.0.0.1 www.xxxxxxxxxxx.
Poste aussi le rapport de Clean.
Télécharge R-Hosts
http://siri.urz.free.fr/RHosts.php
Installe le sur le Bureau.
Lance le. Clique sur Restaurer.
Confirme.
Ferme le programme.
Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !
- A la fin de l'analyse, il te sera peut-être demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
Message édité par chercheur_ le 25-09-2007 à 19:25:35
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
SmitFraudFix v2.227
Rapport fait à 11:51:59,59, 25/09/2007
Executé à partir de C:\Documents and Settings\Psycho\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\Psycho\Menu Démarrer\Programmes\Démarrage\Q3E Minimizer_v1.30.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Psycho
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Psycho\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Psycho\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 80.10.246.129
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer=192.168.1.1,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer=192.168.1.1,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer=192.168.1.1,80.10.246.129
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
-------------
SmitFraudFix v2.227
Rapport fait à 11:55:59,84, 25/09/2007
Executé à partir de C:\Documents and Settings\Psycho\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 80.10.246.129
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer=192.168.1.1,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer=192.168.1.1,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0335FA9B-8C43-4C83-9FBA-0038517D7A22}: NameServer=192.168.1.1,80.10.246.129
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
rapport de clean : (il me met que ça désolé )
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 25/09/2007 a 12:01:16,45
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
rien de plus , je vais faire la suite ce que tu m'as dis .
DiagHelp version v1.2 - http://www.malekal.com
excute le 25/09/2007 à 13:15:06,18
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\RESTART.EXE-1089ADB2.pf -->22/09/2007 17:02:52
C:\WINDOWS\prefetch\SETUP.EXE-252FCA05.pf -->22/09/2007 17:02:50
C:\WINDOWS\prefetch\CTLAUNCH.EXE-327B61D4.pf -->22/09/2007 17:01:42
C:\WINDOWS\prefetch\REGEDIT.EXE-2EA023CC.pf -->22/09/2007 17:01:31
C:\WINDOWS\prefetch\CTREGSVR.EXE-1BF1E31E.pf -->22/09/2007 17:01:21
C:\WINDOWS\prefetch\IKERNEL.EXE-10B5CA75.pf -->22/09/2007 17:01:19
C:\WINDOWS\prefetch\CTHWACCL.EXE-00172337.pf -->22/09/2007 17:01:12
C:\WINDOWS\prefetch\READREG.EXE-31581EEB.pf -->22/09/2007 17:01:11
C:\WINDOWS\prefetch\CTHELPER.EXE-3B4B2C91.pf -->22/09/2007 17:01:07
C:\WINDOWS\prefetch\RUNONCE.EXE-02866B4A.pf -->22/09/2007 17:01:06
C:\WINDOWS\System32\drivers\fidbox.dat -->25/09/2007 12:34:48
C:\WINDOWS\System32\drivers\fidbox2.dat -->25/09/2007 12:15:29
C:\WINDOWS\System32\drivers\fidbox2.idx -->25/09/2007 01:58:24
C:\WINDOWS\System32\drivers\fidbox.idx -->25/09/2007 01:58:24
C:\WINDOWS\System32\drivers\PnkBstrK.sys -->16/09/2007 02:02:03
