Message: Warning! potential spyware operation

Résolu
gringosky -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Depuis hier aprem, j'ai une fenetre windows security alert qui s'ouvre "Warning! potential spyware operation".
Depuis qu'elle s'affiche, je n'ai plus accès ni au panneau de configuration, ni aux registres, ni à la fenetre qui s'ouvre après ctrl alt suppr (message d'erreur comme quoi je ne suis pas administrateur, alors que je suis administrateur et seul utilisateur de ce pc perso (XP home)).
L'affichage du message "Warning! potential spyware operation" et les restrictions administrateur s'opèrent aussi en mode sans échec.

J'ai exécuté AVG et Spybot en mode sans échec à plusieurs reprises.
Ré-apparaissent à chaque fois sur AVG "Heuristic.win32.dialer" et "trojan.qhost.my", même si je les mets en quarantaine à chaque fois puis que je les détruis.
De plus, à chaque ouverture de windows, j'ai maintenant le message relatif à C:\WINDOWS\System32\printer.exe qui s'affiche (comme quoi il ne le trouve plus).
Enfin, impossible de faire une restauration du système à une date antérieure.
J'exécute actuellement un scan du pc à l'aide de bitdefender online, comme celà a été conseillé dans un autre post.

Avez vous déjà rencontré ce problème?
Si oui, que puis je faire d'autre que ce que je fais actuellement, afin d'avoir de nouveau accès aux droits administrateurs et ne plus avoir le message "Warning! potential spyware operation"?
Merci d'avance.
Configuration: Windows XP
Internet Explorer 6.0

21 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,
    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

    3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

    ____________

    colle le rapport avg antispyware
    0
  2. gringosky
     
    Bonjour,
    merci de m'aider.
    J'ai téléchargé le SmitfraudFix et l'ai lancé (étape '1' - rapport ci dessous).
    a noter que lors de son exécution, plusieurs fenetres relatives à l'impossibilité d'accéder aux registres par limitation des droits administrateurs se sont ouvertes.

    Pour l'étape '2', je redémarrerai le pc en mode sans échec une fois le scan de bitdefender terminé (je transmettrai le rapport à ce moment).
    J'effecteurai une nouvelle anayle AVG Spyware en parallèle et transmettrai le rapport.

    SmitFraudFix v2.240

    Rapport fait à 11:14:06,98, 18/10/2007
    Executé à partir de C:\WINDOWS\BDOSCAN8\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\VirusGarde\stmon.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    127.0.0.1 legal-at-spybot.info
    127.0.0.1 www.legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\printer.exe PRESENT !
    C:\WINDOWS\system32\sulimo.dat PRESENT !
    C:\WINDOWS\system32\vtr???.dll PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    C:\DOCUME~1\HP_ADM~1\MENUDM~1\PROGRA~1\DMARRA~1\system.exe PRESENT !
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autorun.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\WINDOWS\\system32\\sulimo.dat"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    Description: Wireless PCI 802.11b/g adapter WN4201B - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 213.228.0.23
    DNS Server Search Order: 212.27.32.176

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8065FA02-E52A-443D-873E-58DEC07F2D81}: NameServer=213.228.0.23,212.27.32.176
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F10D2860-EFA5-42FC-930E-D6C89E7D55E6}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8065FA02-E52A-443D-873E-58DEC07F2D81}: NameServer=213.228.0.23,212.27.32.176
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F10D2860-EFA5-42FC-930E-D6C89E7D55E6}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{8065FA02-E52A-443D-873E-58DEC07F2D81}: NameServer=213.228.0.23,212.27.32.176
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F10D2860-EFA5-42FC-930E-D6C89E7D55E6}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais bien smitfraud fix deuxieme partie car il a trouvé des infections!

    0
  4. gringosky
     
    Ci dessous le rapportde BitDefender.
    Je passe en mode sans echec.
    @+

    BitDefender Online Scanner

    Scan report generated at: Thu, Oct 18, 2007 - 12:10:36

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

    Statistics

    Time
    01:34:19

    Files
    436287

    Folders
    7282

    Boot Sectors
    3

    Archives
    40197

    Packed Files
    22697

    Results

    Identified Viruses
    141

    Infected Files
    197

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    206

    Engines Info

    Virus Definitions
    827131

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\system.exe
    Infected with: Trojan.Peed.JZ

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\system.exe
    Disinfection failed

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\system.exe
    Deleted

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
    Infected with: Trojan.Peed.JZ

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
    Disinfection failed

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
    Delete failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java-35010e04-31033e8e.zip=>BaaaaBaa.class
    Infected with: Trojan.Exploit.Byteverify.AF

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java-35010e04-31033e8e.zip=>BaaaaBaa.class
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java-35010e04-31033e8e.zip=>BaaaaBaa.class
    Deleted

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java-35010e04-31033e8e.zip
    Updated

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java-35010e04-31033e8e.zip=>Dvnny.class
    Infected with: Java.Trojan.Exploit.Bytverify

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java-35010e04-31033e8e.zip=>Dvnny.class
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java-35010e04-31033e8e.zip=>Dvnny.class
    Deleted

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java-35010e04-31033e8e.zip
    Updated

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>BaaaaBaa.class
    Infected with: Java.Trojan.Exploit.Bytverify

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>BaaaaBaa.class
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>BaaaaBaa.class
    Deleted

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip
    Updated

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>VaaaaaaaBaa.class
    Infected with: Trojan.Java.ClassLoader.D

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>VaaaaaaaBaa.class
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>VaaaaaaaBaa.class
    Deleted

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip
    Updated

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dvnny.class
    Infected with: Java.Trojan.Exploit.Bytverify

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dvnny.class
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dvnny.class
    Deleted

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip
    Updated

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Baaaaa.class
    Infected with: Java.Trojan.Exploit.Bytverify.I

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Baaaaa.class
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Baaaaa.class
    Deleted

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip
    Updated

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dex.class
    Infected with: Trojan.Classloader.G

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dex.class
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dex.class
    Deleted

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip
    Updated

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dix.class
    Infected with: Trojan.Java.ClassLoader.D

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dix.class
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dix.class
    Deleted

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip
    Updated

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dux.class
    Infected with: Trojan.Java.ClassLoader.D

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dux.class
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip=>Dux.class
    Deleted

    C:\Documents and Settings\HP_Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-997dd73-285f2500.zip
    Updated

    C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\kazaaspeedup.exe=>(VISE Installer o)=>msbb.exe
    Infected with: Trojan.Dialer.BJ

    C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\kazaaspeedup.exe=>(VISE Installer o)=>msbb.exe
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\kazaaspeedup.exe=>(VISE Installer o)=>msbb.exe
    Deleted

    C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\kazaaspeedup.exe=>(VISE Installer o)
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 725)
    Infected with: Generic.Peed.Eml.7C159879

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 725)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 725)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 730)
    Infected with: Generic.Peed.Eml.E5873A83

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 730)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 730)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 748)
    Infected with: Generic.Peed.Eml.771BCF09

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 748)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 748)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 769)
    Infected with: Generic.Peed.Eml.85DDB835

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 769)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 769)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 794)
    Infected with: Generic.Peed.Eml.E6378384

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 794)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 794)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 797)
    Infected with: Generic.Peed.Eml.B3DAAD5B

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 797)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 797)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 798)
    Infected with: Generic.Peed.Eml.844A33E5

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 798)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 798)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 803)
    Infected with: Generic.Peed.Eml.91A069D4

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 803)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 803)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 804)
    Infected with: Generic.Peed.Eml.2B319AB6

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 804)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 804)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 805)
    Infected with: Generic.Peed.Eml.412EF583

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 805)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 805)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 806)
    Infected with: Generic.Peed.Eml.21FA3391

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 806)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 806)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 811)
    Infected with: Generic.Peed.Eml.A641B708

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 811)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 811)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 812)
    Infected with: Generic.Peed.Eml.AE149538

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 812)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 812)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 814)
    Infected with: Generic.Peed.Eml.C3155A01

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 814)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 814)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 818)
    Infected with: Generic.Peed.Eml.F56808BA

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 818)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 818)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 820)
    Infected with: Generic.Peed.Eml.2CEA8013

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 820)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 820)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 823)
    Infected with: Generic.Peed.Eml.30E51E9A

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 823)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 823)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 826)
    Infected with: Generic.Peed.Eml.2C219030

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 826)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 826)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 827)
    Infected with: Generic.Peed.Eml.E99BEED6

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 827)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 827)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 828)
    Infected with: Generic.Peed.Eml.C055ADC5

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 828)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 828)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 829)
    Infected with: Generic.Peed.Eml.E28A42D7

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 829)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 829)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 833)
    Infected with: Generic.Peed.Eml.1535FAA2

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 833)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 833)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 840)
    Infected with: Generic.Peed.Eml.60D2597C

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 840)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 840)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 843)
    Infected with: Generic.Peed.Eml.06066054

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 843)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 843)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 845)
    Infected with: Generic.Peed.Eml.1DB029F7

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 845)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 845)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 850)
    Infected with: Generic.Peed.Eml.1F1745C4

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 850)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 850)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 852)
    Infected with: Generic.Peed.Eml.50779EB2

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 852)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 852)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 853)
    Infected with: Generic.Peed.Eml.40594FAB

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 853)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 853)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 858)
    Infected with: Generic.Peed.Eml.07E3E57E

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 858)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 858)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 866)
    Infected with: Generic.Peed.Eml.8E032B2E

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 866)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 866)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 867)
    Infected with: Generic.Peed.Eml.31A067A2

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 867)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 867)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 873)
    Infected with: Generic.Peed.Eml.058FAE91

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 873)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 873)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 878)
    Infected with: Generic.Peed.Eml.D32BBF88

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 878)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 878)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 883)
    Infected with: Generic.Peed.Eml.0B4228BE

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 883)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 883)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 885)
    Infected with: Generic.Peed.Eml.8571E6D3

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 885)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 885)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 891)
    Infected with: Generic.Peed.Eml.B7F81244

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 891)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 891)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 892)
    Infected with: Generic.Peed.Eml.4557C9E1

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 892)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 892)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 893)
    Infected with: Generic.Peed.Eml.DF57071A

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 893)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 893)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 894)
    Infected with: Generic.Peed.Eml.739EBEA7

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 894)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 894)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 896)
    Infected with: Generic.Peed.Eml.2E256AC6

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 896)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 896)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 897)
    Infected with: Generic.Peed.Eml.6281C9A3

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 897)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 897)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 898)
    Infected with: Generic.Peed.Eml.4433921E

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 898)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 898)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 899)
    Infected with: Generic.Peed.Eml.9E7E453A

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 899)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 899)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 903)
    Infected with: Generic.Peed.Eml.28DBFAB0

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 903)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 903)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 907)
    Infected with: Generic.Peed.Eml.82DD965B

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 907)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 907)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 909)
    Infected with: Generic.Peed.Eml.39F41B5F

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 909)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 909)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 912)
    Infected with: Generic.Peed.Eml.323DBCD8

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 912)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 912)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 916)
    Infected with: Generic.Peed.Eml.978D23A4

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 916)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 916)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 920)
    Infected with: Generic.Peed.Eml.2847BBC1

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 920)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 920)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 922)
    Infected with: Generic.Peed.Eml.F667DBDD

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 922)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 922)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 923)
    Infected with: Generic.Peed.Eml.58EF75AE

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 923)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 923)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 927)
    Infected with: Generic.Peed.Eml.2236AC01

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 927)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 927)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 930)
    Infected with: Generic.Peed.Eml.A62D599E

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 930)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 930)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 933)
    Infected with: Generic.Peed.Eml.8ACF7800

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 933)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 933)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 939)
    Infected with: Generic.Peed.Eml.379A56CC

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 939)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 939)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 943)
    Infected with: Generic.Peed.Eml.C3EF8CF8

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 943)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 943)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 945)
    Infected with: Generic.Peed.Eml.68D8EDA1

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 945)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 945)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 949)
    Infected with: Generic.Peed.Eml.09D05CD3

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 949)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 949)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 951)
    Infected with: Generic.Peed.Eml.7788CBEE

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 951)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 951)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 953)
    Infected with: Generic.Peed.Eml.9EA380FB

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 953)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 953)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 955)
    Infected with: Generic.Peed.Eml.5F2BE7B2

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 955)
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 955)
    Deleted

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx
    Update failed

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 960)
    Infected with: Generic.Peed.Eml.11F2917A

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fait la deuxieme partie de smitfraudfix

    _________________

    toutes ces infections sont dans ta messageries outlook express donc vire les messages de ta corbeille et ceux que tu ne connais pas!

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Identities\{FBBA69F1-AF6E-40DC-A91C-CBA0B621E1C4}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 725)
    Infected with: Generic.Peed.Eml.7C159879

    _________________
    installe la nouvelle version java:
    https://www.java.com/fr/

    puis vas dans panneau de configuration puis AJOUT/SUPPRESSION DE PROG et supprime l'ancienne version java

    __________________

    colle le rapport AVG antispyware
    _________________

    Télécharge ce tool de sUBs :

    http://www.techsupportforum.com/sectools/Hacked_by_Godzilla_Remover.exe

    Double-clique dessus et laisse-toiguider.

