Warning dangerous spyware+écran noir
Forum Sécurité - Virus : Warning dangerous spyware+écran noir
Bonjour à tous,
J'ai besoin d'aide!!!
Depuis plusieurs jours j'essaie de lutter contre ce maudit virus qui a infecté mon pc.
Un fond d'écran noir s'est installé ainsi que le message suivant:
Warning (clignotant)
Dangerous spyware (en jaune)
There are many viruses found on your computer, such as Trojan, horses, PassCapture, etc.
Your personal data can come into wrong hands.
Please, follow that link to more about your data safety and privacy.
Thank.
Depuis, ma page d'accueil internet à changée.
Un bouclier rouge du centre de sécurité windows est positionné en bas à droite de mon pc et les mises à jours automatiques sont désactivées.
Un rond rouge barré d'une croix blanche se trouve au même endroit et il est inscrit:
Warning!Security report
Your computer is infected!It is recommended to start spyware cleaner tool et du cout une page internet n'arrete pas de s'ouvrir. Elle me propose d'installer real antivirus.
Bien évidement, impossible de restaurer le système!
J'ai essayé plusieurs logiciels pour l'arreter.
J'ai fais un scan avec spybot, avast, en mode sans échec j'ai lancé hijackthis malwarebytes et smitfraudfix rien n'y fait!!
S'il vous plait, si vous avez une solution je suis preneuse
Bonjour,
Le rapport Hijackthis ? Le rapport MBAM ?
Répondre à Angeldark
Voila le rapport hijackthis
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\DUCHAUSSOY\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [SpywareCleaner] C:\WINDOWS\system32\SpywareRemover.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealAV.exe] C:\Program Files\RealAV\RealAV.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: hkpzau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
End of file - 6131 bytes
voila celui de smitfraudfix
Rapport fait à 10:25:20,40, 02/12/2008
Executé à partir de C:\Documents and Settings\DUCHAUSSOY\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 www.180solutions.com
127.0.0.1 180solutions.com
127.0.0.1 181.365soft.info
127.0.0.1 www.181.365soft.info
127.0.0.1 www.1987324.com
127.0.0.1 1987324.com
127.0.0.1 1clickpcfix.com
127.0.0.1 www.1clickpcfix.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1sexparty.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 1stsearchportal.com
127.0.0.1 2.82211.net
127.0.0.1 www.2006ooo.com
127.0.0.1 2006ooo.com
127.0.0.1 www.2007-download.com
127.0.0.1 2007-download.com
127.0.0.1 www.2008-search-destroy.com
127.0.0.1 2008-search-destroy.com
127.0.0.1 www.2020search.com
127.0.0.1 2020search.com
127.0.0.1 20x2p.com
127.0.0.1 24.365soft.info
127.0.0.1 www.24.365soft.info
127.0.0.1 www.24-7pharmacy.info
127.0.0.1 24-7pharmacy.info
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 www.24teen.com
127.0.0.1 24teen.com
127.0.0.1 2ndpower.com
127.0.0.1 www.2search.com
127.0.0.1 2search.com
127.0.0.1 www.2search.org
127.0.0.1 2search.org
127.0.0.1 www.2squared.com
127.0.0.1 2squared.com
127.0.0.1 www.3322.org
127.0.0.1 3322.org
127.0.0.1 365soft.info
127.0.0.1 www.36site.com
127.0.0.1 36site.com
127.0.0.1 3721.com
127.0.0.1 39-93.com
127.0.0.1 www.3bay.it
127.0.0.1 3bay.it
127.0.0.1 www.3xclipsonline.com
127.0.0.1 3xclipsonline.com
127.0.0.1 www.3xcurves.com
127.0.0.1 3xcurves.com
127.0.0.1 www.3xfestival.com
127.0.0.1 3xfestival.com
127.0.0.1 3x-festival.com
127.0.0.1 www.3x-festival.com
127.0.0.1 3x-galls.com
127.0.0.1 www.3x-galls.com
127.0.0.1 www.3xmiracle.com
127.0.0.1 3xmiracle.com
127.0.0.1 www.3xmoviesblog.com
127.0.0.1 3xmoviesblog.com
127.0.0.1 www.404dns.com
127.0.0.1 404dns.com
127.0.0.1 www.4199.com
127.0.0.1 4199.com
127.0.0.1 www.4corn.net
127.0.0.1 4corn.net
127.0.0.1 www.4ebay.it
127.0.0.1 4ebay.it
127.0.0.1 4klm.com
127.0.0.1 www.4mpg.com
127.0.0.1 4mpg.com
127.0.0.1 www.59cn.cn
127.0.0.1 59cn.cn
127.0.0.1 www.5starsblog.com
127.0.0.1 5starsblog.com
127.0.0.1 www.5zgmu7o20kt5d8yq.com
127.0.0.1 5zgmu7o20kt5d8yq.com
127.0.0.1 www.680180.net
127.0.0.1 680180.net
127.0.0.1 www.6sek.com
127.0.0.1 6sek.com
127.0.0.1 www.70-music.com
127.0.0.1 70-music.com
127.0.0.1 www.7322.com
127.0.0.1 7322.com
127.0.0.1 www.745970.com
127.0.0.1 745970.com
127.0.0.1 75tz.com
127.0.0.1 www.777search.com
127.0.0.1 777search.com
127.0.0.1 www.777top.com
127.0.0.1 777top.com
127.0.0.1 www.7939.com
127.0.0.1 7939.com
127.0.0.1 www.7search.com
127.0.0.1 7search.com
127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
127.0.0.1 www.80-music.com
127.0.0.1 80-music.com
127.0.0.1 82211.net
127.0.0.1 8866.org
127.0.0.1 www.88vcd.com
127.0.0.1 88vcd.com
127.0.0.1 www.8ad.com
127.0.0.1 8ad.com
127.0.0.1 www.90-music.com
127.0.0.1 90-music.com
127.0.0.1 www.9505.com
127.0.0.1 9505.com
127.0.0.1 www.971searchbox.com
127.0.0.1 971searchbox.com
127.0.0.1 9mmporn.com
127.0.0.1 a.bestmanage.org
127.0.0.1 www.aaabesthomepage.com
127.0.0.1 aaabesthomepage.com
127.0.0.1 aaasexypics.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 aaawebfinder.com
127.0.0.1 aaqadarsztriv.com
127.0.0.1 www.aaqadarsztriv.com
127.0.0.1 www.aaqada-rsztriv.com
127.0.0.1 aaqada-rsztriv.com
127.0.0.1 www.aaqadaueorn.com
127.0.0.1 aaqadaueorn.com
127.0.0.1 www.aaqada-ueorn.com
127.0.0.1 aaqada-ueorn.com
127.0.0.1 aaqada-ygco.com
127.0.0.1 www.aaqada-ygco.com
127.0.0.1 aaqada-ymct.com
127.0.0.1 www.aaqada-ymct.com
127.0.0.1 aav2008.com
127.0.0.1 www.aav2008.com
127.0.0.1 aavc.com
127.0.0.1 www.abccodec.com
127.0.0.1 abccodec.com
127.0.0.1 www.abcdperformance.com
127.0.0.1 abcdperformance.com
127.0.0.1 abc-find.info
127.0.0.1 www.abc-find.info
127.0.0.1 abcsearch.com
127.0.0.1 www.abcsearch.com
127.0.0.1 www.abcways.com
127.0.0.1 abcways.com
127.0.0.1 abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 www.abnetsoft.info
127.0.0.1 abnetsoft.info
127.0.0.1 about-adult.net
127.0.0.1 www.about-adult.net
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 absolutee.com
127.0.0.1 www.absolutee.com
127.0.0.1 ac66.cn
127.0.0.1 www.ac66.cn
127.0.0.1 access.navinetwork.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 accessactivexvideo.com
127.0.0.1 www.accessactivexvideo.com
127.0.0.1 accessclips.com
127.0.0.1 www.accessclips.com
127.0.0.1 www.access-dvd.com
127.0.0.1 access-dvd.com
127.0.0.1 accesskeygenerator.com
127.0.0.1 www.accesskeygenerator.com
127.0.0.1 www.accessthefuture.net
127.0.0.1 accessthefuture.net
127.0.0.1 accessvid.net
127.0.0.1 www.accessvid.net
127.0.0.1 acemedic.com
127.0.0.1 www.acemedic.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 ace-webmaster.com
127.0.0.1 acjp.com
127.0.0.1 www.acrobat-2007.com
127.0.0.1 acrobat-2007.com
127.0.0.1 acrobat-8.com
127.0.0.1 www.acrobat-8.com
127.0.0.1 www.acrobat-center.com
127.0.0.1 acrobat-center.com
127.0.0.1 acrobat-hq.com
127.0.0.1 www.acrobat-hq.com
127.0.0.1 www.acrobatreader-8.com
127.0.0.1 acrobatreader-8.com
127.0.0.1 www.acrobat-reader-8.de
127.0.0.1 acrobat-reader-8.de
127.0.0.1 www.acrobat-stop.com
127.0.0.1 acrobat-stop.com
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 activesearcher.info
127.0.0.1 www.activesearcher.info
127.0.0.1 activexaccessobject.com
127.0.0.1 www.activexaccessobject.com
127.0.0.1 activexaccessvideo.com
127.0.0.1 www.activexaccessvideo.com
127.0.0.1 www.activexemedia.com
127.0.0.1 activexemedia.com
127.0.0.1 activexmediaobject.com
127.0.0.1 www.activexmediaobject.com
127.0.0.1 activexmediapro.com
127.0.0.1 www.activexmediapro.com
127.0.0.1 www.activexmediasite.com
127.0.0.1 activexmediasite.com
127.0.0.1 activexmediasoftware.com
127.0.0.1 www.activexmediasoftware.com
127.0.0.1 activexmediasource.com
127.0.0.1 www.activexmediasource.com
127.0.0.1 activexmediatool.com
127.0.0.1 www.activexmediatool.com
127.0.0.1 www.activexmediatour.com
127.0.0.1 activexmediatour.com
127.0.0.1 activexsoftwares.com
127.0.0.1 www.activexsoftwares.com
127.0.0.1 www.activexsource.com
127.0.0.1 activexsource.com
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 activexvideo.com
127.0.0.1 www.activexvideo.com
127.0.0.1 activexvideotool.com
127.0.0.1 www.activexvideotool.com
127.0.0.1 www.ad.marketingsector.com
127.0.0.1 ad.marketingsector.com
127.0.0.1 www.ad.mokead.com
127.0.0.1 ad.mokead.com
127.0.0.1 ad.oinadserver.com
127.0.0.1 ad.outerinfoads.com
127.0.0.1 www.ad25.com
127.0.0.1 ad25.com
127.0.0.1 www.ad45.com
127.0.0.1 ad45.com
127.0.0.1 www.ad77.com
127.0.0.1 ad77.com
127.0.0.1 www.ad86.com
127.0.0.1 ad86.com
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adarmor.com
127.0.0.1 adarmor.com
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adaware.cc
127.0.0.1 adawarenow.com
127.0.0.1 www.adawarenow.com
127.0.0.1 adchannel.contextplus.net
127.0.0.1 www.addetect.com
127.0.0.1 addetect.com
127.0.0.1 www.add-hhh.info
127.0.0.1 add-hhh.info
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 www.addioerrori.com
127.0.0.1 addioerrori.com
127.0.0.1 www.add-manager.com
127.0.0.1 add-manager.com
127.0.0.1 www.adgate.info
127.0.0.1 adgate.info
127.0.0.1 www.adintelligence.net
127.0.0.1 adintelligence.net
127.0.0.1 www.adioserrores.com
127.0.0.1 adioserrores.com
127.0.0.1 www.adipics.com
127.0.0.1 adipics.com
127.0.0.1 adlogix.com
127.0.0.1 www.adlogix.com
127.0.0.1 admin2cash.biz
127.0.0.1 www.admin2cash.biz
127.0.0.1 adnet-plus.com
127.0.0.1 www.adnetserver.com
127.0.0.1 adnetserver.com
127.0.0.1 adobe-download-now.com
127.0.0.1 www.adobe-downloads.com
127.0.0.1 adobe-downloads.com
127.0.0.1 adobe-reader-8.fr
127.0.0.1 www.adobe-reader-8.fr
127.0.0.1 www.adprotect.com
127.0.0.1 adprotect.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 ads.k8l.info
127.0.0.1 ads.kmpads.com
127.0.0.1 ads.kw.revenue.net
127.0.0.1 ads.marketingsector.com
127.0.0.1 ads.searchingbooth.com
127.0.0.1 ads.z-quest.com
127.0.0.1 ads1.revenue.net
127.0.0.1 www.ads183.com
127.0.0.1 ads183.com
127.0.0.1 www.adscontex.com
127.0.0.1 adscontex.com
127.0.0.1 www.adservices1.enhance.com
127.0.0.1 adservices1.enhance.com
127.0.0.1 adservs.com
127.0.0.1 www.adsextend.net
127.0.0.1 adsextend.net
127.0.0.1 www.adshttp.com
127.0.0.1 adshttp.com
127.0.0.1 www.adsniffer.com
127.0.0.1 adsniffer.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adsonwww.com
127.0.0.1 www.adspics.com
127.0.0.1 adspics.com
127.0.0.1 adsrevenue.net
127.0.0.1 www.adsrevenue.net
127.0.0.1 adtrak.net
127.0.0.1 www.adtrak.net
127.0.0.1 adtrgt.com
127.0.0.1 www.adult18codec.com
127.0.0.1 adult18codec.com
127.0.0.1 www.adult777search.info
127.0.0.1 adult777search.info
127.0.0.1 adultadworld.com
127.0.0.1 www.adultadworld.com
127.0.0.1 www.adultan.com
127.0.0.1 adultan.com
127.0.0.1 www.adultcodec-2008.com
127.0.0.1 adultcodec-2008.com
127.0.0.1 adultcodecstars.com
127.0.0.1 www.adultcodecstars.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adultfilmsite.com
127.0.0.1 adultfilmsite.com
127.0.0.1 adult-friends-finder.net
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adultgambling.org
127.0.0.1 adult-host.org
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adultmovieplus.com
127.0.0.1 adultmovieplus.com
127.0.0.1 adult-mpg.net
127.0.0.1 www.adult-mpg.net
127.0.0.1 adult-personal.us
127.0.0.1 adultsgames.net