C:\WINDOWS\System32\drivers\hamachi.sys -->14/09/2007 17:26:55
C:\WINDOWS\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf -->09/09/2007 22:39:26
C:\WINDOWS\System32\tmp.txt -->25/09/2007 11:56:23
C:\WINDOWS\System32\tmp.reg -->25/09/2007 11:56:23
C:\WINDOWS\System32\wpa.dbl -->25/09/2007 10:38:44
C:\WINDOWS\System32\settingsbkup.sfm -->25/09/2007 01:58:24
C:\WINDOWS\System32\settings.sfm -->25/09/2007 01:58:24
C:\WINDOWS\System32\DVCState-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->25/09/2007 01:58:24
C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->25/09/2007 01:58:24
C:\WINDOWS\System32\BMXState-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->25/09/2007 01:58:24
C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->25/09/2007 01:58:24
C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->25/09/2007 01:58:24
C:\WINDOWS\System32\PerfStringBackup.INI -->22/09/2007 18:24:38
C:\WINDOWS\System32\perfh00C.dat -->22/09/2007 18:24:38
C:\WINDOWS\System32\perfh009.dat -->22/09/2007 18:24:38
C:\WINDOWS\System32\perfc00C.dat -->22/09/2007 18:24:38
C:\WINDOWS\System32\perfc009.dat -->22/09/2007 18:24:38
C:\WINDOWS\System32\OpenAL32.dll -->22/09/2007 17:01:06
C:\WINDOWS\System32\nvapps.xml -->20/09/2007 20:45:59
C:\WINDOWS\System32\cbefaac_r.ocx -->19/09/2007 15:46:58
C:\WINDOWS\System32\bbaaaeef6_r.dll -->19/09/2007 15:46:58
C:\WINDOWS\System32\BASSMOD.dll -->19/09/2007 01:14:24
C:\WINDOWS\System32\PnkBstrB.exe -->16/09/2007 02:01:39
C:\WINDOWS\System32\PnkBstrA.exe -->13/09/2007 15:39:25
C:\WINDOWS\System32\CmdLineExt.dll -->06/09/2007 17:09:38
C:\WINDOWS\System32\MRT.exe -->06/09/2007 04:50:42
C:\WINDOWS\System32\VCCLSID.exe -->06/09/2007 00:22:23
C:\WINDOWS\{00000002-00000000-00000008-00001102-00000008-10211102}.CDF -->25/09/2007 12:44:31
C:\WINDOWS\setupact.log -->25/09/2007 12:01:28
C:\WINDOWS\wiaservc.log -->25/09/2007 10:38:57
C:\WINDOWS\wiadebug.log -->25/09/2007 10:38:56
C:\WINDOWS\bootstat.dat -->25/09/2007 10:38:42
C:\WINDOWS\WindowsUpdate.log -->25/09/2007 01:58:21
C:\WINDOWS\{00000002-00000000-00000008-00001102-00000008-10211102}.BAK -->25/09/2007 01:58:18
C:\WINDOWS\setuperr.log -->23/09/2007 12:42:19
C:\WINDOWS\CTWave32.INI -->22/09/2007 16:58:10
C:\WINDOWS\sfbm.INI -->22/09/2007 16:57:11
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe -->19/09/2007 20:40:41
C:\WINDOWS\win.ini -->19/09/2007 14:35:37
C:\WINDOWS\system.ini -->19/09/2007 14:35:37
C:\WINDOWS\game.ini -->12/09/2007 18:26:46
C:\WINDOWS\WirelessFTP.INI -->10/09/2007 19:16:51
MD5 des fichiers sensibles
tcpip.sys b4e29943b4b04bd5e7381546848e6669
ndis.sys 558635d3af1c7546d26067d5d9b6959e
null.sys 73c1e1f395918bc2c6dd67af7591a3ad
svchost.exe 2979b03d5382a602623c0535b16ab9c0
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est 5C8B-524B
Répertoire de C:\WINDOWS\system32
19/08/2004 20:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 2 877 259 776 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est 5C8B-524B
Répertoire de C:\WINDOWS\Downloaded Program Files
09/07/2007 15:15 <REP> .
09/07/2007 15:15 <REP> ..