    ____________________

    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    • Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    • Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    • Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

    http://kerio.probb.fr/tuto-Clean-h37.html
    ______________________

    refait un scan en ligne et colle le rapport

    _______________________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  7. gringosky
     
    Ci dessous la deuxieme partie de smitfraudfix.
    J'ai de nouveau accès à ctrl alt suppr, au panneau de configuration, mais toujours pas aux registres.
    D'ailleurs, à chaque fois que smitfraudfix voulait accéder à la modification d'un registre, une fenetre windows security alert s'ouvrait pour dire que je n'avais pas les droits administrateurs.
    Sinon, la fenetre fenetre windows security alert "Warning! potential spyware operation" semble ne plus s'ouvrir...
    En revanche, toujours le message à l'ouverture de windows concernant C:\WINDOWS\System32\printer.exe.
    Peux tu continuer à m'aider à faire les modifications requises pour les registres stp?
    Merci d'avance.
    @+

    SmitFraudFix v2.240

    Rapport fait à 12:27:07,34, 18/10/2007
    Executé à partir de C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    192.168.200.3 ad.doubleclick.net
    192.168.200.3 ad.fastclick.net
    192.168.200.3 ads.fastclick.net
    192.168.200.3 atdmt.com
    192.168.200.3 awaps.net
    192.168.200.3 banner.fastclick.net
    192.168.200.3 banners.fastclick.net
    192.168.200.3 click.atdmt.com
    192.168.200.3 clicks.atdmt.com
    192.168.200.3 engine.awaps.net
    192.168.200.3 fastclick.net
    192.168.200.3 ftp.avp.ch
    192.168.200.3 ftp.kasperskylab.ru
    192.168.200.3 updates5.kaspersky-labs.com
    192.168.200.3 www.awaps.net
    192.168.200.3 www.viruslist.ru
    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com
    127.0.0.1 1001-search.info
    127.0.0.1 www.1001-search.info
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 132.com
    127.0.0.1 www.132.com
    127.0.0.1 136136.net
    127.0.0.1 www.136136.net
    127.0.0.1 139mm.com
    127.0.0.1 www.139mm.com
    127.0.0.1 163ns.com
    127.0.0.1 www.163ns.com
    127.0.0.1 171203.com
    127.0.0.1 17-plus.com
    127.0.0.1 1800searchonline.com
    127.0.0.1 www.1800searchonline.com
    127.0.0.1 180searchassistant.com
    127.0.0.1 www.180searchassistant.com
    127.0.0.1 180solutions.com
    127.0.0.1 www.180solutions.com
    127.0.0.1 181.365soft.info
    127.0.0.1 www.181.365soft.info
    127.0.0.1 1987324.com
    127.0.0.1 www.1987324.com
    127.0.0.1 1-domains-registrations.com
    127.0.0.1 www.1-domains-registrations.com
    127.0.0.1 1-extreme.biz
    127.0.0.1 www.1-extreme.biz
    127.0.0.1 1sexparty.com
    127.0.0.1 www.1sexparty.com
    127.0.0.1 1stantivirus.com
    127.0.0.1 www.1stantivirus.com
    127.0.0.1 1stpagehere.com
    127.0.0.1 www.1stpagehere.com
    127.0.0.1 1stsearchportal.com
    127.0.0.1 www.1stsearchportal.com
    127.0.0.1 2.82211.net
    127.0.0.1 www.2006ooo.com
    127.0.0.1 2007-download.com
    127.0.0.1 www.2007-download.com
    127.0.0.1 2020search.com
    127.0.0.1 www.2020search.com
    127.0.0.1 20x2p.com
    127.0.0.1 24.365soft.info
    127.0.0.1 www.24.365soft.info
    127.0.0.1 24-7pharmacy.info
    127.0.0.1 www.24-7pharmacy.info
    127.0.0.1 24-7searching-and-more.com
    127.0.0.1 www.24-7searching-and-more.com
    127.0.0.1 24teen.com
    127.0.0.1 www.24teen.com
    127.0.0.1 2every.net
    127.0.0.1 www.2every.net
    127.0.0.1 2ndpower.com
    127.0.0.1 2search.com
    127.0.0.1 www.2search.com
    127.0.0.1 2search.org
    127.0.0.1 www.2search.org
    127.0.0.1 2squared.com
    127.0.0.1 www.2squared.com
    127.0.0.1 3322.org
    127.0.0.1 www.3322.org
    127.0.0.1 365soft.info
    127.0.0.1 36site.com
    127.0.0.1 www.36site.com
    127.0.0.1 3721.com
    127.0.0.1 39-93.com
    127.0.0.1 3abetterinternet.com
    127.0.0.1 www.3abetterinternet.com
    127.0.0.1 3bay.it
    127.0.0.1 www.3bay.it
    127.0.0.1 3ebay.it
    127.0.0.1 www.3ebay.it
    127.0.0.1 404dns.com
    127.0.0.1 www.404dns.com
    127.0.0.1 4199.com
    127.0.0.1 www.4199.com
    127.0.0.1 4corn.net
    127.0.0.1 www.4corn.net
    127.0.0.1 4ebay.it
    127.0.0.1 www.4ebay.it
    127.0.0.1 4klm.com
    127.0.0.1 4repubblica.it
    127.0.0.1 www.4repubblica.it
    127.0.0.1 4softget.com
    127.0.0.1 www.4softget.com
    127.0.0.1 5iscali.it
    127.0.0.1 www.5iscali.it
    127.0.0.1 5repubblica.it
    127.0.0.1 www.5repubblica.it
    127.0.0.1 5starvideos.com
    127.0.0.1 www.5starvideos.com
    127.0.0.1 5tiscali.it
    127.0.0.1 www.5tiscali.it
    127.0.0.1 5zgmu7o20kt5d8yq.com
    127.0.0.1 www.5zgmu7o20kt5d8yq.com
    127.0.0.1 6iscali.it
    127.0.0.1 www.6iscali.it
    127.0.0.1 6sek.com
    127.0.0.1 www.6sek.com
    127.0.0.1 6tiscali.it
    127.0.0.1 www.6tiscali.it
    127.0.0.1 7322.com
    127.0.0.1 www.7322.com
    127.0.0.1 75tz.com
    127.0.0.1 777search.com
    127.0.0.1 www.777search.com
    127.0.0.1 777top.com
    127.0.0.1 www.777top.com
    127.0.0.1 7939.com
    127.0.0.1 www.7939.com
    127.0.0.1 7search.com
    127.0.0.1 www.7search.com
    127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
    127.0.0.1 82211.net
    127.0.0.1 8866.org
    127.0.0.1 888.com
    127.0.0.1 www.888.com
    127.0.0.1 8ad.com
    127.0.0.1 www.8ad.com
    127.0.0.1 9505.com
    127.0.0.1 www.9505.com
    127.0.0.1 971searchbox.com
    127.0.0.1 www.971searchbox.com
    127.0.0.1 a.bestmanage.org
    127.0.0.1 aaasexypics.com
    127.0.0.1 aaawebfinder.com
    127.0.0.1 www.aaawebfinder.com
    127.0.0.1 aavc.com
    127.0.0.1 abc-find.info
    127.0.0.1 www.abc-find.info
    127.0.0.1 abetterinternet.com
    127.0.0.1 www.abetterinternet.com
    127.0.0.1 abnetsoft.info
    127.0.0.1 www.abnetsoft.info
    127.0.0.1 aboutclicker.com
    127.0.0.1 www.aboutclicker.com
    127.0.0.1 abrp.net
    127.0.0.1 www.abrp.net
    127.0.0.1 absolutee.com
    127.0.0.1 www.absolutee.com
    127.0.0.1 abyssmedia.com
    127.0.0.1 www.abyssmedia.com
    127.0.0.1 ac66.cn
    127.0.0.1 www.ac66.cn
    127.0.0.1 access.Navinetwork.com
    127.0.0.1 access.rapid-pass.net
    127.0.0.1 accessactivexvideo.com
    127.0.0.1 www.accessactivexvideo.com
    127.0.0.1 accessclips.com
    127.0.0.1 www.accessclips.com
    127.0.0.1 access-dvd.com
    127.0.0.1 www.access-dvd.com
    127.0.0.1 accesskeygenerator.com
    127.0.0.1 www.accesskeygenerator.com
    127.0.0.1 accessorygeeks.com
    127.0.0.1 www.accessorygeeks.com
    127.0.0.1 accessthefuture.net
    127.0.0.1 www.accessthefuture.net
    127.0.0.1 accessvid.net
    127.0.0.1 www.accessvid.net
    127.0.0.1 acemedic.com
    127.0.0.1 www.acemedic.com
    127.0.0.1 ace-webmaster.com
    127.0.0.1 www.ace-webmaster.com
    127.0.0.1 acjp.com
    127.0.0.1 acrobat-2007.com
    127.0.0.1 www.acrobat-2007.com
    127.0.0.1 acrobat-8.com
    127.0.0.1 www.acrobat-8.com
    127.0.0.1 acrobat-center.com
    127.0.0.1 www.acrobat-center.com
    127.0.0.1 acrobat-hq.com
    127.0.0.1 www.acrobat-hq.com
    127.0.0.1 acrobatreader-8.com
    127.0.0.1 www.acrobatreader-8.com
    127.0.0.1 acrobat-reader-8.de
    127.0.0.1 www.acrobat-reader-8.de
    127.0.0.1 acrobat-stop.com
    127.0.0.1 www.acrobat-stop.com
    127.0.0.1 actionbreastcancer.org
    127.0.0.1 www.actionbreastcancer.org
    127.0.0.1 activesearcher.info
    127.0.0.1 www.activesearcher.info
    127.0.0.1 activexaccessobject.com
    127.0.0.1 www.activexaccessobject.com
    127.0.0.1 activexaccessvideo.com
    127.0.0.1 www.activexaccessvideo.com
    127.0.0.1 activexemedia.com
    127.0.0.1 www.activexemedia.com
    127.0.0.1 activexmediaobject.com
    127.0.0.1 www.activexmediaobject.com
    127.0.0.1 activexmediapro.com
    127.0.0.1 www.activexmediapro.com
    127.0.0.1 activexmediasite.com
    127.0.0.1 www.activexmediasite.com
    127.0.0.1 activexmediasoftware.com
    127.0.0.1 www.activexmediasoftware.com
    127.0.0.1 activexmediasource.com
    127.0.0.1 www.activexmediasource.com
    127.0.0.1 activexmediatool.com
    127.0.0.1 www.activexmediatool.com
    127.0.0.1 activexmediatour.com
    127.0.0.1 www.activexmediatour.com
    127.0.0.1 activexsoftwares.com
    127.0.0.1 www.activexsoftwares.com
    127.0.0.1 activexsource.com
    127.0.0.1 www.activexsource.com
    127.0.0.1 activexupdate.com
    127.0.0.1 www.activexupdate.com
    127.0.0.1 activexvideo.com
    127.0.0.1 www.activexvideo.com
    127.0.0.1 activexvideotool.com
    127.0.0.1 www.activexvideotool.com
    127.0.0.1 ad.marketingsector.com
    127.0.0.1 www.ad.marketingsector.com
    127.0.0.1 ad.mokead.com
    127.0.0.1 www.ad.mokead.com
    127.0.0.1 ad.yieldmanager.com
    127.0.0.1 www.ad.yieldmanager.com
    127.0.0.1 ad25.com
    127.0.0.1 ad45.com
    127.0.0.1 ad77.com
    127.0.0.1 ad86.com
    127.0.0.1 adamsupportgroup.org
    127.0.0.1 www.adamsupportgroup.org
    127.0.0.1 adarmor.com
    127.0.0.1 www.adarmor.com
    127.0.0.1 adasearch.com
    127.0.0.1 www.adasearch.com
    127.0.0.1 adaware.cc
    127.0.0.1 adawarenow.com
    127.0.0.1 www.adawarenow.com
    127.0.0.1 addictivetechnologies.com
    127.0.0.1 www.addictivetechnologies.com
    127.0.0.1 addictivetechnologies.net
    127.0.0.1 www.addictivetechnologies.net
    127.0.0.1 add-manager.com
    127.0.0.1 www.add-manager.com
    127.0.0.1 adgate.info
    127.0.0.1 www.adgate.info
    127.0.0.1 adipics.com
    127.0.0.1 www.adipics.com
    127.0.0.1 admin2cash.biz
    127.0.0.1 www.admin2cash.biz
    127.0.0.1 adnet-plus.com
    127.0.0.1 adobe-download-now.com
    127.0.0.1 adobe-downloads.com
    127.0.0.1 www.adobe-downloads.com
    127.0.0.1 adobe-reader-8.fr
    127.0.0.1 www.adobe-reader-8.fr
    127.0.0.1 adprotect.com
    127.0.0.1 www.adprotect.com
    127.0.0.1 ads.centralmedia.ws
    127.0.0.1 ads.k8l.info
    127.0.0.1 ads.kmpads.com
    127.0.0.1 ads.marketingsector.com
    127.0.0.1 ads.searchingbooth.com
    127.0.0.1 ads.z-quest.com
    127.0.0.1 ads183.com
    127.0.0.1 www.ads183.com
    127.0.0.1 adscontex.com
    127.0.0.1 www.adscontex.com
    127.0.0.1 adservices1.enhance.com
    127.0.0.1 www.adservices1.enhance.com
    127.0.0.1 adservs.com
    127.0.0.1 adsextend.net
    127.0.0.1 www.adsextend.net
    127.0.0.1 adshttp.com
    127.0.0.1 www.adshttp.com
    127.0.0.1 adsonwww.com
    127.0.0.1 www.adsonwww.com
    127.0.0.1 adspics.com
    127.0.0.1 www.adspics.com
    127.0.0.1 adtrak.net