127.0.0.1 www.adultsonlyvids.com
127.0.0.1 adultsonlyvids.com
127.0.0.1 www.adultsper.com
127.0.0.1 adultsper.com
127.0.0.1 www.adulttds.com
127.0.0.1 adulttds.com
127.0.0.1 adultzoneworld.com
127.0.0.1 www.adultzoneworld.com
127.0.0.1 advancedcleaner.com
127.0.0.1 www.advancedcleaner.com
127.0.0.1 www.advancedpccleaner.com
127.0.0.1 advancedpccleaner.com
127.0.0.1 advancedxpfixer.com
127.0.0.1 www.advancedxpfixer.com
127.0.0.1 advcash.biz
127.0.0.1 www.advcash.biz
127.0.0.1 advert.exaccess.ru
127.0.0.1 advertisemoney.info
127.0.0.1 www.advertisemoney.info
127.0.0.1 advertising.paltalk.com
127.0.0.1 advertising-money.info
127.0.0.1 www.advertising-money.info
127.0.0.1 www.advert-network.com
127.0.0.1 advert-network.com
127.0.0.1 ad-ware.cc
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 a-d-w-a-r-e.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 www.adware.pro
127.0.0.1 adware.pro
127.0.0.1 www.adwarealert.com
127.0.0.1 adwarealert.com
127.0.0.1 www.ad-warealert.com
127.0.0.1 ad-warealert.com
127.0.0.1 adwarearrest.com
127.0.0.1 www.adwarearrest.com
127.0.0.1 adwarebazooka.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 adwarebot.com
127.0.0.1 www.adwarebot.com
127.0.0.1 www.adwarecommander.com
127.0.0.1 adwarecommander.com
127.0.0.1 adware-download.com
127.0.0.1 www.adware-download.com
127.0.0.1 www.adwarefinder.com
127.0.0.1 adwarefinder.com
127.0.0.1 www.adwaregold.com
127.0.0.1 adwaregold.com
127.0.0.1 www.adwarepatrol.com
127.0.0.1 adwarepatrol.com
127.0.0.1 www.adwareplatinum.com
127.0.0.1 adwareplatinum.com
127.0.0.1 www.adwarepro.org
127.0.0.1 adwarepro.org
127.0.0.1 www.adwareprotectionsite.com
127.0.0.1 adwareprotectionsite.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 adwarepunisher.com
127.0.0.1 www.adwareremover.ws
127.0.0.1 adwareremover.ws
127.0.0.1 www.adwaresafety.com
127.0.0.1 adwaresafety.com
127.0.0.1 www.adwarexp.com
127.0.0.1 adwarexp.com
127.0.0.1 www.adwareye.com
127.0.0.1 adwareye.com
127.0.0.1 affiliate.idownload.com
127.0.0.1 www.aflgate.com
127.0.0.1 aflgate.com
127.0.0.1 africaspromise.org
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 agentstudio.com
127.0.0.1 www.ageofconans.net
127.0.0.1 ageofconans.net
127.0.0.1 www.aginegialle.it
127.0.0.1 aginegialle.it
127.0.0.1 www.ahnenforschung.de
127.0.0.1 ahnenforschung.de
127.0.0.1 www.aifind.info
127.0.0.1 aifind.info
127.0.0.1 www.airtleworld.com
127.0.0.1 airtleworld.com
127.0.0.1 www.aitalia.it
127.0.0.1 aitalia.it
127.0.0.1 akamai.downloadv3.com
127.0.0.1 www.aklitalia.it
127.0.0.1 aklitalia.it
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 www.alertspy.com
127.0.0.1 alertspy.com
127.0.0.1 alfacleaner.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 alfa-search.com
127.0.0.1 www.alialia.it
127.0.0.1 alialia.it
127.0.0.1 www.aliotalia.it
127.0.0.1 aliotalia.it
127.0.0.1 www.alirtalia.it
127.0.0.1 alirtalia.it
127.0.0.1 www.alitaia.it
127.0.0.1 alitaia.it
127.0.0.1 www.alitaklia.it
127.0.0.1 alitaklia.it
127.0.0.1 www.alitala.it
127.0.0.1 alitala.it
127.0.0.1 www.alitali.it
127.0.0.1 alitali.it
127.0.0.1 www.alitaliaq.it
127.0.0.1 alitaliaq.it
127.0.0.1 www.alitalias.it
127.0.0.1 alitalias.it
127.0.0.1 www.alitaliaz.it
127.0.0.1 alitaliaz.it
127.0.0.1 www.alitalioa.it
127.0.0.1 alitalioa.it
127.0.0.1 www.alitalisa.it
127.0.0.1 alitalisa.it
127.0.0.1 www.alitaliua.it
127.0.0.1 alitaliua.it
127.0.0.1 www.alitalkia.it
127.0.0.1 alitalkia.it
127.0.0.1 www.alitaloia.it
127.0.0.1 alitaloia.it
127.0.0.1 www.alitaluia.it
127.0.0.1 alitaluia.it
127.0.0.1 www.alitaslia.it
127.0.0.1 alitaslia.it
127.0.0.1 www.alitlia.it
127.0.0.1 alitlia.it
127.0.0.1 www.alitralia.it
127.0.0.1 alitralia.it
127.0.0.1 www.alitsalia.it
127.0.0.1 alitsalia.it
127.0.0.1 www.aliutalia.it
127.0.0.1 aliutalia.it
127.0.0.1 www.all1count.net
127.0.0.1 all1count.net
127.0.0.1 all4internet.com
127.0.0.1 www.all4internet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 all-bittorrent.com
127.0.0.1 www.all-bittorrent.com
127.0.0.1 www.allcollisions.com
127.0.0.1 allcollisions.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 allcybersearch.com
127.0.0.1 www.alldiskscheck300.com
127.0.0.1 alldiskscheck300.com
127.0.0.1 www.alldnserrors.com
127.0.0.1 alldnserrors.com
127.0.0.1 www.all-downloads-now.com
127.0.0.1 all-downloads-now.com
127.0.0.1 all-edonkey.com
127.0.0.1 www.all-edonkey.com
127.0.0.1 www.allertaminacce.com
127.0.0.1 allertaminacce.com
127.0.0.1 allforadult.com
127.0.0.1 allhyperlinks.com
127.0.0.1 www.alliesecurity.com
127.0.0.1 alliesecurity.com
127.0.0.1 all-inet.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 www.all-limewire.com
127.0.0.1 all-limewire.com
127.0.0.1 www.allmegabucks.com
127.0.0.1 allmegabucks.com
127.0.0.1 www.allprotections.com
127.0.0.1 allprotections.com
127.0.0.1 www.allresultz.net
127.0.0.1 allresultz.net
127.0.0.1 www.allsearch.us
127.0.0.1 allsearch.us
127.0.0.1 www.allsecuritynotes.com
127.0.0.1 allsecuritynotes.com
127.0.0.1 www.allsecuritysite.com
127.0.0.1 allsecuritysite.com
127.0.0.1 www.allstarsvideos.net
127.0.0.1 allstarsvideos.net
127.0.0.1 www.alltiettantivirus.com
127.0.0.1 alltiettantivirus.com
127.0.0.1 www.alltruesoftware.com
127.0.0.1 alltruesoftware.com
127.0.0.1 www.allvideoactivex.com
127.0.0.1 allvideoactivex.com
127.0.0.1 www.almanah.biz
127.0.0.1 almanah.biz
127.0.0.1 almarvideos.com
127.0.0.1 www.aloitalia.it
127.0.0.1 aloitalia.it
127.0.0.1 www.aluitalia.it
127.0.0.1 aluitalia.it
127.0.0.1 www.amaena.com
127.0.0.1 amaena.com
127.0.0.1 amandamountains.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amediasoftware.com
127.0.0.1 amediasoftware.com
127.0.0.1 www.amediasource.com
127.0.0.1 amediasource.com
127.0.0.1 americanautobargains.com
127.0.0.1 www.americanautobargains.com
127.0.0.1 www.americancarbargains.com
127.0.0.1 americancarbargains.com
127.0.0.1 american-teens.net
127.0.0.1 amigeek.com
127.0.0.1 www.amigobore.com
127.0.0.1 amigobore.com
127.0.0.1 amisbusiness.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.analcord.com
127.0.0.1 analcord.com
127.0.0.1 analmovi.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 www.andromedical.com
127.0.0.1 andromedical.com
127.0.0.1 www.animepornmag.com
127.0.0.1 animepornmag.com
127.0.0.1 anin.org
127.0.0.1 www.anjpn-avxiz.biz
127.0.0.1 anjpn-avxiz.biz
127.0.0.1 anjpnzqav.biz
127.0.0.1 www.anjpnzqav.biz
127.0.0.1 anjpn-zqav.biz
127.0.0.1 www.anjpn-zqav.biz
127.0.0.1 annaromeo.com
127.0.0.1 antiddos.us
127.0.0.1 www.antiddos.us
127.0.0.1 antiespiadorado.com
127.0.0.1 www.antiespiadorado.com
127.0.0.1 www.antiespionspack.com
127.0.0.1 antiespionspack.com
127.0.0.1 www.antigusanos2008.com
127.0.0.1 antigusanos2008.com
127.0.0.1 antispamassistant.com
127.0.0.1 www.antispamassistant.com
127.0.0.1 antispamdeluxe.com
127.0.0.1 www.antispamdeluxe.com
127.0.0.1 www.antispionage.com
127.0.0.1 antispionage.com
127.0.0.1 www.antispionagepro.com
127.0.0.1 antispionagepro.com
127.0.0.1 www.antispyadvanced.com
127.0.0.1 antispyadvanced.com
127.0.0.1 www.antispycheck.com
127.0.0.1 antispycheck.com
127.0.0.1 www.antispydns.biz
127.0.0.1 antispydns.biz
127.0.0.1 www.antispykit.com
127.0.0.1 antispykit.com
127.0.0.1 antispylab.com
127.0.0.1 www.antispylab.com
127.0.0.1 www.antispyshield.com
127.0.0.1 antispyshield.com
127.0.0.1 www.antispysolutions.com
127.0.0.1 antispysolutions.com
127.0.0.1 www.antispyware.com
127.0.0.1 antispyware.com
127.0.0.1 www.antispyware-2008.info
127.0.0.1 antispyware-2008.info
127.0.0.1 antispyware2008.name
127.0.0.1 www.antispyware2008.name
127.0.0.1 www.antispyware-2008.name
127.0.0.1 antispyware-2008.name
127.0.0.1 antispyware2008.org
127.0.0.1 www.antispyware2008.org
127.0.0.1 antispyware-2008.org
127.0.0.1 www.antispyware-2008.org
127.0.0.1 www.antispyware2008-download.com
127.0.0.1 antispyware2008-download.com
127.0.0.1 antispyware-2008-download.com
127.0.0.1 www.antispyware-2008-download.com
127.0.0.1 antispyware2008-download.name
127.0.0.1 www.antispyware2008-download.name
127.0.0.1 www.antispyware2008-download.org
127.0.0.1 antispyware2008-download.org
127.0.0.1 www.antispyware-2008-download.org
127.0.0.1 antispyware-2008-download.org
127.0.0.1 www.antispywareboot.com
127.0.0.1 antispywareboot.com
127.0.0.1 antispywarebot.com
127.0.0.1 www.antispywarebot.com
127.0.0.1 antispywarebox.com
127.0.0.1 www.antispywarebox.com
127.0.0.1 www.antispywaredownloads.com
127.0.0.1 antispywaredownloads.com
127.0.0.1 antispywareexpert.com
127.0.0.1 www.antispywareexpert.com
127.0.0.1 www.antispywaremaster.com
127.0.0.1 antispywaremaster.com
127.0.0.1 www.antispyware-review.info
127.0.0.1 antispyware-review.info
127.0.0.1 antispywaresales.com
127.0.0.1 www.antispywaresales.com
127.0.0.1 www.antispywaresuite.com
127.0.0.1 antispywaresuite.com
127.0.0.1 www.antispywareupdates.net
127.0.0.1 antispywareupdates.net
127.0.0.1 www.antispywarexp.com
127.0.0.1 antispywarexp.com
127.0.0.1 www.antispyweb.net
127.0.0.1 antispyweb.net
127.0.0.1 www.antiver2008.com
127.0.0.1 antiver2008.com
127.0.0.1 antivermins.com
127.0.0.1 www.antivermins.com
127.0.0.1 anti-vermins.com
127.0.0.1 www.anti-vermins.com
127.0.0.1 antivir2007.com
127.0.0.1 www.antivir2007.com
127.0.0.1 www.antivirgear.com
127.0.0.1 antivirgear.com
127.0.0.1 www.antivirprotect.com
127.0.0.1 antivirprotect.com
127.0.0.1 antivirus.fastfreedownload.com
127.0.0.1 www.antivirus.fastfreedownload.com
127.0.0.1 antivirus2008pro.com
127.0.0.1 www.antivirus2008pro.com
127.0.0.1 antivirus-2008pro.com
127.0.0.1 www.antivirus-2008pro.com
127.0.0.1 antivirus-2008-pro.com
127.0.0.1 www.antivirus-2008-pro.com
127.0.0.1 www.antivirus2008pro.info
127.0.0.1 antivirus2008pro.info
127.0.0.1 antivirus-2008pro.info
127.0.0.1 www.antivirus-2008pro.info
127.0.0.1 www.antivirus-2008-pro.info
127.0.0.1 antivirus-2008-pro.info
127.0.0.1 antivirus2008pro.net
127.0.0.1 www.antivirus2008pro.net
127.0.0.1 antivirus-2008pro.net
127.0.0.1 www.antivirus-2008pro.net
127.0.0.1 www.antivirus-2008-pro.net
127.0.0.1 antivirus-2008-pro.net
127.0.0.1 antivirus2008pro.org
127.0.0.1 www.antivirus2008pro.org
127.0.0.1 antivirus-2008pro.org
127.0.0.1 www.antivirus-2008pro.org
127.0.0.1 antivirus-2008-pro.org
127.0.0.1 www.antivirus-2008-pro.org
127.0.0.1 www.antivirus2008scanner.com
127.0.0.1 antivirus2008scanner.com
127.0.0.1 www.antivirus2008x.com
127.0.0.1 antivirus2008x.com
127.0.0.1 www.antivirus-2009.com
127.0.0.1 antivirus-2009.com
127.0.0.1 www.antivirus2009-freescan.com
127.0.0.1 antivirus2009-freescan.com
127.0.0.1 antivirus-2009pro.com
127.0.0.1 www.antivirus-2009pro.com
127.0.0.1 antivirus2009professional.com
127.0.0.1 www.antivirus2009professional.com
127.0.0.1 www.antivirusadvance.com
127.0.0.1 antivirusadvance.com
127.0.0.1 www.antivirusaskeladd.com
127.0.0.1 antivirusaskeladd.com
127.0.0.1 www.antivirus-database.com
127.0.0.1 antivirus-database.com
127.0.0.1 antivirusgereedschap.com
127.0.0.1 www.antivirusgereedschap.com
127.0.0.1 www.antivirusgolden.com
127.0.0.1 antivirusgolden.com
127.0.0.1 www.antivirus-hq.net
127.0.0.1 antivirus-hq.net
127.0.0.1 www.antiviruspcsuite.com
127.0.0.1 antiviruspcsuite.com
127.0.0.1 www.antiviruspremium.com
