[Résolu] Windows Security Alert + Spam + plus admin du PC
Forum Sécurité - Virus : [Résolu] Windows Security Alert + Spam + plus admin du PC
Au secours !!!
J'ai vu plusieurs posts sur le sujet. Et sonc je sollicte l'aide des spécialistes pour m'aider à m'en sortir aussi.
Symptomes :
- Pop-up intempestives intitulées Windows Security Alert
- Je ne suis plus administrateur de mon PC
- Avaast m'envoie de très nombreuses alertes sur des messages suspects qui partent de mon PC (jusqu'à 30, si je fais rien).
J'ai fait un scan virus avec Avaast : rien !
J'ai fait tourné un CCLeaner 
K
J'ai fait tourné un SpyBoot & destroy : qques entrées Registre modifié !
Meric de votre aide !!!
Voici le rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 11:28:53, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: system.exe
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://eurostore.adobe.com
O15 - Trusted Zone: http://www.club-vaio.com
O15 - Trusted Zone: http://www.moodlogic.com
O15 - Trusted Zone: http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: http://www.vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: http://shop.sonystyle-europe.com
O15 - Trusted Zone: http://www.sonystyle-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: http://www.symantecstore.com
O15 - Trusted Zone: http://www.tvtv.co.uk
O15 - Trusted Zone: http://www.tvtv.de
O15 - Trusted Zone: http://www.tvtv.es
O15 - Trusted Zone: http://www.tvtv.fr
O15 - Trusted Zone: http://www.tvtv.it
O15 - Trusted Zone: http://www.tvtv.nl
O15 - Trusted Zone: http://www.utimaco.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://fr.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com [...] loader.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/onli [...] loader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hdaefas.ini
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
Message édité par Angeldark le 24-09-2007 à 17:46:07
Bonjour,
Télécharge DelDomains.inf (de Mike Burgess) sur ton Bureau.
**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**
- Fais un clique droit sur le fichier, puis choisis "Installer" du menu contextuel.
- Le script s'installe rapidement et aucune confirmation ne sera affichée à l'écran, ceci est normal.
&
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
Répondre à Angeldark
Voici le rapport Smitfraudfix :
SmitFraudFix v2.227
Rapport fait à 13:08:59,79, 22/09/2007
Executé à partir de C:\Documents and Settings\Jacques\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\printer.exe PRESENT !
C:\WINDOWS\system32\vtr???.dll PRESENT !
C:\WINDOWS\system32\WinAvXX.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacques
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacques\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\Jacques\MENUDM~1\PROGRA~1\DMARRA~1\system.exe PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autorun.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jacques\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\hdaefas.ini"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FA4CE546-DE2E-4FF9-9441-ACF425E4C813}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Merci de ton aide.
Re,
Redémarre en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Poste les rapports Hijackthis et SmitfraudFix.
Répondre à Angeldark
Même probleme que victor, j'ai fait les premieres manipes, mais n'y connaissant rien en informatique je rame un peu.
Pour deldomains il ne se lance pas.
Pour smifraudix impecable
SmitFraudFix v2.227
Rapport fait à 13:18:42,84, 22/09/2007
Executé à partir de C:\Documents and Settings\RABES\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\LVComsX.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\main_uninstaller.exe PRESENT !
C:\WINDOWS\msmdev.dll PRESENT !
C:\WINDOWS\msmhost.dll PRESENT !
C:\WINDOWS\nsduo.dll PRESENT !
C:\WINDOWS\privacy_danger PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\RABES
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\RABES\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RABES\Favoris
C:\DOCUME~1\RABES\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\RABES\Favoris\Privacy Protector.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
C:\DOCUME~1\RABES\Bureau\Error Cleaner.url PRESENT !
C:\DOCUME~1\RABES\Bureau\Privacy Protector.url PRESENT !
C:\DOCUME~1\RABES\Bureau\Spyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\VideoAccessCodec\ PRESENT !
C:\Program Files\Video ActiveX Access\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://forum.velovert.com/downloads_tn/200610_08_551s.jpg"
"SubscribedURL"="http://forum.velovert.com/downloads_tn/200610_08_551s.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 802.11b - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F8493F09-EC19-4F9A-B1D9-7D640555B7D4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F8493F09-EC19-4F9A-B1D9-7D640555B7D4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F8493F09-EC19-4F9A-B1D9-7D640555B7D4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Plein de message de security alert, anti spyware qui s'ouvre sans cesse
que faire concretement pour nettoyer l'ordi
Rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 13:31:26, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://fr.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com [...] loader.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/onli [...] loader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hdaefas.ini
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
Rapport Smitfraudfix :
SmitFraudFix v2.227
Rapport fait à 13:25:02,03, 22/09/2007
Executé à partir de C:\Documents and Settings\Jacques\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 atdmt.com
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 engine.awaps.net
192.168.200.3 fastclick.net
192.168.200.3 ftp.avp.ch
192.168.200.3 ftp.kasperskylab.ru
192.168.200.3 updates5.kaspersky-labs.com
192.168.200.3 www.awaps.net
192.168.200.3 www.viruslist.ru
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 www.miosearch.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com
127.0.0.1 babeweb.de
127.0.0.1 www.babeweb.de
127.0.0.1 start-seite.com
127.0.0.1 www.start-seite.com
127.0.0.1 sexolymp.com
127.0.0.1 www.sexolymp.com
127.0.0.1 toriii.cc
127.0.0.1 www.toriii.cc
127.0.0.1 xtipp.de
127.0.0.1 www.xtipp.de
127.0.0.1 urawa.cool.ne.jp
127.0.0.1 777search.com
127.0.0.1 www.777search.com
127.0.0.1 ace-webmaster.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 aifind.info
127.0.0.1 www.aifind.info
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 anarchylolita.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 approvedlinks.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 cantfind.com
127.0.0.1 www.cantfind.com
127.0.0.1 castingsamateur.com
127.0.0.1 www.castingsamateur.com
127.0.0.1 cyberrape.com
127.0.0.1 www.cyberrape.com
127.0.0.1 dialerclub.com
127.0.0.1 www.dialerclub.com
127.0.0.1 megago.com
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com
127.0.0.1 fastmetasearch.com
127.0.0.1 www.fastmetasearch.com
127.0.0.1 findwhatevernow.com
127.0.0.1 www.findwhatevernow.com
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com
127.0.0.1 hotfreebies.com
127.0.0.1 www.hotfreebies.com
127.0.0.1 krankin.com
127.0.0.1 www.krankin.com
127.0.0.1 begin2search.com
127.0.0.1 www.begin2search.com
127.0.0.1 mainstreamdollars.com
127.0.0.1 www.mainstreamdollars.com
127.0.0.1 live.sex-explorer.com
127.0.0.1 www.live.sex-explorer.com
127.0.0.1 loveadot.com
127.0.0.1 www.loveadot.com
127.0.0.1 megaseek.net
127.0.0.1 www.megaseek.net
127.0.0.1 mixsearch.com
127.0.0.1 www.mixsearch.com
127.0.0.1 munky.com
127.0.0.1 www.munky.com
