trojan-ace-x

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

Double clique sur HJTInstall.exe pour lancer l'installation.

Clique sur Install.

Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.

Accepte la licence en cliquant sur Yes.

Clique sur "Do a system scan and save a logfile".

Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

merci.. voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:30, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateService.exe
c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Tivoli\trip\trip.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
E:\Program Files Perso\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
E:\Program Files Perso\Spy Sweeper\SpySweeperUI.exe
C:\Documents and Settings\gpau\Desktop\HiJackThis.exe
E:\Program Files Perso\Spy Sweeper\SSU.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.28.11.100:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.emhartglass.net;82.210.*;172.28.*;https://ssl.emhartglass.com;https://ssl2.emhartglass.com;<local>
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CD1509C-BC37-4F84-B33F-9492CB212A54} - (no file)
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program File perso\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: QXK Rhythm - {D4E26A3A-80E0-4467-B116-4F0DC4441C4A} - C:\WINDOWS\fvowketqxfo.dll
O3 - Toolbar: Barre d'outils &Inbox.com - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {755F70ED-8112-4AEA-B77B-E11296C79DA7} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [lcfep] "c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DskMgr.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program File perso\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://semchd01/iNotes6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.emhartglass.com/dana-cached/setup/JuniperSe...
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/qdiagh.ca...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emhartglass.net
O17 - HKLM\Software\..\Telephony: DomainName = emhartglass.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emhartglass.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emhartglass.net
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: mpfanvqg - {F3B16CA7-3F61-4BFA-BBCE-319DFC977546} - C:\WINDOWS\mpfanvqg.dll
O21 - SSODL: vbksrofa - {B0D2B81D-9B7D-493D-A593-AF73BE10832D} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\T-Online Business\Corporate Access\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateService.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: NetOp Helper ver. 7.65 (2004317) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Software Distribution Updater (SwdisRestart) - Unknown owner - c:\Tivoli\lcf\dat\1\cache\lib\w32-ix86\swdres.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Tivoli Remote Execution Service (trip) - Unknown owner - C:/Tivoli\trip\trip.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files Perso\Spy Sweeper\SpySweeper.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 14866 bytes

Re,

Télécharge SmitfraudFix (de S!ri)

Enregistre le sur ton bureau.

Lance-le en double cliquant sur SmitfraudFix.exe

Appuie sur une touche comme demandé.

Exécute l’option 1, un rapport va apparaître, poste le .

Le rapport se trouve ici : C:\rapport.txt

merci voila le rapport..
SmitFraudFix v2.320

Scan done at 16:38:38.17, 17/04/2008
Run from E:\Telechargement provisoire\Clean utilities\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

ªªªªªªªªªªªªªªªªªªªªªªªª Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateService.exe
c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Tivoli\trip\trip.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
E:\Program Files Perso\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
E:\Program Files Perso\Spy Sweeper\SpySweeperUI.exe
E:\Program Files Perso\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Inbox\CToolbar.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\WINDOWS\system32\cmd.exe

ªªªªªªªªªªªªªªªªªªªªªªªª hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

ªªªªªªªªªªªªªªªªªªªªªªªª C:\


ªªªªªªªªªªªªªªªªªªªªªªªª C:\WINDOWS


ªªªªªªªªªªªªªªªªªªªªªªªª C:\WINDOWS\system


ªªªªªªªªªªªªªªªªªªªªªªªª C:\WINDOWS\Web


ªªªªªªªªªªªªªªªªªªªªªªªª C:\WINDOWS\system32


ªªªªªªªªªªªªªªªªªªªªªªªª C:\WINDOWS\system32\LogFiles


ªªªªªªªªªªªªªªªªªªªªªªªª C:\Documents and Settings\gpau


ªªªªªªªªªªªªªªªªªªªªªªªª C:\Documents and Settings\gpau\Application Data


ªªªªªªªªªªªªªªªªªªªªªªªª Start Menu


ªªªªªªªªªªªªªªªªªªªªªªªª C:\DOCUME~1\gpau\FAVORI~1


ªªªªªªªªªªªªªªªªªªªªªªªª Desktop


ªªªªªªªªªªªªªªªªªªªªªªªª C:\Program Files


ªªªªªªªªªªªªªªªªªªªªªªªª Corrupted keys


ªªªªªªªªªªªªªªªªªªªªªªªª Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


ªªªªªªªªªªªªªªªªªªªªªªªª IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


ªªªªªªªªªªªªªªªªªªªªªªªª VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: fvowketqxfo.dll
BHO: QXK Rhythm - {D4E26A3A-80E0-4467-B116-4F0DC4441C4A}
TypeLib: {1FB0C65B-9C33-49E9-A15E-DACA3E7424B8}
Interface: {2EAF1221-F437-4DE5-B69B-1581E2A763F2}
Interface: {6130393E-F8F0-4E50-9F23-49341AF0630B}

[!] Suspicious: mpfanvqg.dll
SSODL: mpfanvqg - {F3B16CA7-3F61-4BFA-BBCE-319DFC977546}


ªªªªªªªªªªªªªªªªªªªªªªªª 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


ªªªªªªªªªªªªªªªªªªªªªªªª Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


ªªªªªªªªªªªªªªªªªªªªªªªª AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


ªªªªªªªªªªªªªªªªªªªªªªªª Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


ªªªªªªªªªªªªªªªªªªªªªªªª Rustock



ªªªªªªªªªªªªªªªªªªªªªªªª DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3316BA47-D07E-444A-91DB-28A1D640F950}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3316BA47-D07E-444A-91DB-28A1D640F950}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


ªªªªªªªªªªªªªªªªªªªªªªªª Scanning for wininet.dll infection


ªªªªªªªªªªªªªªªªªªªªªªªª End

Re,

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Relance SmitfraudFix.

Choisis l’option 2. (Oui à toutes les questions)

Si tu dois redémarrer, ton ordi fais-le .

Poste le rapport qui se situe dans C:\rapport.txt ainsi qu’un nouveau rapport HijackThis.

Bonjour,XmichouX, avant de recevoir ta reponse j'ai malheuresement fais une betise et coché la case safe boot dans msconfig, parce que je ne savais pas quelle touche utiliser au boot de l'ordi. maintenant il démarre en mode "safe" mais je n'ai pas le mdp admin (pc de bureau).. je suis donc coincé a moins que tu n'ai ne solution pour acceder et desactiver l'option dans msconfig a partir d'une ligne de commande...et comment l'obtenir, cette ligne..?