127.0.0.1 antiviruspremium.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 anti-virus-pro.com
127.0.0.1 antivirusprotector.com
127.0.0.1 www.antivirusprotector.com
127.0.0.1 www.antivirus-scanner.com
127.0.0.1 antivirus-scanner.com
127.0.0.1 www.antivirusscherm.com
127.0.0.1 antivirusscherm.com
127.0.0.1 www.antivirussecuritypro.com
127.0.0.1 antivirussecuritypro.com
127.0.0.1 www.antivirus-server.com
127.0.0.1 antivirus-server.com
127.0.0.1 antivirus-stop.com
127.0.0.1 www.antivirus-stop.com
127.0.0.1 www.antivirussuite.com
127.0.0.1 antivirussuite.com
127.0.0.1 www.antiworm2008.com
127.0.0.1 antiworm2008.com
127.0.0.1 www.antiwurm2008.com
127.0.0.1 antiwurm2008.com
127.0.0.1 antrocity.com
127.0.0.1 www.anyofus.com
127.0.0.1 anyofus.com
127.0.0.1 www.anysafereviews.com
127.0.0.1 anysafereviews.com
127.0.0.1 www.anysn.seproger.com
127.0.0.1 anysn.seproger.com
127.0.0.1 anything4health.com
127.0.0.1 www.apicpreview.com
127.0.0.1 apicpreview.com
127.0.0.1 www.appealcircuit.com
127.0.0.1 appealcircuit.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 approvedlinks.com
127.0.0.1 apps.deskwizz.com
127.0.0.1 apps.webservicehost.com
127.0.0.1 www.aprotectedpage.com
127.0.0.1 aprotectedpage.com
127.0.0.1 apsua.com
127.0.0.1 www.archivioadulti.com
127.0.0.1 archivioadulti.com
127.0.0.1 www.archiviosex.net
127.0.0.1 archiviosex.net
127.0.0.1 aregay.com
127.0.0.1 ares.click-new-download.com
127.0.0.1 www.ares.click-new-download.com
127.0.0.1 www.ares-freebie.com
127.0.0.1 ares-freebie.com
127.0.0.1 www.arespro2007.com
127.0.0.1 arespro2007.com
127.0.0.1 aresultra.com
127.0.0.1 www.aresultra.com
127.0.0.1 www.ares-usa.com
127.0.0.1 ares-usa.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 www.arquivojpgs.smtp.ru
127.0.0.1 arquivojpgs.smtp.ru
127.0.0.1 artachnid.com
127.0.0.1 art-func.com
127.0.0.1 art-xxx.com
127.0.0.1 www.asafebrowser.com
127.0.0.1 asafebrowser.com
127.0.0.1 www.asafetyalways.com
127.0.0.1 asafetyalways.com
127.0.0.1 www.asafetynote.com
127.0.0.1 asafetynote.com
127.0.0.1 www.asafetynotice.com
127.0.0.1 asafetynotice.com
127.0.0.1 www.asafetypage.com
127.0.0.1 asafetypage.com
127.0.0.1 www.asdbiz.biz
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdeykuddq.com
127.0.0.1 asdeykuddq.com
127.0.0.1 www.asecurebar.com
127.0.0.1 asecurebar.com
127.0.0.1 www.asecureboard.com
127.0.0.1 asecureboard.com
127.0.0.1 www.asecurevalue.com
127.0.0.1 asecurevalue.com
127.0.0.1 www.asecurityissue.com
127.0.0.1 asecurityissue.com
127.0.0.1 www.asecuritynotice.com
127.0.0.1 asecuritynotice.com
127.0.0.1 www.asecuritypaper.com
127.0.0.1 asecuritypaper.com
127.0.0.1 www.asecuritystuff.com
127.0.0.1 asecuritystuff.com
127.0.0.1 www.asfadaptation.com
127.0.0.1 asfadaptation.com
127.0.0.1 asiankingkong.com
127.0.0.1 www.asianpornmag.com
127.0.0.1 asianpornmag.com
127.0.0.1 www.asiantoolbar.com
127.0.0.1 asiantoolbar.com
127.0.0.1 www.asidseiupc.com
127.0.0.1 asidseiupc.com
127.0.0.1 www.aslitalia.it
127.0.0.1 aslitalia.it
127.0.0.1 ass-gals.com
127.0.0.1 www.assureprotection.com
127.0.0.1 assureprotection.com
127.0.0.1 asta-killer.com
127.0.0.1 www.astrologie-server.com
127.0.0.1 astrologie-server.com
127.0.0.1 www.asupereva.it
127.0.0.1 asupereva.it
127.0.0.1 www.ataprogram.com
127.0.0.1 ataprogram.com
127.0.0.1 athenrye.com
127.0.0.1 www.atotalsafety.com
127.0.0.1 atotalsafety.com
127.0.0.1 www.atrueprotection.com
127.0.0.1 atrueprotection.com
127.0.0.1 www.atruesecurity.com
127.0.0.1 atruesecurity.com
127.0.0.1 www.attackware.com
127.0.0.1 attackware.com
127.0.0.1 www.attrezzi.biz
127.0.0.1 attrezzi.biz
127.0.0.1 www.aucunsvirus.com
127.0.0.1 aucunsvirus.com
127.0.0.1 www.aulde.net
127.0.0.1 aulde.net
127.0.0.1 www.aupereva.it
127.0.0.1 aupereva.it
127.0.0.1 www.autobargains.org
127.0.0.1 autobargains.org
127.0.0.1 www.autobargainsnetwork.com
127.0.0.1 autobargainsnetwork.com
127.0.0.1 www.autocontext.begun.ru
127.0.0.1 autocontext.begun.ru
127.0.0.1 autoescrowpay.com
127.0.0.1 www.autotuningportal.com
127.0.0.1 autotuningportal.com
127.0.0.1 avadvance.com
127.0.0.1 www.avadvance.com
127.0.0.1 www.avast.free-software-center.com
127.0.0.1 avast.free-software-center.com
127.0.0.1 www.avast-2007.com
127.0.0.1 avast-2007.com
127.0.0.1 www.avast-downloads.com
127.0.0.1 avast-downloads.com
127.0.0.1 www.avast-hq.com
127.0.0.1 avast-hq.com
127.0.0.1 avforce.com
127.0.0.1 www.avforce.com
127.0.0.1 avg.grab-it-today.net
127.0.0.1 www.avg.grab-it-today.net
127.0.0.1 www.avg.softwarecenterz.com
127.0.0.1 avg.softwarecenterz.com
127.0.0.1 avg-secure.com
127.0.0.1 www.avg-secure.com
127.0.0.1 www.aviadaptation.com
127.0.0.1 aviadaptation.com
127.0.0.1 avian-ads.com
127.0.0.1 avicoupler.com
127.0.0.1 www.avicoupler.com
127.0.0.1 avideoaxaccess.com
127.0.0.1 www.avideoaxaccess.com
127.0.0.1 avideosurfer.com
127.0.0.1 www.avideosurfer.com
127.0.0.1 avidirection.com
127.0.0.1 www.avidirection.com
127.0.0.1 www.aviewersoft.com
127.0.0.1 aviewersoft.com
127.0.0.1 aviexecution.com
127.0.0.1 www.aviexecution.com
127.0.0.1 www.avihelper.com
127.0.0.1 avihelper.com
127.0.0.1 aviinstrument.com
127.0.0.1 www.aviinstrument.com
127.0.0.1 aviplugin.com
127.0.0.1 www.aviplugin.com
127.0.0.1 avitool.com
127.0.0.1 www.avitool.com
127.0.0.1 www.aviupdate.com
127.0.0.1 aviupdate.com
127.0.0.1 aviutility.com
127.0.0.1 www.aviutility.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avsmanufacture.com
127.0.0.1 www.avsmanufacture.com
127.0.0.1 www.avsystemcare.com
127.0.0.1 avsystemcare.com
127.0.0.1 avxizaaqada.biz
127.0.0.1 www.avxizaaqada.biz
127.0.0.1 www.avxiz-anjpn.biz
127.0.0.1 avxiz-anjpn.biz
127.0.0.1 avxizueorn.biz
127.0.0.1 www.avxizueorn.biz
127.0.0.1 www.avxiz-ueorn.biz
127.0.0.1 avxiz-ueorn.biz
127.0.0.1 avxiz-vtvcp.biz
127.0.0.1 www.avxiz-vtvcp.biz
127.0.0.1 www.avxiz-ygco.biz
127.0.0.1 avxiz-ygco.biz
127.0.0.1 avxiz-zqav.biz
127.0.0.1 www.avxiz-zqav.biz
127.0.0.1 www.av-xp-08.com
127.0.0.1 av-xp-08.com
127.0.0.1 www.awarenesstech.com
127.0.0.1 awarenesstech.com
127.0.0.1 www.awarninglist.com
127.0.0.1 awarninglist.com
127.0.0.1 awbeta.net-nucleus.com
127.0.0.1 www.awesomehomepage.com
127.0.0.1 awesomehomepage.com
127.0.0.1 awmcash.biz
127.0.0.1 awmdabest.com
127.0.0.1 www.axemediasoftware.com
127.0.0.1 axemediasoftware.com
127.0.0.1 www.aximageobject.com
127.0.0.1 aximageobject.com
127.0.0.1 www.axmediaproject.com
127.0.0.1 axmediaproject.com
127.0.0.1 www.axmediasoftware.com
127.0.0.1 axmediasoftware.com
127.0.0.1 www.axmediasolutions.com
127.0.0.1 axmediasolutions.com
127.0.0.1 www.axobjectpage.com
127.0.0.1 axobjectpage.com
127.0.0.1 www.axobjectsource.com
127.0.0.1 axobjectsource.com
127.0.0.1 www.axsoftwaretool.com
127.0.0.1 axsoftwaretool.com
127.0.0.1 www.axvideoproject.com
127.0.0.1 axvideoproject.com
127.0.0.1 www.axvideosetup.com
127.0.0.1 axvideosetup.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayb.dns-look-up.com
127.0.0.1 ayb.netbios-wait.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 azebar.com
127.0.0.1 azureusclub.com
127.0.0.1 www.azureusclub.com
127.0.0.1 azureus-freebie.com
127.0.0.1 www.azureus-freebie.com
127.0.0.1 www.azzetta.it
127.0.0.1 azzetta.it
127.0.0.1 b.casalemedia.com
127.0.0.1 b122.mcboo.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babenet.com
127.0.0.1 babenet.com
127.0.0.1 www.babespornmag.com
127.0.0.1 babespornmag.com
127.0.0.1 www.babeweb.de
127.0.0.1 babeweb.de
127.0.0.1 www.baccarat-other.info
127.0.0.1 baccarat-other.info
127.0.0.1 www.backstripgirls.com
127.0.0.1 backstripgirls.com
127.0.0.1 backup.mabou.org
127.0.0.1 www.baiduqqsina.cn
127.0.0.1 baiduqqsina.cn
127.0.0.1 www.balotierra.com
127.0.0.1 balotierra.com
127.0.0.1 bannedhost.net
127.0.0.1 barbudafarms.com
127.0.0.1 www.bardownload.com
127.0.0.1 bardownload.com
127.0.0.1 barnandfence.com
127.0.0.1 www.basteln-und-heimwerken.com
127.0.0.1 basteln-und-heimwerken.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bb.wudiliuliang.com
127.0.0.1 bbbsearch.com
127.0.0.1 bb-search.com
127.0.0.1 www.bcnproduction.com
127.0.0.1 bcnproduction.com
127.0.0.1 bdsmlibrary.net
127.0.0.1 www.bdsmpornmag.com
127.0.0.1 bdsmpornmag.com
127.0.0.1 www.bearshare.click-new-download.com
127.0.0.1 bearshare.click-new-download.com
127.0.0.1 bearshare.download-me.info
127.0.0.1 www.bearshare.download-me.info
127.0.0.1 www.bearshare.mp3-muzic.com
127.0.0.1 bearshare.mp3-muzic.com
127.0.0.1 www.bearshare-download.org
127.0.0.1 bearshare-download.org
127.0.0.1 www.bearshare-downloads.net
127.0.0.1 bearshare-downloads.net
127.0.0.1 www.bearsharelive.co.uk
127.0.0.1 bearsharelive.co.uk
127.0.0.1 bearshare-music-downloads.com
127.0.0.1 www.bearshare-music-downloads.com
127.0.0.1 bearsharepro2007.com
127.0.0.1 www.bearsharepro2007.com
127.0.0.1 bearshare-usa.com
127.0.0.1 www.bearshare-usa.com
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 www.beebappyy.biz
127.0.0.1 beebappyy.biz
127.0.0.1 www.begin2search.com
127.0.0.1 begin2search.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 www.berufe-jobs.de
127.0.0.1 berufe-jobs.de
127.0.0.1 www.berufe-server.de
127.0.0.1 berufe-server.de
127.0.0.1 www.berufe-welt.de
127.0.0.1 berufe-welt.de
127.0.0.1 www.berufs-wahl.de
127.0.0.1 berufs-wahl.de
127.0.0.1 www.beruijindegunhadesun.com
127.0.0.1 beruijindegunhadesun.com
127.0.0.1 best3xclips.com
127.0.0.1 www.best3xclips.com
127.0.0.1 bestadults.com
127.0.0.1 www.bestadults.com
127.0.0.1 www.best-codec.com
127.0.0.1 best-codec.com
127.0.0.1 best-counter.com
127.0.0.1 bestcrawler.com
127.0.0.1 www.bestdailyvids.com
127.0.0.1 bestdailyvids.com
127.0.0.1 bestfor.ru
127.0.0.1 www.bestfuckvids.com
127.0.0.1 bestfuckvids.com
127.0.0.1 best-hardpics.com
127.0.0.1 www.bestmanage.org
127.0.0.1 bestmanage.org
127.0.0.1 www.bestmanage0.org
127.0.0.1 bestmanage0.org
127.0.0.1 bestmanage1.org
127.0.0.1 www.bestmanage1.org
127.0.0.1 www.bestmanage2.org
127.0.0.1 bestmanage2.org
127.0.0.1 www.bestmanage3.org
127.0.0.1 bestmanage3.org
127.0.0.1 www.bestmanage4.org
127.0.0.1 bestmanage4.org
127.0.0.1 bestmanage5.org
127.0.0.1 www.bestmanage5.org
127.0.0.1 www.bestmanage6.org
127.0.0.1 bestmanage6.org
127.0.0.1 www.bestmanage7.org
127.0.0.1 bestmanage7.org
127.0.0.1 www.bestmanage8.org
127.0.0.1 bestmanage8.org
127.0.0.1 bestmanage9.org
127.0.0.1 www.bestmanage9.org
127.0.0.1 bestmovszone.com
127.0.0.1 www.bestmovszone.com
127.0.0.1 www.bestnetwok.net
127.0.0.1 bestnetwok.net
127.0.0.1 www.bestnetwork.net
127.0.0.1 bestnetwork.net
127.0.0.1 www.bestoffersnetworks.com
127.0.0.1 bestoffersnetworks.com
127.0.0.1 www.best-porncollection.com
127.0.0.1 best-porncollection.com
127.0.0.1 bestporngate.com
127.0.0.1 bestsafetyguide.net
127.0.0.1 www.bestsafetyguide.net
127.0.0.1 bestsearch.cc
127.0.0.1 www.bestsearch.cc
127.0.0.1 www.bestsearchworld.info
127.0.0.1 bestsearchworld.info
127.0.0.1 www.best-spyware.info
127.0.0.1 best-spyware.info
127.0.0.1 best-targeted-traffic.com
127.0.0.1 www.best-targeted-traffic.com
127.0.0.1 www.best-voyeur.info
127.0.0.1 best-voyeur.info
127.0.0.1 bestweblinks.com
127.0.0.1 best-winning-casino.com
127.0.0.1 www.bestworldgirls-for-u.net
127.0.0.1 bestworldgirls-for-u.net
127.0.0.1 www.bestxclips.com