127.0.0.1 newtopsites.com
127.0.0.1 www.newtopsites.com
127.0.0.1 noblindlinks.com
127.0.0.1 www.noblindlinks.com
127.0.0.1 babenet.com
127.0.0.1 r.babenet.com
127.0.0.1 www.babenet.com
127.0.0.1 searchresult.net
127.0.0.1 www.searchresult.net
127.0.0.1 sexarena.org
127.0.0.1 www.sexarena.org
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com
127.0.0.1 superwp.by.ru
127.0.0.1 sureseeker.com
127.0.0.1 www.sureseeker.com
127.0.0.1 wethere.com
127.0.0.1 www.wethere.com
127.0.0.1 wowsearch.org
127.0.0.1 www.wowsearch.org
127.0.0.1 xxx.com
127.0.0.1 www.xxx.com
127.0.0.1 art-xxx.com
127.0.0.1 websearch.com
127.0.0.1 www.websearch.com
127.0.0.1 firehunt.com
127.0.0.1 www.firehunt.com
127.0.0.1 partner23.firehunt.com
127.0.0.1 screensaver.it
127.0.0.1 www.screensaver.it
127.0.0.1 cliks.org
127.0.0.1 www.cliks.org
127.0.0.1 xads.cliks.org
127.0.0.1 xwebsearch.biz
127.0.0.1 www.xwebsearch.biz
127.0.0.1 znext.com
127.0.0.1 www.znext.com
127.0.0.1 rawtocash.net
127.0.0.1 www.rawtocash.net
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 zestyfind.com
127.0.0.1 www.zestyfind.com
127.0.0.1 ntcor.com
127.0.0.1 www.ntcor.com
127.0.0.1 dev.ntcor.com
127.0.0.1 xrenoder.com
127.0.0.1 www.xrenoder.com
127.0.0.1 search.xrenoder.com
127.0.0.1 allcybersearch.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 tinybar.com
127.0.0.1 www.tinybar.com
127.0.0.1 topsite.us
127.0.0.1 www.topsite.us
127.0.0.1 topsites.us
127.0.0.1 www.topsites.us
127.0.0.1 topsitez.us
127.0.0.1 www.topsitez.us
127.0.0.1 true-counter.com
127.0.0.1 www.true-counter.com
127.0.0.1 out.true-counter.com
127.0.0.1 cnetadd.com
127.0.0.1 www.cnetadd.com
127.0.0.1 okmmm.com
127.0.0.1 www.okmmm.com
127.0.0.1 139mm.com
127.0.0.1 www.139mm.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 1sexparty.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 2020search.com
127.0.0.1 www.2020search.com
127.0.0.1 24teen.com
127.0.0.1 www.24teen.com
127.0.0.1 36site.com
127.0.0.1 www.36site.com
127.0.0.1 4corn.net
127.0.0.1 www.4corn.net
127.0.0.1 777top.com
127.0.0.1 www.777top.com
127.0.0.1 8ad.com
127.0.0.1 www.8ad.com
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessthefuture.net
127.0.0.1 acemedic.com
127.0.0.1 www.acemedic.com
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adipics.com
127.0.0.1 www.adipics.com
127.0.0.1 adspics.com
127.0.0.1 www.adspics.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adult-friends-finder.net
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adulttds.com
127.0.0.1 www.adulttds.com
127.0.0.1 exaccess.ru
127.0.0.1 www.exaccess.ru
127.0.0.1 advert.exaccess.ru
127.0.0.1 agentstudio.com
127.0.0.1 africaspromise.org
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 alfa-search.com
127.0.0.1 all-inet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 allhyperlinks.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 almarvideos.com
127.0.0.1 amandamountains.com
127.0.0.1 amigeek.com
127.0.0.1 amisbusiness.com
127.0.0.1 analmovi.com
127.0.0.1 anin.org
127.0.0.1 annaromeo.com
127.0.0.1 antrocity.com
127.0.0.1 anything4health.com
127.0.0.1 apsua.com
127.0.0.1 aregay.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 art-func.com
127.0.0.1 artachnid.com
127.0.0.1 asiankingkong.com
127.0.0.1 ass-gals.com
127.0.0.1 athenrye.com
127.0.0.1 avian-ads.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 bannedhost.net
127.0.0.1 barbudafarms.com
127.0.0.1 barnandfence.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bb-search.com
127.0.0.1 bbbsearch.com
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 best-counter.com
127.0.0.1 best-hardpics.com
127.0.0.1 best-winning-casino.com
127.0.0.1 bestcrawler.com
127.0.0.1 bestfor.ru
127.0.0.1 bestporngate.com
127.0.0.1 bestxporno.com
127.0.0.1 blackjack-free.net
127.0.0.1 blender.xu.pl
127.0.0.1 bodaciousbabette.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 bradcoem.org
127.0.0.1 brandiyoung.com
127.0.0.1 brookeburn.com
127.0.0.1 bucps.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 buttejazz.org
127.0.0.1 buyselldomain.net
127.0.0.1 calcioturris.com
127.0.0.1 canberracricketcoaching.com
127.0.0.1 candycantaloupes.com
127.0.0.1 careers.dulcineasystems.net
127.0.0.1 carsands.com
127.0.0.1 carsrentals.net
127.0.0.1 casino-gambling-1.net
127.0.0.1 casino-gambling-2.net
127.0.0.1 casino-onlines.net
127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
127.0.0.1 casino2win.net
127.0.0.1 casinomidas.net
127.0.0.1 casinonline.net
127.0.0.1 catallogue.com
127.0.0.1 catsss.da.ru
127.0.0.1 caxa.ru
127.0.0.1 cclebali.org
127.0.0.1 ceewawires.org
127.0.0.1 certumgroup.com
127.0.0.1 chelancatering.com
127.0.0.1 childrenvilla.com
127.0.0.1 chips-4-free.com
127.0.0.1 chrisswasey.com
127.0.0.1 chriswallace.net
127.0.0.1 ckick4thumbs.com
127.0.0.1 clackamasliteraryreview.com
127.0.0.1 clearsearch.cc
127.0.0.1 clearsearch.net
127.0.0.1 clickaire.com
127.0.0.1 clickyestoenter.net
127.0.0.1 clrsch.com
127.0.0.1 cmtapestry.com
127.0.0.1 cool-homepage.co
127.0.0.1 cool-homepage.com
127.0.0.1 cool-search.net
127.0.0.1 cool-search.netfartpost.com
127.0.0.1 cool-web-search.com
127.0.0.1 coolfetishsite.com
127.0.0.1 coolfreehost.com
127.0.0.1 coolfreepage.com
127.0.0.1 coolfreepages.com
127.0.0.1 coolmoneysearch.com
127.0.0.1 coolpornsearch.com
127.0.0.1 coolsearcher.info
127.0.0.1 coolwebsearsh.com
127.0.0.1 copmtraine.com
127.0.0.1 couldnotfind.com
127.0.0.1 count-all.com
127.0.0.1 cracks.me.uk
127.0.0.1 creamedcutties.com
127.0.0.1 creditsearchonline.com
127.0.0.1 crestring.com
127.0.0.1 crooder.com
127.0.0.1 curvedspaces.com
127.0.0.1 cvs.jps.ru
127.0.0.1 cvsymphony.com
127.0.0.1 cydom.com
127.0.0.1 daily-gals.com
127.0.0.1 dancingbabycd.com
127.0.0.1 datanotary.com
127.0.0.1 datareco.com
127.0.0.1 davemarshall.org
127.0.0.1 dcfitusa.com
127.0.0.1 defaultsearch.net
127.0.0.1 desarrollocreativo.com
127.0.0.1 develip.com
127.0.0.1 dewis.spb.ru
127.0.0.1 dewis.us
127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
127.0.0.1 dietpills4free.com
127.0.0.1 dietpussy.com
127.0.0.1 digistreamsa.com
127.0.0.1 dionforvalleycouncil.org
127.0.0.1 doctorwaldron.com
127.0.0.1 document-not-found.pornpic.org
127.0.0.1 doggyaction.com
127.0.0.1 domain-your-registration.com
127.0.0.1 domains-for-you-online.com
127.0.0.1 domains2003.net
127.0.0.1 domkrat.com
127.0.0.1 dp-host.com
127.0.0.1 dragqueen.gay-clan.com
127.0.0.1 drug-sources-exposed.com
127.0.0.1 drvvv.com
127.0.0.1 dutch-sex.com
127.0.0.1 dvdbank.org
127.0.0.1 e-localad.com
127.0.0.1 e-plus.cc
127.0.0.1 e-websitesolutions.com
127.0.0.1 eases.net
127.0.0.1 easy-search.net
127.0.0.1 easycategories.com
127.0.0.1 ecosrioplatenses.org
127.0.0.1 ecstasyporn.net
127.0.0.1 eikokoike.com
127.0.0.1 epornsex.com
127.0.0.1 euuu.com
127.0.0.1 evidence-detector.biz
127.0.0.1 evilspidercomics.com
127.0.0.1 ewebsearch.net
127.0.0.1 findloss.com
127.0.0.1 excellentsckin.com
127.0.0.1 extremeseek.net
127.0.0.1 faithstevens.com
127.0.0.1 fantasiewelten.com
127.0.0.1 farmsteadbandb.com
127.0.0.1 fartpost.com
127.0.0.1 fastwebfinder.com
127.0.0.1 faxporn.com
127.0.0.1 fickenisgeil.de
127.0.0.1 finance-loans.com
127.0.0.1 find-itnow.com
127.0.0.1 find-uk-health.co.uk
127.0.0.1 find4u.net
127.0.0.1 findit-now.com
127.0.0.1 findthesite.com
127.0.0.1 findthewebsiteyouneed.com
127.0.0.1 www.findthewebsiteyouneed.com
127.0.0.1 fionasteel.com
127.0.0.1 firstbookmark.net
127.0.0.1 fitness-free.com
127.0.0.1 foodvacations.net
127.0.0.1 forex.jps.ru
127.0.0.1 forexcredit.com
127.0.0.1 forexcredit.ru
127.0.0.1 formingfusions.com
127.0.0.1 forsythfire.net
127.0.0.1 forthline.com
127.0.0.1 free-chipes.com
127.0.0.1 free-hit.com
127.0.0.1 free-pics-and-movies.com
127.0.0.1 free-sex-movie-clips.net
127.0.0.1 free4porno.net