    127.0.0.1 www.adtrak.net
    127.0.0.1 adtrgt.com
    127.0.0.1 adult777search.info
    127.0.0.1 www.adult777search.info
    127.0.0.1 adultan.com
    127.0.0.1 www.adultan.com
    127.0.0.1 adult-engine-search.com
    127.0.0.1 www.adult-engine-search.com
    127.0.0.1 adult-erotic-guide.net
    127.0.0.1 www.adult-erotic-guide.net
    127.0.0.1 adultfilmsite.com
    127.0.0.1 www.adultfilmsite.com
    127.0.0.1 adult-friends-finder.net
    127.0.0.1 www.adult-friends-finder.net
    127.0.0.1 adultgambling.org
    127.0.0.1 adult-host.org
    127.0.0.1 adulthyperlinks.com
    127.0.0.1 www.adulthyperlinks.com
    127.0.0.1 adultmovieplus.com
    127.0.0.1 www.adultmovieplus.com
    127.0.0.1 adult-personal.us
    127.0.0.1 adultsgames.net
    127.0.0.1 adultsper.com
    127.0.0.1 www.adultsper.com
    127.0.0.1 adulttds.com
    127.0.0.1 www.adulttds.com
    127.0.0.1 adultzoneworld.com
    127.0.0.1 www.adultzoneworld.com
    127.0.0.1 advcash.biz
    127.0.0.1 www.advcash.biz
    127.0.0.1 advert.exaccess.ru
    127.0.0.1 advertisemoney.info
    127.0.0.1 www.advertisemoney.info
    127.0.0.1 advertising.paltalk.com
    127.0.0.1 advertising-money.info
    127.0.0.1 www.advertising-money.info
    127.0.0.1 ad-ware.cc
    127.0.0.1 ad-w-a-r-e.com
    127.0.0.1 www.ad-w-a-r-e.com
    127.0.0.1 a-d-w-a-r-e.com
    127.0.0.1 www.a-d-w-a-r-e.com
    127.0.0.1 adwarebazooka.com
    127.0.0.1 www.adwarebazooka.com
    127.0.0.1 adwarefinder.com
    127.0.0.1 www.adwarefinder.com
    127.0.0.1 adwareprotectionsite.com
    127.0.0.1 www.adwareprotectionsite.com
    127.0.0.1 adwarepunisher.com
    127.0.0.1 www.adwarepunisher.com
    127.0.0.1 aflgate.com
    127.0.0.1 www.aflgate.com
    127.0.0.1 africaspromise.org
    127.0.0.1 agava.com
    127.0.0.1 agava.ru
    127.0.0.1 agentstudio.com
    127.0.0.1 aginegialle.it
    127.0.0.1 www.aginegialle.it
    127.0.0.1 www.aifind.info
    127.0.0.1 aifind.info
    127.0.0.1 airtleworld.com
    127.0.0.1 www.airtleworld.com
    127.0.0.1 aitalia.it
    127.0.0.1 www.aitalia.it
    127.0.0.1 akamai.downloadv3.com
    127.0.0.1 aklitalia.it
    127.0.0.1 www.aklitalia.it
    127.0.0.1 akril.com
    127.0.0.1 alcatel.ws
    127.0.0.1 alfacleaner.com
    127.0.0.1 www.alfacleaner.com
    127.0.0.1 alfa-search.com
    127.0.0.1 alialia.it
    127.0.0.1 www.alialia.it
    127.0.0.1 aliotalia.it
    127.0.0.1 www.aliotalia.it
    127.0.0.1 alirtalia.it
    127.0.0.1 www.alirtalia.it
    127.0.0.1 alitaia.it
    127.0.0.1 www.alitaia.it
    127.0.0.1 alitaklia.it
    127.0.0.1 www.alitaklia.it
    127.0.0.1 alitala.it
    127.0.0.1 www.alitala.it
    127.0.0.1 alitali.it
    127.0.0.1 www.alitali.it
    127.0.0.1 alitaliaq.it
    127.0.0.1 www.alitaliaq.it
    127.0.0.1 alitalias.it
    127.0.0.1 www.alitalias.it
    127.0.0.1 alitaliaz.it
    127.0.0.1 www.alitaliaz.it
    127.0.0.1 alitalioa.it
    127.0.0.1 www.alitalioa.it
    127.0.0.1 alitalisa.it
    127.0.0.1 www.alitalisa.it
    127.0.0.1 alitaliua.it
    127.0.0.1 www.alitaliua.it
    127.0.0.1 alitalkia.it
    127.0.0.1 www.alitalkia.it
    127.0.0.1 alitaloia.it
    127.0.0.1 www.alitaloia.it
    127.0.0.1 alitaluia.it
    127.0.0.1 www.alitaluia.it
    127.0.0.1 alitaslia.it
    127.0.0.1 www.alitaslia.it
    127.0.0.1 alitlia.it
    127.0.0.1 www.alitlia.it
    127.0.0.1 alitralia.it
    127.0.0.1 www.alitralia.it
    127.0.0.1 alitsalia.it
    127.0.0.1 www.alitsalia.it
    127.0.0.1 aliutalia.it
    127.0.0.1 www.aliutalia.it
    127.0.0.1 ALL1COUNT.NET
    127.0.0.1 www.ALL1COUNT.NET
    127.0.0.1 all4internet.com
    127.0.0.1 www.all4internet.com
    127.0.0.1 allabtcars.com
    127.0.0.1 allabtjeeps.com
    127.0.0.1 all-bittorrent.com
    127.0.0.1 www.all-bittorrent.com
    127.0.0.1 www.allcybersearch.com
    127.0.0.1 allcybersearch.com
    127.0.0.1 alldnserrors.com
    127.0.0.1 www.alldnserrors.com
    127.0.0.1 all-downloads-now.com
    127.0.0.1 www.all-downloads-now.com
    127.0.0.1 all-edonkey.com
    127.0.0.1 www.all-edonkey.com
    127.0.0.1 allforadult.com
    127.0.0.1 allhyperlinks.com
    127.0.0.1 alliesecurity.com
    127.0.0.1 www.alliesecurity.com
    127.0.0.1 all-inet.com
    127.0.0.1 allinternetbusiness.com
    127.0.0.1 all-limewire.com
    127.0.0.1 www.all-limewire.com
    127.0.0.1 allmegabucks.com
    127.0.0.1 www.allmegabucks.com
    127.0.0.1 allprotections.com
    127.0.0.1 www.allprotections.com
    127.0.0.1 allresultz.net
    127.0.0.1 www.allresultz.net
    127.0.0.1 allsecuritynotes.com
    127.0.0.1 www.allsecuritynotes.com
    127.0.0.1 allsecuritysite.com
    127.0.0.1 www.allsecuritysite.com
    127.0.0.1 allstarsvideos.net
    127.0.0.1 www.allstarsvideos.net
    127.0.0.1 alltruesoftware.com
    127.0.0.1 www.alltruesoftware.com
    127.0.0.1 allvideoactivex.com
    127.0.0.1 www.allvideoactivex.com
    127.0.0.1 almanah.biz
    127.0.0.1 www.almanah.biz
    127.0.0.1 almarvideos.com
    127.0.0.1 aloitalia.it
    127.0.0.1 www.aloitalia.it
    127.0.0.1 aluitalia.it
    127.0.0.1 www.aluitalia.it
    127.0.0.1 amaena.com
    127.0.0.1 www.amaena.com
    127.0.0.1 amandamountains.com
    127.0.0.1 amateurliveshow.com
    127.0.0.1 www.amateurliveshow.com
    127.0.0.1 amediasoftware.com
    127.0.0.1 www.amediasoftware.com
    127.0.0.1 amediasource.com
    127.0.0.1 www.amediasource.com
    127.0.0.1 americancarbargains.com
    127.0.0.1 www.americancarbargains.com
    127.0.0.1 american-teens.net
    127.0.0.1 amigeek.com
    127.0.0.1 amisbusiness.com
    127.0.0.1 ampmsearch.com
    127.0.0.1 www.ampmsearch.com
    127.0.0.1 analcord.com
    127.0.0.1 www.analcord.com
    127.0.0.1 analmovi.com
    127.0.0.1 anarchylolita.com
    127.0.0.1 www.anarchylolita.com
    127.0.0.1 anarchyporn.com
    127.0.0.1 andromedical.com
    127.0.0.1 www.andromedical.com
    127.0.0.1 animepornmag.com
    127.0.0.1 www.animepornmag.com
    127.0.0.1 anin.org
    127.0.0.1 anjpn-avxiz.biz
    127.0.0.1 www.anjpn-avxiz.biz
    127.0.0.1 anjpnzqav.biz
    127.0.0.1 www.anjpnzqav.biz
    127.0.0.1 anjpn-zqav.biz
    127.0.0.1 www.anjpn-zqav.biz
    127.0.0.1 annaromeo.com
    127.0.0.1 antiddos.us
    127.0.0.1 www.antiddos.us
    127.0.0.1 Antiespiadorado.com
    127.0.0.1 www.Antiespiadorado.com
    127.0.0.1 Antiespionspack.com
    127.0.0.1 www.Antiespionspack.com
    127.0.0.1 Antigusanos2008.com
    127.0.0.1 www.Antigusanos2008.com
    127.0.0.1 Antispionage.com
    127.0.0.1 www.Antispionage.com
    127.0.0.1 Antispionagepro.com
    127.0.0.1 www.Antispionagepro.com
    127.0.0.1 antispydns.biz
    127.0.0.1 www.antispydns.biz
    127.0.0.1 antispylab.com
    127.0.0.1 www.antispylab.com
    127.0.0.1 antispysolutions.com
    127.0.0.1 www.antispysolutions.com
    127.0.0.1 antispyware.com
    127.0.0.1 www.antispyware.com
    127.0.0.1 antispywarebot.com
    127.0.0.1 www.antispywarebot.com
    127.0.0.1 antispywarebox.com
    127.0.0.1 www.antispywarebox.com
    127.0.0.1 antispywaredownloads.com
    127.0.0.1 www.antispywaredownloads.com
    127.0.0.1 Antispywaresuite.com
    127.0.0.1 www.Antispywaresuite.com
    127.0.0.1 Antispyweb.net
    127.0.0.1 www.Antispyweb.net
    127.0.0.1 Antiver2008.com
    127.0.0.1 www.Antiver2008.com
    127.0.0.1 antivermins.com
    127.0.0.1 www.antivermins.com
    127.0.0.1 anti-vermins.com
    127.0.0.1 www.anti-vermins.com
    127.0.0.1 antivir2007.com
    127.0.0.1 www.antivir2007.com
    127.0.0.1 antivirgear.com
    127.0.0.1 www.antivirgear.com
    127.0.0.1 antivirus.fastfreedownload.com
    127.0.0.1 www.antivirus.fastfreedownload.com
    127.0.0.1 antivirusgolden.com
    127.0.0.1 www.antivirusgolden.com
    127.0.0.1 antivirus-hq.net
    127.0.0.1 www.antivirus-hq.net
    127.0.0.1 anti-virus-pro.com
    127.0.0.1 www.anti-virus-pro.com
    127.0.0.1 antivirusprotector.com
    127.0.0.1 www.antivirusprotector.com
    127.0.0.1 antivirussecuritypro.com
    127.0.0.1 www.antivirussecuritypro.com
    127.0.0.1 antivirus-stop.com
    127.0.0.1 www.antivirus-stop.com
    127.0.0.1 Antiworm2008.com
    127.0.0.1 www.Antiworm2008.com
    127.0.0.1 Antiwurm2008.com
    127.0.0.1 www.Antiwurm2008.com
    127.0.0.1 antrocity.com
    127.0.0.1 anyofus.com
    127.0.0.1 www.anyofus.com
    127.0.0.1 anysn.seproger.com
    127.0.0.1 www.anysn.seproger.com
    127.0.0.1 anything4health.com
    127.0.0.1 apicpreview.com
    127.0.0.1 www.apicpreview.com
    127.0.0.1 apmebf.com
    127.0.0.1 www.apmebf.com
    127.0.0.1 appealcircuit.com
    127.0.0.1 www.appealcircuit.com
    127.0.0.1 approvedlinks.com
    127.0.0.1 www.approvedlinks.com
    127.0.0.1 apps.deskwizz.com
    127.0.0.1 apps.webservicehost.com
    127.0.0.1 aprotectedpage.com
    127.0.0.1 www.aprotectedpage.com
    127.0.0.1 apsua.com
    127.0.0.1 archiviosex.net
    127.0.0.1 www.archiviosex.net
    127.0.0.1 aregay.com
    127.0.0.1 ares-freebie.com
    127.0.0.1 www.ares-freebie.com
    127.0.0.1 arespro2007.com
    127.0.0.1 www.arespro2007.com
    127.0.0.1 aresultra.com
    127.0.0.1 www.aresultra.com
    127.0.0.1 ares-usa.com
    127.0.0.1 www.ares-usa.com
    127.0.0.1 arheo.com
    127.0.0.1 arizonaweb.org
    127.0.0.1 armitageinn.com
    127.0.0.1 arquivojpgs.smtp.ru
    127.0.0.1 www.arquivojpgs.smtp.ru
    127.0.0.1 artachnid.com
    127.0.0.1 art-func.com
    127.0.0.1 art-xxx.com
    127.0.0.1 asafebrowser.com
    127.0.0.1 www.asafebrowser.com
    127.0.0.1 asafetynotice.com
    127.0.0.1 www.asafetynotice.com
    127.0.0.1 asafetypage.com
    127.0.0.1 www.asafetypage.com
    127.0.0.1 asdbiz.biz
    127.0.0.1 www.asdbiz.biz
    127.0.0.1 asdeykuddq.com
    127.0.0.1 www.asdeykuddq.com
    127.0.0.1 asecurebar.com
    127.0.0.1 www.asecurebar.com
    127.0.0.1 asecureboard.com
    127.0.0.1 www.asecureboard.com
    127.0.0.1 asecurevalue.com
    127.0.0.1 www.asecurevalue.com
    127.0.0.1 asecurityissue.com
    127.0.0.1 www.asecurityissue.com
    127.0.0.1 asecuritynotice.com
    127.0.0.1 www.asecuritynotice.com
    127.0.0.1 asecuritypaper.com
    127.0.0.1 www.asecuritypaper.com
    127.0.0.1 asecuritystuff.com
    127.0.0.1 www.asecuritystuff.com
    127.0.0.1 asiankingkong.com
    127.0.0.1 asianpornmag.com
    127.0.0.1 www.asianpornmag.com
    127.0.0.1 asiantoolbar.com
    127.0.0.1 www.asiantoolbar.com
    127.0.0.1 asidseiupc.com
    127.0.0.1 www.asidseiupc.com
    127.0.0.1 aslitalia.it
    127.0.0.1 www.aslitalia.it
    127.0.0.1 ass-gals.com
    127.0.0.1 assureprotection.com
    127.0.0.1 www.assureprotection.com
    127.0.0.1 asta-killer.com
    127.0.0.1 asupereva.it
    127.0.0.1 www.asupereva.it