127.0.0.1 bestxclips.com
127.0.0.1 bestxporno.com
127.0.0.1 www.bestxxxmpegs.com
127.0.0.1 bestxxxmpegs.com
127.0.0.1 www.bettersearch.biz
127.0.0.1 bettersearch.biz
127.0.0.1 www.bewerbungsexperte.com
127.0.0.1 bewerbungsexperte.com
127.0.0.1 www.bgazzetta.it
127.0.0.1 bgazzetta.it
127.0.0.1 www.bgoogle.it
127.0.0.1 bgoogle.it
127.0.0.1 www.bigcodecadult.com
127.0.0.1 bigcodecadult.com
127.0.0.1 bigcodecadult2008.com
127.0.0.1 www.bigcodecadult2008.com
127.0.0.1 bigcodecadult2008-17.com
127.0.0.1 www.bigcodecadult2008-17.com
127.0.0.1 bighot18adult2008.com
127.0.0.1 www.bighot18adult2008.com
127.0.0.1 www.bighot18-adult2008.com
127.0.0.1 bighot18-adult2008.com
127.0.0.1 www.bighot18codec2008.com
127.0.0.1 bighot18codec2008.com
127.0.0.1 bighot18-codec2008.com
127.0.0.1 www.bighot18-codec2008.com
127.0.0.1 www.bigtrafficnetwork.com
127.0.0.1 bigtrafficnetwork.com
127.0.0.1 www.bigwww.com
127.0.0.1 bigwww.com
127.0.0.1 www.bill.de
127.0.0.1 bill.de
127.0.0.1 bin.errorprotector.com
127.0.0.1 bins.media-motor.net
127.0.0.1 bins2.media-motor.net
127.0.0.1 bis.180solutions.com
127.0.0.1 bitchesonline.net
127.0.0.1 www.bitcomet-freebie.com
127.0.0.1 bitcomet-freebie.com
127.0.0.1 www.bittorrent.click-new-download.com
127.0.0.1 bittorrent.click-new-download.com
127.0.0.1 biz.biz
127.0.0.1 www.bkvcompany.com
127.0.0.1 bkvcompany.com
127.0.0.1 blackblues00.com
127.0.0.1 www.blackblues00.com
127.0.0.1 blackcodec.com
127.0.0.1 www.blackcodec.com
127.0.0.1 www.black-codec.com
127.0.0.1 black-codec.com
127.0.0.1 www.blackcodec.net
127.0.0.1 blackcodec.net
127.0.0.1 www.blackhats.tc
127.0.0.1 blackhats.tc
127.0.0.1 www.blackhawksoftware.com
127.0.0.1 blackhawksoftware.com
127.0.0.1 blackjack-free.net
127.0.0.1 www.blacklegion.info
127.0.0.1 blacklegion.info
127.0.0.1 blazefind.com
127.0.0.1 blender.xu.pl
127.0.0.1 www.blockcheckercontrol.com
127.0.0.1 blockcheckercontrol.com
127.0.0.1 blondetgp.com
127.0.0.1 www.blue-elefant.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.bm.theaimonline.com
127.0.0.1 bm.theaimonline.com
127.0.0.1 www.bnmgate.com
127.0.0.1 bnmgate.com
127.0.0.1 bodaciousbabette.com
127.0.0.1 www.bonzi.com
127.0.0.1 bonzi.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 www.bookedspace.com
127.0.0.1 bookedspace.com
127.0.0.1 www.boom.com.vn
127.0.0.1 boom.com.vn
127.0.0.1 www.boomgirltv.com
127.0.0.1 boomgirltv.com
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 www.bpfq02.com
127.0.0.1 bpfq02.com
127.0.0.1 www.bqgate.com
127.0.0.1 bqgate.com
127.0.0.1 br.errorsafe.com
127.0.0.1 br.winantivirus.com
127.0.0.1 br.winfixer.com
127.0.0.1 bradcoem.org
127.0.0.1 www.braincodec.com
127.0.0.1 braincodec.com
127.0.0.1 www.brakecodec.com
127.0.0.1 brakecodec.com
127.0.0.1 www.brakecodec.net
127.0.0.1 brakecodec.net
127.0.0.1 brandiyoung.com
127.0.0.1 www.bravesentry.com
127.0.0.1 bravesentry.com
127.0.0.1 www.breenten.biz
127.0.0.1 breenten.biz
127.0.0.1 www.brodbfm.net
127.0.0.1 brodbfm.net
127.0.0.1 brookeburn.com
127.0.0.1 www.browserwise.com
127.0.0.1 browserwise.com
127.0.0.1 bsa.safetydownload.com
127.0.0.1 www.bsplaycodec.com
127.0.0.1 bsplaycodec.com
127.0.0.1 bucps.com
127.0.0.1 buhartes.info
127.0.0.1 buldog-stats.com
127.0.0.1 www.bullseye-network.com
127.0.0.1 bullseye-network.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 www.burningsite.com
127.0.0.1 burningsite.com
127.0.0.1 www.burnsrecyclinginc.com
127.0.0.1 burnsrecyclinginc.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 www.busysearch.net
127.0.0.1 busysearch.net
127.0.0.1 buttejazz.org
127.0.0.1 www.buy-find.info
127.0.0.1 buy-find.info
127.0.0.1 buyselldomain.net
127.0.0.1 www.buytraff.biz
127.0.0.1 buytraff.biz
127.0.0.1 buz.ru
127.0.0.1 www.bvdtechinque.com
127.0.0.1 bvdtechinque.com
127.0.0.1 www.bvirgilio.it
127.0.0.1 bvirgilio.it
127.0.0.1 www.bye-spyware.com
127.0.0.1 bye-spyware.com
127.0.0.1 c.centralmedia.ws
127.0.0.1 www.c.enhance.com
127.0.0.1 c.enhance.com
127.0.0.1 c.goclick.com
127.0.0.1 www.c4tdownload.com
127.0.0.1 c4tdownload.com
127.0.0.1 www.c5.www4free.info
127.0.0.1 c5.www4free.info
127.0.0.1 www.cache.surfaccuracy.com
127.0.0.1 cache.surfaccuracy.com
127.0.0.1 cache.ysbweb.com
127.0.0.1 www.cadesfinjeriokas.com
127.0.0.1 cadesfinjeriokas.com
127.0.0.1 calcioturris.com
127.0.0.1 www.calendaralerts.net
127.0.0.1 calendaralerts.net
127.0.0.1 www.callinghome.biz
127.0.0.1 callinghome.biz
127.0.0.1 www.cameouk.co.uk
127.0.0.1 cameouk.co.uk
127.0.0.1 cameup.com
127.0.0.1 www.camouflageclothingonline.net
127.0.0.1 camouflageclothingonline.net
127.0.0.1 campaigns.outerinfo.net
127.0.0.1 www.camping-community.com
127.0.0.1 camping-community.com
127.0.0.1 camup.net
127.0.0.1 canberracricketcoaching.com
127.0.0.1 candycantaloupes.com
127.0.0.1 www.canidetect.org
127.0.0.1 canidetect.org
127.0.0.1 www.cantfind.com
127.0.0.1 cantfind.com
127.0.0.1 careers.dulcineasystems.net
127.0.0.1 carsands.com
127.0.0.1 carsrentals.net
127.0.0.1 cartoes.uol.com.br
127.0.0.1 www.casalemedia.com
127.0.0.1 casalemedia.com
127.0.0.1 www.cashdeluxe.net
127.0.0.1 cashdeluxe.net
127.0.0.1 www.cashengines.com
127.0.0.1 cashengines.com
127.0.0.1 cashsearch.biz
127.0.0.1 www.cashsurfers.com
127.0.0.1 cashsurfers.com
127.0.0.1 www.cashunlim.com
127.0.0.1 cashunlim.com
127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
127.0.0.1 casino2win.net
127.0.0.1 casino-gambling-1.net
127.0.0.1 casino-gambling-2.net
127.0.0.1 casinomidas.net
127.0.0.1 casinonline.net
127.0.0.1 casino-onlines.net
127.0.0.1 www.castingsamateur.com
127.0.0.1 castingsamateur.com
127.0.0.1 catallogue.com
127.0.0.1 www.catch-dc.info
127.0.0.1 catch-dc.info
127.0.0.1 categories.mygeek.com
127.0.0.1 catsss.da.ru
127.0.0.1 caxa.ru
127.0.0.1 cazygirls-world.com
127.0.0.1 cc.panet.org
127.0.0.1 www.ccecaedbebfcaf.com
127.0.0.1 ccecaedbebfcaf.com
127.0.0.1 cclebali.org
127.0.0.1 www.ccorriere.it
127.0.0.1 ccorriere.it
127.0.0.1 www.cdcopysite.com
127.0.0.1 cdcopysite.com
127.0.0.1 www.cdegate.com
127.0.0.1 cdegate.com
127.0.0.1 cdn.drivecleaner.com
127.0.0.1 cdn.errorsafe.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 cdn.winsoftware.com
127.0.0.1 cdn2.movies-etc.com
127.0.0.1 www.cdorriere.it
127.0.0.1 cdorriere.it
127.0.0.1 ceewawires.org
127.0.0.1 centralmedia.ws
127.0.0.1 certumgroup.com
127.0.0.1 www.cforriere.it
127.0.0.1 cforriere.it
127.0.0.1 cheapest.extra.hu
127.0.0.1 www.check.jupitersatellites.biz
127.0.0.1 check.jupitersatellites.biz
127.0.0.1 www.checkin100.com
127.0.0.1 checkin100.com
127.0.0.1 www.checkssecurity.com
127.0.0.1 checkssecurity.com
127.0.0.1 www.checksystem-online.com
127.0.0.1 checksystem-online.com
127.0.0.1 chelancatering.com
127.0.0.1 www.chenshijituan.com
127.0.0.1 chenshijituan.com
127.0.0.1 childrenvilla.com
127.0.0.1 www.chilly3xvids.com
127.0.0.1 chilly3xvids.com
127.0.0.1 www.chillymovs.com
127.0.0.1 chillymovs.com
127.0.0.1 chips-4-free.com
127.0.0.1 chrisswasey.com
127.0.0.1 chriswallace.net
127.0.0.1 www.cia-trjn.myvnc.com
127.0.0.1 cia-trjn.myvnc.com
127.0.0.1 www.cinemadownload.com
127.0.0.1 cinemadownload.com
127.0.0.1 www.ciorriere.it
127.0.0.1 ciorriere.it
127.0.0.1 www.cirriere.it
127.0.0.1 cirriere.it
127.0.0.1 citycodec.com
127.0.0.1 www.citycodec.com
127.0.0.1 city-codec.com
127.0.0.1 www.city-codec.com
127.0.0.1 ckick4thumbs.com
127.0.0.1 cl55.biz
127.0.0.1 clackamasliteraryreview.com
127.0.0.1 www.clckm.com
127.0.0.1 clckm.com
127.0.0.1 cleancodec.com
127.0.0.1 www.cleancodec.com
127.0.0.1 cleancodec.net
127.0.0.1 www.cleancodec.net
127.0.0.1 www.clean-codec.net
127.0.0.1 clean-codec.net
127.0.0.1 www.cleansoftwares.com
127.0.0.1 cleansoftwares.com
127.0.0.1 clearsearch.cc
127.0.0.1 clearsearch.net
127.0.0.1 clickaire.com
127.0.0.1 www.click-codec.com
127.0.0.1 click-codec.com
127.0.0.1 clickhere4search.com
127.0.0.1 www.clickhere4search.com
127.0.0.1 www.click-new-download.com
127.0.0.1 click-new-download.com
127.0.0.1 click-now.net
127.0.0.1 www.clickspring.net
127.0.0.1 clickspring.net
127.0.0.1 click-to-download.com
127.0.0.1 www.click-to-download.com
127.0.0.1 www.clicktomakeasearch.com
127.0.0.1 clicktomakeasearch.com
127.0.0.1 clickyestoenter.net
127.0.0.1 client.exeupdate.com
127.0.0.1 client.myadultexplorer.com
127.0.0.1 www.cliks.org
127.0.0.1 cliks.org
127.0.0.1 www.cliparts4free.com
127.0.0.1 cliparts4free.com
127.0.0.1 www.clipsfestival.com
127.0.0.1 clipsfestival.com
127.0.0.1 www.clipsreality.com
127.0.0.1 clipsreality.com
127.0.0.1 www.clorriere.it
127.0.0.1 clorriere.it
127.0.0.1 clrsch.com
127.0.0.1 www.clubxxxvideo.com
127.0.0.1 clubxxxvideo.com
127.0.0.1 clusif.free.fr
127.0.0.1 cmtapestry.com
127.0.0.1 www.cnetadd.com
127.0.0.1 cnetadd.com
127.0.0.1 www.cnomy.com
127.0.0.1 cnomy.com
127.0.0.1 www.cnzz.com
127.0.0.1 cnzz.com
127.0.0.1 www.cocktails-ideen.de
127.0.0.1 cocktails-ideen.de
127.0.0.1 code.ignphrases.com
127.0.0.1 codec.ninoa.com
127.0.0.1 codecadult18.com
127.0.0.1 www.codecadult18.com
127.0.0.1 codecbest.com
127.0.0.1 www.codecbest.com
127.0.0.1 codecbsplay.com
127.0.0.1 www.codecbsplay.com
127.0.0.1 www.codecdemo.com
127.0.0.1 codecdemo.com
127.0.0.1 codecdvd.net
127.0.0.1 www.codecdvd.net
127.0.0.1 www.codecdvi.com
127.0.0.1 codecdvi.com
127.0.0.1 www.codec-fun.com
127.0.0.1 codec-fun.com
127.0.0.1 www.codechard.com
127.0.0.1 codechard.com
127.0.0.1 www.codechot.net
127.0.0.1 codechot.net
127.0.0.1 www.codechq.net
127.0.0.1 codechq.net
127.0.0.1 www.codecmeg.net
127.0.0.1 codecmeg.net
127.0.0.1 www.codecmega.com
127.0.0.1 codecmega.com
127.0.0.1 www.codecmega.net
127.0.0.1 codecmega.net
127.0.0.1 www.codecmoon.com
127.0.0.1 codecmoon.com
127.0.0.1 www.codecmpg.com
127.0.0.1 codecmpg.com
127.0.0.1 www.codecnice.net
127.0.0.1 codecnice.net
127.0.0.1 www.codecnitro.com
127.0.0.1 codecnitro.com
127.0.0.1 www.codecops.net
127.0.0.1 codecops.net
127.0.0.1 www.codecplay.com
127.0.0.1 codecplay.com
127.0.0.1 www.codecpretty.net
127.0.0.1 codecpretty.net
127.0.0.1 www.codecpro.net
127.0.0.1 codecpro.net
127.0.0.1 www.codecred.net
127.0.0.1 codecred.net
127.0.0.1 www.codecsoft.net
127.0.0.1 codecsoft.net
127.0.0.1 www.codecthe.com
127.0.0.1 codecthe.com
127.0.0.1 www.codectime.com
127.0.0.1 codectime.com
127.0.0.1 www.codecultra.net
127.0.0.1 codecultra.net
127.0.0.1 www.codecvids.com
127.0.0.1 codecvids.com
127.0.0.1 www.codecvip.com
127.0.0.1 codecvip.com
127.0.0.1 www.codecviva.com
127.0.0.1 codecviva.com
127.0.0.1 www.codeczang.net
127.0.0.1 codeczang.net
127.0.0.1 www.codrriere.it
127.0.0.1 codrriere.it
127.0.0.1 www.coeriere.it
127.0.0.1 coeriere.it
127.0.0.1 www.coerriere.it
127.0.0.1 coerriere.it
127.0.0.1 www.cofrriere.it
127.0.0.1 cofrriere.it
127.0.0.1 www.cogrriere.it
127.0.0.1 cogrriere.it
127.0.0.1 www.coirriere.it
127.0.0.1 coirriere.it
127.0.0.1 command.adservs.com
127.0.0.1 www.commonname.com
127.0.0.1 commonname.com
127.0.0.1 www.comparespywareremover.org
127.0.0.1 comparespywareremover.org
127.0.0.1 www.computerpcgames.net
127.0.0.1 computerpcgames.net
127.0.0.1 www.computerrecover.com
127.0.0.1 computerrecover.com
127.0.0.1 config.180solutions.com
127.0.0.1 www.congtouzailai.net
127.0.0.1 congtouzailai.net
127.0.0.1 www.consumers-reviews.net