127.0.0.1 free64all.com
127.0.0.1 freebookmark.net
127.0.0.1 freebookmarks.net
127.0.0.1 freecategories.com
127.0.0.1 freecoolhost.com
127.0.0.1 freerbhost.com
127.0.0.1 freeshemalepics.net
127.0.0.1 freeyaho.com
127.0.0.1 freshseek.com
127.0.0.1 freshteensite.com
127.0.0.1 gabrielscott.com
127.0.0.1 galpostgirls.com
127.0.0.1 gals-for-free.com
127.0.0.1 gambling-online4you.com
127.0.0.1 gameterror.net
127.0.0.1 gay50.com
127.0.0.1 generalsmeltingofcanada.com
127.0.0.1 geteens.com
127.0.0.1 getpicshere.com
127.0.0.1 gimmezamore.com
127.0.0.1 gimnasiaer.com
127.0.0.1 girls-porn-life.com
127.0.0.1 glbdf.org
127.0.0.1 global-finder.com
127.0.0.1 globe-finder.cc
127.0.0.1 globe-finder.com
127.0.0.1 gocybersearch.com
127.0.0.1 golftennis.net
127.0.0.1 good-mortgages-calculator.com
127.0.0.1 good-mortgages.net
127.0.0.1 goodsexs.com
127.0.0.1 googlebar.jps.ru
127.0.0.1 googlf.com
127.0.0.1 gradforum.org
127.0.0.1 gratis-porn-movie.com
127.0.0.1 gratis-pornopics.com
127.0.0.1 guzzycats.com
127.0.0.1 gzphoenix.com
127.0.0.1 hallnetaccolade.com
127.0.0.1 hand-book.com
127.0.0.1 happyanal.com
127.0.0.1 hard-gals.com
127.0.0.1 hardbodytgp.com
127.0.0.1 hardcoreover.com
127.0.0.1 hardloved.com
127.0.0.1 hardwareseek.net
127.0.0.1 harukaigawa.com
127.0.0.1 hccsolanonapa.org
127.0.0.1 health-protein.com
127.0.0.1 hentai4u.net
127.0.0.1 here4search.com
127.0.0.1 heyrichy.com
127.0.0.1 hi-search.com
127.0.0.1 hiddenguides.com
127.0.0.1 hitlistlyrics.com
127.0.0.1 holidayautostr.com
127.0.0.1 homemortage.ws
127.0.0.1 hostssp.com
127.0.0.1 hot-cartoon-sex.anime.american-teens.net
127.0.0.1 hotbookmark.com
127.0.0.1 hotels-list.net
127.0.0.1 hotelxxxcams.com
127.0.0.1 hotpopup.com
127.0.0.1 hotsearchbox.com
127.0.0.1 hotsex-series.com
127.0.0.1 hotstartpage.com
127.0.0.1 hqsex.biz
127.0.0.1 hugeporn4u.net
127.0.0.1 hunacsa.com
127.0.0.1 hupacasath.com
127.0.0.1 hzsx.com
127.0.0.1 icansearch.net
127.0.0.1 idgsearch.com
127.0.0.1 ie-search.com
127.0.0.1 incestporngate.com
127.0.0.1 infodigger.net
127.0.0.1 infoglobus.com
127.0.0.1 inherhole.com
127.0.0.1 insertthiscock.com
127.0.0.1 insurance-flood.net
127.0.0.1 insuranceall.net
127.0.0.1 internetsearch.ru
127.0.0.1 ionichost.com
127.0.0.1 ionomist.com
127.0.0.1 ipsex.net
127.0.0.1 itsanal.com
127.0.0.1 itseasy.us
127.0.0.1 iweb-commerce.com
127.0.0.1 iwebland.com
127.0.0.1 jeannineoldfield.com
127.0.0.1 jethomepage.com
127.0.0.1 jetseeker.com
127.0.0.1 jmhgallery.org
127.0.0.1 joannelatham.com
127.0.0.1 judin.ru
127.0.0.1 junkysex.com
127.0.0.1 karleyt.narod.ru
127.0.0.1 kathisomers.com
127.0.0.1 kazaa-lite.ws
127.0.0.1 keithgreenpro.com
127.0.0.1 kenmccaul.com
127.0.0.1 kilosex.com
127.0.0.1 kimhines.com
127.0.0.1 kinoru.com
127.0.0.1 ksdspups.org
127.0.0.1 landrape.com
127.0.0.1 lauraroebuck.com
127.0.0.1 leannalovelace.com
127.0.0.1 lesobank.ru
127.0.0.1 libertyonlinehosting.com
127.0.0.1 lingerie-mania.com
127.0.0.1 lisamatthew.com
127.0.0.1 liveholio.com
127.0.0.1 livenewspaper.com
127.0.0.1 louiseleeds.com
127.0.0.1 love-pix.com
127.0.0.1 lovelas.com
127.0.0.1 lovelysearch.com
127.0.0.1 low-taxes.com
127.0.0.1 luckysearch.net
127.0.0.1 lunitaweb.net
127.0.0.1 lustful-porno.com
127.0.0.1 mackinnonsbrook.org
127.0.0.1 madfinder.com
127.0.0.1 madisonmoons.com
127.0.0.1 madisonoilco.com
127.0.0.1 madonalive.com
127.0.0.1 majuozawa.com
127.0.0.1 makin-do.com
127.0.0.1 male4free.com
127.0.0.1 map-quest.org
127.0.0.1 marilynchamber.com
127.0.0.1 martfinder.com
127.0.0.1 massearch.com
127.0.0.1 matetrava.com
127.0.0.1 mature50.com
127.0.0.1 matureporngate.com
127.0.0.1 maxdzines.com
127.0.0.1 mcgeeforlabor.com
127.0.0.1 mdstunisie.org
127.0.0.1 medicare-insurance.net
127.0.0.1 medicare-supplemental.com
127.0.0.1 mega-dating-tips.com
127.0.0.1 megumikanzaki.com
127.0.0.1 meshalynn.com
127.0.0.1 meta-adult.com
127.0.0.1 meta-casino.com
127.0.0.1 meta-mobile.com
127.0.0.1 meta-porn.com
127.0.0.1 metafora.ru
127.0.0.1 metapoisk.ru
127.0.0.1 michiyonakajima.com
127.0.0.1 miconsultamedica.com
127.0.0.1 mikasakamoto.com
127.0.0.1 mikoni.com
127.0.0.1 militarygods.porn4porn.net
127.0.0.1 millennialpeople.org
127.0.0.1 mipham.org
127.0.0.1 missingcommand.com
127.0.0.1 mommykiss.com
127.0.0.1 moneyhunters.com
127.0.0.1 montgomeryhospitalanesthesia.com
127.0.0.1 morflot.com
127.0.0.1 mortgage-debt.net
127.0.0.1 mortismaximus.com
127.0.0.1 moscowwhores.com
127.0.0.1 moviecategories.com
127.0.0.1 mp3-pix.com
127.0.0.1 mrtg.jps.ru
127.0.0.1 msn-info.net
127.0.0.1 multipussy.com
127.0.0.1 mundopolar.com
127.0.0.1 mustv.com
127.0.0.1 mywebsearch.net
127.0.0.1 nativehardcore.com
127.0.0.1 naturalspy.com
127.0.0.1 nbasportsbook.net
127.0.0.1 nellyslyrics.com
127.0.0.1 nepgyan.com
127.0.0.1 nesrecords.com
127.0.0.1 netshastra.net
127.0.0.1 nettime.ru
127.0.0.1 nettracker.jps.ru
127.0.0.1 netyellowpages.info
127.0.0.1 new-incest.com
127.0.0.1 newcategories.com
127.0.0.1 newcracks.com
127.0.0.1 newcracks.net
127.0.0.1 newlife-lajolla.com
127.0.0.1 newsexgate.com
127.0.0.1 newtonsracks.com
127.0.0.1 newxpics.com
127.0.0.1 nhlsportsbook.net
127.0.0.1 niagaracapital.com
127.0.0.1 niche-tv.com
127.0.0.1 nmrba.com
127.0.0.1 nocalories.net
127.0.0.1 nocensor.com
127.0.0.1 ormandcompany.com
127.0.0.1 nsbabes.com
127.0.0.1 nuclearwitness.org
127.0.0.1 nursemania.com
127.0.0.1 nvntour.com
127.0.0.1 nvphall.org
127.0.0.1 oborot.com
127.0.0.1 ocalalivestockmarket.com
127.0.0.1 ocsff.com
127.0.0.1 oeatlanta.com
127.0.0.1 oharrowsearch.com
127.0.0.1 ok-search.com
127.0.0.1 okulta.com
127.0.0.1 omegabrains.net
127.0.0.1 online-casino-1.net
127.0.0.1 online-casino-bonus.info
127.0.0.1 online-casinos-x.com
127.0.0.1 online-winning.net
127.0.0.1 onlineserverz.com
127.0.0.1 onlinetradings.net
127.0.0.1 onlycunt.com
127.0.0.1 onlyinsured.com
127.0.0.1 operanabuco.com
127.0.0.1 opsex.com
127.0.0.1 oregoncharters.org
127.0.0.1 otrlives.com
127.0.0.1 ozawamadoka.com
127.0.0.1 paigesummer.com
127.0.0.1 pamelacollections.com
127.0.0.1 panamcup.com
127.0.0.1 pantygirls4u.com
127.0.0.1 pantyhoserealm.com
127.0.0.1 pantyplace.com
127.0.0.1 pastubes.com
127.0.0.1 paulapage.com
127.0.0.1 paulhoover.com
127.0.0.1 payfortraffic.net
127.0.0.1 pedo.ws
127.0.0.1 people.1gb.ru
127.0.0.1 pervertbot.com
127.0.0.1 pharma-diet-pills.com
127.0.0.1 pharmacy2003.com
127.0.0.1 pharmalocator.com
127.0.0.1 phendimetrazine-tenuate-adipex.com
127.0.0.1 pics-videos.com
127.0.0.1 picsdir.com
127.0.0.1 picsforbucks.com
127.0.0.1 picsofseductiveladies.com
127.0.0.1 pills-birth-control.com
127.0.0.1 pillsmall.com
127.0.0.1 pilotronix.com
127.0.0.1 pixpox.com
127.0.0.1 planemusic.com
127.0.0.1 poiska.net
127.0.0.1 poker-casino-free.com
127.0.0.1 poker-games-free.net
127.0.0.1 polradiologia.com
127.0.0.1 pooi.net
127.0.0.1 porn-teacher.com
127.0.0.1 porncamz.com
127.0.0.1 pornfree.info
127.0.0.1 pornnightdreams.com
127.0.0.1 pornokopec.com
127.0.0.1 porntetris.com
127.0.0.1 porntwist.com
127.0.0.1 powerwebsearch.com
127.0.0.1 prblitz.com
127.0.0.1 pretypics.com
127.0.0.1 pribalt.com
127.0.0.1 privacy-support.biz
127.0.0.1 privateporn.net
127.0.0.1 prostactive.com
127.0.0.1 prostol.com
127.0.0.1 protect-yourself.biz
127.0.0.1 prsainlandempire.org
127.0.0.1 put-your-link-here.com
127.0.0.1 pyrocorp.com
127.0.0.1 quick-search.ws
127.0.0.1 quiksearchgenealogy.com
127.0.0.1 radfrall.org
127.0.0.1 ramgo.com
127.0.0.1 ranafrog.ne
127.0.0.1 rapegate.com
127.0.0.1 redbudbmx.com
127.0.0.1 refinance-help.com
127.0.0.1 removeearthkeepers.org
127.0.0.1 rightfinder.net
127.0.0.1 robbsproshop.com
127.0.0.1 robertferencz.com
127.0.0.1 rotocasters.com
127.0.0.1 royalsearch.net
127.0.0.1 runsearch.com
127.0.0.1 russiansponsor.com
127.0.0.1 russogay.com
127.0.0.1 s2.exocrew.com
127.0.0.1 sacitylife.com
127.0.0.1 samplegals.com