25/02/2007 16:44 65 desktop.ini
1 fichier(s) 65 octets
Total des fichiers listés :
1 fichier(s) 65 octets
2 Rép(s) 2 877 259 776 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"H:\\jeux\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="H:\\jeux\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:Enabled:SoF2MP"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:hlsw"
"H:\\jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe"="H:\\jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"H:\\jeux\\Call of Duty 2\\CoD2MP_s.exe"="H:\\jeux\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\\Jeux2\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="D:\\Jeux2\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:Enabled:SoF2MP"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:Logiciel de transfert de fichiers"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Jeux2\\Steam\\SteamApps\\psychomagma\\half-life 2 deathmatch\\hl2.exe"="D:\\Jeux2\\Steam\\SteamApps\\psychomagma\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"D:\\Jeux2\\Steam\\SteamApps\\psychomagma\\counter-strike source\\hl2.exe"="D:\\Jeux2\\Steam\\SteamApps\\psychomagma\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"D:\\Jeux2\\Steam\\Steam.exe"="D:\\Jeux2\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled
nkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"D:\\Jeux2\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"="D:\\Jeux2\\Enemy Territory - QUAKE Wars Demo\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) Demo"
"D:\\Jeux2\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"="D:\\Jeux2\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe:*:Enabled:etqwded.exe"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*
isabled:Logitech Desktop Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
REGEDIT4
[taskmgr.exe]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
Dis moi si il te faut autre chose en tout les cas merci pour l 'aide Chercheur
ps: il ne m'a pas demande de rebooter
Message édité par MagmA37 le 25-09-2007 à 13:19:02
Bonjour
Supprime Smitfraudfix, il a rempli son travail.
Supprime Clean, il ne trouve rien.
Le rapport de Diaghelp est incomplet. Recommence en suivant bien les instructions, surtout le ATTENTION.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
honnêtement j ai lancé le go et j'ai fais ce qu'il m'a demandé, j'étais aussi étonné car il me disait que ça pouvait prendre plusieurs minutes mais rien de tel 30 sec tout au plus (et j'ai attendu 20 min on sait jamais ) enfin je vais réessayer.
Je suis désolé mais je lance bien ton go , option 1 il me dit d'attendre ensuite d appuyer sur une touche ok mais il se termine tres vite
je reposte
DiagHelp version v1.2 - http://www.malekal.com
excute le 26/09/2007 à 22:54:45,37
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\FIREFOX.EXE-2776FA4E.pf -->25/09/2007 21:57:42
C:\WINDOWS\prefetch\FLASHGOT.EXE-12139AA8.pf -->25/09/2007 21:57:41
C:\WINDOWS\prefetch\VERCLSID.EXE-11B4EDAB.pf -->25/09/2007 21:57:16
C:\WINDOWS\prefetch\RUNDLL32.EXE-5383377F.pf -->25/09/2007 21:57:16
C:\WINDOWS\prefetch\RUNDLL32.EXE-4FBD012D.pf -->25/09/2007 21:57:16
C:\WINDOWS\prefetch\TEAMSPEAK.EXE-035F624E.pf -->25/09/2007 21:40:45
C:\WINDOWS\prefetch\SOF2MP.EXE-0AEC3602.pf -->25/09/2007 21:33:46
C:\WINDOWS\prefetch\HLSW.EXE-2A5C8707.pf -->25/09/2007 21:33:40
C:\WINDOWS\prefetch\USERINIT.EXE-0FFC3F7E.pf -->25/09/2007 21:32:25