127.0.0.1 consumers-reviews.net
127.0.0.1 www.content.dollarrevenue.com
127.0.0.1 content.dollarrevenue.com
127.0.0.1 www.content.ireit.com
127.0.0.1 content.ireit.com
127.0.0.1 content.onerateld.com
127.0.0.1 www.contentmatch.net
127.0.0.1 contentmatch.net
127.0.0.1 www.contextplus.net
127.0.0.1 contextplus.net
127.0.0.1 www.contra-virus.com
127.0.0.1 contra-virus.com
127.0.0.1 www.controlmeh.com
127.0.0.1 controlmeh.com
127.0.0.1 www.controlpage.info
127.0.0.1 controlpage.info
127.0.0.1 www.convenient-search.com
127.0.0.1 convenient-search.com
127.0.0.1 www.cookingluck.com
127.0.0.1 cookingluck.com
127.0.0.1 www.cooldeskalert.com
127.0.0.1 cooldeskalert.com
127.0.0.1 coolfetishsite.com
127.0.0.1 coolfreehost.com
127.0.0.1 coolfreepage.com
127.0.0.1 coolfreepages.com
127.0.0.1 cool-homepage.co
127.0.0.1 cool-homepage.com
127.0.0.1 coolmoneysearch.com
127.0.0.1 coolonlinebusiness.com
127.0.0.1 www.coolonlinebusiness.com
127.0.0.1 coolpornsearch.com
127.0.0.1 cool-search.net
127.0.0.1 cool-search.netfartpost.com
127.0.0.1 coolsearcher.info
127.0.0.1 coolservecorp.net
127.0.0.1 www.coolservecorp.net
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 cool-web-search.com
127.0.0.1 coolwebsearsh.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwwwsearch.com
127.0.0.1 cool-xxx.net
127.0.0.1 www.coorriere.it
127.0.0.1 coorriere.it
127.0.0.1 copmtraine.com
127.0.0.1 www.coprriere.it
127.0.0.1 coprriere.it
127.0.0.1 www.core.psyche-evolution.com
127.0.0.1 core.psyche-evolution.com
127.0.0.1 www.coreiere.it
127.0.0.1 coreiere.it
127.0.0.1 www.coreriere.it
127.0.0.1 coreriere.it
127.0.0.1 www.corrdiere.it
127.0.0.1 corrdiere.it
127.0.0.1 www.correiere.it
127.0.0.1 correiere.it
127.0.0.1 www.corrfiere.it
127.0.0.1 corrfiere.it
127.0.0.1 www.corrgiere.it
127.0.0.1 corrgiere.it
127.0.0.1 www.corridere.it
127.0.0.1 corridere.it
127.0.0.1 www.corriedre.it
127.0.0.1 corriedre.it
127.0.0.1 www.corriee.it
127.0.0.1 corriee.it
127.0.0.1 www.corrieere.it
127.0.0.1 corrieere.it
127.0.0.1 www.corriefre.it
127.0.0.1 corriefre.it
127.0.0.1 www.corriegre.it
127.0.0.1 corriegre.it
127.0.0.1 www.corrierde.it
127.0.0.1 corrierde.it
127.0.0.1 www.corriered.it
127.0.0.1 corriered.it
127.0.0.1 www.corrieree.it
127.0.0.1 corrieree.it
127.0.0.1 www.corrieref.it
127.0.0.1 corrieref.it
127.0.0.1 www.corrierer.it
127.0.0.1 corrierer.it
127.0.0.1 www.corrieres.it
127.0.0.1 corrieres.it
127.0.0.1 www.corrierew.it
127.0.0.1 corrierew.it
127.0.0.1 www.corrierfe.it
127.0.0.1 corrierfe.it
127.0.0.1 www.corrierge.it
127.0.0.1 corrierge.it
127.0.0.1 www.corrierr.it
127.0.0.1 corrierr.it
127.0.0.1 www.corrierre.it
127.0.0.1 corrierre.it
127.0.0.1 www.corrierse.it
127.0.0.1 corrierse.it
127.0.0.1 www.corrierte.it
127.0.0.1 corrierte.it
127.0.0.1 www.corrierw.it
127.0.0.1 corrierw.it
127.0.0.1 www.corrierwe.it
127.0.0.1 corrierwe.it
127.0.0.1 www.corriesre.it
127.0.0.1 corriesre.it
127.0.0.1 www.corriete.it
127.0.0.1 corriete.it
127.0.0.1 www.corrietre.it
127.0.0.1 corrietre.it
127.0.0.1 www.corriewre.it
127.0.0.1 corriewre.it
127.0.0.1 www.corrifere.it
127.0.0.1 corrifere.it
127.0.0.1 www.corriiere.it
127.0.0.1 corriiere.it
127.0.0.1 www.corrilere.it
127.0.0.1 corrilere.it
127.0.0.1 www.corrioere.it
127.0.0.1 corrioere.it
127.0.0.1 www.corrire.it
127.0.0.1 corrire.it
127.0.0.1 www.corrirere.it
127.0.0.1 corrirere.it
127.0.0.1 www.corrirre.it
127.0.0.1 corrirre.it
127.0.0.1 www.corrisere.it
127.0.0.1 corrisere.it
127.0.0.1 www.corriuere.it
127.0.0.1 corriuere.it
127.0.0.1 www.corriwere.it
127.0.0.1 corriwere.it
127.0.0.1 www.corriwre.it
127.0.0.1 corriwre.it
127.0.0.1 www.corrliere.it
127.0.0.1 corrliere.it
127.0.0.1 www.corroere.it
127.0.0.1 corroere.it
127.0.0.1 www.corroiere.it
127.0.0.1 corroiere.it
127.0.0.1 www.corrriere.it
127.0.0.1 corrriere.it
127.0.0.1 www.corrtiere.it
127.0.0.1 corrtiere.it
127.0.0.1 www.corruere.it
127.0.0.1 corruere.it
127.0.0.1 www.corruiere.it
127.0.0.1 corruiere.it
127.0.0.1 www.cortiere.it
127.0.0.1 cortiere.it
127.0.0.1 www.cortriere.it
127.0.0.1 cortriere.it
127.0.0.1 www.costrike.com
127.0.0.1 costrike.com
127.0.0.1 www.cotriere.it
127.0.0.1 cotriere.it
127.0.0.1 www.cotrriere.it
127.0.0.1 cotrriere.it
127.0.0.1 couldnotfind.com
127.0.0.1 count.cc
127.0.0.1 count.hitscount.net
127.0.0.1 count-all.com
127.0.0.1 www.countdutycall.info
127.0.0.1 countdutycall.info
127.0.0.1 counter.sexmaniack.com
127.0.0.1 www.courtrecordslookup.com
127.0.0.1 courtrecordslookup.com
127.0.0.1 www.cporriere.it
127.0.0.1 cporriere.it
127.0.0.1 www.cprriere.it
127.0.0.1 cprriere.it
127.0.0.1 cpvfeed.com
127.0.0.1 cracks.me.uk
127.0.0.1 www.cracks4all.com
127.0.0.1 cracks4all.com
127.0.0.1 www.crapsgold.info
127.0.0.1 crapsgold.info
127.0.0.1 www.crazygirls-world.com
127.0.0.1 crazygirls-world.com
127.0.0.1 www.crazywinnings.com
127.0.0.1 crazywinnings.com
127.0.0.1 creamedcutties.com
127.0.0.1 www.createaccesskey.com
127.0.0.1 createaccesskey.com
127.0.0.1 www.creatonsoft.com
127.0.0.1 creatonsoft.com
127.0.0.1 creditsearchonline.com
127.0.0.1 crestring.com
127.0.0.1 crooder.com
127.0.0.1 www.crriere.it
127.0.0.1 crriere.it
127.0.0.1 www.cryptdrive.com
127.0.0.1 cryptdrive.com
127.0.0.1 www.crystalysmedia.com
127.0.0.1 crystalysmedia.com
127.0.0.1 www.csx.adservs.com
127.0.0.1 csx.adservs.com
127.0.0.1 cts.180solutions.com
127.0.0.1 www.cuisinartoven.com
127.0.0.1 cuisinartoven.com
127.0.0.1 www.curedc.info
127.0.0.1 curedc.info
127.0.0.1 www.curepcsolutions.com
127.0.0.1 curepcsolutions.com
127.0.0.1 curvedspaces.com
127.0.0.1 www.cutadult.com
127.0.0.1 cutadult.com
127.0.0.1 www.cutoffspyware.com
127.0.0.1 cutoffspyware.com
127.0.0.1 www.cvirgilio.it
127.0.0.1 cvirgilio.it
127.0.0.1 www.cvorriere.it
127.0.0.1 cvorriere.it
127.0.0.1 cvs.jps.ru
127.0.0.1 cvsymphony.com
127.0.0.1 www.cxorriere.it
127.0.0.1 cxorriere.it
127.0.0.1 www.cyberrape.com
127.0.0.1 cyberrape.com
127.0.0.1 cydom.com
127.0.0.1 www.cydoor.com
127.0.0.1 cydoor.com
127.0.0.1 d34s.qfdfqawd.cn
127.0.0.1 www.daily3xlinks.com
127.0.0.1 daily3xlinks.com
127.0.0.1 www.dailybestclips.com
127.0.0.1 dailybestclips.com
127.0.0.1 daily-gals.com
127.0.0.1 www.dailyhugemovs.com
127.0.0.1 dailyhugemovs.com
127.0.0.1 www.dailykeys.com
127.0.0.1 dailykeys.com
127.0.0.1 www.dailypornmag.com
127.0.0.1 dailypornmag.com
127.0.0.1 dailyteenspic.com
127.0.0.1 www.dailytoolbar.com
127.0.0.1 dailytoolbar.com
127.0.0.1 www.dailyxvids.com
127.0.0.1 dailyxvids.com
127.0.0.1 dancingbabycd.com
127.0.0.1 www.dapsol.com
127.0.0.1 dapsol.com
127.0.0.1 www.dapsolution.com
127.0.0.1 dapsolution.com
127.0.0.1 www.data-hoster.com
127.0.0.1 data-hoster.com
127.0.0.1 datanotary.com
127.0.0.1 datareco.com
127.0.0.1 www.dateanybabe.com
127.0.0.1 dateanybabe.com
127.0.0.1 www.dateanychick.com
127.0.0.1 dateanychick.com
127.0.0.1 datingdoctorsite.com
127.0.0.1 www.datingdoctorsite.com
127.0.0.1 dating-galaxy.info
127.0.0.1 www.dating-galaxy.info
127.0.0.1 dating-search.net
127.0.0.1 davemarshall.org
127.0.0.1 db105.com
127.0.0.1 www.dbdecicated.com
127.0.0.1 dbdecicated.com
127.0.0.1 www.dbxcompany.com
127.0.0.1 dbxcompany.com
127.0.0.1 dcdl.dmcast.com
127.0.0.1 dcfitusa.com
127.0.0.1 www.dcorriere.it
127.0.0.1 dcorriere.it
127.0.0.1 www.dcurtis.com
127.0.0.1 dcurtis.com
127.0.0.1 dcww.dmcast.com
127.0.0.1 de.ag
127.0.0.1 de.drivecleaner.com
127.0.0.1 de.errorsafe.com
127.0.0.1 de.winantivirus.com
127.0.0.1 de98.remsys.org
127.0.0.1 www.debay.it
127.0.0.1 debay.it
127.0.0.1 www.decknews.com
127.0.0.1 decknews.com
127.0.0.1 dedmazay.3322.org
127.0.0.1 www.dedsearch.com
127.0.0.1 dedsearch.com
127.0.0.1 defaultsearch.net
127.0.0.1 www.defensaantimalware.com
127.0.0.1 defensaantimalware.com
127.0.0.1 www.deja-rue.com
127.0.0.1 deja-rue.com
127.0.0.1 www.delficodec.com
127.0.0.1 delficodec.com
127.0.0.1 democodec.com
127.0.0.1 www.democodec.com
127.0.0.1 www.demo-codec.com
127.0.0.1 demo-codec.com
127.0.0.1 www.democodec.net
127.0.0.1 democodec.net
127.0.0.1 demo-codec.net
127.0.0.1 www.demo-codec.net
127.0.0.1 www.derklaif.biz
127.0.0.1 derklaif.biz
127.0.0.1 www.derrari.it
127.0.0.1 derrari.it
127.0.0.1 desarrollocreativo.com
127.0.0.1 www.deskbar.worldtostart.com
127.0.0.1 deskbar.worldtostart.com
127.0.0.1 www.deskwizz.com
127.0.0.1 deskwizz.com
127.0.0.1 www.destroy-spy.com
127.0.0.1 destroy-spy.com
127.0.0.1 www.destroy-spyware.net
127.0.0.1 destroy-spyware.net
127.0.0.1 www.destruktor.to.pl
127.0.0.1 destruktor.to.pl
127.0.0.1 www.detection-file101.com
127.0.0.1 detection-file101.com
127.0.0.1 www.detectivehound.com
127.0.0.1 detectivehound.com
127.0.0.1 www.detectivesearches.com
127.0.0.1 detectivesearches.com
127.0.0.1 dev.ntcor.com
127.0.0.1 develip.com
127.0.0.1 dewis.spb.ru
127.0.0.1 dewis.us
127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
127.0.0.1 www.dgbusiness.com
127.0.0.1 dgbusiness.com
127.0.0.1 dialer2004.com
127.0.0.1 dialerclub.com
127.0.0.1 www.dialerclub.com
127.0.0.1 dialer-shop.com
127.0.0.1 www.dialer-shop.com
127.0.0.1 www.dialoff.com
127.0.0.1 dialoff.com
127.0.0.1 www.did.i-used.cc
127.0.0.1 did.i-used.cc
127.0.0.1 dietpills4free.com
127.0.0.1 dietpussy.com
127.0.0.1 www.digikeygen.com
127.0.0.1 digikeygen.com
127.0.0.1 digistreamsa.com
127.0.0.1 www.digitalcoders.net
127.0.0.1 digitalcoders.net
127.0.0.1 www.digitalfan.com
127.0.0.1 digitalfan.com
127.0.0.1 digital-pornography.com
127.0.0.1 dionforvalleycouncil.org
127.0.0.1 www.directdvdpro.com
127.0.0.1 directdvdpro.com
127.0.0.1 www.directnameservice.com
127.0.0.1 directnameservice.com
127.0.0.1 www.directporta.info
127.0.0.1 directporta.info
127.0.0.1 www.directsearchzone.com
127.0.0.1 directsearchzone.com
127.0.0.1 www.diskretter.com
127.0.0.1 diskretter.com
127.0.0.1 dist.checkin100.com
127.0.0.1 dl.ad-ware.cc
127.0.0.1 dl.malwarewipe.com
127.0.0.1 dl.mcboo.com
127.0.0.1 www.dl.targetsaver.com
127.0.0.1 dl.targetsaver.com
127.0.0.1 dl.web-nexus.net
127.0.0.1 dl1.antivermins.com
127.0.0.1 dl1.antivirgear.com
127.0.0.1 dl1.spydawn.com
127.0.0.1 dl1.virusprotectpro.com
127.0.0.1 dl10.spyfalcon.com
127.0.0.1 dl16.spyfalcon.com
127.0.0.1 dl2.spyfalcon.com
127.0.0.1 dl2.spyheal.com
127.0.0.1 dl2.spywarestrike.com
127.0.0.1 dl3.spyfalcon.com
127.0.0.1 dl3.spyheal.com
127.0.0.1 dl3.spywarestrike.com
127.0.0.1 dl4.spyfalcon.com
127.0.0.1 dl4.spywarestrike.com
127.0.0.1 dl5.spyfalcon.com
127.0.0.1 dl5.spywarestrike.com
127.0.0.1 dl6.spywarestrike.com
127.0.0.1 dl7.spywarestrike.com
127.0.0.1 dl8.spyheal.com
127.0.0.1 dl8.spywarestrike.com
127.0.0.1 dl9.spyfalcon.com
127.0.0.1 dload.contextplus.net
127.0.0.1 www.dltsolution.com
127.0.0.1 dltsolution.com
127.0.0.1 www.dmcast.com
127.0.0.1 dmcast.com
127.0.0.1 www.dmqfirm.com
127.0.0.1 dmqfirm.com
127.0.0.1 www.dnaads.com
127.0.0.1 dnaads.com
127.0.0.1 dnl.mabou.org
127.0.0.1 www.dnld.antivirusdwl.com
127.0.0.1 dnld.antivirusdwl.com
127.0.0.1 www.dns-look-up.com
127.0.0.1 dns-look-up.com
127.0.0.1 www.dns-problem.com
127.0.0.1 dns-problem.com
127.0.0.1 doctorwaldron.com
127.0.0.1 document-not-found.pornpic.org
127.0.0.1 doggyaction.com
127.0.0.1 www.dogproblemswebsite.com
127.0.0.1 dogproblemswebsite.com
127.0.0.1 doktorxxx.com