Re, ça y est voici les rapports tous deux générés en mode "safe".
Merci Vraiment

SmitFraudFix v2.320

Scan done at 9:10:02.03, 19.04.2008
Run from E:\Telechargement provisoire\Clean utilities\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.139mm.com
127.0.0.1 139mm.com
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180solutions.com
127.0.0.1 180solutions.com
127.0.0.1 www.181.365soft.info
127.0.0.1 181.365soft.info
127.0.0.1 www.1987324.com
127.0.0.1 1987324.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-extreme.biz
127.0.0.1 1-extreme.biz
127.0.0.1 www.1sexparty.com
127.0.0.1 1sexparty.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 1stsearchportal.com
127.0.0.1 2.82211.net
127.0.0.1 www.2006ooo.com
127.0.0.1 www.2007-download.com
127.0.0.1 2007-download.com
127.0.0.1 www.2020search.com
127.0.0.1 2020search.com
127.0.0.1 20x2p.com
127.0.0.1 www.24.365soft.info
127.0.0.1 24.365soft.info
127.0.0.1 www.24-7pharmacy.info
127.0.0.1 24-7pharmacy.info
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24teen.com
127.0.0.1 24teen.com
127.0.0.1 www.2every.net
127.0.0.1 2every.net
127.0.0.1 2ndpower.com
127.0.0.1 www.2search.com
127.0.0.1 2search.com
127.0.0.1 www.2search.org
127.0.0.1 2search.org
127.0.0.1 www.2squared.com
127.0.0.1 2squared.com
127.0.0.1 www.3322.org
127.0.0.1 3322.org
127.0.0.1 365soft.info
127.0.0.1 www.36site.com
127.0.0.1 36site.com
127.0.0.1 3721.com
127.0.0.1 39-93.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 3abetterinternet.com
127.0.0.1 www.3bay.it
127.0.0.1 3bay.it
127.0.0.1 www.3ebay.it
127.0.0.1 3ebay.it
127.0.0.1 www.3xclipsonline.com
127.0.0.1 3xclipsonline.com
127.0.0.1 www.3xcurves.com
127.0.0.1 3xcurves.com
127.0.0.1 www.3xfestival.com
127.0.0.1 3xfestival.com
127.0.0.1 www.3x-festival.com
127.0.0.1 3x-festival.com
127.0.0.1 www.3x-galls.com
127.0.0.1 3x-galls.com
127.0.0.1 www.3xmiracle.com
127.0.0.1 3xmiracle.com
127.0.0.1 www.3xmoviesblog.com
127.0.0.1 3xmoviesblog.com
127.0.0.1 www.404dns.com
127.0.0.1 404dns.com
127.0.0.1 www.4199.com
127.0.0.1 4199.com
127.0.0.1 www.4corn.net
127.0.0.1 4corn.net
127.0.0.1 www.4ebay.it
127.0.0.1 4ebay.it
127.0.0.1 4klm.com
127.0.0.1 www.4mpg.com
127.0.0.1 4mpg.com
127.0.0.1 www.4repubblica.it
127.0.0.1 4repubblica.it
127.0.0.1 www.4softget.com
127.0.0.1 4softget.com
127.0.0.1 www.5iscali.it
127.0.0.1 5iscali.it
127.0.0.1 www.5repubblica.it
127.0.0.1 5repubblica.it
127.0.0.1 www.5starvideos.com
127.0.0.1 5starvideos.com
127.0.0.1 www.5tiscali.it
127.0.0.1 5tiscali.it
127.0.0.1 www.5zgmu7o20kt5d8yq.com
127.0.0.1 5zgmu7o20kt5d8yq.com
127.0.0.1 www.680180.net
127.0.0.1 680180.net
127.0.0.1 www.6iscali.it
127.0.0.1 6iscali.it
127.0.0.1 www.6njaga.com
127.0.0.1 6njaga.com
127.0.0.1 www.6sek.com
127.0.0.1 6sek.com
127.0.0.1 www.6tiscali.it
127.0.0.1 6tiscali.it
127.0.0.1 www.70-music.com
127.0.0.1 70-music.com
127.0.0.1 www.7322.com
127.0.0.1 7322.com
127.0.0.1 75tz.com
127.0.0.1 www.777search.com
127.0.0.1 777search.com
127.0.0.1 www.777top.com
127.0.0.1 777top.com
127.0.0.1 www.7939.com
127.0.0.1 7939.com
127.0.0.1 www.7search.com
127.0.0.1 7search.com
127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
127.0.0.1 www.80-music.com
127.0.0.1 80-music.com
127.0.0.1 82211.net
127.0.0.1 8866.org
127.0.0.1 www.888.com
127.0.0.1 888.com
127.0.0.1 www.8ad.com
127.0.0.1 8ad.com
127.0.0.1 www.90-music.com
127.0.0.1 90-music.com
127.0.0.1 www.9505.com
127.0.0.1 9505.com
127.0.0.1 www.971searchbox.com
127.0.0.1 971searchbox.com
127.0.0.1 9mmporn.com
127.0.0.1 a.bestmanage.org
127.0.0.1 www.aaabesthomepage.com
127.0.0.1 aaabesthomepage.com
127.0.0.1 aaasexypics.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaqadarsztriv.com
127.0.0.1 aaqadarsztriv.com
127.0.0.1 www.aaqada-rsztriv.com
127.0.0.1 aaqada-rsztriv.com
127.0.0.1 www.aaqadaueorn.com
127.0.0.1 aaqadaueorn.com
127.0.0.1 www.aaqada-ueorn.com
127.0.0.1 aaqada-ueorn.com
127.0.0.1 www.aaqada-ygco.com
127.0.0.1 aaqada-ygco.com
127.0.0.1 www.aaqada-ymct.com
127.0.0.1 aaqada-ymct.com
127.0.0.1 aavc.com
127.0.0.1 www.abcdperformance.com
127.0.0.1 abcdperformance.com
127.0.0.1 www.abc-find.info
127.0.0.1 abc-find.info
127.0.0.1 www.abcsearch.com
127.0.0.1 abcsearch.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 abetterinternet.com
127.0.0.1 www.abnetsoft.info
127.0.0.1 abnetsoft.info
127.0.0.1 www.aboutclicker.com
127.0.0.1 aboutclicker.com
127.0.0.1 www.abrp.net
127.0.0.1 abrp.net
127.0.0.1 www.absolutee.com
127.0.0.1 absolutee.com
127.0.0.1 www.abyssmedia.com
127.0.0.1 abyssmedia.com
127.0.0.1 www.ac66.cn
127.0.0.1 ac66.cn
127.0.0.1 access.navinetwork.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 www.accessactivexvideo.com
127.0.0.1 accessactivexvideo.com
127.0.0.1 www.accessclips.com
127.0.0.1 accessclips.com
127.0.0.1 www.access-dvd.com
127.0.0.1 access-dvd.com
127.0.0.1 www.accesskeygenerator.com
127.0.0.1 accesskeygenerator.com
127.0.0.1 www.accessthefuture.net
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessvid.net
127.0.0.1 accessvid.net
127.0.0.1 www.acemedic.com
127.0.0.1 acemedic.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 ace-webmaster.com
127.0.0.1 acjp.com
127.0.0.1 www.acrobat-2007.com
127.0.0.1 acrobat-2007.com
127.0.0.1 www.acrobat-8.com
127.0.0.1 acrobat-8.com
127.0.0.1 www.acrobat-center.com
127.0.0.1 acrobat-center.com
127.0.0.1 www.acrobat-hq.com
127.0.0.1 acrobat-hq.com
127.0.0.1 www.acrobatreader-8.com
127.0.0.1 acrobatreader-8.com
127.0.0.1 www.acrobat-reader-8.de
127.0.0.1 acrobat-reader-8.de
127.0.0.1 www.acrobat-stop.com
127.0.0.1 acrobat-stop.com
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.activesearcher.info
127.0.0.1 activesearcher.info
127.0.0.1 www.activexaccessobject.com
127.0.0.1 activexaccessobject.com
127.0.0.1 www.activexaccessvideo.com
127.0.0.1 activexaccessvideo.com
127.0.0.1 www.activexemedia.com
127.0.0.1 activexemedia.com
127.0.0.1 www.activexmediaobject.com
127.0.0.1 activexmediaobject.com
127.0.0.1 www.activexmediapro.com
127.0.0.1 activexmediapro.com
127.0.0.1 www.activexmediasite.com
127.0.0.1 activexmediasite.com
127.0.0.1 www.activexmediasoftware.com
127.0.0.1 activexmediasoftware.com
127.0.0.1 www.activexmediasource.com
127.0.0.1 activexmediasource.com
127.0.0.1 www.activexmediatool.com
127.0.0.1 activexmediatool.com
127.0.0.1 www.activexmediatour.com
127.0.0.1 activexmediatour.com
127.0.0.1 www.activexsoftwares.com
127.0.0.1 activexsoftwares.com
127.0.0.1 www.activexsource.com
127.0.0.1 activexsource.com
127.0.0.1 www.activexupdate.com
127.0.0.1 activexupdate.com
127.0.0.1 www.activexvideo.com
127.0.0.1 activexvideo.com
127.0.0.1 www.activexvideotool.com
127.0.0.1 activexvideotool.com
127.0.0.1 www.ad.marketingsector.com
127.0.0.1 ad.marketingsector.com
127.0.0.1 www.ad.mokead.com
127.0.0.1 ad.mokead.com
127.0.0.1 ad.oinadserver.com
127.0.0.1 ad.outerinfoads.com
127.0.0.1 www.ad25.com
127.0.0.1 ad25.com
127.0.0.1 www.ad45.com
127.0.0.1 ad45.com
127.0.0.1 www.ad77.com
127.0.0.1 ad77.com
127.0.0.1 www.ad86.com
127.0.0.1 ad86.com
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adarmor.com
127.0.0.1 adarmor.com
127.0.0.1 www.adasearch.com
127.0.0.1 adasearch.com
127.0.0.1 adaware.cc
127.0.0.1 www.adawarenow.com
127.0.0.1 adawarenow.com
127.0.0.1 adchannel.contextplus.net
127.0.0.1 www.addetect.com
127.0.0.1 addetect.com
127.0.0.1 www.add-hhh.info
127.0.0.1 add-hhh.info
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addioerrori.com
127.0.0.1 addioerrori.com
127.0.0.1 www.add-manager.com
127.0.0.1 add-manager.com
127.0.0.1 www.adgate.info
127.0.0.1 adgate.info
127.0.0.1 www.adintelligence.net
127.0.0.1 adintelligence.net
127.0.0.1 www.adioserrores.com
127.0.0.1 adioserrores.com
127.0.0.1 www.adipics.com
127.0.0.1 adipics.com
127.0.0.1 www.adlogix.com
127.0.0.1 adlogix.com
127.0.0.1 www.admin2cash.biz
127.0.0.1 admin2cash.biz
127.0.0.1 adnet-plus.com
127.0.0.1 www.adnetserver.com
127.0.0.1 adnetserver.com
127.0.0.1 adobe-download-now.com
127.0.0.1 www.adobe-downloads.com
127.0.0.1 adobe-downloads.com
127.0.0.1 www.adobe-reader-8.fr
127.0.0.1 adobe-reader-8.fr
127.0.0.1 www.adprotect.com
127.0.0.1 adprotect.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 ads.k8l.info
127.0.0.1 ads.kmpads.com
127.0.0.1 ads.kw.revenue.net
127.0.0.1 ads.marketingsector.com
127.0.0.1 ads.searchingbooth.com
127.0.0.1 ads.z-quest.com
127.0.0.1 ads1.revenue.net
127.0.0.1 www.ads183.com
127.0.0.1 ads183.com
127.0.0.1 www.adscontex.com
127.0.0.1 adscontex.com
127.0.0.1 www.adservices1.enhance.com
127.0.0.1 adservices1.enhance.com
127.0.0.1 adservs.com
127.0.0.1 www.adsextend.net
127.0.0.1 adsextend.net
127.0.0.1 www.adshttp.com
127.0.0.1 adshttp.com
127.0.0.1 www.adsniffer.com
127.0.0.1 adsniffer.com
127.0.0.1 www.adsonwww.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adspics.com
127.0.0.1 adspics.com
127.0.0.1 www.adsrevenue.net
127.0.0.1 adsrevenue.net
127.0.0.1 www.adtrak.net
127.0.0.1 adtrak.net
127.0.0.1 adtrgt.com
127.0.0.1 www.adult777search.info
127.0.0.1 adult777search.info
127.0.0.1 www.adultan.com
127.0.0.1 adultan.com
127.0.0.1 www.adultcodecstars.com
127.0.0.1 adultcodecstars.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adultfilmsite.com
127.0.0.1 adultfilmsite.com
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adult-friends-finder.net
127.0.0.1 adultgambling.org
127.0.0.1 adult-host.org
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adultmovieplus.com
127.0.0.1 adultmovieplus.com
127.0.0.1 www.adult-mpg.net
127.0.0.1 adult-mpg.net
127.0.0.1 adult-personal.us
127.0.0.1 adultsgames.net
127.0.0.1 www.adultsonlyvids.com
127.0.0.1 adultsonlyvids.com
127.0.0.1 www.adultsper.com
127.0.0.1 adultsper.com
127.0.0.1 www.adulttds.com
127.0.0.1 adulttds.com
127.0.0.1 www.adultzoneworld.com
127.0.0.1 adultzoneworld.com
127.0.0.1 www.advancedcleaner.com
127.0.0.1 advancedcleaner.com
127.0.0.1 www.advcash.biz
127.0.0.1 advcash.biz
127.0.0.1 advert.exaccess.ru
127.0.0.1 www.advertisemoney.info
127.0.0.1 advertisemoney.info
127.0.0.1 advertising.paltalk.com
127.0.0.1 www.advertising-money.info
127.0.0.1 advertising-money.info
127.0.0.1 ad-ware.cc
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 a-d-w-a-r-e.com
127.0.0.1 www.adware.pro
127.0.0.1 adware.pro
127.0.0.1 www.adwarealert.com
127.0.0.1 adwarealert.com
127.0.0.1 www.ad-warealert.com
127.0.0.1 ad-warealert.com
127.0.0.1 www.adwarearrest.com
127.0.0.1 adwarearrest.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 adwarebazooka.com
127.0.0.1 www.adwarecommander.com
127.0.0.1 adwarecommander.com
127.0.0.1 www.adwarefinder.com
127.0.0.1 adwarefinder.com
127.0.0.1 www.adwaregold.com
127.0.0.1 adwaregold.com
127.0.0.1 www.adwarepatrol.com
127.0.0.1 adwarepatrol.com
127.0.0.1 www.adwareplatinum.com
127.0.0.1 adwareplatinum.com
127.0.0.1 www.adwareprotectionsite.com
127.0.0.1 adwareprotectionsite.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 adwarepunisher.com
127.0.0.1 www.adwareremover.ws
127.0.0.1 adwareremover.ws
127.0.0.1 www.adwaresafety.com
127.0.0.1 adwaresafety.com
127.0.0.1 www.adwarexp.com
127.0.0.1 adwarexp.com
127.0.0.1 affiliate.idownload.com
127.0.0.1 www.aflgate.com
127.0.0.1 aflgate.com
127.0.0.1 africaspromise.org
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 agentstudio.com
127.0.0.1 www.aginegialle.it
127.0.0.1 aginegialle.it
127.0.0.1 www.ahnenforschung.de
127.0.0.1 ahnenforschung.de
127.0.0.1 aifind.info
127.0.0.1 www.aifind.info
127.0.0.1 www.airtleworld.com
127.0.0.1 airtleworld.com
127.0.0.1 www.aitalia.it
127.0.0.1 aitalia.it
127.0.0.1 akamai.downloadv3.com
127.0.0.1 www.aklitalia.it
127.0.0.1 aklitalia.it
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 www.alertspy.com
127.0.0.1 alertspy.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 alfacleaner.com
127.0.0.1 alfa-search.com
127.0.0.1 www.alialia.it
127.0.0.1 alialia.it
127.0.0.1 www.aliotalia.it
127.0.0.1 aliotalia.it
127.0.0.1 www.alirtalia.it
127.0.0.1 alirtalia.it
127.0.0.1 www.alitaia.it
127.0.0.1 alitaia.it
127.0.0.1 www.alitaklia.it
127.0.0.1 alitaklia.it
127.0.0.1 www.alitala.it
127.0.0.1 alitala.it
127.0.0.1 www.alitali.it
127.0.0.1 alitali.it
127.0.0.1 www.alitaliaq.it
127.0.0.1 alitaliaq.it
127.0.0.1 www.alitalias.it
127.0.0.1 alitalias.it
127.0.0.1 www.alitaliaz.it
127.0.0.1 alitaliaz.it
127.0.0.1 www.alitalioa.it
127.0.0.1 alitalioa.it
127.0.0.1 www.alitalisa.it
127.0.0.1 alitalisa.it
127.0.0.1 www.alitaliua.it
127.0.0.1 alitaliua.it
127.0.0.1 www.alitalkia.it
127.0.0.1 alitalkia.it
127.0.0.1 www.alitaloia.it
127.0.0.1 alitaloia.it
127.0.0.1 www.alitaluia.it
127.0.0.1 alitaluia.it
127.0.0.1 www.alitaslia.it
127.0.0.1 alitaslia.it
127.0.0.1 www.alitlia.it
127.0.0.1 alitlia.it
127.0.0.1 www.alitralia.it
127.0.0.1 alitralia.it
127.0.0.1 www.alitsalia.it
127.0.0.1 alitsalia.it
127.0.0.1 www.aliutalia.it
127.0.0.1 aliutalia.it
127.0.0.1 www.all1count.net
127.0.0.1 all1count.net
127.0.0.1 www.all4internet.com
127.0.0.1 all4internet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 www.all-bittorrent.com
127.0.0.1 all-bittorrent.com
127.0.0.1 www.allcollisions.com
127.0.0.1 allcollisions.com
127.0.0.1 allcybersearch.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 www.alldnserrors.com
127.0.0.1 alldnserrors.com
127.0.0.1 www.all-downloads-now.com
127.0.0.1 all-downloads-now.com
127.0.0.1 www.all-edonkey.com
127.0.0.1 all-edonkey.com
127.0.0.1 www.allertaminacce.com
127.0.0.1 allertaminacce.com
127.0.0.1 allforadult.com
127.0.0.1 allhyperlinks.com
127.0.0.1 www.alliesecurity.com
127.0.0.1 alliesecurity.com
127.0.0.1 all-inet.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 www.all-limewire.com
127.0.0.1 all-limewire.com
127.0.0.1 www.allmegabucks.com
127.0.0.1 allmegabucks.com
127.0.0.1 www.allprotections.com
127.0.0.1 allprotections.com
127.0.0.1 www.allresultz.net
127.0.0.1 allresultz.net
127.0.0.1 www.allsearch.us
127.0.0.1 allsearch.us
127.0.0.1 www.allsecuritynotes.com
127.0.0.1 allsecuritynotes.com
127.0.0.1 www.allsecuritysite.com
127.0.0.1 allsecuritysite.com
127.0.0.1 www.allstarsvideos.net
127.0.0.1 allstarsvideos.net
127.0.0.1 www.alltiettantivirus.com
127.0.0.1 alltiettantivirus.com
127.0.0.1 www.alltruesoftware.com
127.0.0.1 alltruesoftware.com
127.0.0.1 www.allvideoactivex.com
127.0.0.1 allvideoactivex.com
127.0.0.1 www.almanah.biz
127.0.0.1 almanah.biz
127.0.0.1 almarvideos.com
127.0.0.1 www.aloitalia.it
127.0.0.1 aloitalia.it
127.0.0.1 www.aluitalia.it
127.0.0.1 aluitalia.it
127.0.0.1 www.amaena.com
127.0.0.1 amaena.com
127.0.0.1 amandamountains.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amediasoftware.com
127.0.0.1 amediasoftware.com
127.0.0.1 www.amediasource.com
127.0.0.1 amediasource.com
127.0.0.1 www.americanautobargains.com
127.0.0.1 americanautobargains.com
127.0.0.1 www.americancarbargains.com
127.0.0.1 americancarbargains.com
127.0.0.1 american-teens.net
127.0.0.1 amigeek.com
127.0.0.1 www.amigobore.com
127.0.0.1 amigobore.com
127.0.0.1 amisbusiness.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.analcord.com
127.0.0.1 analcord.com
127.0.0.1 analmovi.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 www.andromedical.com
127.0.0.1 andromedical.com
127.0.0.1 www.animepornmag.com
127.0.0.1 animepornmag.com
127.0.0.1 anin.org
127.0.0.1 www.anjpn-avxiz.biz
127.0.0.1 anjpn-avxiz.biz
127.0.0.1 www.anjpnzqav.biz
127.0.0.1 anjpnzqav.biz
127.0.0.1 www.anjpn-zqav.biz
127.0.0.1 anjpn-zqav.biz