127.0.0.1 sbssurvivor.com
127.0.0.1 scarypix.com
127.0.0.1 sccdnet.com
127.0.0.1 schoolforest.com
127.0.0.1 search-1.net
127.0.0.1 search-2003.com
127.0.0.1 search-about.net
127.0.0.1 search-hawk.com
127.0.0.1 search-log.com
127.0.0.1 search-meta.com
127.0.0.1 search-safe.com
127.0.0.1 search.psn.cn
127.0.0.1 searchadultweb.com
127.0.0.1 searchbutler.com
127.0.0.1 searchbuttler.com
127.0.0.1 searchbutler.org
127.0.0.1 searchcomplete.com
127.0.0.1 searchdesire.com
127.0.0.1 searchdot.net
127.0.0.1 searchexpander.com
127.0.0.1 searchfastnet.com
127.0.0.1 searchforge.com
127.0.0.1 searching-the-net.com
127.0.0.1 searchmeta.md
127.0.0.1 searchmeta.net
127.0.0.1 searchmeta.ru
127.0.0.1 searchmeta.webhost.ru
127.0.0.1 searchnow.ws
127.0.0.1 searchonfly.com
127.0.0.1 searchv.com
127.0.0.1 searchxl.com
127.0.0.1 searchxp.com
127.0.0.1 sebot.com
127.0.0.1 securenp.org
127.0.0.1 security-warning.biz
127.0.0.1 seehardcore.com
127.0.0.1 seekwell.net
127.0.0.1 selfbookmark.com
127.0.0.1 selfbookmark.info
127.0.0.1 selfbookmark.net
127.0.0.1 sex.free4porno.net
127.0.0.1 sex-coach.com
127.0.0.1 sex-festival.com
127.0.0.1 sex-video-galleries.com
127.0.0.1 sexgalleries4all.com
127.0.0.1 sexmoviesnet.com
127.0.0.1 sexpatriot.net
127.0.0.1 sexy18.cc
127.0.0.1 sexycat.adult-host.org
127.0.0.1 sfbayfolkboats.com
127.0.0.1 sgirls.net
127.0.0.1 sharempeg.com
127.0.0.1 shopcards.net
127.0.0.1 shopknights.com
127.0.0.1 sic02.com
127.0.0.1 sintrader.com
127.0.0.1 site1.ru
127.0.0.1 sites-in-web.com
127.0.0.1 sitevictoria.com
127.0.0.1 sixroads.com
127.0.0.1 skakalka.ru
127.0.0.1 slawsearch.com
127.0.0.1 slotch.com
127.0.0.1 slotchbar.com
127.0.0.1 smartsumo.com
127.0.0.1 smutarchive.net
127.0.0.1 solongas.com
127.0.0.1 sonomaevents.com
127.0.0.1 spermatrix.com
127.0.0.1 sportbooks-free4you.com
127.0.0.1 spros.com
127.0.0.1 spyass.com
127.0.0.1 spyorgy.net
127.0.0.1 staceyowens.com
127.0.0.1 stacistaxx.com
127.0.0.1 stacystaxx.com
127.0.0.1 start-space.com
127.0.0.1 steamycock.com
127.0.0.1 sterva.com
127.0.0.1 stevecashdollar.com
127.0.0.1 stop-tracking.biz
127.0.0.1 stopvotefraud.com
127.0.0.1 stopxxxpics.com
127.0.0.1 strekoza.com
127.0.0.1 stuffstore.com
127.0.0.1 styleclickink.com
127.0.0.1 summercollins.com
127.0.0.1 summitcross.com
127.0.0.1 super-spider.com
127.0.0.1 super-websearch.com
127.0.0.1 supersexmachine.com
127.0.0.1 superwebsearch.com
127.0.0.1 supret.com
127.0.0.1 suzannebrecht.com
127.0.0.1 sweeteenz.com
127.0.0.1 tacil.org
127.0.0.1 tangounion.com
127.0.0.1 tastethemusic.com
127.0.0.1 tax-refund4you.com
127.0.0.1 tech-jobs.ws
127.0.0.1 technology-related.com
127.0.0.1 teen-biz.com
127.0.0.1 teen-pic-post.com
127.0.0.1 teenpornosex.com
127.0.0.1 teens4free.net
127.0.0.1 teensact.com
127.0.0.1 teensgate.com
127.0.0.1 teensguru.com
127.0.0.1 teenswamp.com
127.0.0.1 testosterone-birth-control.com
127.0.0.1 the-exit.com
127.0.0.1 the-huns-yellow-pages.com
127.0.0.1 thefakejournal.com
127.0.0.1 thehuy.net
127.0.0.1 theproxy.org
127.0.0.1 therealsearch.com
127.0.0.1 thesten.com
127.0.0.1 thornleygroup.com
127.0.0.1 tings.org
127.0.0.1 tit-x.com
127.0.0.1 titanvision.com
127.0.0.1 titsianna.com
127.0.0.1 toddhayes.com
127.0.0.1 toon-comics.com
127.0.0.1 tooncomics.com
127.0.0.1 topsearcher.com
127.0.0.1 trafficback.com
127.0.0.1 trafficswitcher.com
127.0.0.1 travel.picture-posters.com
127.0.0.1 true-portal.com
127.0.0.1 trytechnical.com
127.0.0.1 ufindall.click-now.net
127.0.0.1 umaxsearch.com
127.0.0.1 une-autre-france.com
127.0.0.1 unigays.com
127.0.0.1 unipages.cc
127.0.0.1 up2you.ru
127.0.0.1 urlstat.com
127.0.0.1 urlstat.ru
127.0.0.1 uralitel.ru
127.0.0.1 ursie.net
127.0.0.1 utahsweet.com
127.0.0.1 utopicportal.com
127.0.0.1 uusocialjustice.org
127.0.0.1 v61.com
127.0.0.1 vaginpics.com
127.0.0.1 valmyers.com
127.0.0.1 vegas-free.com
127.0.0.1 vegbuy.com
127.0.0.1 veloventures.com
127.0.0.1 verzila.com
127.0.0.1 victoriaadam.com
127.0.0.1 videocategories.com
127.0.0.1 vitamins-for-each.com
127.0.0.1 votehowe.org
127.0.0.1 vxebony.com
127.0.0.1 wakeupdick.com
127.0.0.1 warnomore.org
127.0.0.1 watersport-specialties.com
127.0.0.1 web-homepage.net
127.0.0.1 web-search.tk
127.0.0.1 webcoolsearch.com
127.0.0.1 websearchdot.com
127.0.0.1 weekend-movies.com
127.0.0.1 wetpornostars.com
127.0.0.1 whatsyoursearch.com
127.0.0.1 white-pages.ws
127.0.0.1 whittierblvd.com
127.0.0.1 win-in-casino.com
127.0.0.1 wiresearch.com
127.0.0.1 wolfpacracing.com
127.0.0.1 wordlist.jps.ru
127.0.0.1 wpc2001.org
127.0.0.1 wspzone.sexpornonline.com
127.0.0.1 wwwbet.net
127.0.0.1 wwwbetting.net
127.0.0.1 wwwpokergames.com
127.0.0.1 wwwpokerplayers.com
127.0.0.1 wwwroulette.net
127.0.0.1 x-library.com
127.0.0.1 x-webdesign.com
127.0.0.1 xcomics4u.com
127.0.0.1 xic-bs.com
127.0.0.1 xldr.com
127.0.0.1 xp18.com
127.0.0.1 xrenosearch.com
127.0.0.1 xtragay.com
127.0.0.1 xu.xu.pl
127.0.0.1 xxxcategories.com
127.0.0.1 xxxemailxxx.com
127.0.0.1 y-e-l-l-o-w.com
127.0.0.1 yellow500.com
127.0.0.1 yezol.com
127.0.0.1 you-search.com
127.0.0.1 you-search.com.ru
127.0.0.1 youfindall.com
127.0.0.1 youfindall.net
127.0.0.1 your-prescriptions.net
127.0.0.1 yourbookmarks.info
127.0.0.1 yourbookmarks.ws
127.0.0.1 ypir.com
127.0.0.1 ysa-info.net
127.0.0.1 yukohamano.com
127.0.0.1 ywebsearch.info
127.0.0.1 zapros.com
127.0.0.1 zesearch.com
127.0.0.1 ziportal.com
127.0.0.1 zipportal.com
127.0.0.1 zoneoffreeporn.com
127.0.0.1 zoomegasite.com
127.0.0.1 zvimigdal.com
127.0.0.1 zyban-zocor-levitra.com
127.0.0.1 t.rack.cc
127.0.0.1 omega-search.com
127.0.0.1 cool-xxx.net
127.0.0.1 revolto3.da.ru
127.0.0.1 dating-search.net
127.0.0.1 linksummary.com
127.0.0.1 duolaimi.net
127.0.0.1 ez-searching.com
127.0.0.1 freehqmovies.com
127.0.0.1 xzoomy.com
127.0.0.1 freescratchandwin.com
127.0.0.1 globalwebsearch.com
127.0.0.1 www.gocybersearch.com
127.0.0.1 mayancasino.com
127.0.0.1 www.hastalavista.com
127.0.0.1 www.free-popup-killer.com
127.0.0.1 www.digitalfan.com
127.0.0.1 google123.web1000.com
127.0.0.1 search.ieplugin.com
127.0.0.1 i-lookup.com
127.0.0.1 spidersearch.com
127.0.0.1 istarthere.com
127.0.0.1 xxxtoolbar.com
127.0.0.1 www.seekporn.org
127.0.0.1 17-plus.com
127.0.0.1 lolita4all1.xrensmagpost.com
127.0.0.1 mafiapics.com
127.0.0.1 www.teenmonster.com
127.0.0.1 ie.marketdart.com
127.0.0.1 masterbar.com
127.0.0.1 search.netzany.com
127.0.0.1 only-virgins.com
127.0.0.1 passthison.com
127.0.0.1 blondetgp.com
127.0.0.1 prolivation.com
127.0.0.1 server-au.imrworldwide.com
127.0.0.1 rocketsearch.com
127.0.0.1 roar.com
127.0.0.1 searchaccurate.com
127.0.0.1 searchalot.com
127.0.0.1 searchandbrowse.com
127.0.0.1 gtawarehouse.com
127.0.0.1 startium.com
127.0.0.1 searchandclick.com
127.0.0.1 searchby.net
127.0.0.1 searchdot.com
127.0.0.1 search-exe.com
127.0.0.1 secret-crush.com
127.0.0.1 seekseek.com
127.0.0.1 sexarena.com
127.0.0.1 sexocean.play-lolita.com
127.0.0.1 startsurfing.com
127.0.0.1 srng.net
127.0.0.1 apps.webservicehost.com
127.0.0.1 search.shopnav.com
127.0.0.1 wish7.com
127.0.0.1 www.supersexpass.com
127.0.0.1 surferbar.com
127.0.0.1 xlola.underagehost.com
127.0.0.1 hotlolitas.underagehost.com
127.0.0.1 loading-lolita.com
127.0.0.1 www.xupiter.com
127.0.0.1 xjupiter.com
127.0.0.1 www.xjupiter.com
127.0.0.1 www.browserwise.com
127.0.0.1 sqwire.com
127.0.0.1 orbitexplorer.com
127.0.0.1 searchcentrix.com
127.0.0.1 categories.mygeek.com
127.0.0.1 web-entrance.co
127.0.0.1 whazit.com
127.0.0.1 windowenhancer.com
127.0.0.1 buz.ru
127.0.0.1 iwon.com
127.0.0.1 www.bonzi.com
127.0.0.1 featured-results.com
127.0.0.1 searchmadesafe.net
127.0.0.1 quicklaunch.com
127.0.0.1 www.cashsurfers.com
127.0.0.1 lop.com
127.0.0.1 tjdo.com
127.0.0.1 ebav.com
127.0.0.1 ebgo.com
127.0.0.1 ebaw.com
127.0.0.1 ebkb.com
127.0.0.1 ebmu.com
127.0.0.1 ecmp.com
127.0.0.1 edhq.com