    127.0.0.1 athenrye.com
    127.0.0.1 atotalsafety.com
    127.0.0.1 www.atotalsafety.com
    127.0.0.1 atrueprotection.com
    127.0.0.1 www.atrueprotection.com
    127.0.0.1 atruesecurity.com
    127.0.0.1 www.atruesecurity.com
    127.0.0.1 attackware.com
    127.0.0.1 www.attackware.com
    127.0.0.1 attrezzi.biz
    127.0.0.1 www.attrezzi.biz
    127.0.0.1 aulde.net
    127.0.0.1 www.aulde.net
    127.0.0.1 aupereva.it
    127.0.0.1 www.aupereva.it
    127.0.0.1 autocontext.begun.ru
    127.0.0.1 www.autocontext.begun.ru
    127.0.0.1 autoescrowpay.com
    127.0.0.1 avast.free-software-center.com
    127.0.0.1 www.avast.free-software-center.com
    127.0.0.1 avast-2007.com
    127.0.0.1 www.avast-2007.com
    127.0.0.1 avast-downloads.com
    127.0.0.1 www.avast-downloads.com
    127.0.0.1 avast-hq.com
    127.0.0.1 www.avast-hq.com
    127.0.0.1 avforce.com
    127.0.0.1 www.avforce.com
    127.0.0.1 avg.grab-it-today.net
    127.0.0.1 www.avg.grab-it-today.net
    127.0.0.1 avg.softwarecenterz.com
    127.0.0.1 www.avg.softwarecenterz.com
    127.0.0.1 avg-secure.com
    127.0.0.1 www.avg-secure.com
    127.0.0.1 avian-ads.com
    127.0.0.1 avideoaxaccess.com
    127.0.0.1 www.avideoaxaccess.com
    127.0.0.1 avideosurfer.com
    127.0.0.1 www.avideosurfer.com
    127.0.0.1 aviewersoft.com
    127.0.0.1 www.aviewersoft.com
    127.0.0.1 avpcheckupdate.com
    127.0.0.1 www.avpcheckupdate.com
    127.0.0.1 avxizaaqada.biz
    127.0.0.1 www.avxizaaqada.biz
    127.0.0.1 avxiz-anjpn.biz
    127.0.0.1 www.avxiz-anjpn.biz
    127.0.0.1 avxizueorn.biz
    127.0.0.1 www.avxizueorn.biz
    127.0.0.1 avxiz-ueorn.biz
    127.0.0.1 www.avxiz-ueorn.biz
    127.0.0.1 avxiz-vtvcp.biz
    127.0.0.1 www.avxiz-vtvcp.biz
    127.0.0.1 avxiz-ygco.biz
    127.0.0.1 www.avxiz-ygco.biz
    127.0.0.1 avxiz-zqav.biz
    127.0.0.1 www.avxiz-zqav.biz
    127.0.0.1 awarninglist.com
    127.0.0.1 www.awarninglist.com
    127.0.0.1 awbeta.net-nucleus.com
    127.0.0.1 awesomehomepage.com
    127.0.0.1 www.awesomehomepage.com
    127.0.0.1 awmcash.biz
    127.0.0.1 awmdabest.com
    127.0.0.1 axemediasoftware.com
    127.0.0.1 www.axemediasoftware.com
    127.0.0.1 aximageobject.com
    127.0.0.1 www.aximageobject.com
    127.0.0.1 axmediaproject.com
    127.0.0.1 www.axmediaproject.com
    127.0.0.1 axmediasoftware.com
    127.0.0.1 www.axmediasoftware.com
    127.0.0.1 axmediasolutions.com
    127.0.0.1 www.axmediasolutions.com
    127.0.0.1 axobjectpage.com
    127.0.0.1 www.axobjectpage.com
    127.0.0.1 axobjectsource.com
    127.0.0.1 www.axobjectsource.com
    127.0.0.1 axsoftwaretool.com
    127.0.0.1 www.axsoftwaretool.com
    127.0.0.1 axvideoproject.com
    127.0.0.1 www.axvideoproject.com
    127.0.0.1 axvideosetup.com
    127.0.0.1 www.axvideosetup.com
    127.0.0.1 ayakawamura.com
    127.0.0.1 ayb.dns-look-up.com
    127.0.0.1 ayb.netbios-wait.com
    127.0.0.1 ayumitaniguchi.com
    127.0.0.1 azebar.com
    127.0.0.1 azureusclub.com
    127.0.0.1 www.azureusclub.com
    127.0.0.1 azureus-freebie.com
    127.0.0.1 www.azureus-freebie.com
    127.0.0.1 azzetta.it
    127.0.0.1 www.azzetta.it
    127.0.0.1 b.casalemedia.com
    127.0.0.1 babe.k-lined.com
    127.0.0.1 www.babe.k-lined.com
    127.0.0.1 babe.the-killer.bz
    127.0.0.1 www.babe.the-killer.bz
    127.0.0.1 babenet.com
    127.0.0.1 www.babenet.com
    127.0.0.1 babespornmag.com
    127.0.0.1 www.babespornmag.com
    127.0.0.1 babeweb.de
    127.0.0.1 www.babeweb.de
    127.0.0.1 baccarat-other.info
    127.0.0.1 www.baccarat-other.info
    127.0.0.1 Backstripgirls.com
    127.0.0.1 www.Backstripgirls.com
    127.0.0.1 backup.mabou.org
    127.0.0.1 balotierra.com
    127.0.0.1 www.balotierra.com
    127.0.0.1 bannedhost.net
    127.0.0.1 barbudafarms.com
    127.0.0.1 bardownload.com
    127.0.0.1 www.bardownload.com
    127.0.0.1 barnandfence.com
    127.0.0.1 batsearch.com
    127.0.0.1 baygraphicsllc.com
    127.0.0.1 bbbsearch.com
    127.0.0.1 bb-search.com
    127.0.0.1 bdsmlibrary.net
    127.0.0.1 bdsmpornmag.com
    127.0.0.1 www.bdsmpornmag.com
    127.0.0.1 bearshare.download-me.info
    127.0.0.1 www.bearshare.download-me.info
    127.0.0.1 bearshare.mp3-muzic.com
    127.0.0.1 www.bearshare.mp3-muzic.com
    127.0.0.1 bearshare-download.org
    127.0.0.1 www.bearshare-download.org
    127.0.0.1 bearshare-downloads.net
    127.0.0.1 www.bearshare-downloads.net
    127.0.0.1 bearsharelive.co.uk
    127.0.0.1 www.bearsharelive.co.uk
    127.0.0.1 bearshare-music-downloads.com
    127.0.0.1 www.bearshare-music-downloads.com
    127.0.0.1 bearsharepro2007.com
    127.0.0.1 www.bearsharepro2007.com
    127.0.0.1 bearshare-usa.com
    127.0.0.1 www.bearshare-usa.com
    127.0.0.1 bedhome.com
    127.0.0.1 bediadance.com
    127.0.0.1 beebappyy.biz
    127.0.0.1 www.beebappyy.biz
    127.0.0.1 begin2search.com
    127.0.0.1 www.begin2search.com
    127.0.0.1 bellabasketsfl.com
    127.0.0.1 bernaolatwin.com
    127.0.0.1 best-counter.com
    127.0.0.1 bestcrawler.com
    127.0.0.1 bestfor.ru
    127.0.0.1 best-hardpics.com
    127.0.0.1 bestmanage.org
    127.0.0.1 www.bestmanage.org
    127.0.0.1 bestmanage0.org
    127.0.0.1 www.bestmanage0.org
    127.0.0.1 bestmanage1.org
    127.0.0.1 www.bestmanage1.org
    127.0.0.1 bestmanage2.org
    127.0.0.1 www.bestmanage2.org
    127.0.0.1 bestmanage3.org
    127.0.0.1 www.bestmanage3.org
    127.0.0.1 bestmanage4.org
    127.0.0.1 www.bestmanage4.org
    127.0.0.1 bestmanage5.org
    127.0.0.1 www.bestmanage5.org
    127.0.0.1 bestmanage6.org
    127.0.0.1 www.bestmanage6.org
    127.0.0.1 bestmanage7.org
    127.0.0.1 www.bestmanage7.org
    127.0.0.1 bestmanage8.org
    127.0.0.1 www.bestmanage8.org
    127.0.0.1 bestmanage9.org
    127.0.0.1 www.bestmanage9.org
    127.0.0.1 bestporngate.com
    127.0.0.1 bestsafetyguide.net
    127.0.0.1 www.bestsafetyguide.net
    127.0.0.1 best-spyware.info
    127.0.0.1 www.best-spyware.info
    127.0.0.1 best-targeted-traffic.com
    127.0.0.1 www.best-targeted-traffic.com
    127.0.0.1 best-voyeur.info
    127.0.0.1 www.best-voyeur.info
    127.0.0.1 bestweblinks.com
    127.0.0.1 best-winning-casino.com
    127.0.0.1 bestworldgirls-for-u.net
    127.0.0.1 www.bestworldgirls-for-u.net
    127.0.0.1 bestxporno.com
    127.0.0.1 bettersearch.biz
    127.0.0.1 www.bettersearch.biz
    127.0.0.1 bgazzetta.it
    127.0.0.1 www.bgazzetta.it
    127.0.0.1 bgoogle.it
    127.0.0.1 www.bgoogle.it
    127.0.0.1 bigtrafficnetwork.com
    127.0.0.1 www.bigtrafficnetwork.com
    127.0.0.1 bigwww.com
    127.0.0.1 www.bigwww.com
    127.0.0.1 bin.errorprotector.com
    127.0.0.1 bins.media-motor.net
    127.0.0.1 bins2.media-motor.net
    127.0.0.1 bis.180solutions.com
    127.0.0.1 bitchesonline.net
    127.0.0.1 bitcomet-freebie.com
    127.0.0.1 www.bitcomet-freebie.com
    127.0.0.1 biz.biz
    127.0.0.1 blackblues00.com
    127.0.0.1 www.blackblues00.com
    127.0.0.1 blackhats.tc
    127.0.0.1 www.blackhats.tc
    127.0.0.1 blackhawksoftware.com
    127.0.0.1 www.blackhawksoftware.com
    127.0.0.1 blackjack-free.net
    127.0.0.1 blazefind.com
    127.0.0.1 blender.xu.pl
    127.0.0.1 blondetgp.com
    127.0.0.1 blue-elefant.com
    127.0.0.1 www.blue-elefant.com
    127.0.0.1 bm.theaimonline.com
    127.0.0.1 www.bm.theaimonline.com
    127.0.0.1 bnmgate.com
    127.0.0.1 www.bnmgate.com
    127.0.0.1 bodaciousbabette.com
    127.0.0.1 bonzi.com
    127.0.0.1 www.bonzi.com
    127.0.0.1 boobdoll.com
    127.0.0.1 boobsandtits.com
    127.0.0.1 boobsclub.com
    127.0.0.1 bookedspace.com
    127.0.0.1 www.bookedspace.com
    127.0.0.1 boom.com.vn
    127.0.0.1 www.boom.com.vn
    127.0.0.1 boredlife.com
    127.0.0.1 bowlofogumbo.com
    127.0.0.1 bpfq02.com
    127.0.0.1 www.bpfq02.com
    127.0.0.1 bqgate.com
    127.0.0.1 www.bqgate.com
    127.0.0.1 br.errorsafe.com
    127.0.0.1 br.winantivirus.com
    127.0.0.1 br.winfixer.com
    127.0.0.1 bradcoem.org
    127.0.0.1 braincodec.com
    127.0.0.1 www.braincodec.com
    127.0.0.1 brandiyoung.com
    127.0.0.1 bravesentry.com
    127.0.0.1 www.bravesentry.com
    127.0.0.1 breenten.biz
    127.0.0.1 www.breenten.biz
    127.0.0.1 brodbfm.net
    127.0.0.1 www.brodbfm.net
    127.0.0.1 brookeburn.com
    127.0.0.1 browserwise.com
    127.0.0.1 www.browserwise.com
    127.0.0.1 bucps.com
    127.0.0.1 buhartes.info
    127.0.0.1 buldog-stats.com
    127.0.0.1 bullseye-network.com
    127.0.0.1 www.bullseye-network.com
    127.0.0.1 burgerkingbigscreen.com
    127.0.0.1 burnsrecyclinginc.com
    127.0.0.1 www.burnsrecyclinginc.com
    127.0.0.1 buscards.net
    127.0.0.1 bustyrussell.com
    127.0.0.1 busysearch.net
    127.0.0.1 www.busysearch.net
    127.0.0.1 buttejazz.org
    127.0.0.1 buy-find.info
    127.0.0.1 www.buy-find.info
    127.0.0.1 buyselldomain.net
    127.0.0.1 buytraff.biz
    127.0.0.1 www.buytraff.biz
    127.0.0.1 buz.ru
    127.0.0.1 bvirgilio.it
    127.0.0.1 www.bvirgilio.it
    127.0.0.1 c.centralmedia.ws
    127.0.0.1 c.enhance.com
    127.0.0.1 www.c.enhance.com
    127.0.0.1 c.goclick.com
    127.0.0.1 c4tdownload.com
    127.0.0.1 www.c4tdownload.com
    127.0.0.1 c5.www4free.info
    127.0.0.1 www.c5.www4free.info
    127.0.0.1 cache.surfaccuracy.com
    127.0.0.1 www.cache.surfaccuracy.com
    127.0.0.1 cache.ysbweb.com
    127.0.0.1 calcioturris.com
    127.0.0.1 calendaralerts.net
    127.0.0.1 www.calendaralerts.net
    127.0.0.1 cameouk.co.uk
    127.0.0.1 www.cameouk.co.uk
    127.0.0.1 cameup.com
    127.0.0.1 camouflageclothingonline.net
    127.0.0.1 www.camouflageclothingonline.net
    127.0.0.1 camup.net
    127.0.0.1 canberracricketcoaching.com
    127.0.0.1 candycantaloupes.com
    127.0.0.1 canidetect.org
    127.0.0.1 www.canidetect.org
    127.0.0.1 cantfind.com
    127.0.0.1 www.cantfind.com
    127.0.0.1 careers.dulcineasystems.net
    127.0.0.1 carsands.com
    127.0.0.1 carsrentals.net
    127.0.0.1 cartoes.uol.com.br
    127.0.0.1 casalemedia.com
    127.0.0.1 www.casalemedia.com
    127.0.0.1 cashdeluxe.net
    127.0.0.1 www.cashdeluxe.net
    127.0.0.1 cashengines.com
    127.0.0.1 www.cashengines.com
    127.0.0.1 cashsearch.biz
    127.0.0.1 cashsurfers.com
    127.0.0.1 www.cashsurfers.com
    127.0.0.1 CashUnlim.com
    127.0.0.1 www.CashUnlim.com
    127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
    127.0.0.1 casino2win.net
    127.0.0.1 casino-gambling-1.net
    127.0.0.1 casino-gambling-2.net
    127.0.0.1 casinomidas.net
    127.0.0.1 casinonline.net
    127.0.0.1 casino-onlines.net