127.0.0.1 annaromeo.com
127.0.0.1 www.antiddos.us
127.0.0.1 antiddos.us
127.0.0.1 www.antiespiadorado.com
127.0.0.1 antiespiadorado.com
127.0.0.1 www.antiespionspack.com
127.0.0.1 antiespionspack.com
127.0.0.1 www.antigusanos2008.com
127.0.0.1 antigusanos2008.com
127.0.0.1 www.antispamassistant.com
127.0.0.1 antispamassistant.com
127.0.0.1 www.antispamdeluxe.com
127.0.0.1 antispamdeluxe.com
127.0.0.1 www.antispionage.com
127.0.0.1 antispionage.com
127.0.0.1 www.antispionagepro.com
127.0.0.1 antispionagepro.com
127.0.0.1 www.antispyadvanced.com
127.0.0.1 antispyadvanced.com
127.0.0.1 www.antispydns.biz
127.0.0.1 antispydns.biz
127.0.0.1 www.antispykit.com
127.0.0.1 antispykit.com
127.0.0.1 www.antispylab.com
127.0.0.1 antispylab.com
127.0.0.1 www.antispyshield.com
127.0.0.1 antispyshield.com
127.0.0.1 www.antispysolutions.com
127.0.0.1 antispysolutions.com
127.0.0.1 www.antispyware.com
127.0.0.1 antispyware.com
127.0.0.1 www.antispywareboot.com
127.0.0.1 antispywareboot.com
127.0.0.1 www.antispywarebot.com
127.0.0.1 antispywarebot.com
127.0.0.1 www.antispywarebox.com
127.0.0.1 antispywarebox.com
127.0.0.1 www.antispywaredownloads.com
127.0.0.1 antispywaredownloads.com
127.0.0.1 www.antispywaresuite.com
127.0.0.1 antispywaresuite.com
127.0.0.1 www.antispywareupdates.net
127.0.0.1 antispywareupdates.net
127.0.0.1 www.antispywarexp.com
127.0.0.1 antispywarexp.com
127.0.0.1 www.antispyweb.net
127.0.0.1 antispyweb.net
127.0.0.1 www.antiver2008.com
127.0.0.1 antiver2008.com
127.0.0.1 www.antivermins.com
127.0.0.1 antivermins.com
127.0.0.1 www.anti-vermins.com
127.0.0.1 anti-vermins.com
127.0.0.1 www.antivir2007.com
127.0.0.1 antivir2007.com
127.0.0.1 www.antivirgear.com
127.0.0.1 antivirgear.com
127.0.0.1 www.antivirus.fastfreedownload.com
127.0.0.1 antivirus.fastfreedownload.com
127.0.0.1 www.antivirus2008x.com
127.0.0.1 antivirus2008x.com
127.0.0.1 www.antivirusadvance.com
127.0.0.1 antivirusadvance.com
127.0.0.1 www.antivirusaskeladd.com
127.0.0.1 antivirusaskeladd.com
127.0.0.1 www.antivirusgereedschap.com
127.0.0.1 antivirusgereedschap.com
127.0.0.1 www.antivirusgolden.com
127.0.0.1 antivirusgolden.com
127.0.0.1 www.antivirus-hq.net
127.0.0.1 antivirus-hq.net
127.0.0.1 www.antiviruspcsuite.com
127.0.0.1 antiviruspcsuite.com
127.0.0.1 www.antiviruspremium.com
127.0.0.1 antiviruspremium.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 anti-virus-pro.com
127.0.0.1 www.antivirusprotector.com
127.0.0.1 antivirusprotector.com
127.0.0.1 www.antivirusscherm.com
127.0.0.1 antivirusscherm.com
127.0.0.1 www.antivirussecuritypro.com
127.0.0.1 antivirussecuritypro.com
127.0.0.1 www.antivirus-stop.com
127.0.0.1 antivirus-stop.com
127.0.0.1 www.antivirussuite.com
127.0.0.1 antivirussuite.com
127.0.0.1 www.antiworm2008.com
127.0.0.1 antiworm2008.com
127.0.0.1 www.antiwurm2008.com
127.0.0.1 antiwurm2008.com
127.0.0.1 antrocity.com
127.0.0.1 www.anyofus.com
127.0.0.1 anyofus.com
127.0.0.1 www.anysn.seproger.com
127.0.0.1 anysn.seproger.com
127.0.0.1 anything4health.com
127.0.0.1 www.apicpreview.com
127.0.0.1 apicpreview.com
127.0.0.1 www.appealcircuit.com
127.0.0.1 appealcircuit.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 approvedlinks.com
127.0.0.1 apps.deskwizz.com
127.0.0.1 apps.webservicehost.com
127.0.0.1 www.aprotectedpage.com
127.0.0.1 aprotectedpage.com
127.0.0.1 apsua.com
127.0.0.1 www.archivioadulti.com
127.0.0.1 archivioadulti.com
127.0.0.1 www.archiviosex.net
127.0.0.1 archiviosex.net
127.0.0.1 aregay.com
127.0.0.1 www.ares.click-new-download.com
127.0.0.1 ares.click-new-download.com
127.0.0.1 www.ares-freebie.com
127.0.0.1 ares-freebie.com
127.0.0.1 www.arespro2007.com
127.0.0.1 arespro2007.com
127.0.0.1 www.aresultra.com
127.0.0.1 aresultra.com
127.0.0.1 www.ares-usa.com
127.0.0.1 ares-usa.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 www.arquivojpgs.smtp.ru
127.0.0.1 arquivojpgs.smtp.ru
127.0.0.1 artachnid.com
127.0.0.1 art-func.com
127.0.0.1 art-xxx.com
127.0.0.1 www.asafebrowser.com
127.0.0.1 asafebrowser.com
127.0.0.1 www.asafetyalways.com
127.0.0.1 asafetyalways.com
127.0.0.1 www.asafetynotice.com
127.0.0.1 asafetynotice.com
127.0.0.1 www.asafetypage.com
127.0.0.1 asafetypage.com
127.0.0.1 www.asdbiz.biz
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdeykuddq.com
127.0.0.1 asdeykuddq.com
127.0.0.1 www.asecurebar.com
127.0.0.1 asecurebar.com
127.0.0.1 www.asecureboard.com
127.0.0.1 asecureboard.com
127.0.0.1 www.asecurevalue.com
127.0.0.1 asecurevalue.com
127.0.0.1 www.asecurityissue.com
127.0.0.1 asecurityissue.com
127.0.0.1 www.asecuritynotice.com
127.0.0.1 asecuritynotice.com
127.0.0.1 www.asecuritypaper.com
127.0.0.1 asecuritypaper.com
127.0.0.1 www.asecuritystuff.com
127.0.0.1 asecuritystuff.com
127.0.0.1 www.asfadaptation.com
127.0.0.1 asfadaptation.com
127.0.0.1 asiankingkong.com
127.0.0.1 www.asianpornmag.com
127.0.0.1 asianpornmag.com
127.0.0.1 www.asiantoolbar.com
127.0.0.1 asiantoolbar.com
127.0.0.1 www.asidseiupc.com
127.0.0.1 asidseiupc.com
127.0.0.1 www.aslitalia.it
127.0.0.1 aslitalia.it
127.0.0.1 ass-gals.com
127.0.0.1 www.assureprotection.com
127.0.0.1 assureprotection.com
127.0.0.1 asta-killer.com
127.0.0.1 www.astrologie-server.com
127.0.0.1 astrologie-server.com
127.0.0.1 www.asupereva.it
127.0.0.1 asupereva.it
127.0.0.1 www.ataprogram.com
127.0.0.1 ataprogram.com
127.0.0.1 athenrye.com
127.0.0.1 www.atotalsafety.com
127.0.0.1 atotalsafety.com
127.0.0.1 www.atrueprotection.com
127.0.0.1 atrueprotection.com
127.0.0.1 www.atruesecurity.com
127.0.0.1 atruesecurity.com
127.0.0.1 www.attackware.com
127.0.0.1 attackware.com
127.0.0.1 www.attrezzi.biz
127.0.0.1 attrezzi.biz
127.0.0.1 www.aucunsvirus.com
127.0.0.1 aucunsvirus.com
127.0.0.1 www.aulde.net
127.0.0.1 aulde.net
127.0.0.1 www.aupereva.it
127.0.0.1 aupereva.it
127.0.0.1 www.autobargains.org
127.0.0.1 autobargains.org
127.0.0.1 www.autobargainsnetwork.com
127.0.0.1 autobargainsnetwork.com
127.0.0.1 www.autocontext.begun.ru
127.0.0.1 autocontext.begun.ru
127.0.0.1 autoescrowpay.com
127.0.0.1 www.avadvance.com
127.0.0.1 avadvance.com
127.0.0.1 www.avast.free-software-center.com
127.0.0.1 avast.free-software-center.com
127.0.0.1 www.avast-2007.com
127.0.0.1 avast-2007.com
127.0.0.1 www.avast-downloads.com
127.0.0.1 avast-downloads.com
127.0.0.1 www.avast-hq.com
127.0.0.1 avast-hq.com
127.0.0.1 www.avforce.com
127.0.0.1 avforce.com
127.0.0.1 www.avg.grab-it-today.net
127.0.0.1 avg.grab-it-today.net
127.0.0.1 www.avg.softwarecenterz.com
127.0.0.1 avg.softwarecenterz.com
127.0.0.1 www.avg-secure.com
127.0.0.1 avg-secure.com
127.0.0.1 www.aviadaptation.com
127.0.0.1 aviadaptation.com
127.0.0.1 avian-ads.com
127.0.0.1 www.avicoupler.com
127.0.0.1 avicoupler.com
127.0.0.1 www.avideoaxaccess.com
127.0.0.1 avideoaxaccess.com
127.0.0.1 www.avideosurfer.com
127.0.0.1 avideosurfer.com
127.0.0.1 www.avidirection.com
127.0.0.1 avidirection.com
127.0.0.1 www.aviewersoft.com
127.0.0.1 aviewersoft.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 www.avsmanufacture.com
127.0.0.1 avsmanufacture.com
127.0.0.1 www.avsystemcare.com
127.0.0.1 avsystemcare.com
127.0.0.1 www.avxizaaqada.biz
127.0.0.1 avxizaaqada.biz
127.0.0.1 www.avxiz-anjpn.biz
127.0.0.1 avxiz-anjpn.biz
127.0.0.1 www.avxizueorn.biz
127.0.0.1 avxizueorn.biz
127.0.0.1 www.avxiz-ueorn.biz
127.0.0.1 avxiz-ueorn.biz
127.0.0.1 www.avxiz-vtvcp.biz
127.0.0.1 avxiz-vtvcp.biz
127.0.0.1 www.avxiz-ygco.biz
127.0.0.1 avxiz-ygco.biz
127.0.0.1 www.avxiz-zqav.biz
127.0.0.1 avxiz-zqav.biz
127.0.0.1 www.awarenesstech.com
127.0.0.1 awarenesstech.com
127.0.0.1 www.awarninglist.com
127.0.0.1 awarninglist.com
127.0.0.1 awbeta.net-nucleus.com
127.0.0.1 www.awesomehomepage.com
127.0.0.1 awesomehomepage.com
127.0.0.1 awmcash.biz
127.0.0.1 awmdabest.com
127.0.0.1 www.axemediasoftware.com
127.0.0.1 axemediasoftware.com
127.0.0.1 www.aximageobject.com
127.0.0.1 aximageobject.com
127.0.0.1 www.axmediaproject.com
127.0.0.1 axmediaproject.com
127.0.0.1 www.axmediasoftware.com
127.0.0.1 axmediasoftware.com
127.0.0.1 www.axmediasolutions.com
127.0.0.1 axmediasolutions.com
127.0.0.1 www.axobjectpage.com
127.0.0.1 axobjectpage.com
127.0.0.1 www.axobjectsource.com
127.0.0.1 axobjectsource.com
127.0.0.1 www.axsoftwaretool.com
127.0.0.1 axsoftwaretool.com
127.0.0.1 www.axvideoproject.com
127.0.0.1 axvideoproject.com
127.0.0.1 www.axvideosetup.com
127.0.0.1 axvideosetup.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayb.dns-look-up.com
127.0.0.1 ayb.netbios-wait.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 azebar.com
127.0.0.1 www.azureusclub.com
127.0.0.1 azureusclub.com
127.0.0.1 www.azureus-freebie.com
127.0.0.1 azureus-freebie.com
127.0.0.1 www.azzetta.it
127.0.0.1 azzetta.it
127.0.0.1 b.casalemedia.com
127.0.0.1 b122.mcboo.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babenet.com
127.0.0.1 babenet.com
127.0.0.1 www.babespornmag.com
127.0.0.1 babespornmag.com
127.0.0.1 www.babeweb.de
127.0.0.1 babeweb.de
127.0.0.1 www.baccarat-other.info
127.0.0.1 baccarat-other.info
127.0.0.1 www.backstripgirls.com
127.0.0.1 backstripgirls.com
127.0.0.1 backup.mabou.org
127.0.0.1 www.baidu.com
127.0.0.1 baidu.com
127.0.0.1 www.balotierra.com
127.0.0.1 balotierra.com
127.0.0.1 bannedhost.net
127.0.0.1 bar.baidu.com
127.0.0.1 barbudafarms.com
127.0.0.1 www.bardownload.com
127.0.0.1 bardownload.com
127.0.0.1 barnandfence.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bbbsearch.com
127.0.0.1 bb-search.com
127.0.0.1 www.bcnproduction.com
127.0.0.1 bcnproduction.com
127.0.0.1 bdsmlibrary.net
127.0.0.1 www.bdsmpornmag.com
127.0.0.1 bdsmpornmag.com
127.0.0.1 www.bearshare.click-new-download.com
127.0.0.1 bearshare.click-new-download.com
127.0.0.1 www.bearshare.download-me.info
127.0.0.1 bearshare.download-me.info
127.0.0.1 www.bearshare.mp3-muzic.com
127.0.0.1 bearshare.mp3-muzic.com
127.0.0.1 www.bearshare-download.org
127.0.0.1 bearshare-download.org
127.0.0.1 www.bearshare-downloads.net
127.0.0.1 bearshare-downloads.net
127.0.0.1 www.bearsharelive.co.uk
127.0.0.1 bearsharelive.co.uk
127.0.0.1 www.bearshare-music-downloads.com
127.0.0.1 bearshare-music-downloads.com
127.0.0.1 www.bearsharepro2007.com
127.0.0.1 bearsharepro2007.com
127.0.0.1 www.bearshare-usa.com
127.0.0.1 bearshare-usa.com
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 www.beebappyy.biz
127.0.0.1 beebappyy.biz
127.0.0.1 www.begin2search.com
127.0.0.1 begin2search.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 www.berufe-jobs.de
127.0.0.1 berufe-jobs.de
127.0.0.1 www.berufe-server.de
127.0.0.1 berufe-server.de
127.0.0.1 www.berufe-welt.de
127.0.0.1 berufe-welt.de
127.0.0.1 www.berufs-wahl.de
127.0.0.1 berufs-wahl.de
127.0.0.1 www.beruijindegunhadesun.com
127.0.0.1 beruijindegunhadesun.com
127.0.0.1 www.best3xclips.com
127.0.0.1 best3xclips.com
127.0.0.1 www.bestadults.com
127.0.0.1 bestadults.com
127.0.0.1 best-counter.com
127.0.0.1 bestcrawler.com
127.0.0.1 www.bestdailyvids.com
127.0.0.1 bestdailyvids.com
127.0.0.1 bestfor.ru
127.0.0.1 www.bestfuckvids.com
127.0.0.1 bestfuckvids.com
127.0.0.1 best-hardpics.com
127.0.0.1 www.bestmanage.org
127.0.0.1 bestmanage.org
127.0.0.1 www.bestmanage0.org
127.0.0.1 bestmanage0.org
127.0.0.1 www.bestmanage1.org
127.0.0.1 bestmanage1.org
127.0.0.1 www.bestmanage2.org
127.0.0.1 bestmanage2.org
127.0.0.1 www.bestmanage3.org
127.0.0.1 bestmanage3.org
127.0.0.1 www.bestmanage4.org
127.0.0.1 bestmanage4.org
127.0.0.1 www.bestmanage5.org
127.0.0.1 bestmanage5.org
127.0.0.1 www.bestmanage6.org
127.0.0.1 bestmanage6.org
127.0.0.1 www.bestmanage7.org
127.0.0.1 bestmanage7.org
127.0.0.1 www.bestmanage8.org
127.0.0.1 bestmanage8.org
127.0.0.1 www.bestmanage9.org
127.0.0.1 bestmanage9.org
127.0.0.1 www.bestmovszone.com
127.0.0.1 bestmovszone.com
127.0.0.1 www.bestoffersnetworks.com
127.0.0.1 bestoffersnetworks.com
127.0.0.1 bestporngate.com
127.0.0.1 www.bestsafetyguide.net
127.0.0.1 bestsafetyguide.net
127.0.0.1 www.bestsearch.cc
127.0.0.1 bestsearch.cc
127.0.0.1 www.best-spyware.info
127.0.0.1 best-spyware.info
127.0.0.1 www.best-targeted-traffic.com
127.0.0.1 best-targeted-traffic.com
127.0.0.1 www.best-voyeur.info
127.0.0.1 best-voyeur.info
127.0.0.1 bestweblinks.com
127.0.0.1 best-winning-casino.com
127.0.0.1 www.bestworldgirls-for-u.net
127.0.0.1 bestworldgirls-for-u.net
127.0.0.1 www.bestxclips.com
127.0.0.1 bestxclips.com
127.0.0.1 bestxporno.com
127.0.0.1 www.bestxxxmpegs.com
127.0.0.1 bestxxxmpegs.com
127.0.0.1 www.bettersearch.biz
127.0.0.1 bettersearch.biz
127.0.0.1 www.bgazzetta.it
127.0.0.1 bgazzetta.it
127.0.0.1 www.bgoogle.it
127.0.0.1 bgoogle.it
127.0.0.1 www.bigcodecadult2008.com
127.0.0.1 bigcodecadult2008.com
127.0.0.1 www.bighot18-adult2008.com
127.0.0.1 bighot18-adult2008.com
127.0.0.1 www.bighot18codec2008.com
127.0.0.1 bighot18codec2008.com
127.0.0.1 www.bigtrafficnetwork.com
127.0.0.1 bigtrafficnetwork.com
127.0.0.1 www.bigwww.com
127.0.0.1 bigwww.com
127.0.0.1 www.bill.de
127.0.0.1 bill.de
127.0.0.1 bin.errorprotector.com
127.0.0.1 bins.media-motor.net
127.0.0.1 bins2.media-motor.net
127.0.0.1 bis.180solutions.com
127.0.0.1 bitchesonline.net
127.0.0.1 www.bitcomet-freebie.com
127.0.0.1 bitcomet-freebie.com
127.0.0.1 www.bittorrent.click-new-download.com
127.0.0.1 bittorrent.click-new-download.com
127.0.0.1 biz.biz
127.0.0.1 www.bkvcompany.com
127.0.0.1 bkvcompany.com
127.0.0.1 www.blackblues00.com
127.0.0.1 blackblues00.com
127.0.0.1 www.blackcodec.com
127.0.0.1 blackcodec.com
127.0.0.1 www.blackcodec.net
127.0.0.1 blackcodec.net
127.0.0.1 www.blackhats.tc
127.0.0.1 blackhats.tc
127.0.0.1 www.blackhawksoftware.com
127.0.0.1 blackhawksoftware.com
127.0.0.1 blackjack-free.net
127.0.0.1 www.blacklegion.info
127.0.0.1 blacklegion.info
127.0.0.1 blazefind.com
127.0.0.1 blender.xu.pl
127.0.0.1 www.blockcheckercontrol.com
127.0.0.1 blockcheckercontrol.com
127.0.0.1 blondetgp.com
127.0.0.1 www.blue-elefant.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.bm.theaimonline.com
127.0.0.1 bm.theaimonline.com
127.0.0.1 www.bnmgate.com
127.0.0.1 bnmgate.com
127.0.0.1 bodaciousbabette.com
127.0.0.1 www.bonzi.com
127.0.0.1 bonzi.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 www.bookedspace.com
127.0.0.1 bookedspace.com
127.0.0.1 www.boom.com.vn
127.0.0.1 boom.com.vn
127.0.0.1 www.boomgirltv.com
127.0.0.1 boomgirltv.com
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 www.bpfq02.com
127.0.0.1 bpfq02.com
127.0.0.1 www.bqgate.com
127.0.0.1 bqgate.com
127.0.0.1 br.errorsafe.com
127.0.0.1 br.winantivirus.com
127.0.0.1 br.winfixer.com
127.0.0.1 bradcoem.org
127.0.0.1 www.braincodec.com
127.0.0.1 braincodec.com
127.0.0.1 brandiyoung.com
127.0.0.1 www.bravesentry.com
127.0.0.1 bravesentry.com
127.0.0.1 www.breenten.biz
127.0.0.1 breenten.biz
127.0.0.1 www.brodbfm.net
127.0.0.1 brodbfm.net
127.0.0.1 brookeburn.com
127.0.0.1 www.browserwise.com
127.0.0.1 browserwise.com
127.0.0.1 bsa.safetydownload.com
127.0.0.1 www.bsplaycodec.com
127.0.0.1 bsplaycodec.com
127.0.0.1 bucps.com
127.0.0.1 buhartes.info
127.0.0.1 buldog-stats.com
127.0.0.1 www.bullseye-network.com
127.0.0.1 bullseye-network.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 www.burningsite.com
127.0.0.1 burningsite.com
127.0.0.1 www.burnsrecyclinginc.com
127.0.0.1 burnsrecyclinginc.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 www.busysearch.net
127.0.0.1 busysearch.net
127.0.0.1 buttejazz.org
127.0.0.1 www.buy-find.info
127.0.0.1 buy-find.info