127.0.0.1 dollarrevenue.com
127.0.0.1 www.domaincar.com
127.0.0.1 domaincar.com
127.0.0.1 domains2003.net
127.0.0.1 domains-for-you-online.com
127.0.0.1 domain-your-registration.com
127.0.0.1 domkrat.com
127.0.0.1 www.doofo.com
127.0.0.1 doofo.com
127.0.0.1 www.dota11.cn
127.0.0.1 dota11.cn
127.0.0.1 www.dotcomtoolbar.com
127.0.0.1 dotcomtoolbar.com
127.0.0.1 down.136136.net
127.0.0.1 download.abetterinternet.com
127.0.0.1 download.adintelligence.net
127.0.0.1 www.download.antispywarebot.com
127.0.0.1 download.antispywarebot.com
127.0.0.1 www.download.bardownload.com
127.0.0.1 download.bardownload.com
127.0.0.1 www.download.bravesentry.com
127.0.0.1 download.bravesentry.com
127.0.0.1 download.cdn.drivecleaner.com
127.0.0.1 download.cdn.errorsafe.com
127.0.0.1 download.cdn.winsoftware.com
127.0.0.1 download.contextplus.net
127.0.0.1 download.errorsafe.com
127.0.0.1 www.download.jupitersatellites.biz
127.0.0.1 download.jupitersatellites.biz
127.0.0.1 download.malwarealarm.com
127.0.0.1 download.searchtabs.net
127.0.0.1 www.download.secureyournet.biz
127.0.0.1 download.secureyournet.biz
127.0.0.1 download.spyonthis.net
127.0.0.1 download.spy-shredder.com
127.0.0.1 download.spywares-removal.info
127.0.0.1 download.systemdoctor.com
127.0.0.1 download.winantispyware.com
127.0.0.1 download.winantivirus.com
127.0.0.1 download.windrivecleaner.com
127.0.0.1 download.winfixer.com
127.0.0.1 download10.spywarequake.com
127.0.0.1 download11.spywarequake.com
127.0.0.1 download12.spywarequake.com
127.0.0.1 download13.spywarequake.com
127.0.0.1 download15.spywarequake.com
127.0.0.1 download2.spywarequake.com
127.0.0.1 download-2007.com
127.0.0.1 www.download-2007.com
127.0.0.1 download3.spyaxe.com
127.0.0.1 download3.spywarequake.com
127.0.0.1 www.download3xpics.com
127.0.0.1 download3xpics.com
127.0.0.1 download4.spyaxe.com
127.0.0.1 download4.spywarequake.com
127.0.0.1 download5.spyaxe.com
127.0.0.1 download5.spywarequake.com
127.0.0.1 download6.spyaxe.com
127.0.0.1 download7.spywarequake.com
127.0.0.1 download8.spywarequake.com
127.0.0.1 download9.spywarequake.com
127.0.0.1 www.downloadacceleratorsite.com
127.0.0.1 downloadacceleratorsite.com
127.0.0.1 www.download-ad-aware.com
127.0.0.1 download-ad-aware.com
127.0.0.1 www.download-all-4-free.com
127.0.0.1 download-all-4-free.com
127.0.0.1 download-all-area.com
127.0.0.1 www.download-all-area.com
127.0.0.1 www.download-antivir.com
127.0.0.1 download-antivir.com
127.0.0.1 downloadanysong.com
127.0.0.1 www.downloadanysong.com
127.0.0.1 downloadaresnow.com
127.0.0.1 www.downloadaresnow.com
127.0.0.1 download-avast.com
127.0.0.1 www.download-avast.com
127.0.0.1 www.downloadcorporation.com
127.0.0.1 downloadcorporation.com
127.0.0.1 www.download-dvdshrink.com
127.0.0.1 download-dvdshrink.com
127.0.0.1 www.download-for-free.net
127.0.0.1 download-for-free.net
127.0.0.1 www.downloadfreesoft.com
127.0.0.1 downloadfreesoft.com
127.0.0.1 downloadfreeway.com
127.0.0.1 www.downloadfreeway.com
127.0.0.1 downloadimesh.com
127.0.0.1 www.downloadimesh.com
127.0.0.1 download-itunes-now.com
127.0.0.1 www.download-itunes-now.com
127.0.0.1 www.download-limewire.org
127.0.0.1 download-limewire.org
127.0.0.1 www.downloadlost.tv
127.0.0.1 downloadlost.tv
127.0.0.1 www.downloadmax.net
127.0.0.1 downloadmax.net
127.0.0.1 download-mcafee.com
127.0.0.1 www.download-mcafee.com
127.0.0.1 download-me.info
127.0.0.1 downloadmediaax.com
127.0.0.1 www.downloadmediaax.com
127.0.0.1 www.download-now.rmp1.info
127.0.0.1 download-now.rmp1.info
127.0.0.1 downloadpics.net
127.0.0.1 www.downloadpics.net
127.0.0.1 downloadprovider.net
127.0.0.1 www.downloadprovider.net
127.0.0.1 www.download-real-player.com
127.0.0.1 download-real-player.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 downloads.adaware.cc
127.0.0.1 downloadservicearea.com
127.0.0.1 www.downloadservicearea.com
127.0.0.1 www.downloads-free.org
127.0.0.1 downloads-free.org
127.0.0.1 www.downloadsglobe.com
127.0.0.1 downloadsglobe.com
127.0.0.1 www.download-this.us
127.0.0.1 download-this.us
127.0.0.1 www.download-trillian.com
127.0.0.1 download-trillian.com
127.0.0.1 www.downloadv3.com
127.0.0.1 downloadv3.com
127.0.0.1 downloadvax.com
127.0.0.1 www.downloadvax.com
127.0.0.1 download-video.12w.net
127.0.0.1 download-windvd.com
127.0.0.1 www.download-windvd.com
127.0.0.1 www.download-winrar.com
127.0.0.1 download-winrar.com
127.0.0.1 downloadwizard.com
127.0.0.1 www.downloadxmoveis.com
127.0.0.1 downloadxmoveis.com
127.0.0.1 www.downloadxvids.com
127.0.0.1 downloadxvids.com
127.0.0.1 downloadzcenter.com
127.0.0.1 downloadzcentral.com
127.0.0.1 www.downloadzfree.com
127.0.0.1 downloadzfree.com
127.0.0.1 downloadznow.net
127.0.0.1 www.download-zone-free.com
127.0.0.1 download-zone-free.com
127.0.0.1 www.download-zone-free.net
127.0.0.1 download-zone-free.net
127.0.0.1 dp-host.com
127.0.0.1 dr.mcboo.com
127.0.0.1 www.dr.webhancer.com
127.0.0.1 dr.webhancer.com
127.0.0.1 www.dr2.webhancer.com
127.0.0.1 dr2.webhancer.com
127.0.0.1 dr38.mcboo.com
127.0.0.1 dr47.mcboo.com
127.0.0.1 dragqueen.gay-clan.com
127.0.0.1 www.drepubblica.it
127.0.0.1 drepubblica.it
127.0.0.1 www.drivecleaner.com
127.0.0.1 drivecleaner.com
127.0.0.1 www.drivecleanr.com
127.0.0.1 drivecleanr.com
127.0.0.1 drocherway.com
127.0.0.1 www.dropspam.com
127.0.0.1 dropspam.com
127.0.0.1 drs54612.spywarebot.hop.clickbank.net
127.0.0.1 drug-sources-exposed.com
127.0.0.1 drvvv.com
127.0.0.1 www.dsupereva.it
127.0.0.1 dsupereva.it
127.0.0.1 www.dtlproduct.com
127.0.0.1 dtlproduct.com
127.0.0.1 www.dudu.com
127.0.0.1 dudu.com
127.0.0.1 dulcineasystems.net
127.0.0.1 dumpserv.com
127.0.0.1 duolaimi.net
127.0.0.1 dutch-sex.com
127.0.0.1 www.dvdaccess.net
127.0.0.1 dvdaccess.net
127.0.0.1 dvdbank.org
127.0.0.1 dvd-codec.com
127.0.0.1 www.dvd-codec.com
127.0.0.1 www.dvdcodec.net
127.0.0.1 dvdcodec.net
127.0.0.1 www.dvden.de
127.0.0.1 dvden.de
127.0.0.1 www.dvdsmovies.net
127.0.0.1 dvdsmovies.net
127.0.0.1 www.dvdsvideos.net
127.0.0.1 dvdsvideos.net
127.0.0.1 www.dvdtocdsite.com
127.0.0.1 dvdtocdsite.com
127.0.0.1 www.dvdxgold.com
127.0.0.1 dvdxgold.com
127.0.0.1 www.dvdxpremium.com
127.0.0.1 dvdxpremium.com
127.0.0.1 www.dvicodec.com
127.0.0.1 dvicodec.com
127.0.0.1 dynamique.drivecleaner.com
127.0.0.1 www.e3bay.it
127.0.0.1 e3bay.it
127.0.0.1 www.e4bay.it
127.0.0.1 e4bay.it
127.0.0.1 eager-sex.com
127.0.0.1 www.earthllnk.net
127.0.0.1 earthllnk.net
127.0.0.1 eases.net
127.0.0.1 easyantispy.com
127.0.0.1 www.easybestdeals.com
127.0.0.1 easybestdeals.com
127.0.0.1 easycategories.com
127.0.0.1 www.easycdrip.com
127.0.0.1 easycdrip.com
127.0.0.1 easymovieplayer.com
127.0.0.1 www.easymovieplayer.com
127.0.0.1 easymp3musicnow.com
127.0.0.1 www.easymp3musicnow.com
127.0.0.1 easymus.cn
127.0.0.1 www.easymus.cn
127.0.0.1 www.easy-pharmacy.info
127.0.0.1 easy-pharmacy.info
127.0.0.1 easypspdownloads.com
127.0.0.1 www.easypspdownloads.com
127.0.0.1 easy-search.net
127.0.0.1 easysearch4you.com
127.0.0.1 www.easysearch4you.com
127.0.0.1 easysearchingtips.com
127.0.0.1 www.easyspyware.com
127.0.0.1 easyspyware.com
127.0.0.1 easywww.info
127.0.0.1 www.easywww.info
127.0.0.1 eazel.com
127.0.0.1 www.eazel.com
127.0.0.1 www.eba6y.it
127.0.0.1 eba6y.it
127.0.0.1 www.eba7y.it
127.0.0.1 eba7y.it
127.0.0.1 ebaay.it
127.0.0.1 www.ebaay.it
127.0.0.1 ebagy.it
127.0.0.1 www.ebagy.it
127.0.0.1 www.ebahy.it
127.0.0.1 ebahy.it
127.0.0.1 ebajy.it
127.0.0.1 www.ebajy.it
127.0.0.1 ebaqy.it
127.0.0.1 www.ebaqy.it
127.0.0.1 ebasy.it
127.0.0.1 www.ebasy.it
127.0.0.1 www.ebaty.it
127.0.0.1 ebaty.it
127.0.0.1 ebauy.it
127.0.0.1 www.ebauy.it
127.0.0.1 ebav.com
127.0.0.1 ebaw.com
127.0.0.1 www.ebawy.it
127.0.0.1 ebawy.it
127.0.0.1 www.eba
et celui de Malwarebytes
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
30/11/2008 22:34:00
mbam-log-2008-11-30 (22-34-00).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 240580
Temps écoulé: 4 hour(s), 16 minute(s), 13 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 23
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\yaywuuRl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ljJBtuSm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hkpzau.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbtusm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c739cde6-977a-48b8-93fd-9f76fd9e931e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c739cde6-977a-48b8-93fd-9f76fd9e931e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f36e36da-3883-4019-8003-4178a29638ab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f36e36da-3883-4019-8003-4178a29638ab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yaywuurl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yaywuurl -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\webHancer (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\rhc7npj0ee4d (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie Duchaussoy\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJBtuSm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yaywuuRl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lRuuwyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lRuuwyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkpzau.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\DUCHAUSSOY\Local Settings\Temporary Internet Files\Content.IE5\MS2XD3UV\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Ranch Rush\ijl15.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{463D4580-6160-42D7-84B3-CD057CDF7DDA}\RP59\A0005076.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{463D4580-6160-42D7-84B3-CD057CDF7DDA}\RP59\A0005078.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lfkhwppq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\rhc7npj0ee4d\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7npj0ee4d\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7npj0ee4d\rhc7npj0ee4d.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie Duchaussoy\Application Data\Microsoft\dtsc\Advanced Audio Plugin for Nero 7 serial by Net Guru.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie Duchaussoy\Application Data\Microsoft\dtsc\All ASHAMPOO Software 99 keygen by UCF.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie Duchaussoy\Application Data\Microsoft\dtsc\All ASHAMPOO Software 99 keygen by UCF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie Duchaussoy\Application Data\Microsoft\dtsc\Blaze Media Pro 2001d keygen by Prophecy.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie Duchaussoy\Application Data\Microsoft\dtsc\Blaze Media Pro 2001d keygen by Prophecy.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie Duchaussoy\Application Data\Microsoft\dtsc\MovieWriterPro v2.0 serial by N-GeN.torrent (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie Duchaussoy\Application Data\Microsoft\dtsc\MovieWriterPro v2.0 serial by N-GeN.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aurelie Duchaussoy\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DUCHAUSSOY\Application Data\Microsoft\Internet Explorer\Quick Launch\RealAV.lnk (Rogue.RealAV) -> Quarantined and deleted successfully.