127.0.0.1 edty.com
127.0.0.1 sbee.com
127.0.0.1 aavc.com
127.0.0.1 acjp.com
127.0.0.1 ecmh.com
127.0.0.1 emch.com
127.0.0.1 ecpm.com
127.0.0.1 wabu.com
127.0.0.1 wabq.com
127.0.0.1 ebch.com
127.0.0.1 ebdv.com
127.0.0.1 ebdw.com
127.0.0.1 ebjp.com
127.0.0.1 ebkn.com
127.0.0.1 ebky.com
127.0.0.1 eblv.com
127.0.0.1 wbkb.com
127.0.0.1 ebvr.com
127.0.0.1 ecwz.com
127.0.0.1 ecyb.com
127.0.0.1 eduy.com
127.0.0.1 eeev.com
127.0.0.1 farse.com
127.0.0.1 ibmx.com
127.0.0.1 icwb.com
127.0.0.1 icwo.com
127.0.0.1 icwp.com
127.0.0.1 iddh.com
127.0.0.1 idhh.com
127.0.0.1 ifiz.com
127.0.0.1 iguu.com
127.0.0.1 samz.com
127.0.0.1 saoe.com
127.0.0.1 sbjr.com
127.0.0.1 sbnl.com
127.0.0.1 sbnt.com
127.0.0.1 sbvr.com
127.0.0.1 scbm.com
127.0.0.1 sckr.com
127.0.0.1 scrk.com
127.0.0.1 sdry.com
127.0.0.1 seld.com
127.0.0.1 sfux.com
127.0.0.1 sheat.com
127.0.0.1 sipo.com
127.0.0.1 smds.com
127.0.0.1 srib.com
127.0.0.1 srox.com
127.0.0.1 srsf.com
127.0.0.1 ssaw.com
127.0.0.1 ssby.com
127.0.0.1 surj.com
127.0.0.1 tbvg.com
127.0.0.1 tdak.com
127.0.0.1 tdmy.com
127.0.0.1 tefs.com
127.0.0.1 tfil.com
127.0.0.1 tjar.com
127.0.0.1 tjaw.com
127.0.0.1 tjgo.com
127.0.0.1 tjem.com
127.0.0.1 torc.com
127.0.0.1 wfix.com
127.0.0.1 wflu.com
127.0.0.1 tdko.com
127.0.0.1 thko.com
127.0.0.1 H24413.tfil.com
127.0.0.1 germany.rub.to
127.0.0.1 search.rub.to
127.0.0.1 unitedstates.rub.to
127.0.0.1 www.commonname.com
127.0.0.1 www.ezcybersearch.com
127.0.0.1 www.jethomepage.com
127.0.0.1 www.gohip.com
127.0.0.1 hotbar.com
127.0.0.1 www.huntbar.com
127.0.0.1 search.imiserver.com
127.0.0.1 searchenhancement.com
127.0.0.1 newtonknows.com
127.0.0.1 search-explorer.net
127.0.0.1 searchsquire.com
127.0.0.1 secondpower.com
127.0.0.1 2ndpower.com
127.0.0.1 searchgateway.net
127.0.0.1 worldusa.com
127.0.0.1 www.topsearcher.com
127.0.0.1 smutserver.com
127.0.0.1 searchmeup.com
127.0.0.1 cameup.com
127.0.0.1 kliksearch.com
127.0.0.1 realphx.com
127.0.0.1 blazefind.com
127.0.0.1 zoofil.com
127.0.0.1 terafinder.com
127.0.0.1 008i.com
127.0.0.1 171203.com
127.0.0.1 39-93.com
127.0.0.1 adult-personal.us
127.0.0.1 cashsearch.biz
127.0.0.1 cl55.biz
127.0.0.1 dailyteenspic.com
127.0.0.1 dialer2004.com
127.0.0.1 digital-pornography.com
127.0.0.1 eager-sex.com
127.0.0.1 ergosites.com
127.0.0.1 freecj.com
127.0.0.1 greg-search.com
127.0.0.1 incest-host.com
127.0.0.1 ironcarteam.com
127.0.0.1 is-best.com
127.0.0.1 killerpornstars.com
127.0.0.1 lollitop.com
127.0.0.1 love-host.com
127.0.0.1 myexexex.com
127.0.0.1 my-finder.com
127.0.0.1 onlineclick.net
127.0.0.1 onlysex.ws
127.0.0.1 regfreeze.com
127.0.0.1 ruworld.com
127.0.0.1 selltraffic.biz
127.0.0.1 sexunique.net
127.0.0.1 sinpussy.com
127.0.0.1 teenhost.net
127.0.0.1 ultraload.net
127.0.0.1 vse-moe.biz
127.0.0.1 xsex.ws
127.0.0.1 75tz.com
127.0.0.1 iefeadsl.com
127.0.0.1 rf104.com
127.0.0.1 www.v61.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 c.centralmedia.ws
127.0.0.1 count.cc
127.0.0.1 topx.cc
127.0.0.1 sidefind.com
127.0.0.1 thenewsearch.com
127.0.0.1 new-search.net
127.0.0.1 x-google.net
127.0.0.1 adultgambling.org
127.0.0.1 bitchesonline.net
127.0.0.1 girls4rent.net
127.0.0.1 usefullsoft.net
127.0.0.1 livegambling.com
127.0.0.1 adultsgames.net
127.0.0.1 easyantispy.com
127.0.0.1 spybotremover.net
127.0.0.1 winprotect.net
127.0.0.1 funny-girls.com
127.0.0.1 winmsn.com
127.0.0.1 oneclicksearches.com
127.0.0.1 bestweblinks.com
127.0.0.1 iqsearch.net
127.0.0.1 dumpserv.com
127.0.0.1 helpyoursearch.com
127.0.0.1 sgrunt.biz
127.0.0.1 yeak.net
127.0.0.1 u45.cx
127.0.0.1 u46.cx
127.0.0.1 u47.cc
127.0.0.1 u48.cc
127.0.0.1 sfonditalia.biz
127.0.0.1 realarea.biz
127.0.0.1 archiviosex.net
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 hut1.ru
127.0.0.1 hu15.ru
127.0.0.1 winfixer.com
127.0.0.1 3721.com
127.0.0.1 easysearchingtips.com
127.0.0.1 fine-search.net
127.0.0.1 noproblemsurf.com
127.0.0.1 pcspyremover.com
127.0.0.1 search-motor.com
127.0.0.1 searchwhatuwant.com
127.0.0.1 ad25.com
127.0.0.1 ad45.com
127.0.0.1 ad77.com
127.0.0.1 ad86.com
127.0.0.1 full-search.net
127.0.0.1 go2-search.com
127.0.0.1 onemoresearch.net
127.0.0.1 search-777.com
127.0.0.1 search-to-find.com
127.0.0.1 search-what.net
127.0.0.1 winshow.biz
127.0.0.1 lookfor.cc
127.0.0.1 looking-for.cc
127.0.0.1 tgp-4-you.com
127.0.0.1 veryeasysearch.com
127.0.0.1 010402.com
127.0.0.1 20x2p.com
127.0.0.1 db105.com
127.0.0.1 ga31.com
127.0.0.1 mpeg-look.com
127.0.0.1 n-udd.com
127.0.0.1 p-uud.com
127.0.0.1 porn-screen.com
127.0.0.1 rb37.com
127.0.0.1 t058.com
127.0.0.1 u-239.com
127.0.0.1 v-224.com
127.0.0.1 trackhits.cc
127.0.0.1 tracktraff.cc
127.0.0.1 power-cleaner.com
127.0.0.1 yoursitebar.com
127.0.0.1 ysbweb.com
127.0.0.1 www.ysbweb.com
127.0.0.1 installcash.com
127.0.0.1 toolbarcash.com
127.0.0.1 enjoywebsurf.com
127.0.0.1 msnguard.cc
127.0.0.1 searchclick.cc
127.0.0.1 havy.biz
127.0.0.1 ewizard.cc
127.0.0.1 4klm.com
127.0.0.1 camup.net
127.0.0.1 bdsmlibrary.net
127.0.0.1 n-glx.s-redirect.com
127.0.0.1 aaasexypics.com
127.0.0.1 allforadult.com
127.0.0.1 autoescrowpay.com
127.0.0.1 awmcash.biz
127.0.0.1 awmdabest.com
127.0.0.1 buldog-stats.com
127.0.0.1 counter.sexmaniack.com
127.0.0.1 fregat.drocherway.com
127.0.0.1 greg-tut.com
127.0.0.1 iframe.biz
127.0.0.1 megapornix.com
127.0.0.1 newiframe.biz
127.0.0.1 nylonsexy.com
127.0.0.1 pizdato.biz
127.0.0.1 sexfiles.nu
127.0.0.1 slutmania.biz
127.0.0.1 sp2fucked.biz
127.0.0.1 toolbarpartner.com
127.0.0.1 vesbiz.biz
127.0.0.1 virgin-tgp.net
127.0.0.1 vparivalka.com
127.0.0.1 x.full-tgp.net
127.0.0.1 toolbar.cc
127.0.0.1 himen.biz
127.0.0.1 msupdater.net
127.0.0.1 www.msupdater.net
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 971searchbox.com
127.0.0.1 www.971searchbox.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 clickhere4search.com
127.0.0.1 www.clickhere4search.com
127.0.0.1 clicktomakeasearch.com
127.0.0.1 www.clicktomakeasearch.com
127.0.0.1 directsearchzone.com
127.0.0.1 www.directsearchzone.com
127.0.0.1 easysearch4you.com
127.0.0.1 www.easysearch4you.com
127.0.0.1 enterthesearch.com
127.0.0.1 www.enterthesearch.com
127.0.0.1 esearch2005.com
127.0.0.1 www.esearch2005.com
127.0.0.1 eza1netsearch.com
127.0.0.1 www.eza1netsearch.com
127.0.0.1 ezwebsearching.com
127.0.0.1 www.ezwebsearching.com
127.0.0.1 globalefinder.com
127.0.0.1 www.globalefinder.com
127.0.0.1 go2realsearch.com
127.0.0.1 www.go2realsearch.com
127.0.0.1 myseachexplorer.com
127.0.0.1 www.myseachexplorer.com
127.0.0.1 quicksearch360.com
127.0.0.1 www.quicksearch360.com
127.0.0.1 s1s1s1search.com
127.0.0.1 www.s1s1s1search.com
127.0.0.1 search101online.com
127.0.0.1 www.search101online.com
127.0.0.1 search123forme.com
127.0.0.1 www.search123forme.com
127.0.0.1 search345quest.com
127.0.0.1 www.search345quest.com
127.0.0.1 searchmiracle.com
127.0.0.1 www.searchmiracle.com
127.0.0.1 searchtheworld4you.com
127.0.0.1 www.searchtheworld4you.com
127.0.0.1 searchwebzone.com
127.0.0.1 www.searchwebzone.com
127.0.0.1 seektheglobe.com
127.0.0.1 www.seektheglobe.com
127.0.0.1 sitesearchcentral.com
127.0.0.1 www.sitesearchcentral.com
127.0.0.1 the818search-co.com
127.0.0.1 www.the818search-co.com
127.0.0.1 type2find.com
127.0.0.1 www.type2find.com
127.0.0.1 xosearchox.com
127.0.0.1 www.xosearchox.com
127.0.0.1 yoursearchspace.com
127.0.0.1 www.yoursearchspace.com
127.0.0.1 httpwwwads.com
127.0.0.1 www.httpwwwads.com
127.0.0.1 adshttp.com
127.0.0.1 www.adshttp.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adsonwww.com
127.0.0.1 dnaads.com
127.0.0.1 www.dnaads.com
127.0.0.1 marketengines.com
127.0.0.1 www.marketengines.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 a-d-w-a-r-e.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 securityindex.net
127.0.0.1 www.securityindex.net