C:\WINDOWS\prefetch\UPDREG.EXE-22FFDE08.pf -->25/09/2007 21:32:25
C:\WINDOWS\System32\drivers\fidbox.dat -->26/09/2007 22:52:29
C:\WINDOWS\System32\drivers\fidbox2.dat -->26/09/2007 22:46:16
C:\WINDOWS\System32\drivers\fidbox2.idx -->26/09/2007 19:35:24
C:\WINDOWS\System32\drivers\fidbox.idx -->26/09/2007 19:35:24
C:\WINDOWS\System32\drivers\PnkBstrK.sys -->16/09/2007 02:02:03
C:\WINDOWS\System32\drivers\hamachi.sys -->14/09/2007 17:26:55
C:\WINDOWS\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf -->09/09/2007 22:39:26
C:\WINDOWS\System32\nvapps.xml -->26/09/2007 21:36:43
C:\WINDOWS\System32\settingsbkup.sfm -->26/09/2007 19:35:24
C:\WINDOWS\System32\settings.sfm -->26/09/2007 19:35:24
C:\WINDOWS\System32\DVCState-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->26/09/2007 19:35:24
C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->26/09/2007 19:35:24
C:\WINDOWS\System32\BMXState-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->26/09/2007 19:35:24
C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->26/09/2007 19:35:24
C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000008-00001102-00000008-10211102}.rfx -->26/09/2007 19:35:24
C:\WINDOWS\System32\tmp.txt -->25/09/2007 11:56:23
C:\WINDOWS\System32\tmp.reg -->25/09/2007 11:56:23
C:\WINDOWS\System32\wpa.dbl -->25/09/2007 10:38:44
C:\WINDOWS\System32\PerfStringBackup.INI -->22/09/2007 18:24:38
C:\WINDOWS\System32\perfh00C.dat -->22/09/2007 18:24:38
C:\WINDOWS\System32\perfh009.dat -->22/09/2007 18:24:38
C:\WINDOWS\System32\perfc00C.dat -->22/09/2007 18:24:38
C:\WINDOWS\System32\perfc009.dat -->22/09/2007 18:24:38
C:\WINDOWS\System32\OpenAL32.dll -->22/09/2007 17:01:06
C:\WINDOWS\System32\cbefaac_r.ocx -->19/09/2007 15:46:58
C:\WINDOWS\System32\bbaaaeef6_r.dll -->19/09/2007 15:46:58
C:\WINDOWS\System32\BASSMOD.dll -->19/09/2007 01:14:24
C:\WINDOWS\System32\PnkBstrB.exe -->16/09/2007 02:01:39
C:\WINDOWS\System32\PnkBstrA.exe -->13/09/2007 15:39:25
C:\WINDOWS\System32\CmdLineExt.dll -->06/09/2007 17:09:38
C:\WINDOWS\System32\MRT.exe -->06/09/2007 04:50:42
C:\WINDOWS\System32\VCCLSID.exe -->06/09/2007 00:22:23
C:\WINDOWS\{00000002-00000000-00000008-00001102-00000008-10211102}.CDF -->26/09/2007 21:07:54
C:\WINDOWS\wiaservc.log -->26/09/2007 19:36:16
C:\WINDOWS\wiadebug.log -->26/09/2007 19:36:15
C:\WINDOWS\bootstat.dat -->26/09/2007 19:36:02
C:\WINDOWS\WindowsUpdate.log -->26/09/2007 19:35:20
C:\WINDOWS\{00000002-00000000-00000008-00001102-00000008-10211102}.BAK -->26/09/2007 19:35:17
C:\WINDOWS\ntbtlog.txt -->26/09/2007 01:36:02
C:\WINDOWS\SchedLgU.Txt -->25/09/2007 22:06:30
C:\WINDOWS\CTWave32.INI -->22/09/2007 16:58:10
C:\WINDOWS\sfbm.INI -->22/09/2007 16:57:11
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe -->19/09/2007 20:40:41
C:\WINDOWS\win.ini -->19/09/2007 14:35:37
C:\WINDOWS\system.ini -->19/09/2007 14:35:37
C:\WINDOWS\game.ini -->12/09/2007 18:26:46
C:\WINDOWS\WirelessFTP.INI -->10/09/2007 19:16:51
MD5 des fichiers sensibles
tcpip.sys b4e29943b4b04bd5e7381546848e6669
ndis.sys 558635d3af1c7546d26067d5d9b6959e
null.sys 73c1e1f395918bc2c6dd67af7591a3ad
svchost.exe 2979b03d5382a602623c0535b16ab9c0
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est 5C8B-524B
Répertoire de C:\WINDOWS\system32
19/08/2004 20:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 3 549 224 960 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est 5C8B-524B
Répertoire de C:\WINDOWS\Downloaded Program Files
09/07/2007 15:15 <REP> .