    127.0.0.1 castingsamateur.com
    127.0.0.1 www.castingsamateur.com
    127.0.0.1 catallogue.com
    127.0.0.1 catch-dc.info
    127.0.0.1 www.catch-dc.info
    127.0.0.1 categories.mygeek.com
    127.0.0.1 catsss.da.ru
    127.0.0.1 caxa.ru
    127.0.0.1 cc.panet.org
    127.0.0.1 ccecaedbebfcaf.com
    127.0.0.1 www.ccecaedbebfcaf.com
    127.0.0.1 cclebali.org
    127.0.0.1 ccorriere.it
    127.0.0.1 www.ccorriere.it
    127.0.0.1 cdegate.com
    127.0.0.1 www.cdegate.com
    127.0.0.1 cdn.drivecleaner.com
    127.0.0.1 cdn.errorsafe.com
    127.0.0.1 cdn.movies-etc.com
    127.0.0.1 cdn.winsoftware.com
    127.0.0.1 cdn2.movies-etc.com
    127.0.0.1 cdorriere.it
    127.0.0.1 www.cdorriere.it
    127.0.0.1 ceewawires.org
    127.0.0.1 centralmedia.ws
    127.0.0.1 certumgroup.com
    127.0.0.1 cforriere.it
    127.0.0.1 www.cforriere.it
    127.0.0.1 check.jupitersatellites.biz
    127.0.0.1 www.check.jupitersatellites.biz
    127.0.0.1 checkin100.com
    127.0.0.1 www.checkin100.com
    127.0.0.1 checkssecurity.com
    127.0.0.1 www.checkssecurity.com
    127.0.0.1 chelancatering.com
    127.0.0.1 chenshijituan.com
    127.0.0.1 www.chenshijituan.com
    127.0.0.1 childrenvilla.com
    127.0.0.1 chips-4-free.com
    127.0.0.1 chrisswasey.com
    127.0.0.1 chriswallace.net
    127.0.0.1 cia-trjn.myvnc.com
    127.0.0.1 www.cia-trjn.myvnc.com
    127.0.0.1 ciorriere.it
    127.0.0.1 www.ciorriere.it
    127.0.0.1 cirriere.it
    127.0.0.1 www.cirriere.it
    127.0.0.1 ckick4thumbs.com
    127.0.0.1 cl55.biz
    127.0.0.1 clackamasliteraryreview.com
    127.0.0.1 cleansoftwares.com
    127.0.0.1 www.cleansoftwares.com
    127.0.0.1 clearsearch.cc
    127.0.0.1 clearsearch.net
    127.0.0.1 clickaire.com
    127.0.0.1 click-codec.com
    127.0.0.1 www.click-codec.com
    127.0.0.1 clickhere4search.com
    127.0.0.1 www.clickhere4search.com
    127.0.0.1 click-now.net
    127.0.0.1 clickspring.net
    127.0.0.1 www.clickspring.net
    127.0.0.1 click-to-download.com
    127.0.0.1 www.click-to-download.com
    127.0.0.1 clicktomakeasearch.com
    127.0.0.1 www.clicktomakeasearch.com
    127.0.0.1 clickyestoenter.net
    127.0.0.1 client.exeupdate.com
    127.0.0.1 client.myadultexplorer.com
    127.0.0.1 cliks.org
    127.0.0.1 www.cliks.org
    127.0.0.1 clorriere.it
    127.0.0.1 www.clorriere.it
    127.0.0.1 clrsch.com
    127.0.0.1 clubxxxvideo.com
    127.0.0.1 www.clubxxxvideo.com
    127.0.0.1 clusif.free.fr
    127.0.0.1 cmtapestry.com
    127.0.0.1 cnetadd.com
    127.0.0.1 www.cnetadd.com
    127.0.0.1 cnzz.com
    127.0.0.1 www.cnzz.com
    127.0.0.1 code.ignphrases.com
    127.0.0.1 codec.ninoa.com
    127.0.0.1 codecdvd.net
    127.0.0.1 www.codecdvd.net
    127.0.0.1 codec-fun.com
    127.0.0.1 www.codec-fun.com
    127.0.0.1 codecsoft.net
    127.0.0.1 www.codecsoft.net
    127.0.0.1 codrriere.it
    127.0.0.1 www.codrriere.it
    127.0.0.1 coeriere.it
    127.0.0.1 www.coeriere.it
    127.0.0.1 coerriere.it
    127.0.0.1 www.coerriere.it
    127.0.0.1 cofrriere.it
    127.0.0.1 www.cofrriere.it
    127.0.0.1 cogrriere.it
    127.0.0.1 www.cogrriere.it
    127.0.0.1 coirriere.it
    127.0.0.1 www.coirriere.it
    127.0.0.1 command.adservs.com
    127.0.0.1 www.commonname.com
    127.0.0.1 computerpcgames.net
    127.0.0.1 www.computerpcgames.net
    127.0.0.1 computerrecover.com
    127.0.0.1 www.computerrecover.com
    127.0.0.1 config.180solutions.com
    127.0.0.1 content.dollarrevenue.com
    127.0.0.1 www.content.dollarrevenue.com
    127.0.0.1 content.ireit.com
    127.0.0.1 www.content.ireit.com
    127.0.0.1 content.onerateld.com
    127.0.0.1 contentmatch.net
    127.0.0.1 www.contentmatch.net
    127.0.0.1 contra-virus.com
    127.0.0.1 www.contra-virus.com
    127.0.0.1 controlmeh.com
    127.0.0.1 www.controlmeh.com
    127.0.0.1 cool.ne.jp
    127.0.0.1 cooldeskalert.com
    127.0.0.1 www.cooldeskalert.com
    127.0.0.1 coolfetishsite.com
    127.0.0.1 coolfreehost.com
    127.0.0.1 coolfreepage.com
    127.0.0.1 coolfreepages.com
    127.0.0.1 cool-homepage.co
    127.0.0.1 cool-homepage.com
    127.0.0.1 coolmoneysearch.com
    127.0.0.1 coolpornsearch.com
    127.0.0.1 cool-search.net
    127.0.0.1 cool-search.netfartpost.com
    127.0.0.1 coolsearcher.info
    127.0.0.1 coolservecorp.net
    127.0.0.1 www.coolservecorp.net
    127.0.0.1 coolwebsearch.com
    127.0.0.1 www.coolwebsearch.com
    127.0.0.1 cool-web-search.com
    127.0.0.1 coolwebsearsh.com
    127.0.0.1 coolwwwsearch.com
    127.0.0.1 www.coolwwwsearch.com
    127.0.0.1 cool-xxx.net
    127.0.0.1 coorriere.it
    127.0.0.1 www.coorriere.it
    127.0.0.1 copmtraine.com
    127.0.0.1 coprriere.it
    127.0.0.1 www.coprriere.it
    127.0.0.1 core.psyche-evolution.com
    127.0.0.1 www.core.psyche-evolution.com
    127.0.0.1 coreiere.it
    127.0.0.1 www.coreiere.it
    127.0.0.1 coreriere.it
    127.0.0.1 www.coreriere.it
    127.0.0.1 corrdiere.it
    127.0.0.1 www.corrdiere.it
    127.0.0.1 correiere.it
    127.0.0.1 www.correiere.it
    127.0.0.1 corrfiere.it
    127.0.0.1 www.corrfiere.it
    127.0.0.1 corrgiere.it
    127.0.0.1 www.corrgiere.it
    127.0.0.1 corridere.it
    127.0.0.1 www.corridere.it
    127.0.0.1 corriedre.it
    127.0.0.1 www.corriedre.it
    127.0.0.1 corriee.it
    127.0.0.1 www.corriee.it
    127.0.0.1 corrieere.it
    127.0.0.1 www.corrieere.it
    127.0.0.1 corriefre.it
    127.0.0.1 www.corriefre.it
    127.0.0.1 corriegre.it
    127.0.0.1 www.corriegre.it
    127.0.0.1 corrierde.it
    127.0.0.1 www.corrierde.it
    127.0.0.1 corriered.it
    127.0.0.1 www.corriered.it
    127.0.0.1 corrieree.it
    127.0.0.1 www.corrieree.it
    127.0.0.1 corrieref.it
    127.0.0.1 www.corrieref.it
    127.0.0.1 corrierer.it
    127.0.0.1 www.corrierer.it
    127.0.0.1 corrieres.it
    127.0.0.1 www.corrieres.it
    127.0.0.1 corrierew.it
    127.0.0.1 www.corrierew.it
    127.0.0.1 corrierfe.it
    127.0.0.1 www.corrierfe.it
    127.0.0.1 corrierge.it
    127.0.0.1 www.corrierge.it
    127.0.0.1 corrierr.it
    127.0.0.1 www.corrierr.it
    127.0.0.1 corrierre.it
    127.0.0.1 www.corrierre.it
    127.0.0.1 corrierse.it
    127.0.0.1 www.corrierse.it
    127.0.0.1 corrierte.it
    127.0.0.1 www.corrierte.it
    127.0.0.1 corrierw.it
    127.0.0.1 www.corrierw.it
    127.0.0.1 corrierwe.it
    127.0.0.1 www.corrierwe.it
    127.0.0.1 corriesre.it
    127.0.0.1 www.corriesre.it
    127.0.0.1 corriete.it
    127.0.0.1 www.corriete.it
    127.0.0.1 corrietre.it
    127.0.0.1 www.corrietre.it
    127.0.0.1 corriewre.it
    127.0.0.1 www.corriewre.it
    127.0.0.1 corrifere.it
    127.0.0.1 www.corrifere.it
    127.0.0.1 corriiere.it
    127.0.0.1 www.corriiere.it
    127.0.0.1 corrilere.it
    127.0.0.1 www.corrilere.it
    127.0.0.1 corrioere.it
    127.0.0.1 www.corrioere.it
    127.0.0.1 corrire.it
    127.0.0.1 www.corrire.it
    127.0.0.1 corrirere.it
    127.0.0.1 www.corrirere.it
    127.0.0.1 corrirre.it
    127.0.0.1 www.corrirre.it
    127.0.0.1 corrisere.it
    127.0.0.1 www.corrisere.it
    127.0.0.1 corriuere.it
    127.0.0.1 www.corriuere.it
    127.0.0.1 corriwere.it
    127.0.0.1 www.corriwere.it
    127.0.0.1 corriwre.it
    127.0.0.1 www.corriwre.it
    127.0.0.1 corrliere.it
    127.0.0.1 www.corrliere.it
    127.0.0.1 corroere.it
    127.0.0.1 www.corroere.it
    127.0.0.1 corroiere.it
    127.0.0.1 www.corroiere.it
    127.0.0.1 corrriere.it
    127.0.0.1 www.corrriere.it
    127.0.0.1 corrtiere.it
    127.0.0.1 www.corrtiere.it
    127.0.0.1 corruere.it
    127.0.0.1 www.corruere.it
    127.0.0.1 corruiere.it
    127.0.0.1 www.corruiere.it
    127.0.0.1 cortiere.it
    127.0.0.1 www.cortiere.it
    127.0.0.1 cortriere.it
    127.0.0.1 www.cortriere.it
    127.0.0.1 costrike.com
    127.0.0.1 www.costrike.com
    127.0.0.1 cotriere.it
    127.0.0.1 www.cotriere.it
    127.0.0.1 cotrriere.it
    127.0.0.1 www.cotrriere.it
    127.0.0.1 couldnotfind.com
    127.0.0.1 count.cc
    127.0.0.1 count.hitscount.net
    127.0.0.1 count-all.com
    127.0.0.1 countdutycall.info
    127.0.0.1 www.countdutycall.info
    127.0.0.1 counter.sexmaniack.com
    127.0.0.1 cporriere.it
    127.0.0.1 www.cporriere.it
    127.0.0.1 cprriere.it
    127.0.0.1 www.cprriere.it
    127.0.0.1 cpvfeed.com
    127.0.0.1 cracks.me.uk
    127.0.0.1 cracks4all.com
    127.0.0.1 www.cracks4all.com
    127.0.0.1 crapsgold.info
    127.0.0.1 www.crapsgold.info
    127.0.0.1 Crazygirls-world.com
    127.0.0.1 crazywinnings.com
    127.0.0.1 www.crazywinnings.com
    127.0.0.1 creamedcutties.com
    127.0.0.1 createaccesskey.com
    127.0.0.1 www.createaccesskey.com
    127.0.0.1 creditsearchonline.com
    127.0.0.1 crestring.com
    127.0.0.1 crooder.com
    127.0.0.1 crriere.it
    127.0.0.1 www.crriere.it
    127.0.0.1 crystalysmedia.com
    127.0.0.1 www.crystalysmedia.com
    127.0.0.1 csx.adservs.com
    127.0.0.1 www.csx.adservs.com
    127.0.0.1 cts.180solutions.com
    127.0.0.1 cuisinartoven.com
    127.0.0.1 www.cuisinartoven.com
    127.0.0.1 curedc.info
    127.0.0.1 www.curedc.info
    127.0.0.1 curepcsolutions.com
    127.0.0.1 www.curepcsolutions.com
    127.0.0.1 curvedspaces.com
    127.0.0.1 cutadult.com
    127.0.0.1 www.cutadult.com
    127.0.0.1 cvirgilio.it
    127.0.0.1 www.cvirgilio.it
    127.0.0.1 cvorriere.it
    127.0.0.1 www.cvorriere.it
    127.0.0.1 cvs.jps.ru
    127.0.0.1 cvsymphony.com
    127.0.0.1 cxorriere.it
    127.0.0.1 www.cxorriere.it
    127.0.0.1 cyberrape.com
    127.0.0.1 www.cyberrape.com
    127.0.0.1 cydom.com
    127.0.0.1 cydoor.com
    127.0.0.1 www.cydoor.com
    127.0.0.1 daily-gals.com
    127.0.0.1 dailypornmag.com
    127.0.0.1 www.dailypornmag.com
    127.0.0.1 dailyteenspic.com
    127.0.0.1 dailytoolbar.com
    127.0.0.1 www.dailytoolbar.com
    127.0.0.1 dancingbabycd.com
    127.0.0.1 data-hoster.com
    127.0.0.1 www.data-hoster.com
    127.0.0.1 datanotary.com
    127.0.0.1 datareco.com
    127.0.0.1 dating-galaxy.info
    127.0.0.1 www.dating-galaxy.info
    127.0.0.1 dating-search.net
    127.0.0.1 davemarshall.org
    127.0.0.1 db105.com
    127.0.0.1 dbdecicated.com
    127.0.0.1 www.dbdecicated.com
    127.0.0.1 dbxcompany.com
    127.0.0.1 www.dbxcompany.com
    127.0.0.1 dcdl.dmcast.com
    127.0.0.1 dcfitusa.com
    127.0.0.1 dcorriere.it
    127.0.0.1 www.dcorriere.it
    127.0.0.1 dcurtis.com
    127.0.0.1 www.dcurtis.com
    127.0.0.1 dcww.dmcast.com
    127.0.0.1 de.ag
    127.0.0.1 de.drivecleaner.com
    127.0.0.1 de.errorsafe.com
    127.0.0.1 de.winantivirus.com
    127.0.0.1 de98.remsys.org