127.0.0.1 buyselldomain.net
127.0.0.1 www.buytraff.biz
127.0.0.1 buytraff.biz
127.0.0.1 buz.ru
127.0.0.1 www.bvdtechinque.com
127.0.0.1 bvdtechinque.com
127.0.0.1 www.bvirgilio.it
127.0.0.1 bvirgilio.it
127.0.0.1 c.centralmedia.ws
127.0.0.1 www.c.enhance.com
127.0.0.1 c.enhance.com
127.0.0.1 c.goclick.com
127.0.0.1 www.c4tdownload.com
127.0.0.1 c4tdownload.com
127.0.0.1 www.c5.www4free.info
127.0.0.1 c5.www4free.info
127.0.0.1 www.cache.surfaccuracy.com
127.0.0.1 cache.surfaccuracy.com
127.0.0.1 cache.ysbweb.com
127.0.0.1 www.cadesfinjeriokas.com
127.0.0.1 cadesfinjeriokas.com
127.0.0.1 calcioturris.com
127.0.0.1 www.calendaralerts.net
127.0.0.1 calendaralerts.net
127.0.0.1 www.callinghome.biz
127.0.0.1 callinghome.biz
127.0.0.1 www.cameouk.co.uk
127.0.0.1 cameouk.co.uk
127.0.0.1 cameup.com
127.0.0.1 www.camouflageclothingonline.net
127.0.0.1 camouflageclothingonline.net
127.0.0.1 campaigns.outerinfo.net
127.0.0.1 camup.net
127.0.0.1 canberracricketcoaching.com
127.0.0.1 candycantaloupes.com
127.0.0.1 www.canidetect.org
127.0.0.1 canidetect.org
127.0.0.1 www.cantfind.com
127.0.0.1 cantfind.com
127.0.0.1 careers.dulcineasystems.net
127.0.0.1 carsands.com
127.0.0.1 carsrentals.net
127.0.0.1 cartoes.uol.com.br
127.0.0.1 www.casalemedia.com
127.0.0.1 casalemedia.com
127.0.0.1 www.cashdeluxe.net
127.0.0.1 cashdeluxe.net
127.0.0.1 www.cashengines.com
127.0.0.1 cashengines.com
127.0.0.1 cashsearch.biz
127.0.0.1 www.cashsurfers.com
127.0.0.1 cashsurfers.com
127.0.0.1 www.cashunlim.com
127.0.0.1 cashunlim.com
127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
127.0.0.1 casino2win.net
127.0.0.1 casino-gambling-1.net
127.0.0.1 casino-gambling-2.net
127.0.0.1 casinomidas.net
127.0.0.1 casinonline.net
127.0.0.1 casino-onlines.net
127.0.0.1 www.castingsamateur.com
127.0.0.1 castingsamateur.com
127.0.0.1 catallogue.com
127.0.0.1 www.catch-dc.info
127.0.0.1 catch-dc.info
127.0.0.1 categories.mygeek.com
127.0.0.1 catsss.da.ru
127.0.0.1 caxa.ru
127.0.0.1 cazygirls-world.com
127.0.0.1 cc.panet.org
127.0.0.1 www.ccecaedbebfcaf.com
127.0.0.1 ccecaedbebfcaf.com
127.0.0.1 cclebali.org
127.0.0.1 www.ccorriere.it
127.0.0.1 ccorriere.it
127.0.0.1 www.cdcopysite.com
127.0.0.1 cdcopysite.com
127.0.0.1 www.cdegate.com
127.0.0.1 cdegate.com
127.0.0.1 cdn.drivecleaner.com
127.0.0.1 cdn.errorsafe.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 cdn.winsoftware.com
127.0.0.1 cdn2.movies-etc.com
127.0.0.1 www.cdorriere.it
127.0.0.1 cdorriere.it
127.0.0.1 ceewawires.org
127.0.0.1 centralmedia.ws
127.0.0.1 certumgroup.com
127.0.0.1 www.cforriere.it
127.0.0.1 cforriere.it
127.0.0.1 www.check.jupitersatellites.biz
127.0.0.1 check.jupitersatellites.biz
127.0.0.1 www.checkin100.com
127.0.0.1 checkin100.com
127.0.0.1 www.checkssecurity.com
127.0.0.1 checkssecurity.com
127.0.0.1 chelancatering.com
127.0.0.1 www.chenshijituan.com
127.0.0.1 chenshijituan.com
127.0.0.1 childrenvilla.com
127.0.0.1 www.chilly3xvids.com
127.0.0.1 chilly3xvids.com
127.0.0.1 www.chillymovs.com
127.0.0.1 chillymovs.com
127.0.0.1 chips-4-free.com
127.0.0.1 chrisswasey.com
127.0.0.1 chriswallace.net
127.0.0.1 www.cia-trjn.myvnc.com
127.0.0.1 cia-trjn.myvnc.com
127.0.0.1 www.cinemadownload.com
127.0.0.1 cinemadownload.com
127.0.0.1 www.ciorriere.it
127.0.0.1 ciorriere.it
127.0.0.1 www.cirriere.it
127.0.0.1 cirriere.it
127.0.0.1 www.citycodec.com
127.0.0.1 citycodec.com
127.0.0.1 ckick4thumbs.com
127.0.0.1 cl55.biz
127.0.0.1 clackamasliteraryreview.com
127.0.0.1 www.clckm.com
127.0.0.1 clckm.com
127.0.0.1 www.cleancodec.com
127.0.0.1 cleancodec.com
127.0.0.1 www.cleansoftwares.com
127.0.0.1 cleansoftwares.com
127.0.0.1 clearsearch.cc
127.0.0.1 clearsearch.net
127.0.0.1 clickaire.com
127.0.0.1 www.click-codec.com
127.0.0.1 click-codec.com
127.0.0.1 www.clickhere4search.com
127.0.0.1 clickhere4search.com
127.0.0.1 www.click-new-download.com
127.0.0.1 click-new-download.com
127.0.0.1 click-now.net
127.0.0.1 www.clickspring.net
127.0.0.1 clickspring.net
127.0.0.1 www.click-to-download.com
127.0.0.1 click-to-download.com
127.0.0.1 www.clicktomakeasearch.com
127.0.0.1 clicktomakeasearch.com
127.0.0.1 clickyestoenter.net
127.0.0.1 client.exeupdate.com
127.0.0.1 client.myadultexplorer.com
127.0.0.1 www.cliks.org
127.0.0.1 cliks.org
127.0.0.1 www.clipsfestival.com
127.0.0.1 clipsfestival.com
127.0.0.1 www.clipsreality.com
127.0.0.1 clipsreality.com
127.0.0.1 www.clorriere.it
127.0.0.1 clorriere.it
127.0.0.1 clrsch.com
127.0.0.1 www.clubxxxvideo.com
127.0.0.1 clubxxxvideo.com
127.0.0.1 clusif.free.fr
127.0.0.1 cmtapestry.com
127.0.0.1 www.cnetadd.com
127.0.0.1 cnetadd.com
127.0.0.1 www.cnomy.com
127.0.0.1 cnomy.com
127.0.0.1 www.cnzz.com
127.0.0.1 cnzz.com
127.0.0.1 www.cocktails-ideen.de
127.0.0.1 cocktails-ideen.de
127.0.0.1 code.ignphrases.com
127.0.0.1 codec.ninoa.com
127.0.0.1 www.codecadult18.com
127.0.0.1 codecadult18.com
127.0.0.1 www.codecbsplay.com
127.0.0.1 codecbsplay.com
127.0.0.1 www.codecdvd.net
127.0.0.1 codecdvd.net
127.0.0.1 www.codecdvi.com
127.0.0.1 codecdvi.com
127.0.0.1 www.codec-fun.com
127.0.0.1 codec-fun.com
127.0.0.1 www.codechard.com
127.0.0.1 codechard.com
127.0.0.1 www.codechot.net
127.0.0.1 codechot.net
127.0.0.1 www.codechq.net
127.0.0.1 codechq.net
127.0.0.1 www.codecmeg.net
127.0.0.1 codecmeg.net
127.0.0.1 www.codecmega.net
127.0.0.1 codecmega.net
127.0.0.1 www.codecmoon.com
127.0.0.1 codecmoon.com
127.0.0.1 www.codecmpg.com
127.0.0.1 codecmpg.com
127.0.0.1 www.codecnice.net
127.0.0.1 codecnice.net
127.0.0.1 www.codecops.net
127.0.0.1 codecops.net
127.0.0.1 www.codecplay.com
127.0.0.1 codecplay.com
127.0.0.1 www.codecpretty.net
127.0.0.1 codecpretty.net
127.0.0.1 www.codecpro.net
127.0.0.1 codecpro.net
127.0.0.1 www.codecsoft.net
127.0.0.1 codecsoft.net
127.0.0.1 www.codectime.com
127.0.0.1 codectime.com
127.0.0.1 www.codecultra.net
127.0.0.1 codecultra.net
127.0.0.1 www.codecvids.com
127.0.0.1 codecvids.com
127.0.0.1 www.codecvip.com
127.0.0.1 codecvip.com
127.0.0.1 www.codecviva.com
127.0.0.1 codecviva.com
127.0.0.1 www.codeczang.net
127.0.0.1 codeczang.net
127.0.0.1 www.codrriere.it
127.0.0.1 codrriere.it
127.0.0.1 www.coeriere.it
127.0.0.1 coeriere.it
127.0.0.1 www.coerriere.it
127.0.0.1 coerriere.it
127.0.0.1 www.cofrriere.it
127.0.0.1 cofrriere.it
127.0.0.1 www.cogrriere.it
127.0.0.1 cogrriere.it
127.0.0.1 www.coirriere.it
127.0.0.1 coirriere.it
127.0.0.1 command.adservs.com
127.0.0.1 www.commonname.com
127.0.0.1 www.computerpcgames.net
127.0.0.1 computerpcgames.net
127.0.0.1 www.computerrecover.com
127.0.0.1 computerrecover.com
127.0.0.1 config.180solutions.com
127.0.0.1 www.content.dollarrevenue.com
127.0.0.1 content.dollarrevenue.com
127.0.0.1 www.content.ireit.com
127.0.0.1 content.ireit.com
127.0.0.1 content.onerateld.com
127.0.0.1 www.contentmatch.net
127.0.0.1 contentmatch.net
127.0.0.1 www.contextplus.net
127.0.0.1 contextplus.net
127.0.0.1 www.contra-virus.com
127.0.0.1 contra-virus.com
127.0.0.1 www.controlmeh.com
127.0.0.1 controlmeh.com
127.0.0.1 www.convenient-search.com
127.0.0.1 convenient-search.com
127.0.0.1 www.cookingluck.com
127.0.0.1 cookingluck.com
127.0.0.1 www.cooldeskalert.com
127.0.0.1 cooldeskalert.com
127.0.0.1 coolfetishsite.com
127.0.0.1 coolfreehost.com
127.0.0.1 coolfreepage.com
127.0.0.1 coolfreepages.com
127.0.0.1 cool-homepage.co
127.0.0.1 cool-homepage.com
127.0.0.1 coolmoneysearch.com
127.0.0.1 coolpornsearch.com
127.0.0.1 cool-search.net
127.0.0.1 cool-search.netfartpost.com
127.0.0.1 coolsearcher.info
127.0.0.1 www.coolservecorp.net
127.0.0.1 coolservecorp.net
127.0.0.1 www.coolwebsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 cool-web-search.com
127.0.0.1 coolwebsearsh.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwwwsearch.com
127.0.0.1 cool-xxx.net
127.0.0.1 www.coorriere.it
127.0.0.1 coorriere.it
127.0.0.1 copmtraine.com
127.0.0.1 www.coprriere.it
127.0.0.1 coprriere.it
127.0.0.1 www.core.psyche-evolution.com
127.0.0.1 core.psyche-evolution.com
127.0.0.1 www.coreiere.it
127.0.0.1 coreiere.it
127.0.0.1 www.coreriere.it
127.0.0.1 coreriere.it
127.0.0.1 www.corrdiere.it
127.0.0.1 corrdiere.it
127.0.0.1 www.correiere.it
127.0.0.1 correiere.it
127.0.0.1 www.corrfiere.it
127.0.0.1 corrfiere.it
127.0.0.1 www.corrgiere.it
127.0.0.1 corrgiere.it
127.0.0.1 www.corridere.it
127.0.0.1 corridere.it
127.0.0.1 www.corriedre.it
127.0.0.1 corriedre.it
127.0.0.1 www.corriee.it
127.0.0.1 corriee.it
127.0.0.1 www.corrieere.it
127.0.0.1 corrieere.it
127.0.0.1 www.corriefre.it
127.0.0.1 corriefre.it
127.0.0.1 www.corriegre.it
127.0.0.1 corriegre.it
127.0.0.1 www.corrierde.it
127.0.0.1 corrierde.it
127.0.0.1 www.corriered.it
127.0.0.1 corriered.it
127.0.0.1 www.corrieree.it
127.0.0.1 corrieree.it
127.0.0.1 www.corrieref.it
127.0.0.1 corrieref.it
127.0.0.1 www.corrierer.it
127.0.0.1 corrierer.it
127.0.0.1 www.corrieres.it
127.0.0.1 corrieres.it
127.0.0.1 www.corrierew.it
127.0.0.1 corrierew.it
127.0.0.1 www.corrierfe.it
127.0.0.1 corrierfe.it
127.0.0.1 www.corrierge.it
127.0.0.1 corrierge.it
127.0.0.1 www.corrierr.it
127.0.0.1 corrierr.it
127.0.0.1 www.corrierre.it
127.0.0.1 corrierre.it
127.0.0.1 www.corrierse.it
127.0.0.1 corrierse.it
127.0.0.1 www.corrierte.it
127.0.0.1 corrierte.it
127.0.0.1 www.corrierw.it
127.0.0.1 corrierw.it
127.0.0.1 www.corrierwe.it
127.0.0.1 corrierwe.it
127.0.0.1 www.corriesre.it
127.0.0.1 corriesre.it
127.0.0.1 www.corriete.it
127.0.0.1 corriete.it
127.0.0.1 www.corrietre.it
127.0.0.1 corrietre.it
127.0.0.1 www.corriewre.it
127.0.0.1 corriewre.it
127.0.0.1 www.corrifere.it
127.0.0.1 corrifere.it
127.0.0.1 www.corriiere.it
127.0.0.1 corriiere.it
127.0.0.1 www.corrilere.it
127.0.0.1 corrilere.it
127.0.0.1 www.corrioere.it
127.0.0.1 corrioere.it
127.0.0.1 www.corrire.it
127.0.0.1 corrire.it
127.0.0.1 www.corrirere.it
127.0.0.1 corrirere.it
127.0.0.1 www.corrirre.it
127.0.0.1 corrirre.it
127.0.0.1 www.corrisere.it
127.0.0.1 corrisere.it
127.0.0.1 www.corriuere.it
127.0.0.1 corriuere.it
127.0.0.1 www.corriwere.it
127.0.0.1 corriwere.it
127.0.0.1 www.corriwre.it
127.0.0.1 corriwre.it
127.0.0.1 www.corrliere.it
127.0.0.1 corrliere.it
127.0.0.1 www.corroere.it
127.0.0.1 corroere.it
127.0.0.1 www.corroiere.it
127.0.0.1 corroiere.it
127.0.0.1 www.corrriere.it
127.0.0.1 corrriere.it
127.0.0.1 www.corrtiere.it
127.0.0.1 corrtiere.it
127.0.0.1 www.corruere.it
127.0.0.1 corruere.it
127.0.0.1 www.corruiere.it
127.0.0.1 corruiere.it
127.0.0.1 www.cortiere.it
127.0.0.1 cortiere.it
127.0.0.1 www.cortriere.it
127.0.0.1 cortriere.it
127.0.0.1 www.costrike.com
127.0.0.1 costrike.com
127.0.0.1 www.cotriere.it
127.0.0.1 cotriere.it
127.0.0.1 www.cotrriere.it
127.0.0.1 cotrriere.it
127.0.0.1 couldnotfind.com
127.0.0.1 count.cc
127.0.0.1 count.hitscount.net
127.0.0.1 count-all.com
127.0.0.1 www.countdutycall.info
127.0.0.1 countdutycall.info
127.0.0.1 counter.sexmaniack.com
127.0.0.1 www.courtrecordslookup.com
127.0.0.1 courtrecordslookup.com
127.0.0.1 www.cporriere.it
127.0.0.1 cporriere.it
127.0.0.1 www.cprriere.it
127.0.0.1 cprriere.it
127.0.0.1 cpvfeed.com
127.0.0.1 cracks.me.uk
127.0.0.1 www.cracks4all.com
127.0.0.1 cracks4all.com
127.0.0.1 www.crapsgold.info
127.0.0.1 crapsgold.info
127.0.0.1 crazygirls-world.com
127.0.0.1 www.crazywinnings.com
127.0.0.1 crazywinnings.com
127.0.0.1 creamedcutties.com
127.0.0.1 www.createaccesskey.com
127.0.0.1 createaccesskey.com
127.0.0.1 www.creatonsoft.com
127.0.0.1 creatonsoft.com
127.0.0.1 creditsearchonline.com
127.0.0.1 crestring.com
127.0.0.1 crooder.com
127.0.0.1 www.crriere.it
127.0.0.1 crriere.it
127.0.0.1 www.cryptdrive.com
127.0.0.1 cryptdrive.com
127.0.0.1 www.crystalysmedia.com
127.0.0.1 crystalysmedia.com
127.0.0.1 www.csx.adservs.com
127.0.0.1 csx.adservs.com
127.0.0.1 cts.180solutions.com
127.0.0.1 www.cuisinartoven.com
127.0.0.1 cuisinartoven.com
127.0.0.1 www.curedc.info
127.0.0.1 curedc.info
127.0.0.1 www.curepcsolutions.com
127.0.0.1 curepcsolutions.com
127.0.0.1 curvedspaces.com
127.0.0.1 www.cutadult.com
127.0.0.1 cutadult.com
127.0.0.1 www.cvirgilio.it
127.0.0.1 cvirgilio.it
127.0.0.1 www.cvorriere.it
127.0.0.1 cvorriere.it
127.0.0.1 cvs.jps.ru
127.0.0.1 cvsymphony.com
127.0.0.1 www.cxorriere.it
127.0.0.1 cxorriere.it
127.0.0.1 www.cyberrape.com
127.0.0.1 cyberrape.com
127.0.0.1 cydom.com
127.0.0.1 www.cydoor.com
127.0.0.1 cydoor.com
127.0.0.1 www.daily3xlinks.com
127.0.0.1 daily3xlinks.com
127.0.0.1 www.dailybestclips.com
127.0.0.1 dailybestclips.com
127.0.0.1 daily-gals.com
127.0.0.1 www.dailyhugemovs.com
127.0.0.1 dailyhugemovs.com
127.0.0.1 www.dailykeys.com
127.0.0.1 dailykeys.com
127.0.0.1 www.dailypornmag.com
127.0.0.1 dailypornmag.com
127.0.0.1 dailyteenspic.com
127.0.0.1 www.dailytoolbar.com
127.0.0.1 dailytoolbar.com
127.0.0.1 www.dailyxvids.com
127.0.0.1 dailyxvids.com
127.0.0.1 dancingbabycd.com
127.0.0.1 www.dapsol.com
127.0.0.1 dapsol.com
127.0.0.1 www.dapsolution.com
127.0.0.1 dapsolution.com
127.0.0.1 www.data-hoster.com
127.0.0.1 data-hoster.com
127.0.0.1 datanotary.com
127.0.0.1 datareco.com
127.0.0.1 www.dateanybabe.com
127.0.0.1 dateanybabe.com
127.0.0.1 www.dateanychick.com
127.0.0.1 dateanychick.com
127.0.0.1 www.datingdoctorsite.com
127.0.0.1 datingdoctorsite.com
127.0.0.1 www.dating-galaxy.info
127.0.0.1 dating-galaxy.info
127.0.0.1 dating-search.net
127.0.0.1 davemarshall.org
127.0.0.1 db105.com
127.0.0.1 www.dbdecicated.com
127.0.0.1 dbdecicated.com
127.0.0.1 www.dbxcompany.com
127.0.0.1 dbxcompany.com
127.0.0.1 dcdl.dmcast.com
127.0.0.1 dcfitusa.com
127.0.0.1 www.dcorriere.it
127.0.0.1 dcorriere.it
127.0.0.1 www.dcurtis.com
127.0.0.1 dcurtis.com
127.0.0.1 dcww.dmcast.com
127.0.0.1 de.ag
127.0.0.1 de.drivecleaner.com
127.0.0.1 de.errorsafe.com
127.0.0.1 de.winantivirus.com
127.0.0.1 de98.remsys.org
127.0.0.1 www.debay.it
127.0.0.1 debay.it
127.0.0.1 www.decknews.com
127.0.0.1 decknews.com
127.0.0.1 dedmazay.3322.org
127.0.0.1 www.dedsearch.com
127.0.0.1 dedsearch.com
127.0.0.1 defaultsearch.net
127.0.0.1 www.defensaantimalware.com
127.0.0.1 defensaantimalware.com
127.0.0.1 www.deja-rue.com
127.0.0.1 deja-rue.com
127.0.0.1 www.delficodec.com
127.0.0.1 delficodec.com
127.0.0.1 www.democodec.com
127.0.0.1 democodec.com
127.0.0.1 www.derklaif.biz
127.0.0.1 derklaif.biz
127.0.0.1 www.derrari.it
127.0.0.1 derrari.it
127.0.0.1 desarrollocreativo.com
127.0.0.1 www.deskbar.worldtostart.com
127.0.0.1 deskbar.worldtostart.com
127.0.0.1 www.deskwizz.com
127.0.0.1 deskwizz.com
127.0.0.1 www.destruktor.to.pl
127.0.0.1 destruktor.to.pl
127.0.0.1 www.detectivehound.com
127.0.0.1 detectivehound.com
127.0.0.1 www.detectivesearches.com
127.0.0.1 detectivesearches.com
127.0.0.1 dev.ntcor.com
127.0.0.1 develip.com
127.0.0.1 dewis.spb.ru
127.0.0.1 dewis.us
127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
127.0.0.1 www.dgbusiness.com
127.0.0.1 dgbusiness.com
127.0.0.1 dialer2004.com
127.0.0.1 www.dialerclub.com
127.0.0.1 dialerclub.com
127.0.0.1 www.dialer-shop.com
127.0.0.1 dialer-shop.com
127.0.0.1 www.dialoff.com
127.0.0.1 dialoff.com
127.0.0.1 www.did.i-used.cc
127.0.0.1 did.i-used.cc
127.0.0.1 dietpills4free.com
127.0.0.1 dietpussy.com
127.0.0.1 www.digikeygen.com
127.0.0.1 digikeygen.com
127.0.0.1 digistreamsa.com
127.0.0.1 www.digitalcoders.net
127.0.0.1 digitalcoders.net
127.0.0.1 www.digitalfan.com
127.0.0.1 digital-pornography.com
127.0.0.1 dionforvalleycouncil.org
127.0.0.1 www.directdvdpro.com
127.0.0.1 directdvdpro.com
127.0.0.1 www.directnameservice.com