09/07/2007 15:15 <REP> ..
25/02/2007 16:44 65 desktop.ini
1 fichier(s) 65 octets
Total des fichiers listés :
1 fichier(s) 65 octets
2 Rép(s) 3 549 224 960 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"H:\\jeux\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="H:\\jeux\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:Enabled:SoF2MP"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:hlsw"
"H:\\jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe"="H:\\jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"H:\\jeux\\Call of Duty 2\\CoD2MP_s.exe"="H:\\jeux\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\\Jeux2\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="D:\\Jeux2\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:Enabled:SoF2MP"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:Logiciel de transfert de fichiers"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Jeux2\\Steam\\SteamApps\\psychomagma\\half-life 2 deathmatch\\hl2.exe"="D:\\Jeux2\\Steam\\SteamApps\\psychomagma\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"D:\\Jeux2\\Steam\\SteamApps\\psychomagma\\counter-strike source\\hl2.exe"="D:\\Jeux2\\Steam\\SteamApps\\psychomagma\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"D:\\Jeux2\\Steam\\Steam.exe"="D:\\Jeux2\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"D:\\Jeux2\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"="D:\\Jeux2\\Enemy Territory - QUAKE Wars Demo\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) Demo"
"D:\\Jeux2\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"="D:\\Jeux2\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe:*:Enabled:etqwded.exe"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*isabled:Logitech Desktop Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
REGEDIT4
[taskmgr.exe]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
Message édité par MagmA37 le 26-09-2007 à 22:56:23
Re
Rien de plus, tant pis.
Télécharge ELIBAGLA en bas de cette page
http://www.zonavirus.com/datos/des [...] ibagla.asp
(clique sur le bouton "Descargar Elibagla" ) sur ton bureau.
Lance-le en mode normal.
Patiente le temps du scan.
Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
Thu Sep 27 10:34:04 2007
EliBagle v10.58 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Sep 27 10:34:11 2007
EliBagle v10.58 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Sep 27 10:38:30 2007
EliBagle v10.58 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\
Thu Sep 27 10:38:40 2007
EliBagle v10.58 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\
Thu Sep 27 10:38:46 2007
EliBagle v10.58 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad H:\
Thu Sep 27 10:43:24 2007
EliBagle v10.58 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad I:\
Thu Sep 27 10:43:32 2007
EliBagle v10.58 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad J:\
Thu Sep 27 10:43:36 2007
EliBagle v10.58 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad K:\
Je vais matter au prochain reboot mais hier soir j'avais tenté et c'était toujours la même :x
no toujours impossible en mode sans echecs =/
Bonjour
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
Salut Chercheur_.
ok voilà le rapport
ComboFix 07-09-21.2 - "Psycho" 2007-09-28 15:49:54.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1468 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
.