Re,
Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
&
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
- Lance l'installation du programme en exécutant le fichier téléchargé.
- Double-clique maintenant sur le raccourci de Toolbar-S&D.
- Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
- Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
- Poste le rapport généré. (C:\TB.txt)
Répondre à Angeldark
j'ai e même souci ...
j'ai donc suivi vos consignes.
voici le rapport généré:
que faut_il faire ensuite?
merci beaucoup de votre aide...
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
BIOS : BIOS Ver: A7225NH5 V3.12 06/29/06 17:32:37
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Securitoo AntiVirus Firewall 6.15 6.15 (Activated)
Firewall : Securitoo AntiVirus Firewall 6.15 6.15 (Activated)
C:\ (Local Disk) - NTFS - Total:226 Go (Free:65 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
K:\ (USB)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 07/12/2008|11:19 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\internet explorer\setup.exe
-----------\\ Extensions
(HP_Propri‚taire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Page_URL"="http://fr.msn.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://fr.msn.com/"
"Default_Search_URL"="http://www.google.com/ie"
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop"
"Start Page"="http://fr.msn.com/"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\System32\nvs2.inf
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\djgzxps.dat
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\djgzxps.exe.xpx
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\djgzxps_nav.dat
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\djgzxps_navps.dat
==> EGDACCESS <==
C:\WINDOWS\system32\qBdJRXbc.ini
C:\WINDOWS\system32\qBdJRXbc.ini2
C:\WINDOWS\system32\cbXRJdBq.dll
==> VUNDO <==
--------------------\\ ROGUES ..
C:\DOCUME~1\HP_PRO~1\APPLIC~1\VirusRemover2008
1 - "C:\ToolBar SD\TB_1.txt" - 07/12/2008|11:23 - Option : [1]
-----------\\ Fin du rapport a 11:23:31,65
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
voici le rapport généré par ComboFix...
Merci de m'indiquer la suite de la marche à suivre...
ComboFix 08-12-06.06 - HP_Propriétaire 2008-12-07 15:51:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.497 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\djgzxps.dat
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\djgzxps_nav.dat
c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\djgzxps_navps.dat
c:\program files\Internet Explorer\fxavx.ini
c:\program files\Internet Explorer\setup.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hvkxtjos.dll
c:\windows\system32\izxedl.dll
c:\windows\system32\ledcefgm.ini
c:\windows\system32\mgfecdel.dll
c:\windows\system32\ntdll64.exe
c:\windows\system32\nvs2.inf
c:\windows\system32\packet.dll
c:\windows\system32\ptgtmtak.ini
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qBdJRXbc.ini
c:\windows\system32\qBdJRXbc.ini2
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\yqpchiqu.dll
D:\Autorun.inf
[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!![/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
.
2008-12-07 15:50 . 2008-12-07 15:50 1,349 --a------ c:\windows\system32\ahtn.htm
2008-12-07 11:18 . 2008-12-07 11:33 <REP> d-------- C:\ToolBar SD
2008-12-07 09:24 . 2008-12-07 10:39 <REP> d-------- c:\program files\Spyware Doctor
2008-12-07 09:24 . 2008-12-07 09:24 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\PC Tools
2008-12-07 09:24 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-07 09:24 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-07 09:24 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-07 09:24 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-07 09:02 . 2008-12-07 15:50 461 --a------ c:\windows\system32\win32hlp.cnf
2008-12-06 18:55 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-06 15:11 . 2008-12-06 15:11 <REP> d-------- c:\documents and settings\LocalService\Application Data\Spyware Terminator
2008-12-06 12:01 . 2008-12-07 15:50 4,785 --a------ c:\windows\system32\warning.gif
2008-12-06 12:00 . 2008-12-06 12:00 1 --a------ c:\windows\system32\uniq.tll
2008-12-06 12:00 . 2008-12-06 12:00 1 --a------ c:\windows\system32\test.ttt
2008-11-17 13:31 . 2005-04-06 14:36 221,215 --a------ c:\windows\system32\divxdec.ax
2008-11-17 13:31 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-11-12 08:15 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 08:14 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 14:16 . 2008-11-09 14:17 <REP> d-------- c:\program files\Sqirlz Morph
2008-11-09 14:16 . 2008-11-09 14:16 <REP> d-------- c:\program files\Gadwin Systems
2008-11-09 14:16 . 2008-11-09 14:16 160,297 --a------ c:\windows\Sqirlz Morph Uninstaller.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 14:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-06 17:16 --------- d-----w c:\program files\Google
2008-12-06 14:00 --------- d-----r c:\program files\Ma musique
2008-12-06 13:14 3,310 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2008-12-06 10:57 --------- d-----w c:\program files\eMule
2008-11-29 12:04 --------- d-----w c:\program files\Crédit Mutuel
2008-11-22 15:00 --------- d-----w c:\program files\Humour
2008-11-19 10:40 --------- d-----w c:\program files\Java
2008-11-12 12:47 --------- d-----r c:\program files\Musique HP
2008-11-10 21:08 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-08 09:24 --------- d-----w c:\program files\DivX
2008-11-04 17:47 --------- d-----w c:\program files\CDBurnerXP
2008-11-04 17:47 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Canneverbe_Limited
2008-11-02 22:27 --------- d-----w c:\program files\Pinnacle
2008-11-02 22:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-02 22:22 --------- d-----w c:\program files\QuickTime
2008-11-02 22:22 --------- d-----w c:\program files\MSECache
2008-11-02 22:12 --------- d-----w c:\program files\IncrediMail
2008-11-02 11:28 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio
2008-11-02 11:27 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2008-10-26 19:08 2,256 ----a-w c:\windows\current_settings.bin
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:14 129,784 ------w c:\windows\system32\pxafs.dll
2008-09-16 00:14 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-07-20 14:06 9,668,304 ----a-w c:\program files\PlayerFREE.exe
2007-06-03 11:30 254,976 ----a-w c:\program files\Recettes cake.wps
2008-08-19 21:22 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008081920080820\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"MediaDICO4Ut"="c:\program files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe" [2004-03-03 252416]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"F-Secure Manager"="c:\program files\Securitoo\av_fw\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="c:\program files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 700416]
"F-Secure Startup Wizard"="c:\program files\Securitoo\av_fw\FSGUI\FSSW.EXE" [2005-10-18 372736]
"News Service"="c:\program files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 356352]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\fichiers communs\installshield\updateservice\issch.exe" [2004-07-27 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-23 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-25 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Securitoo.lnk - c:\program files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe [2006-10-25 32807]
TrayMin210.exe.lnk - c:\program files\Philips\Philips SPC210NC Webcam\TrayMin210.exe [2007-05-07 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Securitoo\\av_fw\\backweb\\6588780\\Program\\fspex.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\incredimail_install.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-10-25 70896]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-06 28544]
R2 BackWeb Plug-in - 6588780;Securitoo;c:\progra~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE [2006-10-25 32807]
R2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2006-10-25 48720]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2006-10-25 62176]
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2006-10-25 16816]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R2 X4HSX32Ex;X4HSX32Ex;\??\c:\program files\Player Metaboli\X4HSX32Ex.Sys [2008-07-20 29856]
S3 EnumHook2;Enumerate Global Windows Service 2;\??\c:\windows\system32\drivers\dHook.sys [2007-07-05 2080]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-07 356920]
.
Contenu du dossier 'Tâches planifiées'
2008-12-07 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe [2005-06-15 20:56]
.
- - - - ORPHELINS SUPPRIMES - - - -
ShellIconOverlayIdentifiers-{1429CB5B-FDB6-47A0-A67E-F8B222E5C568} - (no file)
HKCU-Run-RealAV.exe - c:\program files\RealAV\RealAV.exe
HKLM-Run-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-Framework Windows - frmwrk32.exe
Notify-khfDUOHa - khfDUOHa.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.free.fr/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://home.free.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Bloquer cette fenêtre publicitaire - c:\program files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
IE: Download with &Shareaza - c:\program files\Shareaza\Plugins\RazaWebHook.dll/3000
O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
c:\windows\Downloaded Program Files\MDM.inf
c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf
FireFox -: Profile - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\e7hes309.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 15:55:14
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll
- - - - - - - > 'lsass.exe'(964)
c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll
- - - - - - - > 'csrss.exe'(880)
c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
c:\program files\Securitoo\av_fw\Anti-Virus\fsgk32.exe
c:\program files\Securitoo\av_fw\backweb\6588780\Program\fsbwsys.exe
c:\program files\Securitoo\av_fw\Anti-Virus\fssm32.exe
c:\program files\Securitoo\av_fw\Common\FSMA32.EXE
c:\program files\Securitoo\av_fw\Common\FSMB32.EXE
c:\program files\Micro Application\Les 4 Dictionnaires Utiles\MediaDico4Ut.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\Micro Application\Les 4 Dictionnaires Utiles\RAC4Ut.exe
c:\program files\Securitoo\av_fw\Common\FCH32.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Securitoo\av_fw\Common\FAMEH32.EXE
c:\program files\Securitoo\av_fw\Anti-Virus\fsqh.exe
c:\program files\Securitoo\av_fw\Anti-Virus\FSRW.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Securitoo\av_fw\Anti-Virus\FSAV32.exe
c:\program files\Securitoo\av_fw\FWES\program\fsdfwd.exe
c:\progra~1\SECURI~1\av_fw\ANTI-S~1\FSAW.exe
c:\program files\Securitoo\av_fw\FSGUI\fsguidll.exe
.
**************************************************************************
.
Heure de fin: 2008-12-07 15:58:42 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-07 14:58:36
Avant-CF: 70 032 003 072 octets libres
Après-CF: 70,899,064,832 octets libres
294 --- E O F --- 2008-11-30 07:58:01
Reposte un rapport Hijackthis.
Répondre à Angeldark
comment obtient - on un rapport Hijackthis ?
merci.
j'ai réussi à générer un rapport HijackThis.
Le voici donc...
Ensuite ?
merci !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:14, on 07/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\WINDOWS\VM_STI.EXE
C:\program files\fichiers communs\installshield\updateservice\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Securitoo.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activ [...] stubie.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/ac [...] 0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geomapguide.com/aixenpr [...] axctrl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.1.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Securitoo (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 13060 bytes
Il semblerait que mon pb soit réglé...mais peut - être faut-il faire encore d'autres manipulations?
merci de me le confirmer et de me décrire lesquelles...