127.0.0.1 sexpicsporn.com
127.0.0.1 www.sexpicsporn.com
127.0.0.1 free-spybot.com
127.0.0.1 www.free-spybot.com
127.0.0.1 cashengines.com
127.0.0.1 www.cashengines.com
127.0.0.1 microsoftantispyware.net
127.0.0.1 www.microsoftantispyware.net
127.0.0.1 mircosoftantispy.com
127.0.0.1 www.mircosoftantispy.com
127.0.0.1 msantispy.com
127.0.0.1 www.msantispy.com
127.0.0.1 netspyprotector.com
127.0.0.1 www.netspyprotector.com
127.0.0.1 avforce.com
127.0.0.1 www.avforce.com
127.0.0.1 savehits.com
127.0.0.1 www.savehits.com
127.0.0.1 saveli.com
127.0.0.1 www.saveli.com
127.0.0.1 metastop.com
127.0.0.1 www.metastop.com
127.0.0.1 perlink.biz
127.0.0.1 www.perlink.biz
127.0.0.1 highdialer.com
127.0.0.1 www.highdialer.com
127.0.0.1 online-more.com
127.0.0.1 www.online-more.com
127.0.0.1 www.syserrors.com
127.0.0.1 www.vcodec.com
127.0.0.1 toolbartraff.biz
127.0.0.1 www.toolbartraff.biz
127.0.0.1 pcadprotector.cc
127.0.0.1 www.pcadprotector.cc
127.0.0.1 airtleworld.com
127.0.0.1 www.airtleworld.com
127.0.0.1 domaincar.com
127.0.0.1 www.domaincar.com
127.0.0.1 worldray.com
127.0.0.1 www.worldray.com
127.0.0.1 www5.worldray.com
127.0.0.1 www6.worldray.com
127.0.0.1 www.spytrooper.com
127.0.0.1 spytrooper.com
127.0.0.1 dl.ad-ware.cc
127.0.0.1 ad-ware.cc
127.0.0.1 downloads.adaware.cc
127.0.0.1 adaware.cc
127.0.0.1 hitscount.net
127.0.0.1 count.hitscount.net
127.0.0.1 fined.biz
127.0.0.1 de.ag
127.0.0.1 games.de.ag
127.0.0.1 www.games.de.ag
127.0.0.1 little-download.net
127.0.0.1 www.little-download.net
127.0.0.1 little-help.com
127.0.0.1 www.little-help.com
127.0.0.1 www.spyaxe.net
127.0.0.1 www.spyaxe.com
127.0.0.1 www.spyaxe.biz
127.0.0.1 www.malwarewipe.com
127.0.0.1 dl.malwarewipe.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 unionseek.com
127.0.0.1 www.unionseek.com
127.0.0.1 sirh0t.blackhats.tc
127.0.0.1 blackhats.tc
127.0.0.1 www.blackhats.tc
127.0.0.1 ritztours.com
127.0.0.1 www.ritztours.com
127.0.0.1 flashflashmx.3322.org
127.0.0.1 3322.org
127.0.0.1 www.3322.org
127.0.0.1 jupitersatellites.biz
127.0.0.1 www.jupitersatellites.biz
127.0.0.1 yops.biz
127.0.0.1 www.yops.biz
127.0.0.1 goldengr.hypermart.net
127.0.0.1 web-nexus.net
127.0.0.1 safe-sales.biz
127.0.0.1 www.safe-sales.biz
127.0.0.1 jerrynews.com
127.0.0.1 www.jerrynews.com
127.0.0.1 Teslaplus.com
127.0.0.1 www.Teslaplus.com
127.0.0.1 WorldAntiSpy.com
127.0.0.1 www.WorldAntiSpy.com
127.0.0.1 www.securitycaution.com
127.0.0.1 securitycaution.com
127.0.0.1 adservs.com
127.0.0.1 csx.adservs.com
127.0.0.1 www.csx.adservs.com
127.0.0.1 toolbarbest.biz
127.0.0.1 www.toolbarbest.biz
127.0.0.1 game4all.biz
127.0.0.1 www.game4all.biz
127.0.0.1 wm.kannylizaciya.info
127.0.0.1 www.wm.kannylizaciya.info
127.0.0.1 wm.buhartes.info
127.0.0.1 www.wm.buhartes.info
127.0.0.1 login.fric.cn
127.0.0.1 www.login.fric.cn
127.0.0.1 xsremover.com
127.0.0.1 www.xsremover.com
127.0.0.1 spydeface.com
127.0.0.1 www.spydeface.com
127.0.0.1 alfacleaner.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 innovagest2000.com
127.0.0.1 www.innovagest2000.com
127.0.0.1 www.thespyguard.com
127.0.0.1 thespyguard.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 adwarepunisher.com
127.0.0.1 www.spyiblock.com
127.0.0.1 spyiblock.com
127.0.0.1 www.uvu-channel.com
127.0.0.1 uvu-channel.com
127.0.0.1 www.hachimitsu-lemon.com
127.0.0.1 hachimitsu-lemon.com
127.0.0.1 SEARCHTOFIND.NET
127.0.0.1 www.SEARCHTOFIND.NET
127.0.0.1 www.pestrap.com
127.0.0.1 pestrap.com
127.0.0.1 uptodatesecurity.com
127.0.0.1 www.uptodatesecurity.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 download.abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 qmex.psyche-evolution.com
127.0.0.1 www.qmex.psyche-evolution.com
127.0.0.1 core.psyche-evolution.com
127.0.0.1 www.core.psyche-evolution.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 scanandrepair.com
127.0.0.1 www.scanandrepair.com
127.0.0.1 uydsiygeds.com
127.0.0.1 www.uydsiygeds.com
127.0.0.1 pesttrap.com
127.0.0.1 www.pesttrap.com
127.0.0.1 adwarebazooka.com
127.0.0.1 get.adwarebazooka.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 kliksoftware.com
127.0.0.1 www.kliksoftware.com
127.0.0.1 hitvirus.com
127.0.0.1 get.hitvirus.com
127.0.0.1 www.hitvirus.com
127.0.0.1 promo.dollarrevenue.com
127.0.0.1 www.promo.dollarrevenue.com
127.0.0.1 maxifile.com
127.0.0.1 www.maxifile.com
127.0.0.1 targetsaver.com
127.0.0.1 www.targetsaver.com
127.0.0.1 dl.targetsaver.com
127.0.0.1 www.dl.targetsaver.com
127.0.0.1 nonameforthisdomain.com
127.0.0.1 www.nonameforthisdomain.com
127.0.0.1 hypoteches.com
127.0.0.1 www.hypoteches.com
127.0.0.1 www.earthllnk.net
127.0.0.1 earthllnk.net
127.0.0.1 hostance.net
127.0.0.1 www.hostance.net
127.0.0.1 my-dedik-one.com
127.0.0.1 www.my-dedik-one.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 6sek.com
127.0.0.1 www.6sek.com
127.0.0.1 cashdeluxe.net
127.0.0.1 www.cashdeluxe.net
127.0.0.1 stats.cashdeluxe.net
127.0.0.1 www.stats.cashdeluxe.net
127.0.0.1 www.2006ooo.com
127.0.0.1 www.spyware-stop.com
127.0.0.1 spyware-stop.com
127.0.0.1 www.SpyShield.org
127.0.0.1 SpyShield.org
127.0.0.1 utils.winfixer.com
127.0.0.1 www.utils.winfixer.com
127.0.0.1 toolbarbucks.biz
127.0.0.1 www.toolbarbucks.biz
127.0.0.1 derklaif.biz
127.0.0.1 www.derklaif.biz
127.0.0.1 www.v-codec.com
127.0.0.1 v-codec.com
127.0.0.1 www.emediacodec.com
127.0.0.1 emediacodec.com
127.0.0.1 www.popentertain.com
127.0.0.1 popentertain.com
127.0.0.1 softwareprofit.com
127.0.0.1 www.softwareprofit.com
127.0.0.1 de.winantivirus.com
127.0.0.1 download.winantivirus.com
127.0.0.1 winantivirus.com
127.0.0.1 www.winantivirus.com
127.0.0.1 offers.bullseye-network.com
127.0.0.1 www.offers.bullseye-network.com
127.0.0.1 bullseye-network.com
127.0.0.1 www.bullseye-network.com
127.0.0.1 sponsor2.ucmore.com
127.0.0.1 www.sponsor2.ucmore.com
127.0.0.1 hostthesky.com
127.0.0.1 www.hostthesky.com
127.0.0.1 dbdecicated.com
127.0.0.1 www.dbdecicated.com
127.0.0.1 readagreement.net
127.0.0.1 www.readagreement.net
127.0.0.1 gl.secdep.info
127.0.0.1 www.gl.secdep.info
127.0.0.1 spyfalcon.com
127.0.0.1 www.spyfalcon.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 spy-shield.com
127.0.0.1 www.spy-shield.com
127.0.0.1 winnanny.com
127.0.0.1 www.winnanny.com
127.0.0.1 winsoftware.com
127.0.0.1 www.winsoftware.com
127.0.0.1 winfirewall.com
127.0.0.1 www.winfirewall.com
127.0.0.1 winantispyware.com
127.0.0.1 www.winantispyware.com
127.0.0.1 udefender.com
127.0.0.1 www.udefender.com
127.0.0.1 bravesentry.com
127.0.0.1 www.bravesentry.com
127.0.0.1 content.dollarrevenue.com
127.0.0.1 www.content.dollarrevenue.com
127.0.0.1 toolbar.azebar.com
127.0.0.1 www.toolbar.azebar.com
127.0.0.1 traffsale1.biz
127.0.0.1 www.traffsale1.biz
127.0.0.1 spywaredisinfector.com
127.0.0.1 www.spywaredisinfector.com
127.0.0.1 SpyCut.com
127.0.0.1 www.SpyCut.com
127.0.0.1 almanah.biz
127.0.0.1 www.almanah.biz
127.0.0.1 antispydns.biz
127.0.0.1 www.antispydns.biz
127.0.0.1 spyaxeupdate.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 malwarewipesupport.com
127.0.0.1 www.malwarewipesupport.com
127.0.0.1 remedyantispy.com
127.0.0.1 www.remedyantispy.com
127.0.0.1 systemstable.com
127.0.0.1 www.systemstable.com
127.0.0.1 whoisprivacyprotect.com
127.0.0.1 www.whoisprivacyprotect.com
127.0.0.1 prime.webhancer.com
127.0.0.1 www.prime.webhancer.com
127.0.0.1 webhancer.com
127.0.0.1 www.webhancer.com
127.0.0.1 dr.webhancer.com
127.0.0.1 www.dr.webhancer.com
127.0.0.1 dr2.webhancer.com
127.0.0.1 www.dr2.webhancer.com
127.0.0.1 www.onli-ne.com
127.0.0.1 spycontra.com
127.0.0.1 www.spycontra.com
127.0.0.1 anti-virus-pro.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 check.jupitersatellites.biz
127.0.0.1 www.check.jupitersatellites.biz
127.0.0.1 necessaryupdates.com