2007-09-28 15:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-27 11:11 <REP> d-------- C:\Program Files\Schmads Inc
2007-09-27 10:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-09-26 19:45 <REP> d-------- C:\Program Files\NVIDIA Corporation
2007-09-22 21:40 3,374 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-22 21:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-22 21:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-22 21:39 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-22 21:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-22 16:36 <REP> d-------- C:\Program Files\mIRC
2007-09-21 19:40 <REP> d-------- C:\Program Files\Lavalys
2007-09-20 22:25 <REP> d-------- C:\WINDOWS\system32\oodag
2007-09-20 16:51 <REP> d-------- C:\Program Files\Western Digital Technologies
2007-09-19 23:11 8,704 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2007-09-19 23:11 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
2007-09-19 23:11 <REP> d-------- C:\Program Files\MSI
2007-09-19 23:10 <REP> d-------- C:\Program Files\Setup Files
2007-09-19 20:42 <REP> d-------- C:\DOCUME~1\Psycho\APPLIC~1\Logitech
2007-09-19 20:40 68,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-09-19 20:40 55,040 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-09-19 20:40 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-09-19 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-19 20:39 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-09-19 19:09 14,592 --a------ C:\WINDOWS\system32\drivers\USBICP.sys
2007-09-19 19:09 11,596 --a------ C:\WINDOWS\system32\drivers\copperhd.sys
2007-09-19 18:30 <REP> d-------- C:\DOCUME~1\Psycho\APPLIC~1\Xfire
2007-09-19 15:46 23 --ahs---- C:\WINDOWS\system32\bbaaaeef6_r.dll
2007-09-18 22:43 <REP> d-------- C:\Program Files\Uniblue
2007-09-18 22:33 <REP> d-------- C:\DOCUME~1\Psycho\APPLIC~1\Uniblue
2007-09-18 19:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
2007-09-14 17:27 <REP> d-------- C:\DOCUME~1\Psycho\APPLIC~1\Hamachi
2007-09-14 17:26 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-12 18:39 22,328 --a------ C:\DOCUME~1\Psycho\APPLIC~1\PnkBstrK.sys
2007-09-09 22:39 28,176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2007-09-09 22:39 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-09-09 22:39 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-09-09 12:13 <REP> dr-h----- C:\DOCUME~1\Psycho\APPLIC~1\SecuROM
2007-09-09 12:13 <REP> d-------- C:\DOCUME~1\Psycho\APPLIC~1\Bioshock
2007-09-09 12:01 <REP> d-------- C:\Program Files\DAEMON Tools
2007-09-05 12:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-09-05 11:47 <REP> d-------- C:\WINDOWS\nview
2007-08-31 16:39 <REP> d-------- C:\DOCUME~1\Psycho\APPLIC~1\iolo
2007-08-31 16:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 15:56 89114400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-28 15:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-28 15:55 2006304 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-28 15:54 193292 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-28 15:54 1199648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-28 15:48 --------- d-------- C:\Program Files\HLSW
2007-09-28 15:48 --------- d-------- C:\DOCUME~1\Psycho\APPLIC~1\utorrent
2007-09-28 00:51 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-27 15:14 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-09-27 15:14 --------- d-------- C:\Program Files\Creative
2007-09-27 14:54 --------- d-------- C:\DOCUME~1\Psycho\APPLIC~1\Skype
2007-09-27 10:08 --------- d-------- C:\Program Files\Logitech
2007-09-26 10:38 --------- d---s---- C:\Program Files\Xfire
2007-09-21 20:42 --------- d-------- C:\Program Files\MSN Messenger
2007-09-19 20:39 --------- d-------- C:\Program Files\Fichiers communs\Logitech
2007-09-19 19:09 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 15:55 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-09-18 15:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-16 16:39 --------- d-------- C:\DOCUME~1\Psycho\APPLIC~1\CopyToDvd
2007-09-16 02:02 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-16 02:01 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-14 19:25 --------- d-------- C:\Program Files\Winamp
2007-09-13 15:39 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-09-09 22:39 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-09-09 11:59 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-07 01:00 --------- d-------- C:\DOCUME~1\Psycho\APPLIC~1\teamspeak2
2007-09-06 17:09 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-03 21:44 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-03 21:44 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-08-31 18:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-08-27 14:21 --------- d-------- C:\Program Files\HP
2007-08-27 00:44 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire Plus
2007-08-27 00:43 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-12 15:28 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\HP
2007-08-12 15:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-08-12 15:25 --------- d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2007-08-12 15:13 --------- d-------- C:\DOCUME~1\Psycho\APPLIC~1\HP
2007-08-08 16:29 --------- d-------- C:\DOCUME~1\Psycho\APPLIC~1\ma-config.com