Apparemment ok.
Répondre à Angeldark
je tiens à vous remercier tout spécialement pour l'aide que vous m'avez apporté...
Cool de trouver des gens comme vous, qui sont prêts à prendre du temps pour nous aider...
Encore mille fois merci.
Sincèrement,
Bon surf 
Répondre à Angeldark
merci !
encore uen (dernière précision)svp : je viend m'apercevoir que c'était créer au fil des différentes démarches que vous m'avez fait faire les dossiers "ToolBarSD" et "Qoobox"...ainsi que les logiciels "HijackThis", "ToolBarSD"...
est ce ke je ke peux les supprimer ?
merci.
Oui tu peux.
Répondre à Angeldark
ok...encore merci.
Bonjour,
J'ai un problème semblable. Mon écran est tout noir avec un warning rouge clignotant au milieu. J'ai passé toute la journée d'hier à essayer de régler ce problème mais sans succès même si j'ai supprimé un bon nombre de virus. Reste (entre autres sûrement) Dropper.Gen détecté par Avira.
Le mode sans échec ne marche plus; le gestionnaire des taches est désactivé. Je suis plutôt stressée ce matin car mon ordi est mon outil de travail et s'il plante complètement... je n'ose l'imaginer.
Est-ce que quelqu'un peut me venir en aide s'il vous plaît ? Je reste là à guetter vos réponses. Par avance, merci.
Chacun son sujet.
Répondre à Angeldark
Merci Angeldark pour tes réponses. Jess2 m'a aidée et ça va mieux même si tout n'est pas réglé (pas de mode sans échec notamment). Excuse si je ne m'y suis pas prise comme il le fallait. J'ai découvert ce forum à l'occasion de ce problème et je le trouve super!! Bravo à tous pour ce que vous faites pour les internautes largués!
Bonjour, j'ai e même souci ...
j'ai donc suivi vos consignes.
voici le rapport généré:
que faut_il faire ensuite?
merci beaucoup de votre aide...
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3800+ )
BIOS : Award Modular BIOS v6.00PG
USER : mouhamed ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090318-0] 4.8.1335 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:20 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:56 Go (Free:5 Go)
E:\ (CD or DVD)
"D:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 19/03/2009|15:42 )
-----------\\ Recherche de Fichiers / Dossiers ...
D:\DOCUME~1\mouhamed\Cookies\mouhamed@www.bananalotto[1].txt
D:\WINDOWS\iun6002.exe
D:\DOCUME~1\mouhamed\LOCALS~1\Temp\mc413D.tmp
D:\DOCUME~1\mouhamed\LOCALS~1\Temp\nscE9.tmp
-----------\\ Extensions
(mouhamed) - {0545b830-f0aa-4d7e-8820-50a4629a56fe} => clrtabs
(mouhamed) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar
(mouhamed) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="D:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://fr.msn.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Page_URL"="http://www.01net.com/telecharger/"
"SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://fr.yahoo.com"
"Default_Search_URL"="http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com"
"Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com"
"Start Page"="http://fr.yahoo.com"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "D:\ToolBar SD\TB_1.txt" - 19/03/2009|15:44 - Option : [1]
-----------\\ Fin du rapport a 15:44:35,90
Egalement g installé combofix et voici le compte rendu que faire après? Merci d'avance
ComboFix 09-03-18.01 - mouhamed 2009-03-19 16:33:39.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.688 [GMT 1:00]
Lancé depuis: d:\documents and settings\mouhamed\Bureau\ComboFix.exe
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
d:\program files\SuperCopier2\SC2Hook.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\windows\system32\303369.exe
d:\windows\system32\ahtn.htm
d:\windows\system32\frmwrk32.exe
d:\windows\system32\gowoyisa.dll
d:\windows\system32\guteheso.dll
d:\windows\system32\hidekeli.dll
d:\windows\system32\init32.exe
d:\windows\system32\mofomugo.dll
d:\windows\system32\ntdll64.exe
d:\windows\system32\ogumofom.ini
d:\windows\system32\ovfsthbiewxtaptivxqmqplbmfwltcqtvtvxto.dll
d:\windows\system32\ovfsthdaxtnbobobhkdqtdknssxuovigomvkdi.dll
d:\windows\system32\ovfsthgmmcvakhkjcswrxwjtpphjjglimotogl.dll
d:\windows\system32\ovfsthiakybkolcmohhbaqooewnbvulflpgebp.dll
d:\windows\system32\ovfstholgydfvkjthokhvlkouqtodwggnomfgb.dll
d:\windows\system32\ovfsthylqpxskdjrgekvobdcvvovlssrjirskw.dll
d:\windows\system32\pslcya.dll
d:\windows\system32\rogiwunu.dll
d:\windows\system32\test.ttt
d:\windows\system32\uniq.tll
d:\windows\system32\warning.gif
d:\windows\system32\win32hlp.cnf
d:\windows\Xkewiqor.dll
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . impossible à supprimer
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . impossible à supprimer
----- BITS: Il y a peut-être des sites infectés -----
hxxp://82.98.235.205
[color=blue]Une copie infectée de d:\windows\system32\userinit.exe a été trouvée et désinfectée
opie restaurée à partir de - d:\qoobox\Quarantine\D\WINDOWS\system32\userinit.exe.vir[/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthflxblaswuiudjntypejwjcmcbfnridqx
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 ))))))))))))))))))))))))))))))))))))
.
2009-03-19 16:26 . 2009-03-19 16:26 <REP> d-------- D:\32788R22FWJFW
2009-03-19 15:46 . 2009-03-19 15:46 2,724 ---hs---- d:\windows\system32\balineko.dll
2009-03-19 15:46 . 2009-03-19 15:46 0 --ah----- d:\windows\system32\BIT21.tmp
2009-03-19 15:40 . 2009-03-19 15:44 <REP> d-------- D:\ToolBar SD
2009-03-19 15:09 . 2009-03-19 15:09 40,960 --a------ d:\windows\system32\kuzDeccode.exe
2009-03-19 02:53 . 2009-03-19 02:53 71,680 --a------ d:\windows\system32\drivers\ovfsth.sys
2009-03-19 01:38 . 2009-03-19 16:26 43 --a------ d:\windows\system32\ovfsthyjtbbomiitljyvbcxxybqdhdhctorovu.dat
2009-03-19 01:33 . 2009-03-19 16:31 8,499 --a------ d:\windows\system32\ovfsthlwmayardbrmqhuqqpmggiattwqchkhxt.dat
2009-03-19 00:22 . 2009-03-19 00:22 40,448 --a------ d:\windows\system32\KuzSmall.exe
2009-03-19 00:08 . 2009-03-19 00:08 43 --a------ d:\windows\system32\ovfsthkqurkjehxlqjenjwpdmilmpcfykpjwlw.dat
2009-03-18 23:32 . 2009-03-19 00:22 3,531 --a------ d:\windows\system32\ovfsthiaatsvvxuepupgwwigwklkmriyacmkco.dat
2009-03-18 21:22 . 2009-03-17 20:19 48,690 -r-hs---- d:\windows\fxsteller.exe
2009-03-16 21:56 . 2001-08-23 17:47 8,704 --a------ d:\windows\system32\kbdjpn.dll
2009-03-16 21:56 . 2001-08-23 17:47 8,704 --a--c--- d:\windows\system32\dllcache\kbdjpn.dll
2009-03-16 21:56 . 2001-08-23 17:47 8,192 --a------ d:\windows\system32\kbdkor.dll
2009-03-16 21:56 . 2001-08-23 17:47 8,192 --a--c--- d:\windows\system32\dllcache\kbdkor.dll
2009-03-16 21:56 . 2008-04-14 04:31 6,144 --a------ d:\windows\system32\kbd106.dll
2009-03-16 21:56 . 2001-08-17 22:55 6,144 --a------ d:\windows\system32\kbd101c.dll
2009-03-16 21:56 . 2001-08-17 22:55 6,144 --a------ d:\windows\system32\kbd101b.dll
2009-03-16 21:56 . 2008-04-14 04:31 6,144 --a--c--- d:\windows\system32\dllcache\kbd106.dll
2009-03-16 21:56 . 2001-08-17 22:55 6,144 --a--c--- d:\windows\system32\dllcache\kbd101c.dll
2009-03-16 21:56 . 2001-08-17 22:55 6,144 --a--c--- d:\windows\system32\dllcache\kbd101b.dll
2009-03-16 21:56 . 2001-08-17 22:55 5,632 --a------ d:\windows\system32\kbd103.dll
2009-03-16 21:56 . 2001-08-17 22:55 5,632 --a--c--- d:\windows\system32\dllcache\kbd103.dll
2009-03-16 14:08 . 2009-03-16 14:08 <REP> d-------- d:\program files\iPod
2009-03-16 14:07 . 2009-03-16 14:11 <REP> d-------- d:\program files\iTunes
2009-03-16 14:07 . 2009-03-16 14:11 <REP> d-------- d:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 13:50 . 2009-03-16 13:54 <REP> d-------- d:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 15:27 --------- d-----w d:\program files\SuperCopier2
2009-03-19 15:22 --------- d-----w d:\documents and settings\mouhamed\Application Data\OpenOffice.org2
2009-03-19 13:55 --------- d-----w d:\program files\Winamp Remote
2009-03-16 13:08 --------- d-----w d:\program files\Fichiers communs\Apple
2009-03-06 02:22 --------- d-----w d:\documents and settings\mouhamed\Application Data\Skype
2009-03-05 23:10 --------- d-----w d:\documents and settings\mouhamed\Application Data\skypePM
2009-02-27 12:09 --------- d-----w d:\program files\Microsoft Silverlight
2009-02-21 11:46 --------- d-----w d:\program files\Windows Live
2009-02-19 22:28 --------- d-----w d:\program files\DivX
2009-02-10 19:01 --------- d-----w d:\program files\Microsoft
2009-02-10 18:59 --------- d-----w d:\program files\Microsoft Sync Framework
2009-02-10 18:54 --------- d-----w d:\program files\Windows Live SkyDrive
2009-02-10 18:47 --------- d-----w d:\program files\Fichiers communs\Windows Live
2009-02-10 18:41 --------- d-----w d:\program files\Messenger Plus! Live
2009-02-06 18:39 308,600 ----a-w d:\windows\WLXPGSS.SCR
2009-01-01 13:57 68,280 ----a-w d:\documents and settings\mouhamed\Application Data\GDIPFONTCACHEV1.DAT
2008-05-04 15:48 0 ----a-w d:\program files\temp01
2007-12-08 18:43 32 ----a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2008-10-25 06:20 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008102520081026\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SuperCopier2.exe"="d:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"VoipBuster"="d:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2008-12-27 9017648]
"Orb"="d:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Google Update"="d:\documents and settings\mouhamed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-13 133104]
"YSearchProtection"="d:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="d:\program files\Gigabyte\ET5\ETcall.exe" [2007-01-04 24576]
"WinFast Schedule"="d:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 319488]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-22 185896]
"Athan"="d:\program files\Athan\Athan.exe" [2008-08-18 1069056]
"AppleSyncNotifier"="d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"YSearchProtection"="d:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
"fssui"="d:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 d:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 d:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\mouhamed\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - d:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Outil de notification Live Search.lnk - d:\documents and settings\mouhamed\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-02-10 143360]
RocketDock.lnk - d:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\hidekeli.dll pslcya.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\Program Files\\ooVoo\\ooVoo.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*
isabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*isabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*isabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*isabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*isabled:UDP port 37675 ooVoo
R2 BT848;WinFast TV2000 XP WDM Video Capture;d:\windows\system32\drivers\wf2kvcap.sys [2007-11-21 75925]
R2 fssfltr;FssFltr;d:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-10 55136]
R2 fsssvc;Windows Live Contrôle parental;d:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 SeaPort;SeaPort;d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;d:\windows\system32\drivers\wf2ktunr.sys [2007-11-21 36423]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;d:\windows\system32\drivers\wf2kXbar.sys [2007-11-21 10005]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFTVFM\WFIOCTL.sys [2007-11-21 9446]
S3 ovt530;Webcam Classic;d:\windows\system32\drivers\ov530vid.sys [2007-12-24 161792]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51eab49e-faa5-11dc-a45f-001a4dddd789}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1cc12b-a250-11dc-a37a-001a4dddd789}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0a6003d-d7ed-11dd-a5f4-001a4dddd789}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b07142bd-1c66-11dd-a4b2-001a4dddd789}]
\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe
.
Contenu du dossier 'Tâches planifiées'
2009-03-14 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-03-19 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1606980848-839522115-1003.job
- d:\documents and settings\mouhamed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-13 16:21]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{2d6852be-8fbc-4776-b253-bd6d34c140e2} - d:\windows\system32\rogiwunu.dll
BHO-{b5e93d13-b923-4765-8767-54cdf6f651de} - d:\windows\system32\pslcya.dll
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - d:\progra~1\OOVOOT~1\OOVOOT~1.DLL
HKCU-Run-mpeg hide - d:\docume~1\mouhamed\APPLIC~1\THEUPL~1\SupportIso.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyServer = proxy.rac:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - d:\documents and settings\mouhamed\Application Data\Mozilla\Firefox\Profiles\diqgqdz3.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: d:\documents and settings\mouhamed\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 16:42:19
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(704)
d:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\windows\system32\ati2evxx.exe
d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
d:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
d:\windows\system32\wscntfy.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\OpenOffice.org 2.3\program\soffice.exe
d:\program files\Winamp Remote\bin\Orb.exe
d:\program files\OpenOffice.org 2.3\program\soffice.bin
d:\documents and settings\mouhamed\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2009-03-19 16:50:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-19 15:49:44
Avant-CF: 6,285,586,432 octets libres
Après-CF: 7,953,358,848 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer
259 --- E O F --- 2009-03-15 23:51:34
Voici mon rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:54, on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Windows Live\Family Safety\fsssvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Athan\Athan.exe
D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Program Files\Windows Live\Family Safety\fsui.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Documents and Settings\mouhamed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Documents and Settings\mouhamed\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
D:\Program Files\Winamp Remote\bin\Orb.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\Documents and Settings\mouhamed\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\mouhamed\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rac:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - D:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [EasyTuneV] D:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] D:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [YSearchProtection] "D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [fssui] "D:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [VoipBuster] "D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\mouhamed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [YSearchProtection] D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = D:\Documents and Settings\mouhamed\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\hidekeli.dll pslcya.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10917 bytes
bonsoir cé possible ke kelkun m'aide sur ce virus par msn car j'ai poste un sujet mais j'arrive pas a le voir parceke le virus m'interdit dalé sur la page il me donne une page blanche voici mon adresse msn devlet78@hotmail.fr merci d'avance
Il y a 2449 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