127.0.0.1 www.necessaryupdates.com
127.0.0.1 bestworldgirls-for-u.net
127.0.0.1 www.bestworldgirls-for-u.net
127.0.0.1 stejax.pl
127.0.0.1 www.stejax.pl
127.0.0.1 kitehosting.com
127.0.0.1 www.kitehosting.com
127.0.0.1 ware2006.com
127.0.0.1 www.ware2006.com
127.0.0.1 filestore.com
127.0.0.1 www.filestore.com
127.0.0.1 systemupdates.net
127.0.0.1 www.systemupdates.net
127.0.0.1 logs.vapochille.com
127.0.0.1 www.logs.vapochille.com
127.0.0.1 goldenfreehost.com
127.0.0.1 www.goldenfreehost.com
127.0.0.1 todaywarnings.com
127.0.0.1 www.todaywarnings.com
127.0.0.1 spywarequake.com
127.0.0.1 spywarequake.info
127.0.0.1 www.spywarequake.info
127.0.0.1 www.spywarequake.com
127.0.0.1 download2.spywarequake.com
127.0.0.1 download3.spywarequake.com
127.0.0.1 download4.spywarequake.com
127.0.0.1 download5.spywarequake.com
127.0.0.1 download7.spywarequake.com
127.0.0.1 download8.spywarequake.com
127.0.0.1 download9.spywarequake.com
127.0.0.1 download10.spywarequake.com
127.0.0.1 download11.spywarequake.com
127.0.0.1 download12.spywarequake.com
127.0.0.1 download13.spywarequake.com
127.0.0.1 download15.spywarequake.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 urgentsystemupdate.com
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 dl2.spywarestrike.com
127.0.0.1 dl3.spywarestrike.com
127.0.0.1 dl4.spywarestrike.com
127.0.0.1 dl5.spywarestrike.com
127.0.0.1 dl6.spywarestrike.com
127.0.0.1 dl7.spywarestrike.com
127.0.0.1 dl8.spywarestrike.com
127.0.0.1 nospywaresoft.com
127.0.0.1 spywarestrike.com
127.0.0.1 www.nospywaresoft.com
127.0.0.1 www.spywarestrike.com
127.0.0.1 spyaxesupport.com
127.0.0.1 www.spyaxesupport.com
127.0.0.1 download3.spyaxe.com
127.0.0.1 download4.spyaxe.com
127.0.0.1 download5.spyaxe.com
127.0.0.1 download6.spyaxe.com
127.0.0.1 dl2.spyfalcon.com
127.0.0.1 dl3.spyfalcon.com
127.0.0.1 dl4.spyfalcon.com
127.0.0.1 dl5.spyfalcon.com
127.0.0.1 dl9.spyfalcon.com
127.0.0.1 dl10.spyfalcon.com
127.0.0.1 dl16.spyfalcon.com
127.0.0.1 www.sgrunt.biz
127.0.0.1 traffbest.biz
127.0.0.1 www.traffbest.biz
127.0.0.1 securityfeature.com
127.0.0.1 www.securityfeature.com
127.0.0.1 pimasoft.com
127.0.0.1 www.pimasoft.com
127.0.0.1 blackhawksoftware.com
127.0.0.1 www.blackhawksoftware.com
127.0.0.1 spy-sniper.com
127.0.0.1 www.spy-sniper.com
127.0.0.1 safetydefender.com
127.0.0.1 www.safetydefender.com
127.0.0.1 securitywarnings.net
127.0.0.1 www.securitywarnings.net
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 antispylab.com
127.0.0.1 www.antispylab.com
127.0.0.1 spywaresheriff.com
127.0.0.1 www.spywaresheriff.com
127.0.0.1 allmegabucks.com
127.0.0.1 www.allmegabucks.com
127.0.0.1 rizalof.com
127.0.0.1 www.rizalof.com
127.0.0.1 rc.rizalof.com
127.0.0.1 media-codec.com
127.0.0.1 www.media-codec.com
127.0.0.1 SpywareScraper.com
127.0.0.1 www.SpywareScraper.com
127.0.0.1 crystalysmedia.com
127.0.0.1 www.crystalysmedia.com
127.0.0.1 180solutions.com
127.0.0.1 cts.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 uploads.180solutions.com
127.0.0.1 installs.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 ping.180solutions.com
127.0.0.1 tv.180solutions.com
127.0.0.1 nowhere.180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 theguardservices.com
127.0.0.1 www.theguardservices.com
127.0.0.1 securitybulletin.net
127.0.0.1 www.securitybulletin.net
127.0.0.1 www.supernet.speedserv.com
127.0.0.1 spyonthis.net
127.0.0.1 download.spyonthis.net
127.0.0.1 www.spyonthis.net
127.0.0.1 hijack-this.net
127.0.0.1 www.hijack-this.net
127.0.0.1 errorsafe.com
127.0.0.1 de.errorsafe.com
127.0.0.1 download.errorsafe.com
127.0.0.1 www.errorsafe.com
127.0.0.1 amaena.com
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 instlog.winfixer.com
127.0.0.1 winfixer2006.com
127.0.0.1 www.winfixer2006.com
127.0.0.1 webtopsecurity.com
127.0.0.1 www.webtopsecurity.com
127.0.0.1 traff5all.biz
127.0.0.1 www.traff5all.biz
127.0.0.1 1-extreme.biz
127.0.0.1 www.1-extreme.biz
127.0.0.1 download.bravesentry.com
127.0.0.1 www.download.bravesentry.com
127.0.0.1 evko.biz
127.0.0.1 www.evko.biz
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 download.secureyournet.biz
127.0.0.1 www.download.secureyournet.biz
127.0.0.1 secureyournet.biz
127.0.0.1 www.secureyournet.biz
127.0.0.1 windupdates.com
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdbiz.biz
127.0.0.1 spywarelabs.com
127.0.0.1 www.spywarelabs.com
127.0.0.1 traffweb1.biz
127.0.0.1 www.traffweb1.biz
127.0.0.1 newtoolbar.biz
127.0.0.1 www.newtoolbar.biz
127.0.0.1 buytraff.biz
127.0.0.1 www.buytraff.biz
127.0.0.1 safetyuptodate.com
127.0.0.1 www.safetyuptodate.com
127.0.0.1 crazywinnings.com
127.0.0.1 frame.crazywinnings.com
127.0.0.1 www.crazywinnings.com
127.0.0.1 topconverting.com
127.0.0.1 www.topconverting.com
127.0.0.1 casalemedia.com
127.0.0.1 b.casalemedia.com
127.0.0.1 www.casalemedia.com
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 admin2cash.biz
127.0.0.1 www.admin2cash.biz
127.0.0.1 advcash.biz
127.0.0.1 www.advcash.biz
127.0.0.1 all4internet.com
127.0.0.1 www.all4internet.com
127.0.0.1 bettersearch.biz
127.0.0.1 www.bettersearch.biz
127.0.0.1 c4tdownload.com
127.0.0.1 www.c4tdownload.com
127.0.0.1 clickspring.net
127.0.0.1 www.clickspring.net
127.0.0.1 contentmatch.net
127.0.0.1 www.contentmatch.net
127.0.0.1 dialer-shop.com
127.0.0.1 www.dialer-shop.com
127.0.0.1 dialoff.com
127.0.0.1 www.dialoff.com
127.0.0.1 energy-factor.com
127.0.0.1 www.energy-factor.com
127.0.0.1 hardcorefantasyland.com
127.0.0.1 www.hardcorefantasyland.com
127.0.0.1 hardfootballbabes.com
127.0.0.1 www.hardfootballbabes.com
127.0.0.1 linkautomatici.com
127.0.0.1 www.linkautomatici.com
127.0.0.1 master69.biz
127.0.0.1 www.master69.biz
127.0.0.1 master70.biz
127.0.0.1 www.master70.biz
127.0.0.1 master71.biz
127.0.0.1 www.master71.biz
127.0.0.1 mcdial.biz
127.0.0.1 www.mcdial.biz
127.0.0.1 mt-download.com
127.0.0.1 www.mt-download.com
127.0.0.1 my-teensex.com
127.0.0.1 overpro.com
127.0.0.1 private-dialer.biz
127.0.0.1 private-iframe.biz
127.0.0.1 redfunny.com
127.0.0.1 scoobidoo.com
127.0.0.1 skoobidoo.com
127.0.0.1 sexvideopro.com
127.0.0.1 storage-tasp.com
127.0.0.1 xbeta69.com
127.0.0.1 securityuptodate.net
127.0.0.1 www.securityuptodate.net
127.0.0.1 troonety.biz
127.0.0.1 www.troonety.biz
127.0.0.1 zurrusco.com
127.0.0.1 www.zurrusco.com
127.0.0.1 breenten.biz
127.0.0.1 www.breenten.biz
127.0.0.1 votreenton.biz
127.0.0.1 www.votreenton.biz
127.0.0.1 ozonung.biz
127.0.0.1 www.ozonung.biz
127.0.0.1 digikeygen.com
127.0.0.1 www.digikeygen.com
127.0.0.1 5starvideos.com
127.0.0.1 www.5starvideos.com
127.0.0.1 moviereality.com
127.0.0.1 www.moviereality.com
127.0.0.1 perfectedsecurity.com
127.0.0.1 www.perfectedsecurity.com
127.0.0.1 securityprecaution.net
127.0.0.1 www.securityprecaution.net
127.0.0.1 securityupdatesite.com
127.0.0.1 www.securityupdatesite.com
127.0.0.1 dns-look-up.com
127.0.0.1 www.dns-look-up.com
127.0.0.1 ayb.dns-look-up.com
127.0.0.1 search200.com
127.0.0.1 www.search200.com
127.0.0.1 404dns.com
127.0.0.1 www.404dns.com
127.0.0.1 mcboo.com
127.0.0.1 dr.mcboo.com
127.0.0.1 www.mcboo.com
127.0.0.1 appealcircuit.com
127.0.0.1 www.appealcircuit.com
127.0.0.1 balotierra.com
127.0.0.1 www.balotierra.com
127.0.0.1 oldflock.com
127.0.0.1 www.oldflock.com
127.0.0.1 pornmagpass.com
127.0.0.1 www.pornmagpass.com
127.0.0.1 dailypornmag.com
127.0.0.1 www.dailypornmag.com
127.0.0.1 babespornmag.com
127.0.0.1 www.babespornmag.com
127.0.0.1 teenspornmag.com
127.0.0.1 www.teenspornmag.com
127.0.0.1 maturespornmag.com
127.0.0.1 www.maturespornmag.com
127.0.0.1 hardcorepornmag.com
127.0.0.1 www.hardcorepornmag.com
127.0.0.1 gayspornmag.com
127.0.0.1 www.gayspornmag.com
127.0.0.1 topsecuritysite.net
127.0.0.1 www.topsecuritysite.net
127.0.0.