    127.0.0.1 debay.it
    127.0.0.1 www.debay.it
    127.0.0.1 dedmazay.3322.org
    127.0.0.1 dedsearch.com
    127.0.0.1 www.dedsearch.com
    127.0.0.1 defaultsearch.net
    127.0.0.1 Defensaantimalware.com
    127.0.0.1 www.Defensaantimalware.com
    127.0.0.1 deja-rue.com
    127.0.0.1 www.deja-rue.com
    127.0.0.1 derklaif.biz
    127.0.0.1 www.derklaif.biz
    127.0.0.1 derrari.it
    127.0.0.1 www.derrari.it
    127.0.0.1 desarrollocreativo.com
    127.0.0.1 deskbar.worldtostart.com
    127.0.0.1 www.deskbar.worldtostart.com
    127.0.0.1 deskwizz.com
    127.0.0.1 www.deskwizz.com
    127.0.0.1 dev.ntcor.com
    127.0.0.1 develip.com
    127.0.0.1 dewis.spb.ru
    127.0.0.1 dewis.us
    127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
    127.0.0.1 dgbusiness.com
    127.0.0.1 www.dgbusiness.com
    127.0.0.1 dialer2004.com
    127.0.0.1 dialerclub.com
    127.0.0.1 www.dialerclub.com
    127.0.0.1 dialer-shop.com
    127.0.0.1 www.dialer-shop.com
    127.0.0.1 dialoff.com
    127.0.0.1 www.dialoff.com
    127.0.0.1 did.i-used.cc
    127.0.0.1 www.did.i-used.cc
    127.0.0.1 dietpills4free.com
    127.0.0.1 dietpussy.com
    127.0.0.1 digikeygen.com
    127.0.0.1 www.digikeygen.com
    127.0.0.1 digistreamsa.com
    127.0.0.1 digitalcoders.net
    127.0.0.1 www.digitalcoders.net
    127.0.0.1 www.digitalfan.com
    127.0.0.1 digital-pornography.com
    127.0.0.1 dionforvalleycouncil.org
    127.0.0.1 directdvdpro.com
    127.0.0.1 www.directdvdpro.com
    127.0.0.1 directporta.info
    127.0.0.1 www.directporta.info
    127.0.0.1 directsearchzone.com
    127.0.0.1 www.directsearchzone.com
    127.0.0.1 dist.checkin100.com
    127.0.0.1 dl.ad-ware.cc
    127.0.0.1 dl.malwarewipe.com
    127.0.0.1 dl.targetsaver.com
    127.0.0.1 www.dl.targetsaver.com
    127.0.0.1 dl.web-nexus.net
    127.0.0.1 dl1.antivermins.com
    127.0.0.1 dl1.antivirgear.com
    127.0.0.1 dl1.spydawn.com
    127.0.0.1 dl1.virusprotectpro.com
    127.0.0.1 dl10.spyfalcon.com
    127.0.0.1 dl16.spyfalcon.com
    127.0.0.1 dl2.spyfalcon.com
    127.0.0.1 dl2.spyheal.com
    127.0.0.1 dl2.spywarestrike.com
    127.0.0.1 dl3.spyfalcon.com
    127.0.0.1 dl3.spyheal.com
    127.0.0.1 dl3.spywarestrike.com
    127.0.0.1 dl4.spyfalcon.com
    127.0.0.1 dl4.spywarestrike.com
    127.0.0.1 dl5.spyfalcon.com
    127.0.0.1 dl5.spywarestrike.com
    127.0.0.1 dl6.spywarestrike.com
    127.0.0.1 dl7.spywarestrike.com
    127.0.0.1 dl8.spyheal.com
    127.0.0.1 dl8.spywarestrike.com
    127.0.0.1 dl9.spyfalcon.com
    127.0.0.1 dmcast.com
    127.0.0.1 www.dmcast.com
    127.0.0.1 dnaads.com
    127.0.0.1 www.dnaads.com
    127.0.0.1 dnl.mabou.org
    127.0.0.1 dns-look-up.com
    127.0.0.1 www.dns-look-up.com
    127.0.0.1 doctorwaldron.com
    127.0.0.1 document-not-found.pornpic.org
    127.0.0.1 doggyaction.com
    127.0.0.1 dogproblemswebsite.com
    127.0.0.1 www.dogproblemswebsite.com
    127.0.0.1 doktorxxx.com
    127.0.0.1 dollarrevenue.com
    127.0.0.1 domaincar.com
    127.0.0.1 www.domaincar.com
    127.0.0.1 domains2003.net
    127.0.0.1 domains-for-you-online.com
    127.0.0.1 domain-your-registration.com
    127.0.0.1 domkrat.com
    127.0.0.1 dotcomtoolbar.com
    127.0.0.1 www.dotcomtoolbar.com
    127.0.0.1 down.136136.net
    127.0.0.1 download.abetterinternet.com
    127.0.0.1 download.antispywarebot.com
    127.0.0.1 www.download.antispywarebot.com
    127.0.0.1 download.bardownload.com
    127.0.0.1 www.download.bardownload.com
    127.0.0.1 download.bravesentry.com
    127.0.0.1 www.download.bravesentry.com
    127.0.0.1 download.cdn.drivecleaner.com
    127.0.0.1 download.cdn.errorsafe.com
    127.0.0.1 download.cdn.winsoftware.com
    127.0.0.1 download.errorsafe.com
    127.0.0.1 download.jupitersatellites.biz
    127.0.0.1 www.download.jupitersatellites.biz
    127.0.0.1 download.searchtabs.net
    127.0.0.1 download.secureyournet.biz
    127.0.0.1 www.download.secureyournet.biz
    127.0.0.1 download.spyonthis.net
    127.0.0.1 download.spy-shredder.com
    127.0.0.1 download.systemdoctor.com
    127.0.0.1 download.winantispyware.com
    127.0.0.1 download.winantivirus.com
    127.0.0.1 download.windrivecleaner.com
    127.0.0.1 download.winfixer.com
    127.0.0.1 download10.spywarequake.com
    127.0.0.1 download11.spywarequake.com
    127.0.0.1 download12.spywarequake.com
    127.0.0.1 download13.spywarequake.com
    127.0.0.1 download15.spywarequake.com
    127.0.0.1 download2.spywarequake.com
    127.0.0.1 download-2007.com
    127.0.0.1 www.download-2007.com
    127.0.0.1 download3.spyaxe.com
    127.0.0.1 download3.spywarequake.com
    127.0.0.1 download4.spyaxe.com
    127.0.0.1 download4.spywarequake.com
    127.0.0.1 download5.spyaxe.com
    127.0.0.1 download5.spywarequake.com
    127.0.0.1 download6.spyaxe.com
    127.0.0.1 download7.spywarequake.com
    127.0.0.1 download8.spywarequake.com
    127.0.0.1 download9.spywarequake.com
    127.0.0.1 download-ad-aware.com
    127.0.0.1 www.download-ad-aware.com
    127.0.0.1 download-all-4-free.com
    127.0.0.1 www.download-all-4-free.com
    127.0.0.1 download-all-area.com
    127.0.0.1 www.download-all-area.com
    127.0.0.1 download-antivir.com
    127.0.0.1 www.download-antivir.com
    127.0.0.1 downloadanysong.com
    127.0.0.1 www.downloadanysong.com
    127.0.0.1 download-avast.com
    127.0.0.1 www.download-avast.com
    127.0.0.1 downloadcorporation.com
    127.0.0.1 www.downloadcorporation.com
    127.0.0.1 download-dvdshrink.com
    127.0.0.1 www.download-dvdshrink.com
    127.0.0.1 download-for-free.net
    127.0.0.1 www.download-for-free.net
    127.0.0.1 downloadfreesoft.com
    127.0.0.1 www.downloadfreesoft.com
    127.0.0.1 downloadfreeway.com
    127.0.0.1 www.downloadfreeway.com
    127.0.0.1 downloadimesh.com
    127.0.0.1 www.downloadimesh.com
    127.0.0.1 download-itunes-now.com
    127.0.0.1 www.download-itunes-now.com
    127.0.0.1 download-limewire.org
    127.0.0.1 www.download-limewire.org
    127.0.0.1 downloadlost.tv
    127.0.0.1 www.downloadlost.tv
    127.0.0.1 downloadmax.net
    127.0.0.1 www.downloadmax.net
    127.0.0.1 download-mcafee.com
    127.0.0.1 www.download-mcafee.com
    127.0.0.1 download-me.info
    127.0.0.1 downloadmediaax.com
    127.0.0.1 www.downloadmediaax.com
    127.0.0.1 downloadpics.net
    127.0.0.1 www.downloadpics.net
    127.0.0.1 download-real-player.com
    127.0.0.1 www.download-real-player.com
    127.0.0.1 downloads.180solutions.com
    127.0.0.1 downloads.adaware.cc
    127.0.0.1 downloadservicearea.com
    127.0.0.1 www.downloadservicearea.com
    127.0.0.1 downloads-free.org
    127.0.0.1 www.downloads-free.org
    127.0.0.1 downloadsglobe.com
    127.0.0.1 www.downloadsglobe.com
    127.0.0.1 download-this.us
    127.0.0.1 www.download-this.us
    127.0.0.1 download-trillian.com
    127.0.0.1 www.download-trillian.com
    127.0.0.1 downloadv3.com
    127.0.0.1 www.downloadv3.com
    127.0.0.1 downloadvax.com
    127.0.0.1 www.downloadvax.com
    127.0.0.1 download-windvd.com
    127.0.0.1 www.download-windvd.com
    127.0.0.1 download-winrar.com
    127.0.0.1 www.download-winrar.com
    127.0.0.1 downloadwizard.com
    127.0.0.1 downloadzcenter.com
    127.0.0.1 downloadzcentral.com
    127.0.0.1 downloadzfree.com
    127.0.0.1 www.downloadzfree.com
    127.0.0.1 downloadznow.net
    127.0.0.1 download-zone-free.com
    127.0.0.1 www.download-zone-free.com
    127.0.0.1 download-zone-free.net
    127.0.0.1 www.download-zone-free.net
    127.0.0.1 dp-host.com
    127.0.0.1 dr.mcboo.com
    127.0.0.1 dr.webhancer.com
    127.0.0.1 www.dr.webhancer.com
    127.0.0.1 dr2.webhancer.com
    127.0.0.1 www.dr2.webhancer.com
    127.0.0.1 dr38.mcboo.com
    127.0.0.1 dr47.mcboo.com
    127.0.0.1 dragqueen.gay-clan.com
    127.0.0.1 drepubblica.it
    127.0.0.1 www.drepubblica.it
    127.0.0.1 drivecleaner.com
    127.0.0.1 www.drivecleaner.com
    127.0.0.1 drivecleanr.com
    127.0.0.1 www.drivecleanr.com
    127.0.0.1 drocherway.com
    127.0.0.1 dropspam.com
    127.0.0.1 www.dropspam.com
    127.0.0.1 drug-sources-exposed.com
    127.0.0.1 drvvv.com
    127.0.0.1 dsupereva.it
    127.0.0.1 www.dsupereva.it
    127.0.0.1 dtlproduct.com
    127.0.0.1 www.dtlproduct.com
    127.0.0.1 dudu.com
    127.0.0.1 www.dudu.com
    127.0.0.1 dulcineasystems.net
    127.0.0.1 dumpserv.com
    127.0.0.1 duolaimi.net
    127.0.0.1 dutch-sex.com
    127.0.0.1 dvdaccess.net
    127.0.0.1 www.dvdaccess.net
    127.0.0.1 dvdbank.org
    127.0.0.1 dvdcodec.net
    127.0.0.1 www.dvdcodec.net
    127.0.0.1 dvdsmovies.net
    127.0.0.1 www.dvdsmovies.net
    127.0.0.1 dvdsvideos.net
    127.0.0.1 www.dvdsvideos.net
    127.0.0.1 dvdtocdsite.com
    127.0.0.1 www.dvdtocdsite.com
    127.0.0.1 dynamique.drivecleaner.com
    127.0.0.1 e3bay.it
    127.0.0.1 www.e3bay.it
    127.0.0.1 e4bay.it
    127.0.0.1 www.e4bay.it
    127.0.0.1 eager-sex.com
    127.0.0.1 earthllnk.net
    127.0.0.1 www.earthllnk.net
    127.0.0.1 eases.net
    127.0.0.1 easyantispy.com
    127.0.0.1 easybestdeals.com
    127.0.0.1 www.easybestdeals.com
    127.0.0.1 easycategories.com
    127.0.0.1 easymp3musicnow.com
    127.0.0.1 www.easymp3musicnow.com
    127.0.0.1 easy-pharmacy.info
    127.0.0.1 www.easy-pharmacy.info
    127.0.0.1 easy-search.net
    127.0.0.1 easysearch4you.com
    127.0.0.1 www.easysearch4you.com
    127.0.0.1 easysearchingtips.com
    127.0.0.1 easyspyware.com
    127.0.0.1 www.easyspyware.com
    127.0.0.1 easywww.info
    127.0.0.1 www.easywww.info
    127.0.0.1 eba6y.it
    127.0.0.1 www.eba6y.it
    127.0.0.1 eba7y.it
    127.0.0.1 www.eba7y.it
    127.0.0.1 ebaay.it
    127.0.0.1 www.ebaay.it
    127.0.0.1 ebagy.it
    127.0.0.1 www.ebagy.it
    127.0.0.1 ebahy.it
    127.0.0.1 www.ebahy.it
    127.0.0.1 ebajy.it
    127.0.0.1 www.ebajy.it
    127.0.0.1 ebaqy.it
    127.0.0.1 www.ebaqy.it
    127.0.0.1 ebasy.it
    127.0.0.1 www.ebasy.it
    127.0.0.1 ebaty.it
    127.0.0.1 www.ebaty.it
    127.0.0.1 ebauy.it
    127.0.0.1 www.ebauy.it
    127.0.0.1 ebav.com
    127.0.0.1 ebaw.com
    127.0.0.1 ebawy.it
    127.0.0.1 www.ebawy.it
    127.0.0.1 ebaxy.it
    127.0.0.1 www.ebaxy.it
    127.0.0.1 ebay6.it
    127.0.0.1 www.ebay6.it
    127.0.0.1 ebay7.it
    127.0.0.1 www.ebay7.it
    127.0.0.1 ebayg.it
    127.0.0.1 www.ebayg.it
    127.0.0.1 ebayh.it
    127.0.0.1 www.ebayh.it
    127.0.0.1 ebayj.it
    127.0.0.1 www.ebayj.it
    127.0.0.1 ebayt.it
    127.0.0.1 www.ebayt.it
    127.0.0.1 ebayu.it
    127.0.0.1 www.ebayu.it
    127.0.0.1 ebazy.it