2007-08-08 16:18 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-08-07 19:42 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-06 14:36 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-02 12:24 --------- d-------- C:\Program Files\Skype
2007-08-02 12:24 --------- d-------- C:\Program Files\Fichiers communs\Skype
2007-08-02 12:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 09:56 --------- d-------- C:\Program Files\Microsoft IntelliPoint 6.02
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-07-10 18:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvugart.exe
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-06-29 00:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvrshe.dll
2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-06-29 00:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-06-29 00:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-06-29 00:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-06-29 00:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-06-29 00:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-06-29 00:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2007-06-29 00:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2007-06-29 00:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2007-06-29 00:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"CTHelper"="CTHELPER.EXE" [2005-12-08 12:06 C:\WINDOWS\CTHELPER.EXE]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-06-29 00:43 C:\WINDOWS\system32\nvmctray.dll]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-02-16 17:07]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 17:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 17:14]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="lclock.exe" [2004-12-08 19:06 C:\WINDOWS\LClock.exe]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 20:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=%systemroot%\LSD\end.cmd
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-19 20:39:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Psycho^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Psycho^Menu Démarrer^Programmes^Démarrage^Paramètres de la souris et du clavier Logitech.lnk]
backup=C:\WINDOWS\pss\Paramètres de la souris et du clavier Logitech.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Psycho^Menu Démarrer^Programmes^Démarrage^Q3E Minimizer_v1.30.exe]
path=C:\Documents and Settings\Psycho\Menu Démarrer\Programmes\Démarrage\Q3E Minimizer_v1.30.exe
backup=C:\WINDOWS\pss\Q3E Minimizer_v1.30.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"d:\jeux2\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xfire Music]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{336ee93e-da1d-11db-8f65-0011097c9e6b}]
AutoRun\command- J:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfb19755-dac1-11db-8f68-0011097c9e6b}]
AutoRun\command- J:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-08-31 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-09-22 14:03:37 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 15:56:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-28 15:57:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-28 15:56
.
--- E O F ---
Re
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.c [...] MoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt aste List of Files/Folders to be moved.
C:\WINDOWS\system32\bbaaaeef6_r.dll
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
LoadLibrary failed for C:\WINDOWS\system32\bbaaaeef6_r.dll
C:\WINDOWS\system32\bbaaaeef6_r.dll NOT unregistered.
C:\WINDOWS\system32\bbaaaeef6_r.dll moved successfully.
Created on 09/28/2007 16:23:43
voili voilou
ps: il ne m'a pas demandé de redémarrer
Bien.
Fais une analyse antivirus en ligne sur Panda
http://www.pandasoftware.com/activ [...] ncipal.htm
Colle son rapport ici.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
ok , je suis entrain de faire le gros scan (totalscan) je te poste ça dès que j'ai.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-09-28 19:49:59
PROTECTIONS: 1
MALWARE: 32
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 6.0.2.666 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00015475 VBS/Class.BX Virus No 0 Yes No H:\tools\logiciels divers\freedos_freedos_1.0_anglais_24835\freedos\packages\util\metakerx.zip[doc/metakern/metakern.txt]
00118347 Application/ToolWget HackTools No 0 Yes No H:\save sof2\gvupdater\wget.exe
00118347 Application/ToolWget HackTools No 0 Yes No H:\save sof2\173-gvupdater\wget.exe
00118347 Application/ToolWget HackTools No 0 Yes No H:\save sof2\gvupdater.zip[wget.exe]
00118347 Application/ToolWget HackTools No 0 Yes No H:\save sof2\173-gvupdater.zip[wget.exe]
00118347 Application/ToolWget HackTools No 0 Yes No H:\sauvetage anti hacking\sauvegarde Aout2006\Mes documents\Mes fichiers reçus\gvupdater.zip[wget.exe]
00118347 Application/ToolWget HackTools No 0 Yes No H:\formateaout2006\Mes documents\Mes fichiers reçus\gvupdater.zip[wget.exe]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.247realmedia.com/]
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.2o7.net/]
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.2o7.net/]