127.0.0.1 directnameservice.com
127.0.0.1 www.directporta.info
127.0.0.1 directporta.info
127.0.0.1 www.directsearchzone.com
127.0.0.1 directsearchzone.com
127.0.0.1 www.diskretter.com
127.0.0.1 diskretter.com
127.0.0.1 dist.checkin100.com
127.0.0.1 dl.ad-ware.cc
127.0.0.1 dl.malwarewipe.com
127.0.0.1 dl.mcboo.com
127.0.0.1 www.dl.targetsaver.com
127.0.0.1 dl.targetsaver.com
127.0.0.1 dl.web-nexus.net
127.0.0.1 dl1.antivermins.com
127.0.0.1 dl1.antivirgear.com
127.0.0.1 dl1.spydawn.com
127.0.0.1 dl1.virusprotectpro.com
127.0.0.1 dl10.spyfalcon.com
127.0.0.1 dl16.spyfalcon.com
127.0.0.1 dl2.spyfalcon.com
127.0.0.1 dl2.spyheal.com
127.0.0.1 dl2.spywarestrike.com
127.0.0.1 dl3.spyfalcon.com
127.0.0.1 dl3.spyheal.com
127.0.0.1 dl3.spywarestrike.com
127.0.0.1 dl4.spyfalcon.com
127.0.0.1 dl4.spywarestrike.com
127.0.0.1 dl5.spyfalcon.com
127.0.0.1 dl5.spywarestrike.com
127.0.0.1 dl6.spywarestrike.com
127.0.0.1 dl7.spywarestrike.com
127.0.0.1 dl8.spyheal.com
127.0.0.1 dl8.spywarestrike.com
127.0.0.1 dl9.spyfalcon.com
127.0.0.1 dload.contextplus.net
127.0.0.1 www.dltsolution.com
127.0.0.1 dltsolution.com
127.0.0.1 www.dmcast.com
127.0.0.1 dmcast.com
127.0.0.1 www.dmqfirm.com
127.0.0.1 dmqfirm.com
127.0.0.1 www.dnaads.com
127.0.0.1 dnaads.com
127.0.0.1 dnl.mabou.org
127.0.0.1 www.dns-look-up.com
127.0.0.1 dns-look-up.com
127.0.0.1 doctorwaldron.com
127.0.0.1 document-not-found.pornpic.org
127.0.0.1 doggyaction.com
127.0.0.1 www.dogproblemswebsite.com
127.0.0.1 dogproblemswebsite.com
127.0.0.1 doktorxxx.com
127.0.0.1 dollarrevenue.com
127.0.0.1 www.domaincar.com
127.0.0.1 domaincar.com
127.0.0.1 domains2003.net
127.0.0.1 domains-for-you-online.com
127.0.0.1 domain-your-registration.com
127.0.0.1 domkrat.com
127.0.0.1 www.doofo.com
127.0.0.1 doofo.com
127.0.0.1 www.dotcomtoolbar.com
127.0.0.1 dotcomtoolbar.com
127.0.0.1 down.136136.net
127.0.0.1 download.abetterinternet.com
127.0.0.1 download.adintelligence.net
127.0.0.1 www.download.antispywarebot.com
127.0.0.1 download.antispywarebot.com
127.0.0.1 www.download.bardownload.com
127.0.0.1 download.bardownload.com
127.0.0.1 www.download.bravesentry.com
127.0.0.1 download.bravesentry.com
127.0.0.1 download.cdn.drivecleaner.com
127.0.0.1 download.cdn.errorsafe.com
127.0.0.1 download.cdn.winsoftware.com
127.0.0.1 download.contextplus.net
127.0.0.1 download.errorsafe.com
127.0.0.1 www.download.jupitersatellites.biz
127.0.0.1 download.jupitersatellites.biz
127.0.0.1 download.malwarealarm.com
127.0.0.1 download.searchtabs.net
127.0.0.1 www.download.secureyournet.biz
127.0.0.1 download.secureyournet.biz
127.0.0.1 download.spyonthis.net
127.0.0.1 download.spy-shredder.com
127.0.0.1 download.systemdoctor.com
127.0.0.1 download.winantispyware.com
127.0.0.1 download.winantivirus.com
127.0.0.1 download.windrivecleaner.com
127.0.0.1 download.winfixer.com
127.0.0.1 download10.spywarequake.com
127.0.0.1 download11.spywarequake.com
127.0.0.1 download12.spywarequake.com
127.0.0.1 download13.spywarequake.com
127.0.0.1 download15.spywarequake.com
127.0.0.1 download2.spywarequake.com
127.0.0.1 www.download-2007.com
127.0.0.1 download-2007.com
127.0.0.1 download3.spyaxe.com
127.0.0.1 download3.spywarequake.com
127.0.0.1 www.download3xpics.com
127.0.0.1 download3xpics.com
127.0.0.1 download4.spyaxe.com
127.0.0.1 download4.spywarequake.com
127.0.0.1 download5.spyaxe.com
127.0.0.1 download5.spywarequake.com
127.0.0.1 download6.spyaxe.com
127.0.0.1 download7.spywarequake.com
127.0.0.1 download8.spywarequake.com
127.0.0.1 download9.spywarequake.com
127.0.0.1 www.downloadacceleratorsite.com
127.0.0.1 downloadacceleratorsite.com
127.0.0.1 www.download-ad-aware.com
127.0.0.1 download-ad-aware.com
127.0.0.1 www.download-all-4-free.com
127.0.0.1 download-all-4-free.com
127.0.0.1 www.download-all-area.com
127.0.0.1 download-all-area.com
127.0.0.1 www.download-antivir.com
127.0.0.1 download-antivir.com
127.0.0.1 www.downloadanysong.com
127.0.0.1 downloadanysong.com
127.0.0.1 www.downloadaresnow.com
127.0.0.1 downloadaresnow.com
127.0.0.1 www.download-avast.com
127.0.0.1 download-avast.com
127.0.0.1 www.downloadcorporation.com
127.0.0.1 downloadcorporation.com
127.0.0.1 www.download-dvdshrink.com
127.0.0.1 download-dvdshrink.com
127.0.0.1 www.download-for-free.net
127.0.0.1 download-for-free.net
127.0.0.1 www.downloadfreesoft.com
127.0.0.1 downloadfreesoft.com
127.0.0.1 www.downloadfreeway.com
127.0.0.1 downloadfreeway.com
127.0.0.1 www.downloadimesh.com
127.0.0.1 downloadimesh.com
127.0.0.1 www.download-itunes-now.com
127.0.0.1 download-itunes-now.com
127.0.0.1 www.download-limewire.org
127.0.0.1 download-limewire.org
127.0.0.1 www.downloadlost.tv
127.0.0.1 downloadlost.tv
127.0.0.1 www.downloadmax.net
127.0.0.1 downloadmax.net
127.0.0.1 www.download-mcafee.com
127.0.0.1 download-mcafee.com
127.0.0.1 download-me.info
127.0.0.1 www.downloadmediaax.com
127.0.0.1 downloadmediaax.com
127.0.0.1 www.downloadpics.net
127.0.0.1 downloadpics.net
127.0.0.1 www.downloadprovider.net
127.0.0.1 downloadprovider.net
127.0.0.1 www.download-real-player.com
127.0.0.1 download-real-player.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 downloads.adaware.cc
127.0.0.1 www.downloadservicearea.com
127.0.0.1 downloadservicearea.com
127.0.0.1 www.downloads-free.org
127.0.0.1 downloads-free.org
127.0.0.1 www.downloadsglobe.com
127.0.0.1 downloadsglobe.com
127.0.0.1 www.download-this.us
127.0.0.1 download-this.us
127.0.0.1 www.download-trillian.com
127.0.0.1 download-trillian.com
127.0.0.1 www.downloadv3.com
127.0.0.1 downloadv3.com
127.0.0.1 www.downloadvax.com
127.0.0.1 downloadvax.com
127.0.0.1 www.download-windvd.com
127.0.0.1 download-windvd.com
127.0.0.1 www.download-winrar.com
127.0.0.1 download-winrar.com
127.0.0.1 downloadwizard.com
127.0.0.1 www.downloadxmoveis.com
127.0.0.1 downloadxmoveis.com
127.0.0.1 www.downloadxvids.com
127.0.0.1 downloadxvids.com
127.0.0.1 downloadzcenter.com
127.0.0.1 downloadzcentral.com
127.0.0.1 www.downloadzfree.com
127.0.0.1 downloadzfree.com
127.0.0.1 downloadznow.net
127.0.0.1 www.download-zone-free.com
127.0.0.1 download-zone-free.com
127.0.0.1 www.download-zone-free.net
127.0.0.1 download-zone-free.net
127.0.0.1 dp-host.com
127.0.0.1 dr.mcboo.com
127.0.0.1 www.dr.webhancer.com
127.0.0.1 dr.webhancer.com
127.0.0.1 www.dr2.webhancer.com
127.0.0.1 dr2.webhancer.com
127.0.0.1 dr38.mcboo.com
127.0.0.1 dr47.mcboo.com
127.0.0.1 dragqueen.gay-clan.com
127.0.0.1 www.drepubblica.it
127.0.0.1 drepubblica.it
127.0.0.1 www.drivecleaner.com
127.0.0.1 drivecleaner.com
127.0.0.1 www.drivecleanr.com
127.0.0.1 drivecleanr.com
127.0.0.1 drocherway.com
127.0.0.1 www.dropspam.com
127.0.0.1 dropspam.com
127.0.0.1 drug-sources-exposed.com
127.0.0.1 drvvv.com
127.0.0.1 www.dsupereva.it
127.0.0.1 dsupereva.it
127.0.0.1 www.dtlproduct.com
127.0.0.1 dtlproduct.com
127.0.0.1 www.dudu.com
127.0.0.1 dudu.com
127.0.0.1 dulcineasystems.net
127.0.0.1 dumpserv.com
127.0.0.1 duolaimi.net
127.0.0.1 dutch-sex.com
127.0.0.1 www.dvdaccess.net
127.0.0.1 dvdaccess.net
127.0.0.1 dvdbank.org
127.0.0.1 www.dvd-codec.com
127.0.0.1 dvd-codec.com
127.0.0.1 www.dvdcodec.net
127.0.0.1 dvdcodec.net
127.0.0.1 www.dvden.de
127.0.0.1 dvden.de
127.0.0.1 www.dvdsmovies.net
127.0.0.1 dvdsmovies.net
127.0.0.1 www.dvdsvideos.net
127.0.0.1 dvdsvideos.net
127.0.0.1 www.dvdtocdsite.com
127.0.0.1 dvdtocdsite.com
127.0.0.1 www.dvdxgold.com
127.0.0.1 dvdxgold.com
127.0.0.1 www.dvdxpremium.com
127.0.0.1 dvdxpremium.com
127.0.0.1 www.dvicodec.com
127.0.0.1 dvicodec.com
127.0.0.1 dynamique.drivecleaner.com
127.0.0.1 www.e3bay.it
127.0.0.1 e3bay.it
127.0.0.1 www.e4bay.it
127.0.0.1 e4bay.it
127.0.0.1 eager-sex.com
127.0.0.1 www.earthllnk.net
127.0.0.1 earthllnk.net
127.0.0.1 eases.net
127.0.0.1 easyantispy.com
127.0.0.1 www.easybestdeals.com
127.0.0.1 easybestdeals.com
127.0.0.1 easycategories.com
127.0.0.1 www.easycdrip.com
127.0.0.1 easycdrip.com
127.0.0.1 www.easymovieplayer.com
127.0.0.1 easymovieplayer.com
127.0.0.1 www.easymp3musicnow.com
127.0.0.1 easymp3musicnow.com
127.0.0.1 www.easymus.cn
127.0.0.1 easymus.cn
127.0.0.1 www.easy-pharmacy.info
127.0.0.1 easy-pharmacy.info
127.0.0.1 www.easypspdownloads.com
127.0.0.1 easypspdownloads.com
127.0.0.1 easy-search.net
127.0.0.1 www.easysearch4you.com
127.0.0.1 easysearch4you.com
127.0.0.1 easysearchingtips.com
127.0.0.1 www.easyspyware.com
127.0.0.1 easyspyware.com
127.0.0.1 www.easywww.info
127.0.0.1 easywww.info
127.0.0.1 www.eazel.com
127.0.0.1 eazel.com
127.0.0.1 www.eba6y.it
127.0.0.1 eba6y.it
127.0.0.1 www.eba7y.it
127.0.0.1 eba7y.it
127.0.0.1 www.ebaay.it
127.0.0.1 ebaay.it
127.0.0.1 www.ebagy.it
127.0.0.1 ebagy.it
127.0.0.1 www.ebahy.it
127.0.0.1 ebahy.it
127.0.0.1 www.ebajy.it
127.0.0.1 ebajy.it
127.0.0.1 www.ebaqy.it
127.0.0.1 ebaqy.it
127.0.0.1 www.ebasy.it
127.0.0.1 ebasy.it
127.0.0.1 www.ebaty.it
127.0.0.1 ebaty.it
127.0.0.1 www.ebauy.it
127.0.0.1 ebauy.it
127.0.0.1 ebav.com
127.0.0.1 ebaw.com
127.0.0.1 www.ebawy.it
127.0.0.1 ebawy.it
127.0.0.1 www.ebaxy.it
127.0.0.1 ebaxy.it
127.0.0.1 www.ebay6.it
127.0.0.1 ebay6.it
127.0.0.1 www.ebay7.it
127.0.0.1 ebay7.it
127.0.0.1 www.ebayg.it
127.0.0.1 ebayg.it
127.0.0.1 www.ebayh.it
127.0.0.1 ebayh.it
127.0.0.1 www.ebayj.it
127.0.0.1 ebayj.it
127.0.0.1 www.ebayt.it
127.0.0.1 ebayt.it
127.0.0.1 www.ebayu.it
127.0.0.1 ebayu.it
127.0.0.1 www.ebazy.it
127.0.0.1 ebazy.it
127.0.0.1 ebch.com
127.0.0.1 ebdv.com
127.0.0.1 ebdw.com
127.0.0.1 www.ebestfind.org
127.0.0.1 ebestfind.org
127.0.0.1 www.ebgay.it
127.0.0.1 ebgay.it
127.0.0.1 ebgo.com
127.0.0.1 www.ebhay.it
127.0.0.1 ebhay.it
127.0.0.1 ebjp.com
127.0.0.1 ebkb.com
127.0.0.1 ebkn.com
127.0.0.1 ebky.com
127.0.0.1 eblv.com
127.0.0.1 ebmu.com
127.0.0.1 www.ebnay.it
127.0.0.1 ebnay.it
127.0.0.1 ebonypornmag.com
127.0.0.1 www.ebonypornmag.com
127.0.0.1 ebony-pornmag.com
127.0.0.1 www.ebony-pornmag.com
127.0.0.1 www.ebqay.it
127.0.0.1 ebqay.it
127.0.0.1 www.ebsay.it
127.0.0.1 ebsay.it
127.0.0.1 www.ebsy.it
127.0.0.1 ebsy.it
127.0.0.1 www.ebvay.it
127.0.0.1 ebvay.it
127.0.0.1 ebvr.com
127.0.0.1 www.ebway.it
127.0.0.1 ebway.it
127.0.0.1 www.ebwmanufacture.com
127.0.0.1 ebwmanufacture.com
127.0.0.1 www.ebxay.it
127.0.0.1 ebxay.it
127.0.0.1 www.ebzay.it
127.0.0.1 ebzay.it
127.0.0.1 www.echterschutz.com
127.0.0.1 echterschutz.com
127.0.0.1 ecmh.com
127.0.0.1 ecmp.com
127.0.0.1 ecosrioplatenses.org
127.0.0.1 ecpm.com
127.0.0.1 ecstasyporn.net
127.0.0.1 ecwz.com
127.0.0.1 ecyb.com
127.0.0.1 www.edbay.it
127.0.0.1 edbay.it
127.0.0.1 edhq.com
127.0.0.1 www.edietprogram.com
127.0.0.1 edietprogram.com
127.0.0.1 edty.com
127.0.0.1 eduy.com
127.0.0.1 www.eebay.it
127.0.0.1 eebay.it
127.0.0.1 eeev.com
127.0.0.1 www.eepubblica.it
127.0.0.1 eepubblica.it
127.0.0.1 www.efbay.it
127.0.0.1 efbay.it
127.0.0.1 www.efcsoftware.com
127.0.0.1 efcsoftware.com
127.0.0.1 www.egbay.it
127.0.0.1 egbay.it
127.0.0.1 www.ehbay.it
127.0.0.1 ehbay.it
127.0.0.1 eikokoike.com
127.0.0.1 www.elitecodec.com
127.0.0.1 elitecodec.com
127.0.0.1 www.elitemediagroup.net
127.0.0.1 elitemediagroup.net
127.0.0.1 www.eliteprotector.com
127.0.0.1 eliteprotector.com
127.0.0.1 e-localad.com
127.0.0.1 www.elseif.biz
127.0.0.1 elseif.biz
127.0.0.1 www.emailicon.org
127.0.0.1 emailicon.org
127.0.0.1 emch.com
127.0.0.1 www.emcodec.com
127.0.0.1 emcodec.com
127.0.0.1 www.emediacodec.com
127.0.0.1 emediacodec.com
127.0.0.1 www.e-mp3now.com
127.0.0.1 e-mp3now.com
127.0.0.1 www.emule.click-new-download.com
127.0.0.1 emule.click-new-download.com
127.0.0.1 www.emule.mp3-muzic.com
127.0.0.1 emule.mp3-muzic.com
127.0.0.1 www.emuledownloadhome.com
127.0.0.1 emuledownloadhome.com
127.0.0.1 www.emule-freebie.com
127.0.0.1 emule-freebie.com
127.0.0.1 www.enay.it
127.0.0.1 enay.it
127.0.0.1 www.enbay.it
127.0.0.1 enbay.it
127.0.0.1 www.encodeinstrument.com
127.0.0.1 encodeinstrument.com
127.0.0.1 www.endcodec.com
127.0.0.1 endcodec.com
127.0.0.1 www.energy-factor.com
127.0.0.1 energy-factor.com
127.0.0.1 www.engineplay.com
127.0.0.1 engineplay.com
127.0.0.1 www.engine-ticket.com
127.0.0.1 engine-ticket.com
127.0.0.1 www.enhance.com
127.0.0.1 enhance.com
127.0.0.1 www.enhancevideos.com
127.0.0.1 enhancevideos.com
127.0.0.1 enitinvest.net
127.0.0.1 enjoywebsurf.com
127.0.0.1 www.entertainsite.net
127.0.0.1 entertainsite.net
127.0.0.1 www.enterthesearch.com
127.0.0.1 enterthesearch.com
127.0.0.1 www.entirexxx.com
127.0.0.1 entirexxx.com
127.0.0.1 envolo.peopleonpage.com
127.0.0.1 e-plus.cc
127.0.0.1 epornsex.com
127.0.0.1 www.eprotectionline.com
127.0.0.1 eprotectionline.com
127.0.0.1 www.eprotectpage.com
127.0.0.1 eprotectpage.com
127.0.0.1 www.erbay.it
127.0.0.1 erbay.it
127.0.0.1 www.erepubblica.it
127.0.0.1 erepubblica.it
127.0.0.1 ergosites.com
127.0.0.1 www.erossoalice.it
127.0.0.1 erossoalice.it
127.0.0.1 www.errari.it
127.0.0.1 errari.it
127.0.0.1 www.errclean.com
127.0.0.1 errclean.com
127.0.0.1 www.error404site.com
127.0.0.1 error404site.com
127.0.0.1 www.error404site.net
127.0.0.1 error404site.net
127.0.0.1 www.errordoctor.com
127.0.0.1 errordoctor.com
127.0.0.1 www.errorfri.com
127.0.0.1 errorfri.com
127.0.0.1 www.errorkiller.com
127.0.0.1 errorkiller.com
127.0.0.1 www.errorout.com
127.0.0.1 errorout.com
127.0.0.1 www.errorprotector.com
127.0.0.1 errorprotector.com
127.0.0.1 www.errorsafe.com
127.0.0.1 errorsafe.com
127.0.0.1 www.errorsdns.com
127.0.0.1 errorsdns.com
127.0.0.1 www.errorskydd.com
127.0.0.1 errorskydd.com
127.0.0.1 www.errorsmart.com
127.0.0.1 errorsmart.com
127.0.0.1 www.errorsoshi.com
127.0.0.1 errorsoshi.com
127.0.0.1 www.errorsweeper.com
127.0.0.1 errorsweeper.com
127.0.0.1 ert0003.e76.163ns.com
127.0.0.1 ert47.a1.wrs.mcboo.com
127.0.0.1 www.ertikadeswiokinganfujas.com
127.0.0.1 ertikadeswiokinganfujas.com
127.0.0.1 es.winantivirus.com
127.0.0.1 es0-www.5zgmu7o20kt5d8yq.com
127.0.0.1 es1-www.5zgmu7o20kt5d8yq.com
127.0.0.1 es2-www.5zgmu7o20kt5d8yq.com
127.0.0.1 es3-www.5zgmu7o20kt5d8yq.com
127.0.0.1 es4-www.5zgmu7o20kt5d8yq.com
127.0.0.1 es5-www.5zgmu7o20kt5d8yq.com
127.0.0.1 es6-www.5zgmu7o20kt5d8yq.com
127.0.0.1 es7-www.5zgmu7o20kt5d8yq.com
127.0.0.1 es8-www.5zgmu7o20kt5d8yq.com
127.0.0.1 es9-www.5zgmu7o20kt5d8yq.com
127.0.0.1 www.esafetylist.com
127.0.0.1 esafetylist.com
127.0.0.1 www.esafetypage.com
127.0.0.1 esafetypage.com
127.0.0.1 www.esbay.it
127.0.0.1 esbay.it
127.0.0.1 www.esearch2005.com
127.0.0.1 esearch2005.com
127.0.0.1 www.esecuritynote.com
127.0.0.1 esecuritynote.com
127.0.0.1 www.esecuritypage.com
127.0.0.1 esecuritypage.com
127.0.0.1 www.esims.ch
127.0.0.1 esims.ch
127.0.0.1 www.esupereva.it
127.0.0.1 esupereva.it
127.0.0.1 www.etdscanner.com
127.0.0.1 etdscanner.com
127.0.0.1 www.etomi.all-downloads-now.com
127.0.0.1 etomi.all-downloads-now.com
127.0.0.1 www.eupdatepage.com
127.0.0.1 eupdatepage.com
127.0.0.1 euuu.com
127.0.0.1 www.evbay.it
127.0.0.1 evbay.it
127.0.0.1 www.every-game.com
127.0.0.1 every-game.com
127.0.0.1 evidence-detector.biz
127.0.0.1 www.evidenceeraser.com
127.0.0.1 evidenceeraser.com
127.0.0.1 evilspidercomics.com
127.0.0.1 www.evko.biz
127.0.0.1 evko.biz
127.0.0.1 www.ewbay.it
127.0.0.1 ewbay.it
127.0.0.1 ewebsearch.net
127.0.0.1 e-websitesolutions.com
127.0.0.1 ewizard.cc
127.0.0.1 www.exaccess.ru
127.0.0.1 exaccess.ru
127.0.0.1 excellentsckin.com
127.0.0.1 www.exclusivexxxclips.com
127.0.0.1 exclusivexxxclips.com
127.0.0.1 www.exeupdate.com
127.0.0.1 exeupdate.com
127.0.0.1 www.exflow.org
127.0.0.1 exflow.org
127.0.0.1 exit.megago.co