    127.0.0.1 www.ebazy.it
    127.0.0.1 ebch.com
    127.0.0.1 ebdv.com
    127.0.0.1 ebdw.com
    127.0.0.1 ebestfind.org
    127.0.0.1 www.ebestfind.org
    127.0.0.1 ebgay.it
    127.0.0.1 www.ebgay.it
    127.0.0.1 ebgo.com
    127.0.0.1 ebhay.it
    127.0.0.1 www.ebhay.it
    127.0.0.1 ebjp.com
    127.0.0.1 ebkb.com
    127.0.0.1 ebkn.com
    127.0.0.1 ebky.com
    127.0.0.1 eblv.com
    127.0.0.1 ebmu.com
    127.0.0.1 ebnay.it
    127.0.0.1 www.ebnay.it
    127.0.0.1 ebony-pornmag.com
    127.0.0.1 www.ebony-pornmag.com
    127.0.0.1 ebonypornmag.com
    127.0.0.1 www.ebonypornmag.com
    127.0.0.1 ebqay.it
    127.0.0.1 www.ebqay.it
    127.0.0.1 ebsay.it
    127.0.0.1 www.ebsay.it
    127.0.0.1 ebsy.it
    127.0.0.1 www.ebsy.it
    127.0.0.1 ebvay.it
    127.0.0.1 www.ebvay.it
    127.0.0.1 ebvr.com
    127.0.0.1 ebway.it
    127.0.0.1 www.ebway.it
    127.0.0.1 ebxay.it
    127.0.0.1 www.ebxay.it
    127.0.0.1 ebzay.it
    127.0.0.1 www.ebzay.it
    127.0.0.1 ecmh.com
    127.0.0.1 ecmp.com
    127.0.0.1 ecosrioplatenses.org
    127.0.0.1 ecpm.com
    127.0.0.1 ecstasyporn.net
    127.0.0.1 ecwz.com
    127.0.0.1 ecyb.com
    127.0.0.1 edbay.it
    127.0.0.1 www.edbay.it
    127.0.0.1 edhq.com
    127.0.0.1 edietprogram.com
    127.0.0.1 www.edietprogram.com
    127.0.0.1 edty.com
    127.0.0.1 eduy.com
    127.0.0.1 eebay.it
    127.0.0.1 www.eebay.it
    127.0.0.1 eeev.com
    127.0.0.1 eepubblica.it
    127.0.0.1 www.eepubblica.it
    127.0.0.1 efbay.it
    127.0.0.1 www.efbay.it
    127.0.0.1 egbay.it
    127.0.0.1 www.egbay.it
    127.0.0.1 ehbay.it
    127.0.0.1 www.ehbay.it
    127.0.0.1 eikokoike.com
    127.0.0.1 elitecodec.com
    127.0.0.1 www.elitecodec.com
    127.0.0.1 elitemediagroup.net
    127.0.0.1 www.elitemediagroup.net
    127.0.0.1 e-localad.com
    127.0.0.1 emailicon.org
    127.0.0.1 www.emailicon.org
    127.0.0.1 emch.com
    127.0.0.1 emcodec.com
    127.0.0.1 www.emcodec.com
    127.0.0.1 emediacodec.com
    127.0.0.1 www.emediacodec.com
    127.0.0.1 emjcd.com
    127.0.0.1 www.emjcd.com
    127.0.0.1 emule.mp3-muzic.com
    127.0.0.1 www.emule.mp3-muzic.com
    127.0.0.1 emuledownloadhome.com
    127.0.0.1 www.emuledownloadhome.com
    127.0.0.1 emule-freebie.com
    127.0.0.1 www.emule-freebie.com
    127.0.0.1 enay.it
    127.0.0.1 www.enay.it
    127.0.0.1 enbay.it
    127.0.0.1 www.enbay.it
    127.0.0.1 energy-factor.com
    127.0.0.1 www.energy-factor.com
    127.0.0.1 engineplay.com
    127.0.0.1 www.engineplay.com
    127.0.0.1 engine-ticket.com
    127.0.0.1 www.engine-ticket.com
    127.0.0.1 enhance.com
    127.0.0.1 www.enhance.com
    127.0.0.1 enhancevideos.com
    127.0.0.1 www.enhancevideos.com
    127.0.0.1 enitinvest.net
    127.0.0.1 enjoywebsurf.com
    127.0.0.1 entertainsite.net
    127.0.0.1 www.entertainsite.net
    127.0.0.1 enterthesearch.com
    127.0.0.1 www.enterthesearch.com
    127.0.0.1 e-plus.cc
    127.0.0.1 epornsex.com
    127.0.0.1 eprotectionline.com
    127.0.0.1 www.eprotectionline.com
    127.0.0.1 eprotectpage.com
    127.0.0.1 www.eprotectpage.com
    127.0.0.1 erbay.it
    127.0.0.1 www.erbay.it
    127.0.0.1 erepubblica.it
    127.0.0.1 www.erepubblica.it
    127.0.0.1 ergosites.com
    127.0.0.1 erossoalice.it
    127.0.0.1 www.erossoalice.it
    127.0.0.1 errari.it
    127.0.0.1 www.errari.it
    127.0.0.1 error404site.com
    127.0.0.1 www.error404site.com
    127.0.0.1 error404site.net
    127.0.0.1 www.error404site.net
    127.0.0.1 errorkiller.com
    127.0.0.1 www.errorkiller.com
    127.0.0.1 errorprotector.com
    127.0.0.1 www.errorprotector.com
    127.0.0.1 errorsafe.com
    127.0.0.1 www.errorsafe.com
    127.0.0.1 errorsdns.com
    127.0.0.1 www.errorsdns.com
    127.0.0.1 ert0003.e76.163ns.com
    127.0.0.1 ertikadeswiokinganfujas.com
    127.0.0.1 www.ertikadeswiokinganfujas.com
    127.0.0.1 es.winantivirus.com
    127.0.0.1 es0-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es1-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es2-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es3-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es4-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es5-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es6-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es7-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es8-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es9-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 esafetylist.com
    127.0.0.1 www.esafetylist.com
    127.0.0.1 esafetypage.com
    127.0.0.1 www.esafetypage.com
    127.0.0.1 esbay.it
    127.0.0.1 www.esbay.it
    127.0.0.1 esearch2005.com
    127.0.0.1 www.esearch2005.com
    127.0.0.1 esecuritynote.com
    127.0.0.1 www.esecuritynote.com
    127.0.0.1 esecuritypage.com
    127.0.0.1 www.esecuritypage.com
    127.0.0.1 esupereva.it
    127.0.0.1 www.esupereva.it
    127.0.0.1 etomi.all-downloads-now.com
    127.0.0.1 www.etomi.all-downloads-now.com
    127.0.0.1 eupdatepage.com
    127.0.0.1 www.eupdatepage.com
    127.0.0.1 euuu.com
    127.0.0.1 evbay.it
    127.0.0.1 www.evbay.it
    127.0.0.1 evidence-detector.biz
    127.0.0.1 evilspidercomics.com
    127.0.0.1 evko.biz
    127.0.0.1 www.evko.biz
    127.0.0.1 ewbay.it
    127.0.0.1 www.ewbay.it
    127.0.0.1 ewebsearch.net
    127.0.0.1 e-websitesolutions.com
    127.0.0.1 ewizard.cc
    127.0.0.1 exaccess.ru
    127.0.0.1 www.exaccess.ru
    127.0.0.1 excellentsckin.com
    127.0.0.1 exeupdate.com
    127.0.0.1 www.exeupdate.com
    127.0.0.1 exflow.org
    127.0.0.1 www.exflow.org
    127.0.0.1 exit.megago.com
    127.0.0.1 expandvideo.com
    127.0.0.1 www.expandvideo.com
    127.0.0.1 exportplay.com
    127.0.0.1 www.exportplay.com
    127.0.0.1 extremepaidsurveys.com
    127.0.0.1 www.extremepaidsurveys.com
    127.0.0.1 extremeseek.net
    127.0.0.1 eza1netsearch.com
    127.0.0.1 www.eza1netsearch.com
    127.0.0.1 ezcybersearch.com
    127.0.0.1 www.ezcybersearch.com
    127.0.0.1 ez-searching.com
    127.0.0.1 ezwebsearching.com
    127.0.0.1 www.ezwebsearching.com
    127.0.0.1 f1.bestmanage.org
    127.0.0.1 f1.truth-is-out-there.org
    127.0.0.1 f1organizer.com
    127.0.0.1 www.f1organizer.com
    127.0.0.1 f2.bestmanage.org
    127.0.0.1 f2.truth-is-out-there.org
    127.0.0.1 f3.bestmanage.org
    127.0.0.1 f3.truth-is-out-there.org
    127.0.0.1 f4.bestmanage.org
    127.0.0.1 f4.truth-is-out-there.org
    127.0.0.1 f5.bestmanage.org
    127.0.0.1 f5.truth-is-out-there.org
    127.0.0.1 f6.bestmanage.org
    127.0.0.1 f7.bestmanage.org
    127.0.0.1 f7.truth-is-out-there.org
    127.0.0.1 f8.bestmanage.org
    127.0.0.1 f8.truth-is-out-there.org
    127.0.0.1 f9.bestmanage.org
    127.0.0.1 f9.truth-is-out-there.org
    127.0.0.1 fairsearcher.com
    127.0.0.1 www.fairsearcher.com
    127.0.0.1 faithstevens.com
    127.0.0.1 fantasiewelten.com
    127.0.0.1 farmacept32.phpnet.us
    127.0.0.1 farmsteadbandb.com
    127.0.0.1 farse.com
    127.0.0.1 fartpost.com
    127.0.0.1 fastfreedownload.com
    127.0.0.1 fastmetasearch.com
    127.0.0.1 www.fastmetasearch.com
    127.0.0.1 fastssearch.com
    127.0.0.1 www.fastssearch.com
    127.0.0.1 fastwebfinder.com
    127.0.0.1 faxporn.com
    127.0.0.1 fazzetta.it
    127.0.0.1 www.fazzetta.it
    127.0.0.1 fcorriere.it
    127.0.0.1 www.fcorriere.it
    127.0.0.1 featured-results.com
    127.0.0.1 febay.it
    127.0.0.1 www.febay.it
    127.0.0.1 feed.dedsearch.com
    127.0.0.1 feeds.2search.com
    127.0.0.1 www.feeds.2search.com
    127.0.0.1 feeds2.2search.org
    127.0.0.1 www.feeds2.2search.org
    127.0.0.1 ferraeri.it
    127.0.0.1 www.ferraeri.it
    127.0.0.1 ferrai.it
    127.0.0.1 www.ferrai.it
    127.0.0.1 ferrarei.it
    127.0.0.1 www.ferrarei.it
    127.0.0.1 ferrarti.it
    127.0.0.1 www.ferrarti.it
    127.0.0.1 ferrasri.it
    127.0.0.1 www.ferrasri.it
    127.0.0.1 ferratri.it
    127.0.0.1 www.ferratri.it
    127.0.0.1 ferreari.it
    127.0.0.1 www.ferreari.it
    127.0.0.1 ferrri.it
    127.0.0.1 www.ferrri.it
    127.0.0.1 ferrsari.it
    127.0.0.1 www.ferrsari.it
    127.0.0.1 ferrtari.it
    127.0.0.1 www.ferrtari.it
    127.0.0.1 fetrrari.it
    127.0.0.1 www.fetrrari.it
    127.0.0.1 fgazzetta.it
    127.0.0.1 www.fgazzetta.it
    127.0.0.1 fgoogle.it
    127.0.0.1 www.fgoogle.it
    127.0.0.1 fhg.panet.org
    127.0.0.1 fhgate.com
    127.0.0.1 www.fhgate.com
    127.0.0.1 fickenisgeil.de
    127.0.0.1 file.unionsms.net
    127.0.0.1 filestore.com
    127.0.0.1 www.filestore.com
    127.0.0.1 filetretporn.com
    127.0.0.1 www.filetretporn.com
    127.0.0.1 Filtrodetrojan.com
    127.0.0.1 www.Filtrodetrojan.com
    127.0.0.1 finalfantasyactionfigures.com
    127.0.0.1 www.finalfantasyactionfigures.com
    127.0.0.1 finance-loans.com
    127.0.0.1 find4u.net
    127.0.0.1 find-52.com
    127.0.0.1 www.find-52.com
    127.0.0.1 findanyshow.org
    127.0.0.1 www.findanyshow.org
    127.0.0.1 find-find-777.net
    127.0.0.1 www.find-find-777.net
    127.0.0.1 find-itnow.com
    127.0.0.1 findit-now.com
    127.0.0.1 findloss.com
    127.0.0.1 findthesite.com
    127.0.0.1 findthewebsiteyouneed.com
    127.0.0.1 www.findthewebsiteyouneed.com
    127.0.0.1 find-uk-health.co.uk
    127.0.0.1 findwapsite.org
    127.0.0.1 www.findwapsite.org
    127.0.0.1 findwhatevernow.com
    127.0.0.1 www.findwhatevernow.com
    127.0.0.1 fined.biz
    127.0.0.1 fine-search.net
    127.0.0.1 fionasteel.com
    127.0.0.1 firefoxdownload-now.com
    127.0.0.1 www.firefoxdownload-now.com
    127.0.0.1 firehunt.com
    127.0.0.1 www.firehunt.com
    127.0.0.1 firgilio.it
    127.0.0.1 www.firgilio.it
    127.0.0.1 firstbookmark.net
    127.0.0.1 firstgoodsearch.com
    127.0.0.1 www.firstgoodsearch.com
    127.0.0.1 fitness-free.com
    127.0.0.1 fixerantispy.com
    127.0.0.1 www.fixerantispy.com
    127.0.0.1 fjsynebcod.com
    127.0.0.1 www.fjsynebcod.com
    127.0.0.1 flashdollars.com
    127.0.0.1 www.flashdollars.com
    127.0.0.1 flashflashmx.3322.org
    127.0.0.1 floorsovertexas.com
    127.0.0.1 www.floorsovertexas.com
    127.0.0.1 floproject.com
    127.0.0.1 www.floproject.com
    127.0.0.1 flrxtools.greatnuke.com
    127.0.0.1 flrx-tools.net
    127.0.0.1 www.flrx-tools.net
    127.0.0.1 fn777.greatbahamas.com
    127.0.0.1 www.fn777.greatbahamas.com
    127.0.0.1 foodvacations.net
    127.0.0.1 forex.jps.ru
    127.0.0.1 forexcredit.com
    127.0.0.1 forexcredit.ru
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    regarde mon message precedant et fais la suite
    0
  9. gringosky
     