Re,
Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
&
Refais un scan Smitfraudfix.
Répondre à Angeldark
Je suppose que c'est normal que la fenêtre RHost reste sur Restaurer après avoir valider !
Sinon voici le rapport Smitfraudfix:
SmitFraudFix v2.227
Rapport fait à 13:44:25,81, 22/09/2007
Executé à partir de C:\Documents and Settings\Jacques\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacques
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacques\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jacques\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\hdaefas.ini"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Reposte un rapport Hijackthis.
Répondre à Angeldark
Voici le rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 13:56:13, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://fr.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com [...] loader.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/onli [...] loader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hdaefas.ini
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C'est toi qui a touché aux fichiers Hosts ?
Répondre à Angeldark
Non je ne saurais comment faire !
Angeldark,
Je me souviens avoir eu une alerte de SpyBot Search & Destroy sur une valuer du Browser qui avait été changé. Je pense avoir répondu Ok comme un con ! Par contre je ne retrouve pas le journal des changements que TeaTimer offre normalement !
Désolé de cette interférence !
Angeldark,
J'ai retrouvé le log de S&D appelé Resident :
19/09/2007 23:43:23 Refusé(e) (based on user decision) value "swg" (new data: "" ) supprimé(e) in System Startup user entry!
19/09/2007 23:43:29 Autorisé(e) (based on user decision) value "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (new data: "" ) supprimé(e) in User-specific browser toolbar!
19/09/2007 23:43:39 Autorisé(e) (based on user decision) value "ITBarLayout" (new data: "" ) supprimé(e) in User-specific browser toolbar!
19/09/2007 23:43:42 Autorisé(e) (based on user decision) value "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (new data: "" ) supprimé(e) in Global browser toolbar!
20/09/2007 23:21:12 Autorisé(e) (based on user decision) value "Start Page" (new data: "http://fr.msn.com/" ) modifié(e) in Browser page!
21/09/2007 21:50:21 Refusé(e) (based on user decision) value "Start Page" (new data: "http://www.google.com" ) modifié(e) in Browser page!
21/09/2007 22:05:33 Autorisé(e) (based on user decision) value "BootExecute" (new data: "autocheck autochk *
aswBoot.exe /A:"*" /L:"French"
" ) modifié(e) in Session manager!
21/09/2007 22:25:42 Refusé(e) (based on user decision) value "Start Page" (new data: "http://www.google.com" ) modifié(e) in Browser page!
21/09/2007 22:26:19 Autorisé(e) (based on user decision) value "BootExecute" (new data: "autocheck autochk *
" ) modifié(e) in Session manager!
21/09/2007 22:44:53 Autorisé(e) (based on user decision) value "swg" (new data: "" ) supprimé(e) in System Startup user entry!
22/09/2007 11:00:37 Refusé(e) (based on user blacklist) value "Start Page" (new data: "http://www.google.com" ) modifié(e) in Browser page!
22/09/2007 13:07:45 Autorisé(e) (based on user decision) value "GrpConv" (new data: "grpconv -o" ) ajouté(e) in System Startup global entry!
22/09/2007 13:07:55 Autorisé(e) (based on user decision) value "GrpConv" (new data: "" ) supprimé(e) in System Startup global entry!
22/09/2007 13:30:37 Autorisé(e) (based on user decision) value "WinAVX" (new data: "" ) supprimé(e) in System Startup user entry!
22/09/2007 13:30:53 Refusé(e) (based on user decision) value "Start Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" ) modifié(e) in Browser page!
22/09/2007 13:31:09 Refusé(e) (based on user decision) value "Default_Search_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" ) ajouté(e) in Browser page!
C'est pas grave. Tu as combien d'antivirus ?
Répondre à Angeldark
Le PC était livré avec Norton que j'ai désinstallé pour le remplacer par Avast. Par contre il reste Norton Ghost en version d'essai.
Supprime Norton :
http://service1.symantec.com/suppo [...] g=fr&ct=fr
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
Voici le rapport d'analyse :
AntiVir PersonalEdition Classic
Report file date: samedi 22 septembre 2007 15:57
Scanning for 1077858 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: LE-B746B45F004B
Version information:
BUILD.DAT : 268 15604 Bytes 31/08/2007 13:04:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 22/09/2007 13:48:50
AVSCAN.DLL : 7.0.6.0 49192 Bytes 22/09/2007 13:48:50
LUKE.DLL : 7.0.5.3 147496 Bytes 22/09/2007 13:48:50
LUKERES.DLL : 7.0.6.1 10280 Bytes 22/09/2007 13:48:50
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 13:48:51
ANTIVIR2.VDF : 6.39.1.120 1918464 Bytes 12/09/2007 13:48:51
ANTIVIR3.VDF : 6.39.1.164 209920 Bytes 21/09/2007 13:48:51
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 22/09/2007 13:48:52
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 22/09/2007 13:48:49
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 22/09/2007 13:48:52
AVREG.DLL : 7.0.1.6 30760 Bytes 22/09/2007 13:48:49
AVARKT.DLL : 1.0.0.20 278568 Bytes 22/09/2007 13:48:49
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 22/09/2007 13:48:49
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 22/09/2007 13:48:44
RCTEXT.DLL : 7.0.62.0 86056 Bytes 22/09/2007 13:48:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/09/2007 13:48:50
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 22 septembre 2007 15:57
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'VzHardwareResourceManager.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'UPnPFramework.exe' - '1' Module(s) have been scanned
Scan process 'SV_Httpd.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'VmGateway.exe' - '1' Module(s) have been scanned
Scan process 'VMISrv.exe' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
Scan process 'gearsec.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'SSMSFilter.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'QuickAccess.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'SSAAD.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
Scan process 'pdservice.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '35' files ).
Starting the file scan:
Begin scan in 'C:\' <VAIO>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PX442AP9\n2_18_09_07_1[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034781.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034782.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034783.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034802.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034803.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034804.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034814.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034815.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034816.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034833.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034834.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034835.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034849.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034850.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034851.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034870.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034871.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP71\A0034872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP72\A0034892.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP72\A0034893.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP72\A0034894.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{AA251486-5114-4F28-AE42-2DDC5DFBC756}\RP72\A0034895.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\svchost.exe:exe.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.4397
[INFO] The file was deleted!
Begin scan in 'D:\' <VAIO>
End of the scan: samedi 22 septembre 2007 16:20
Used time: 22:16 min
The scan has been done completely.
5804 Scanning directories
279984 Files were scanned
24 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
24 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
279960 Files not concerned
7401 Archives were scanned
2 Warnings
10 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
Voici le rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 17:03:34, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://fr.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com [...] loader.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/onli [...] loader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hdaefas.ini
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C'est mieux ?
Répondre à Angeldark
Panneau de config ne s'ouvre pas quand on l'appelle.
Click droit sur le buerau donne un rapport d' erreur sur Drwtsn32.exe et alors le seul moyen de sortir de ça est de redémarrer le PC.
Donc pas top.
Mais aucune Pop-up Windows Security Alert.
http://www.commentcamarche.net/for [...] e-solution
Tu as regardé N
Répondre à Angeldark
La soluce de fredo ne donne rien.
Je n'ai pas désintaller des codecs encore.
J'arrive à ouvrir mes dossiers.
Par exple : quand je veux écouter des mp3, je récupère la pop-up suivante :
---------------------------
wmplayer.exe - Erreur d'application
---------------------------
L'exception Exception logicielle inconnue (0xc06d007e) s'est produite dans l'application à l'emplacement 0x7c812a5b.
---------------------------
OK
---------------------------
Au secours, me laisse pas tomber. Je ne peux plus lire les MP3.
Le panneau de config ne donne que des DrWatson.
Le système est super lent.
Tout ce qui se trouve sur le sujet sur les forums de ce site ou de CCM ne donnent rien !
As-tu une soluce ?
Merci pour ton aide.
Tu devrais voir dans la section Hardware.
Répondre à Angeldark
Pour info, j'ai réinstallé toute ma partition C: grâce à la partition de réinstallation de mon PC.
Cela semble avoir résolu le problème.
D'où la grande importance de RIEN garder sur son C: et de tout garder (données) sur une autre partition voire sur un dsique externe.
Merci pour ton aide Angeldark 
: le problème de virus est bien résolu !!!
Bon surf 
Répondre à Angeldark
Il y a 363 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