et le hihjack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:18:34, on 19.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
E:\Telechargement provisoire\Clean utilities\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.185.246.242:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 62.185.*;*emhartglass.net;<local>
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CD1509C-BC37-4F84-B33F-9492CB212A54} - (no file)
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program File perso\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: Barre d'outils &Inbox.com - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {755F70ED-8112-4AEA-B77B-E11296C79DA7} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [lcfep] "c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program File perso\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://semchd01/iNotes6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.emhartglass.com/dana-cached/setup/JuniperSe...
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/qdiagh.ca...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emhartglass.net
O17 - HKLM\Software\..\Telephony: DomainName = emhartglass.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emhartglass.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emhartglass.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = emhartglass.net
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: vbksrofa - {B0D2B81D-9B7D-493D-A593-AF73BE10832D} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\T-Online Business\Corporate Access\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateService.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: NetOp Helper ver. 7.65 (2004317) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Software Distribution Updater (SwdisRestart) - Unknown owner - c:\Tivoli\lcf\dat\1\cache\lib\w32-ix86\swdres.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Tivoli Remote Execution Service (trip) - Unknown owner - C:/Tivoli\trip\trip.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files Perso\Spy Sweeper\SpySweeper.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe

--
End of file - 11439 bytes

La suite du premier fichier smartfix est tronquée..

Mon antivirus trouve toujours un TROJAN PANDEX...

et aussi le ficheir precedent smitfraudfix a été tronqué quand je l'ai copié, il se termine par ceci :

127.0.0.1 www.z-quest.com
127.0.0.1 www.zsupereva.it
127.0.0.1 zsupereva.it
127.0.0.1 www.zsvcompany.com
127.0.0.1 zsvcompany.com
127.0.0.1 zurrusco.com
127.0.0.1 www.zurrusco.com
127.0.0.1 zvimigdal.com
127.0.0.1 www.zxcsolution.com
127.0.0.1 zxcsolution.com
127.0.0.1 zxlinks.com
127.0.0.1 www.zxlinks.com
127.0.0.1 zyban-zocor-levitra.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\fvowketqxfo.dll deleted.
C:\WINDOWS\mpfanvqg.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{3316BA47-D07E-444A-91DB-28A1D640F950}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Hello ,

XmichouX est absent pour quelques jours , nous allons continuer ensemble  

Télécharge MalwareBytes' Anti-Malwares [:eric_71:21] < ici

Double clique sur Download_mbam-setup.exe pour lancer l'installation
Autorise le téléchargement des mises à jour !

Redémarre en mode sans echec ( > Mode Sans Echec < )

Double clique sur le raccourci Malwarebytes présent sur ton bureau
Coche Exécuter un examen complet , puis clique sur [Rechercher]
A la fin du scan , clique sur [Afficher les resultats]
Si objets infectés sont trouvés , clique sur [Supprimer la sélection]

Poste le rapport ( il se trouve aussi dans l'onglet Rapports/Logs )

Merci Eric, je commençais à m'impatienter un peu
voici le rapport demandé

Malwarebytes' Anti-Malware 1.12
Database version: 768

Scan type: Full Scan (C:\|)
Objects scanned: 103311
Time elapsed: 1 hour(s), 28 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbksrofa (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dqbfmwep.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pewmfbqd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pmnnNghe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\oadkxrts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

J'attends la suite, et merci encore

Re ,

On va vérifier si il reste du Vundo ,

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactivera après le scan

Télécharge ComboFix [:eric_71] < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )

le programme me retourne date error check your settings..?