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.2o7.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.tribalfusion.com/]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No H:\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@www.myaffiliateprogram[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No H:\sauvegarde\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@www.myaffiliateprogram[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No H:\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No H:\sauvegarde\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Cookies\psycho@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No H:\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@fe.lea.lycos[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No H:\sauvegarde\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@fe.lea.lycos[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[fe.lea.lycos.fr/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No H:\sauvegarde\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No H:\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@toplist[1].txt
00167781 Cookie/3 TrackingCookie No 0 Yes No H:\sauvegarde\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@3[1].txt
00167781 Cookie/3 TrackingCookie No 0 Yes No H:\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@3[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Cookies\psycho@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Cookies\psycho@bs.serving-sys[1].txt
00168094 Cookie/Qsrch TrackingCookie No 0 Yes No H:\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@newnet.qsrch[2].txt
00168094 Cookie/Qsrch TrackingCookie No 0 Yes No H:\sauvegarde\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@newnet.qsrch[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No H:\sauvegarde\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No H:\sauvetage anti hacking\Documents and Settings\Administrateur\Cookies\administrateur@www.burstbeacon[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Cookies\psycho@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.weborama.fr/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Cookies\psycho@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.adtech.de/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Cookies\psycho@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.questionmarket.com/]
00199231 HackTool/EvID HackTools No 0 Yes No C:\Documents and Settings\Psycho\Mes documents\Downloads\TV Internet\EvID4226Patch223d-en.zip[EvID4226Patch.exe]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Cookies\psycho@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[.smartadserver.com/]
00329781 Application/ProcKill.A HackTools No 0 Yes No H:\tools\logiciels divers\GameXP.zip[GameXP.exe]
00382737 HackTool/Zapgon.A HackTools No 0 Yes No C:\Program Files\mIRC\Invision\Stdio.dll
00510407 Application/SpywareStormer HackTools No 0 No No H:\sauvetage anti hacking\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\PUSWIYKX\Setup[1].exe[SpywareStormer.exe]
00510407 Application/SpywareStormer HackTools No 0 No No H:\sauvegarde\sauvetage anti hacking\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\PUSWIYKX\Setup[1].exe[SpywareStormer.exe]
00512311 Trj/ShotOne.B Virus/Trojan No 1 Yes No H:\save sof2\ca-remote-controlV1.0\ca-remote-controlV1.0.exe
00512311 Trj/ShotOne.B Virus/Trojan No 1 No No H:\save sof2\ca-remote-controlV1.0.rar[ca-remote-controlV1.0.exe]
00549173 Application/SpywareStormer HackTools No 0 Yes No H:\sauvetage anti hacking\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\PUSWIYKX\Setup[1].exe
00549173 Application/SpywareStormer HackTools No 0 Yes No H:\sauvegarde\sauvetage anti hacking\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\PUSWIYKX\Setup[1].exe
01017022 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Psycho\Mes documents\Downloads\ConvertX To DVD 2.2.3.258\Patch.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Psycho\Bureau\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5B2481F1-2700-4416-9445-7790E7CBAF4B}\RP2\A0000040.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Psycho\Local Settings\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\Cache\C2152591d01[nircmd.exe]
01606637 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[adserver.ociomedia.com/]
01606637 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Psycho\Application Data\Mozilla\Firefox\Profiles\hmlj2sqe.default\cookies.txt[adserver.ociomedia.com/]
02179432 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Logitech\G-series Software\SDK\LCDSDK_1.02.218.zip[Tools/VLCDCtrl.exe]
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
j'ai pas désinfecté ^^ vu que c'est payant
j'attends ton post
Message édité par MagmA37 le 28-09-2007 à 19:50:18
Re
Beaucoup de faux positifs dans ce rapport.
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.c [...] MoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt aste List of Files/Folders to be moved.
H:\sauvetage anti hacking\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\PUSWIYKX
C:\Documents and Settings\Psycho\Mes documents\Downloads\ConvertX To DVD 2.2.3.258\Patch.exe
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
As tu encore des dysfonctionnements ?
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
Il y a 3006 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