Voilà le rapport.. et je croise les doigts...
ComboFix 08-05-19.4 - gpau 2008-05-20 13:53:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.418 [GMT 2:00]
Running from: C:\Documents and Settings\gpau\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\flkjpxxu.ini
C:\WINDOWS\system32\kjopejxu.ini
C:\WINDOWS\system32\vtbemidp.ini
C:\WINDOWS\system32\WGfOonmp.ini
C:\WINDOWS\system32\WGfOonmp.ini2

----- BITS: Possible infected sites -----

hxxp://chs027
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-16 13:53 . 2008-05-16 13:53 <DIR> d-------- C:\Program Files\CCleaner
2008-05-16 10:43 . 2008-05-16 10:43 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-15 18:51 . 2008-05-16 14:15 <DIR> d-------- C:\Documents and Settings\gpau\Application Data\TmpRecentIcons
2008-05-15 18:02 . 2008-05-15 18:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-15 18:01 . 2008-05-15 17:55 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-15 18:01 . 2008-05-15 18:01 2,540 --a------ C:\WINDOWS\unins000.dat
2008-05-15 17:45 . 2008-05-15 03:48 172,032 --a------ C:\WINDOWS\epfg.exe
2008-05-02 21:16 . 2008-05-02 21:16 <DIR> d-------- C:\Documents and Settings\gpau\Application Data\Nokia Multimedia Player
2008-04-22 08:50 . 2008-04-22 08:50 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_35901.LOG
2008-04-22 08:50 . 2008-04-22 08:50 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_41534.LOG
2008-04-22 08:50 . 2008-04-22 08:50 0 --ah----- C:\Documents and Settings\gpau\ntuser.dat_TU_35730.LOG
2008-04-20 07:50 . 2008-04-20 07:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-20 07:42 . 2008-04-20 07:42 <DIR> d-------- C:\Documents and Settings\gpau\Application Data\Malwarebytes
2008-04-20 07:42 . 2008-04-20 07:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 07:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-04-20 07:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 11:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-20 11:54 --------- d-----w C:\Program Files\Inbox
2008-05-15 10:51 --------- d-----w C:\Documents and Settings\gpau\Application Data\Juniper Networks
2008-05-14 18:05 --------- d-----w C:\Documents and Settings\gpau\Application Data\U3
2008-05-14 16:48 --------- d-----w C:\Documents and Settings\gpau\Application Data\PC Suite
2008-05-07 05:51 --------- d-----w C:\Documents and Settings\gpau\Application Data\AdobeUM
2008-05-05 18:05 --------- d-----w C:\Program Files\Corel
2008-04-20 08:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 13:57 --------- d-----w C:\Documents and Settings\gpau\Application Data\PC Tools
2008-04-19 10:28 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-19 10:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-04-19 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 13:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-16 13:51 --------- d-----w C:\Documents and Settings\gpau\Application Data\Webroot
2008-04-16 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-15 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-04-15 08:59 --------- d-----w C:\Program Files\TechSmith
2008-04-15 08:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 19:40 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-04-10 13:36 --------- d-----w C:\Program Files\Nokia
2008-04-10 13:36 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-10 13:36 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-07 16:36 --------- d-----w C:\Documents and Settings\gpau\Application Data\Windows Desktop Search
2008-04-07 16:28 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-04 13:32 --------- d-----w C:\Program Files\gMigrate
2008-03-25 07:33 --------- d-----w C:\Program Files\HP
2008-03-25 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-25 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-10 21:52 135 ----a-w C:\DelUS.bat
2008-01-27 10:28 2,566,144 ----a-w C:\Program Files\NXPowerLite30_5.msi
2005-11-04 17:15 1,228,800 ----a-w C:\Program Files\Common Files\vfp9rfra.dll
2005-11-04 17:13 4,722,688 ----a-w C:\Program Files\Common Files\vfp9r.dll
2005-11-04 17:13 3,891,200 ----a-w C:\Program Files\Common Files\vfp9t.dll
2005-11-04 16:44 1,187,840 ----a-w C:\Program Files\Common Files\VFP9RENU.DLL
2001-09-06 06:00 1,700,352 ----a-w C:\Program Files\Common Files\gdiplus.dll
2006-06-23 11:35 56 --sh--r C:\WINDOWS\system32\7D89E56B62.sys
2006-07-31 17:23 1,056 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CD1509C-BC37-4F84-B33F-9492CB212A54}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-21 21:00 344064]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 01:12 151552]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 15:57 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 15:57 512000]
"TpShocks"="TpShocks.exe" [2005-11-07 11:14 106496 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 02:22 237568]
"lcfep"="c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" [2008-04-16 15:39 270336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 14:00 33280 C:\WINDOWS\system32\rundll32.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 12:07 540672]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"ISTray"="C:\Program File perso\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\gpau\Start Menu\Programs\Startup\
DskMgr.exe [2007-09-10 15:21:02 122880]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-01 15:10:32 581693]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=WW_AddWW_Admins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=ChangePassw.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\0\0]
"Script"=TemplatesV3.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\1\0]
"Script"=CH_ZipMail.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\2\0]
"Script"=CH_Sales.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\3\0]
"Script"=CH_CSA.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\4\0]
"Script"=CreateTransfer.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\0\0]
"Script"=CH_ZipMail.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\1\0]
"Script"=CH_RunTwixUpdate.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\2\0]
"Script"=Templates.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\3\0]
"Script"=CH_IT.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\4\0]
"Script"=Templates.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ahM28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahn30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ciO85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cjq41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\flQ17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\flR20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Flr64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hoU06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ipu41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipW05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jpw06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jqx30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Krx28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ksx31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lrx51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lsx38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsY41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msY28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msY41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\muD32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nta17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouC30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qwD27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ryF53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sxE85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Syf41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vdj63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdj74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\weL42.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"CrawlerMail"="c:\progra~1\inbox\cmail.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
"SwdisUsrPCN.chn050"="c:\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "c:\Tivoli\swdis\1\wdusrpcn.env"
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"GoBoingo"=C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Danware Data\\NetOp Remote Control\\HOST\\Nhstw32.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\devolo\\informer\\devinf.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 15:58]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 14:13]
R1 NHostNT1;NetOp Driver 1 ver. 7.65 (2004317);C:\WINDOWS\system32\Drivers\NHOSTNT1.SYS [2004-11-12 07:59]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 12:18]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-12-07 01:12]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
R2 lcfd;Tivoli Endpoint;"c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe" [2008-04-16 15:39]
R2 NetOp Host for NT Service;NetOp Helper ver. 7.65 (2004317);"C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE" [2004-11-12 07:59]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R2 WENCRNT4;WENCRNT4;C:\WINDOWS\system32\Drivers\WENCRNT4.SYS [2006-05-04 23:12]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-11 01:05]
R3 NHOSTNT3;NetOp Driver 3 ver. 7.65 (2004317) (NHOSTNT3);C:\WINDOWS\system32\Drivers\NHOSTNT3.SYS [2004-11-12 07:59]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 14:13]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 18:44]
S0 Krx28;Krx28;C:\WINDOWS\system32\Drivers\Krx28.sys []
S0 Vdj63;Vdj63;C:\WINDOWS\system32\Drivers\Vdj63.sys []
S2 SwdisRestart;Software Distribution Updater;c:\Tivoli\lcf\dat\1\cache\lib\w32-ix86\swdres.exe [2006-11-29 12:59]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 16:00]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-06-06 16:22]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2004-04-26 19:11]
S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 14:12]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 14:12]
S3 ZSMC302;Q-CAM;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-01-07 15:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{634f31bb-20b9-11dd-8f44-0014a4ddee22}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{634f31f3-20b9-11dd-8f44-0014a4ddee22}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f13647-da6c-11dc-9c4c-00166f050601}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CD_Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 15:17:32 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program File perso\TuneUp Utilities 2006\SystemOptimizer.exe
"2006-06-25 07:15:49 C:\WINDOWS\Tasks\PMCS_Wakeup632868237493750000.job"
- C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
"2008-05-20 11:59:59 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 14:00:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\trip]
"ImagePath"="C:/Tivoli\trip\trip.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\trip]
"ImagePath"="C:/Tivoli\trip\trip.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\lotus\notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Tivoli\trip\trip.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Danware Data\NetOp Remote Control\HOST\NLDRW32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Danware Data\NetOp Remote Control\HOST\Nhstw32.exe
.
**************************************************************************
.
Completion time: 2008-05-20 14:06:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 12:05:53

Pre-Run: 85,402,656,768 bytes free
Post-Run: 85,291,474,944 bytes free

360 --- E O F --- 2008-05-15 11:11:26

Eric ?
Bon je considère que c'est clean ?

Re ,

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

merci Eric voici le rapport..

ComboFix 08-05-19.4 - gpau 2008-05-21 6:47:38.2 - NTFSx86
Running from: C:\Documents and Settings\gpau\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\gpau\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DelUS.bat
C:\WINDOWS\epfg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DelUS.bat
C:\WINDOWS\epfg.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-16 13:53 . 2008-05-16 13:53 <DIR> d-------- C:\Program Files\CCleaner
2008-05-16 10:43 . 2008-05-16 10:43 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-15 18:51 . 2008-05-16 14:15 <DIR> d-------- C:\Documents and Settings\gpau\Application Data\TmpRecentIcons
2008-05-15 18:02 . 2008-05-15 18:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-15 18:01 . 2008-05-15 17:55 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-15 18:01 . 2008-05-15 18:01 2,540 --a------ C:\WINDOWS\unins000.dat
2008-05-02 21:16 . 2008-05-02 21:16 <DIR> d-------- C:\Documents and Settings\gpau\Application Data\Nokia Multimedia Player
2008-04-22 08:50 . 2008-04-22 08:50 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_35901.LOG
2008-04-22 08:50 . 2008-04-22 08:50 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_41534.LOG
2008-04-22 08:50 . 2008-04-22 08:50 0 --ah----- C:\Documents and Settings\gpau\ntuser.dat_TU_35730.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 04:54 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-20 17:54 --------- d-----w C:\Program Files\Inbox
2008-05-20 13:32 --------- d-----w C:\Documents and Settings\gpau\Application Data\Juniper Networks
2008-05-14 18:05 --------- d-----w C:\Documents and Settings\gpau\Application Data\U3
2008-05-14 16:48 --------- d-----w C:\Documents and Settings\gpau\Application Data\PC Suite
2008-05-07 05:51 --------- d-----w C:\Documents and Settings\gpau\Application Data\AdobeUM
2008-05-05 18:46 27,048 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-05 18:05 --------- d-----w C:\Program Files\Corel
2008-04-20 08:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 05:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-20 05:42 --------- d-----w C:\Documents and Settings\gpau\Application Data\Malwarebytes
2008-04-20 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 13:57 --------- d-----w C:\Documents and Settings\gpau\Application Data\PC Tools
2008-04-19 10:28 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-19 10:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-04-19 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 13:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-16 13:51 --------- d-----w C:\Documents and Settings\gpau\Application Data\Webroot
2008-04-16 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-15 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-04-15 08:59 --------- d-----w C:\Program Files\TechSmith
2008-04-15 08:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 19:40 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-04-10 13:36 --------- d-----w C:\Program Files\Nokia
2008-04-10 13:36 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-10 13:36 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-07 16:36 --------- d-----w C:\Documents and Settings\gpau\Application Data\Windows Desktop Search
2008-04-07 16:28 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-04 13:32 --------- d-----w C:\Program Files\gMigrate
2008-03-25 07:33 --------- d-----w C:\Program Files\HP
2008-03-25 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-25 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-01-27 10:28 2,566,144 ----a-w C:\Program Files\NXPowerLite30_5.msi
2005-11-04 17:15 1,228,800 ----a-w C:\Program Files\Common Files\vfp9rfra.dll
2005-11-04 17:13 4,722,688 ----a-w C:\Program Files\Common Files\vfp9r.dll
2005-11-04 17:13 3,891,200 ----a-w C:\Program Files\Common Files\vfp9t.dll
2005-11-04 16:44 1,187,840 ----a-w C:\Program Files\Common Files\VFP9RENU.DLL
2001-09-06 06:00 1,700,352 ----a-w C:\Program Files\Common Files\gdiplus.dll
2006-06-23 11:35 56 --sh--r C:\WINDOWS\system32\7D89E56B62.sys
2006-07-31 17:23 1,056 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-20_14.05.25.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 11:58:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 04:53:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-05 20:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CD1509C-BC37-4F84-B33F-9492CB212A54}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-21 21:00 344064]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 01:12 151552]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 15:57 110592]
"TpShocks"="TpShocks.exe" [2005-11-07 11:14 106496 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 02:22 237568]
"lcfep"="c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" [2008-04-16 15:39 270336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 14:00 33280 C:\WINDOWS\system32\rundll32.exe]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 12:07 540672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\gpau\Start Menu\Programs\Startup\
DskMgr.exe [2007-09-10 15:21:02 122880]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-01 15:10:32 581693]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=WW_AddWW_Admins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=ChangePassw.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\0\0]
"Script"=TemplatesV3.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\1\0]
"Script"=CH_ZipMail.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\2\0]
"Script"=CH_Sales.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\3\0]
"Script"=CH_CSA.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-1780\Scripts\Logon\4\0]
"Script"=CreateTransfer.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\0\0]
"Script"=CH_ZipMail.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\1\0]
"Script"=CH_RunTwixUpdate.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\2\0]
"Script"=Templates.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\3\0]
"Script"=CH_IT.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-220523388-682003330-26752\Scripts\Logon\4\0]
"Script"=Templates.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ahM28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahn30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ciO85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cjq41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\flQ17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\flR20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Flr64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hoU06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ipu41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipW05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jpw06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jqx30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Krx28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ksx31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lrx51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lsx38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsY41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msY28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msY41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\muD32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nta17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouC30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qwD27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ryF53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sxE85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Syf41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vdj63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdj74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\weL42.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"CrawlerMail"="c:\progra~1\inbox\cmail.exe" /startup
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
"SwdisUsrPCN.chn050"="c:\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "c:\Tivoli\swdis\1\wdusrpcn.env"
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"GoBoingo"=C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
"ISTray"="C:\Program File perso\Spyware Doctor\pctsTray.exe"
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Danware Data\\NetOp Remote Control\\HOST\\Nhstw32.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\devolo\\informer\\devinf.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 15:58]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 14:13]
R1 NHostNT1;NetOp Driver 1 ver. 7.65 (2004317);C:\WINDOWS\system32\Drivers\NHOSTNT1.SYS [2004-11-12 07:59]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 12:18]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-12-07 01:12]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
R2 lcfd;Tivoli Endpoint;"c:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe" [2008-04-16 15:39]
R2 NetOp Host for NT Service;NetOp Helper ver. 7.65 (2004317);"C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE" [2004-11-12 07:59]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R2 WENCRNT4;WENCRNT4;C:\WINDOWS\system32\Drivers\WENCRNT4.SYS [2006-05-04 23:12]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-11 01:05]
R3 NHOSTNT3;NetOp Driver 3 ver. 7.65 (2004317) (NHOSTNT3);C:\WINDOWS\system32\Drivers\NHOSTNT3.SYS [2004-11-12 07:59]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 14:13]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 18:44]
S0 Krx28;Krx28;C:\WINDOWS\system32\Drivers\Krx28.sys []
S0 Vdj63;Vdj63;C:\WINDOWS\system32\Drivers\Vdj63.sys []
S2 SwdisRestart;Software Distribution Updater;c:\Tivoli\lcf\dat\1\cache\lib\w32-ix86\swdres.exe [2006-11-29 12:59]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 16:00]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-06-06 16:22]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2004-04-26 19:11]
S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 14:12]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 14:12]
S3 ZSMC302;Q-CAM;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-01-07 15:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{634f31bb-20b9-11dd-8f44-0014a4ddee22}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{634f31f3-20b9-11dd-8f44-0014a4ddee22}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f13647-da6c-11dc-9c4c-00166f050601}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CD_Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 15:17:32 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program File perso\TuneUp Utilities 2006\SystemOptimizer.exe
"2006-06-25 07:15:49 C:\WINDOWS\Tasks\PMCS_Wakeup632868237493750000.job"
- C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
"2008-05-21 08:02:39 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 09:57:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\trip]
"ImagePath"="C:/Tivoli\trip\trip.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\trip]
"ImagePath"="C:/Tivoli\trip\trip.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\lotus\notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Tivoli\trip\trip.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateApp.exe
C:\Program Files\Danware Data\NetOp Remote Control\HOST\NLDRW32.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
.
**************************************************************************
.
Completion time: 2008-05-21 10:04:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 08:03:25
ComboFix2.txt 2008-05-20 12:06:06

Pre-Run: 85,061,287,936 bytes free
Post-Run: 85,031,690,240 bytes free

355 --- E O F --- 2008-05-20 12:09:32

Bonsoir Eric,
Je fais quoi ? maintenant est-ce que je considère que c'est propre?

Tu étais bien infecté , on va quand même faire une dernière vérif ,

Télécharge ToolsCleaner2 [:eric_71:15] < ici

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés

----------------------------------------------------

Fais un scan en ligne Kaspersky [:eric_71:19] < ici avec Internet Explorer !

Clique sur Demarrer Online-Scanner ( en bas à droite )
Clique sur J'accepte , si necessaire valide l'installation des ActiveX
laisse installer les Mises à jour , choisis l'analyse du Poste de travail

à la fin de l'analyse , Sauvegarde le rapport puis colle le dans ta réponse

Si tu vois ce message : La licence de Kaspersky On-line Scanner est périmée
vas dans Ajout / Suppression de programmes et désinstalle On-Line Scanner
retourne sur le site et retente le scan

Merci Eric, je ne pourrai rien faire avant ce soir tard ou demain, donc je n'abandonne pas et je reviens bientôt. Merci encore.

Bonjour Eric,
Voilà le rapport Kapersky dis moi vite l'étape suivante, je dois partir a l'etranger pour la semaine

KASPERSKY ON-LINE SCANNER REPORT
Saturday, May 24, 2008 2:52:37 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 24/05/2008
Enregistrements dans la base antivirus Kaspersky : 712714
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
I:\
J:\
K:\
N:\
Z:\

Statistiques de l'analyse:
Total d'objets analysés: 66698
Nombre de virus trouvés: 9
Nombre d'objets infectés: 165 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:18:18

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Data\@GLASS\PALITHA (F)\autorun.inf Infecté : Worm.Win32.Small.i ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.52.Crwl L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.52.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002A.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001004D.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001004E.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy42.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_4c0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00EC0000.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01100000\493D5189.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01C00000\49C99E34.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B40000\4AB60678.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B40001\4AB60715.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03C00000.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03DC0000\4BFD3584.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\055C0000\4D7D4BAB.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06740000\4E771498.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80000\4EA9A3D0.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0000\480E46FA.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A80000\48AD754F.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280000\4929A294.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B340000\4B3626D3.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700000\4B7D491E.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC00000\4BED4EEF.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C180000.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C280000\4C2D6C4F.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C2C0001\4C2E0018.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E180000\4E3C5B88.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0000\4E3D5871.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000\4E3F067F.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E880000\4E89FE02.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EBC0000\4EBDF879.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC40000\4EED5A64.VBN Infecté : Trojan-Downloader.Win32.Agent.lxa ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580000\4F59E227.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F840000\4F870877.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00000\4FA64878.VBN Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40003.VBN/[From Netclub <news@netclub.com>][Date Fri, 14 Jan 2005 03:31:38 -0500 (EST)]/html/[From Doctor <mathog@cienciaficcion.com>][Date Fri, 14 Oct 2005 08:36:24 -0400]/UNNAMED/[From <ramonitanedd@bigsecret.com>][Date Fri, 21 Oct 2005 13:41:06 -0100]/text/[From "Adrienne Owens" <sequoia.kemble4cc3@gmail.com>][Date Tue, 1 Nov 2005 18:38:08 +0000]/text/[From "Tradecom" <tradecom@wanadoo.es>][Date Wed, 02 Nov 2005 11:29:41 -0500]/UNNAMED Infecté : Email-Worm.Win32.Bagle.eb ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40003.VBN/[From Netclub <news@netclub.com>][Date Fri, 14 Jan 2005 03:31:38 -0500 (EST)]/html/[From Doctor <mathog@cienciaficcion.com>][Date Fri, 14 Oct 2005 08:36:24 -0400]/UNNAMED/[From <ramonitanedd@bigsecret.com>][Date Fri, 21 Oct 2005 13:41:06 -0100]/text/[From "Adrienne Owens" <sequoia.kemble4cc3@gmail.com>][Date Tue, 1 Nov 2005 18:38:08 +0000]/text Infecté : Email-Worm.Win32.Bagle.eb ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40003.VBN/[From Netclub <news@netclub.com>][Date Fri, 14 Jan 2005 03:31:38 -0500 (EST)]/html/[From Doctor <mathog@cienciaficcion.com>][Date Fri, 14 Oct 2005 08:36:24 -0400]/UNNAMED/[From <ramonitanedd@bigsecret.com>][Date Fri, 21 Oct 2005 13:41:06 -0100]/text Infecté : Email-Worm.Win32.Bagle.eb ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40003.VBN/[From Netclub <news@netclub.com>][Date Fri, 14 Jan 2005 03:31:38 -0500 (EST)]/html/[From Doctor <mathog@cienciaficcion.com>][Date Fri, 14 Oct 2005 08:36:24 -0400]/UNNAMED Infecté : Email-Worm.Win32.Bagle.eb ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40003.VBN/[From Netclub <news@netclub.com>][Date Fri, 14 Jan 2005 03:31:38 -0500 (EST)]/html Infecté : Email-Worm.Win32.Bagle.eb ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40003.VBN MailBerkeleymboxx: infecté - 5 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40003.VBN CryptZ: infecté - 5 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Jenifer" <mysticvalleyfarm@yahoo.com>][Date Sat, 08 Jan 2005 17:35:15 +0000]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html/[From "Edmundo" <missiamrericianbreiauty@yiahoo.com>][Date Wed, 12 Jan 2005 22:14:12 +0000]/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html/[From "Hayley" <pentongc@cnnet.com.au>][Date Sat, 15 Jan 2005 17:39:02 +0000]/html/[From infodeia@deia.com][Date Tue, 18 Jan 2005 21:03:22 +0100]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html/[From "Hayley" <pentongc@cnnet.com.au>][Date Sat, 15 Jan 2005 17:39:02 +0000]/html/[From "eBay" <eBay@reply.ebay.com>][Date Wed, 19 Jan 2005 02:03:27 -0800]/UNNAMED/[From mailing@solypresse.com][Date 28 Jan 2005 12:37:57 -0000]/yours.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html/[From "Hayley" <pentongc@cnnet.com.au>][Date Sat, 15 Jan 2005 17:39:02 +0000]/html/[From "eBay" <eBay@reply.ebay.com>][Date Wed, 19 Jan 2 ... ... /[From mailing@aquarelle.com][Date Tue, 1 Feb 2005 12:50:52 +0100 (MET)]/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html/[From "Hayley" <pentongc@cnnet.com.au>][Date Sat, 15 Jan 2005 17:39:02 +0000]/html/[From "eBay" <eBay@reply.ebay.com>][Date Wed, 19 Jan 2 ... /[From "D1sc0unt Pharm ... /[From lhw@sfs.org.sg][Date Sun, 6 Feb 2005 ... /your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html/[From "Hayley" <pentongc@cnnet.com.au>][Date Sat, 15 Jan 2005 17:39:02 +0000]/html/[From "eBay" <eBay@reply.ebay.com>][Date Wed, 19 Jan 2 ... /[From "D1sc0unt Pharm ... /[From lhw@sfs.org.sg][Date Sun, 6 Feb 2005 18:44:44 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html/[From "Hayley" <pentongc@cnnet.com.au>][Date Sat, 15 Jan 2005 17:39:02 +0000]/html/[From "eBay" <eBay@reply.ebay.com>][Date Wed, 19 Jan 2 ... /[From "D1sc0unt Pharmacy" <xwmuldgthn@wanadoo.fr>][Date Mon, 31 Jan 2005 05:31:16 +1000]/text Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html/[From "Hayley" <pentongc@cnnet.com.au>][Date Sat, 15 Jan 2005 17:39:02 +0000]/html/[From "eBay" <eBay@reply.ebay.com>][Date Wed, 19 Jan 2005 02:03:27 -0800]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html/[From "Hayley" <pentongc@cnnet.com.au>][Date Sat, 15 Jan 2005 17:39:02 +0000]/html Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html/[From "Dorcas" <sales@paddleducks.com>][Date Wed, 12 Jan 2005 18:23:03 +0000]/html Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text/[From "Marceline" <sales@3koenige.com>][Date Mon, 10 Jan 2005 06:47:19 +0000]/html Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN/[From "Mika Salonen" <software@mikasalonen.com>][Date Fri, 7 Jan 2005 04:25:07 +0200]/text Infecté : Email-Worm.Win32.NetSky.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN MailBerkeleymboxx: infecté - 13 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40004.VBN CryptZ: infecté - 13 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100]/U ... /[From "Ber .. ... /[Fr ... /[From B.Martin <ubens_du_13@hotmail.com ... /reclame.mess ... /dscn0058.bat Infecté : Trojan-Dropper.Win32.Agent.xt ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100]/U ... /[From "Ber .. ... /[Fr ... /[From B.Martin <ubens_du_13@hotmail.com ... /reclame.messenger.dscn0058.zip Infecté : Trojan-Dropper.Win32.Agent.xt ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... /[From Pierre <francois.bezel@libertysurf.fr>][Date sam., 13 janv. 2007]/link.ecarte. ... /card.id4323.com Infecté : Email-Worm.Win32.Zafi.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... /[From Pierre <francois.bezel@libertysurf.fr>][Date sam., 13 janv. 2007]/link.ecarte.christmas.gif0080.zip Infecté : Email-Worm.Win32.Zafi.d ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[From "Haven ... /[From AFPA <claude.marlien.chevigny@wanadoo.fr>][Date lun., 1 ... /Contactenos.com Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[From "Haven ... /[From AFPA <claude.marlien.chevigny@w ... /link.zdnet.fr.ecarte.index.php34b31.pif Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[From "Haven ... /[From AFPA <claude.marlien.chevigny@wanadoo.fr>][Date lun., 15 janv. 2007]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . . ... /[ ... /[From "Leckie Josie" ... /[From HPenztar <inet@mi ... /link.zdnet.fr.ecarte.index.php34b31.pif Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . . ... /[ ... /[From "Leckie Josie" ... /[From HPenztar <inet@microsoft.com>][Date Sze, 17 jan. 2007]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . . ... /[ ... /[From "Leckie Josie" <dalekylaskyui@bevcomm.net>][Date Wed, 17 Jan 2007 10:12:32 +0300]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . . ... /[From "Speck B. Reproachfully" <ibs@goldenovaleggs.com>][Date Wed, 17 Jan 2007 04:01:14 +0000]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[From "Rajya Tunnell" <nyeu@hawaiianstylewebsites.com>][Date Tue, 16 Jan 2007 22:59:34 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[ . ... /[From Brian ... /[From door <zbasis@ftse.com>][Date Wed, 17 Jan 2007 00:44:00 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[ . ... /[From Briana P.Ashby <mdensity@shakomako.net>][Date Wed, 17 Jan 2007 00:43:27 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[ ... /[ ... /[From Wm Barnes <ljhart@ccnmatthews.com>][Date Wed, 17 Jan 2007 00:39:17 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[ ... /[From D ... /[From "Recettes" <logo@empleonuevo.com>][Date 16 Jan 2007 21:53:54 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[ ... /[From Desiree Goins <xocommitment@cuttedge.com>][Date Tue, 16 Jan 2007 18:28:52 +0000]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[ ... ... /[From static the <yywthanks@dentrassis.com>][Date Tue, 16 Jan 2007 21:20:03 +0300]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[ ... ... /[From Teddy Lockhart <zwflux@laparkan.com>][Date Tue, 16 Jan 2007 19:20:07 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[ ... /[From Emerson Z.Burks <pkuscenic@idcmotion.com>][Date Tue, 16 Jan 2007 19:15:53 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[From "P ... /[From Grattage.com <register@caloga.com>][Date Tue, 16 Jan 2007 17:47:47 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[From "Pa ... /[Fro ... /[From Marco <Bret@wanadoo.fr>][Date Tue, 16 Jan 2007 16:10:51 +0000]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[From "Pa ... /[From quite on <wapparatus@firstam.com>][Date Tue, 16 Jan 2007 15:51:49 +0000]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . .. ... /[From "Parker Busbyzo" <jjuicesm@sternestackhouse.com>][Date Tue, 16 Jan 2007 16:38:26 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[From " ... /[From "BOYCE LINDSEY" <fvgrcbokq@caller.com>][Date Tue, 16 Jan 2007 07:31:04 -0800]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[From " ... /[From "Stanton" <a-mancillatwg@abrac.com.br>][Date Tue, 16 Jan 2007 16:01:57 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[From "Freckle L. Shimmies" <r_china@globalenviroinc.com>][Date Tue, 16 Jan 2007 10:48:38 +0000]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... ... /[From "Cognomen L. Wallaby" <minor@glorioustour.com>][Date Tue, 16 Jan 2007 18:20:28 +0000]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... / ... /[From "Shawanda Wells" <shoichihamadageg@g-n-c.biz>][Date Tue, 16 Jan 2007 08:48:05 +0000]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... / ... /[From "M ... /[From "install new" <judge@flipside.co.uk>][Date 16 Jan 2007 09:39:31 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... / ... /[From "Marcella Holliday" <blcasteth@irklavimas.lt>][Date Tue, 16 Jan 2007 02:39:11 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[From " .. ... /[From "Alive Xtreme" <Rings@essencesuites.com>][Date 16 Jan 2007 01:47:48 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[From " ... /[From "ERWIN VIOLET" <vwbrlnpjfjfn@fast.net>][Date Mon, 15 Jan 2007 16:36:34 -0800]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[From "Britt Snyder" <johnhollingergsbq@degraafschap.com>][Date Tue, 16 Jan 2007 01:04:10 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[Fro ... /[From Wallace P.Arias <fsdirections@fabiny.com>][Date Mon, 15 Jan 2007 17:56:41 -0600]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[From ... /[F ... /[From brush <qthorough@johnrellis.com>][Date Tue, 16 Jan 2007 01:46:43 +0200]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[From ... /[From "Kelia Steinke" <bec@captainsparkle.com>][Date Mon, 15 Jan 2007 19:14:21 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 . ... /[From "Twana Martinez" <dlcooperrb@franchiseinvestor.com>][Date Mon, 15 Jan 2007 19:05:43 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[Fro ... ... /[From figures a <sping@sprinternet.com>][Date Mon, 15 Jan 2007 11:19:07 -0800]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[Fro ... /[Fr ... /[From delivery <rvbriefs@slam.com>][Date Mon, 15 Jan 2007 17:21:41 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[Fro ... /[From Michelle Bowden <dsage@farmstead.com>][Date Mon, 15 Jan 2007 10:21:00 -0600]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[From "Preamble D. Injunctions" <gcawood@gotimer.com>][Date Mon, 15 Jan 2007 21:48:39 +0000]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. .. ... /[ .. ... ... /[From colored <ajibelieve@brg.com>][Date Mon, 15 Jan 2007 13:37:02 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. .. ... /[ .. ... /[From radical by <ddonor@usachoice.net>][Date Mon, 15 Jan 2007 21:33:34 +0900]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. .. ... /[ ... /[From Sheila J.Cleveland <isalad@ifun.com>][Date Mon, 15 Jan 2007 13:33:24 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. .. ... /[ ... /[From school as <kwyvessel@palmbeachfl.com>][Date Mon, 15 Jan 2007 15:25:44 +0300]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. .. ... /[From Groupe France Mutuelle <register@caloga.com>][Date Mon, 15 Jan 2007 12:45:40 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[From "Haven ... /[From AFPA <claude.marlien.chevigny@wanadoo.fr>][Date lun., 15 janv. 2007]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[From "Haven De ... /[From honors <iczsixty@idig.net>][Date Mon, 15 Jan 2007 11:13:34 +0300]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. .. ... /[From "Haven Debose" <stefanaygala@falcon.tamucc.edu>][Date Mon, 15 Jan 2007 13:37:33 +0500]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. ... / ... /[ ... /[From "USA" <Neonnbv@californiapsychic.com>][Date Mon, 15 Jan 2007 09:50:43 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. ... / ... /[F ... /[From "Agustin Babb" <imerry@elitists.com>][Date Sun, 14 Jan 2007 19:15:16 -0500]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. ... / ... /[From "Sto ... /[From "items are" <exciting@esadev.com>][Date 15 Jan 2007 01:17:57 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. ... / ... /[From "Stone Trinidad" <xsbtokkkhwgy@thunderball.net>][Date Sun, 14 Jan 2007 23:36:42 -0000]/text Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 .. ... /[From Harrison O.Jamison <nfznutrition@marketletter.com>][Date Sun, 14 Jan 2007 20:31:43 -0200]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... ... /[Fr ... ... /[From Carter G.Morrow <lstyle@necusa.com>][Date Sun, 14 Jan 2007 22:57:33 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... ... /[Fr ... /[From "Antoine" <acerpcprinu@interbusiness.it>][Date Sun, 14 Jan 2007 21:40:22 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... ... /[From ... ... /[From Fern D.Stewart <hilrally@tics.net>][Date Mon, 15 Jan 2007 21:39:10 +0700]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... ... /[From ... /[From "Isabel Morton" <vcronald@azrharn.net>][Date Sun, 14 Jan 2007 17:42:29 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... ... /[From " ... /[From "Christer Remer" <caro@oakbaybc.org>][Date Sun, 14 Jan 2007 15:33:33 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... ... /[From "Hospital" <GearyNancyua@century21concept100.com>][Date Sun, 14 Jan 2007 15:33:14 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... /[From ... /[From "Mohammed Oathout" <truitto@gadenver.com>][Date Sun, 14 Jan 2007 14:41:05 +0300]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... /[From "Maryellen Mcfarla ... /[From "Name" <zip@exfo.ntu.edu.tw>][Date 14 Jan 2007 12:12:32 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11A40006.VBN/[From "Clayton Douglas" <DouglaspGuysangaree@fantasyflightgames.com>][Date Wed, 10 Jan 2007 10:43:01 +0600]/UNNAMED/[From "Converter" <we@fya.upmesystase.com>][Date 10 Jan 2007 18:51:01 +0100]/UNNAMED/[From "Jaime Brunelle" <gatesy@kays-dehoff.com>][Date Wed, 10 Jan 2007 19:28:11 +0100]/UNNAMED/[From forefront in <hnhoffice@highnoonfilm.com>][Date Wed, 10 Jan 2007 23:56:03 +0100 ... /[From "Maryellen Mcfarland" <pbideuterium@cosmicwealth.com>][Date Sun, 14 Jan 2007 11:35:14 +0100]/UNNAMED Infecté : Email-Worm.Win32.Zafi.b ignoré
C:\Documents and Settings\All User

Re ,

Supprime ce fichier : C:\Data\@GLASS\PALITHA (F)\autorun.inf

Le reste est dans la quarantaine de ton antivirus

Tu as toujours des problèmes ?

Ok je vais le supprimer; Non apparemment plus de problèmes. Est-ce que je dois et je peux supprimer ce qui est dans la quarantaine? je voudrais vraiment eliminer tout et meme ce qui est inactif et mis de coté.
Autre question puis-je creér un point de restauration maintenant?

Re ,

Oui , tu peux vider la quarantaine sans problème

Et oui tu peux créer un nouveau point de restauration , on va même faire plus simple , le tool suivant va supprimer les logiciels utilisés pour la désinfection et il y à une option pour créer un nouveau point :

Télécharge ToolsCleaner2 [:eric_71:15] < ici

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés

Merci Eric, vraiment sympa et efficace.

De rien  

Clique, dans ton premier message, sur le bouton "Editer"
Ajoute [Résolu] au titre
Clique ensuite sur "Valider votre message"



Bonne continuation