    Pardon, je n'avais pas fait attention qu'il y avait une suite.
    - Pour Outlook express, j'ai supprimé l'ensemble des fichiers situés dans "éléments supprimés",
    - J'ai installé la nouvelle version de Java et supprimé l'ancienne,
    - J'ai lancé AVG pour une recherche rapide en mode normal (rapport ci dessous),
    - Le lien vers le tool de sUBs est inactif, je ne l'ai donc pas lancé,
    - J'ai téléchargé Clean, je passe en mode sans échec pour le lancer,
    - Je ferai le scan en ligne et le hijackthis ensuite (j'ai déjà effectué les modifications de dossier et de nom) pour enfin coller les rapoorts.
    @+

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 13:25:43 18/10/2007

    + Résultat de l'analyse:

    C:\WINDOWS\ekdia140.exe -> Heuristic.Win32.Dialer : Aucune action entreprise.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

    Fin du rapport
    0
  10. gringosky
     
    R.A.S. pour clean en mode sans échec.
    Ci dessous le rapport de hijackthis.
    Toujours pas accès aux registres et toujours message à l'ouverture de windows concernant C:\WINDOWS\System32\printer.exe.
    Je viens de lancer le scan en ligne (Bitdefender) et AVG pour une analyse complète en mode normal.
    @+

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:46:08, on 18/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\VirusGarde\stmon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\hijackthis\eden.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {ABCDECF0-4B15-11D1-ABED-709549C10000} - (no file)
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
    O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusGarde\rtasks.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8065FA02-E52A-443D-873E-58DEC07F2D81}: NameServer = 213.228.0.23,212.27.32.176
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le tool de sUBs
    a faire:
    http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

    pour virer RJUMP virus ici:
    O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
    ____________

    tu as mal fais avg antispyware car rien n'a été viré!

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    C:\WINDOWS\ekdia140.exe -> Heuristic.Win32.Dialer : Aucune action entreprise.

    __________

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    ________________

    lance rogue remover

    https://www.01net.com/telecharger/

    ________________

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    _________________

    combofix (colle le rapport)

    http://mickael.barroux.free.fr/securite/combofix.php

    ___________________

    recolle hijackthis et dis tes pbs si printer encore present
    0
  12. gringosky
     
    Voilà où j'en suis.
    - Scan PC et recherche AVG toujours en cours;
    C'est assez long.
    Quasiment rien de détecté pour le moment.
    En parallèle :
    - SUBs téléchargé et exécuté,
    - RJUMP supprimé,
    - Pour l'antispyware, pas de souci, j'ai juste imprimé un rapport intermédiaire. Je les ai supprimé juste après.
    - SDFix téléchargé.
    J'attends que le scan et AVG aient terminé pour l'exécuter en mode sans échec,
    - Rogue remover exécuté. Deux fichiers supprimés (rapport ci dessous),
    - Combofix exécuté (rapport ci dessous),
    - Vundofix exécuté. J'attends la fin du scan et d'AVG pour accepter de redémarrer.
    Je redémarrerai en mode sans échec et finirai avec SDFix.
    Enfin, je relancerai hijackthis.
    Je te tiens au courant des différents résultats.
    @+

    --------------------------------------------------------------------------------------------------------------------------------

    Malwarebytes' RogueRemover
    Malwarebytes ©2007 https://www.malwarebytes.com/
    5680 total fingerprints loaded.

    Loading database ...
    Expanding environmental variables ...

    Scanning files ... [ 100% ].
    Scanning folders ... [ 100% ].
    Scanning registry keys ... [ 100% ].
    Scanning registry values ... [ 100% ].

    --------------------------------------------------------------------------------------------------------------------------------

    ComboFix 07-10-18.6 - HP_Administrateur 2007-10-18 14:38:37.1 - NTFSx86
    Le temps d'ex‚cution du script a ‚t‚ d‚pass‚ pour le script "C:\ComboFix\osid.vbs".
    L'ex‚cution du script a pris fin.
    Running from: C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\HP_Administrateur\Application Data\install_fr[1].exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-18 to 2007-10-18 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-18 14:31 <REP> d-------- C:\Program Files\RogueRemover FREE
    2007-10-18 14:27 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-10-18 13:21 <REP> d-------- C:\hijackthis
    2007-10-18 11:14 5,104 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-18 11:13 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-18 11:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-18 11:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-18 11:13 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-18 11:13 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-18 10:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-17 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-17 23:01 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-10-17 21:56 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2007-10-17 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-17 20:50 <REP> d-------- C:\Program Files\Fichiers communs\VirusGarde
    2007-10-17 20:50 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-10-17 14:50 1,536 --a------ C:\WINDOWS\system32\Delete_Me_Dummy_sulimo.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-18 11:14 --------- d-----w C:\Program Files\Java
    2007-10-17 11:45 --------- d-----w C:\Program Files\Diablo II
    2007-10-17 11:44 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-10-13 19:14 --------- d-----w C:\Program Files\eMule
    2007-10-13 17:45 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\U3
    2007-10-02 21:49 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Azureus
    2007-10-02 19:19 --------- d-----w C:\Program Files\Azureus
    2007-09-11 20:18 30,648 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    2007-08-30 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 12:04]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:43]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-08 21:31]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43]
    "VTTimer"="VTTimer.exe" []
    "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 10:47]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-06 10:59]
    "CTHelper"="CTHELPER.EXE" [2003-11-14 02:18 C:\WINDOWS\system32\CTHELPER.EXE]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 22:05]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
    "SoftAP"="C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe" [2004-02-17 11:19]
    "Wireless SoftAP"="C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" [2004-02-17 11:20]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-19 19:31]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "Resume copy"="copyfstq.exe" [2005-09-19 17:52 C:\WINDOWS\copyfstq.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-01 11:33]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 18:15]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 18:06]
    "POINTER"="point32.exe" []
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 23:44]
    "nwiz"="nwiz.exe" [2007-04-12 23:44 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 23:44]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe" [2004-01-01 11:42]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 08:45]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "SetDefaultMIDI"=MIDIDEF.EXE
    "StartMS"="C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.EXE" /s
    "CMSRegOW.exe"="C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32]
    msldr32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\system32\sulimo.dat

    R2 PCTWPASV;SoftAP WPA Authenticator Service;"C:\Program Files\Arcadyan Wireless\pctwpasv.exe"
    R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS
    R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys
    S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\DNINDIS5.SYS
    S3 NUVision;Hauppauge WinTV USB Pro (PAL/SECAM);C:\WINDOWS\system32\DRIVERS\NUVision.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    AutoRun\command - K:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    AutoRun\command - L:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a36cafe-33bf-11dc-8849-00112fd1a626}]
    AutoRun\command - explorer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a9dbb71-068e-11db-85a4-00112fd1a626}]
    AutoRun\command - explorer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bffcf53-8434-11da-84c2-000fb5978528}]
    AutoRun\command - explorer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee809dfe-ad0d-11da-8503-00112fd1a626}]
    AutoRun\command - explorer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee97117a-52a8-11dc-885f-00112fd1a626}]
    AutoRun\command - explorer.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-07 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - HP_Administrateur.job"
    - c:\PROGRA~1\NORTON~1\Navw32.exe
    "2007-10-18 11:28:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    "2007-10-09 01:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
    - C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-18 14:46:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-18 14:47:56
    .
    --- E O F ---

    RogueRemover has detected rogue antispyware components! Results below...

    Type: Registry Value
    Vendor: WinAntiVirus 2007
    Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rtasks
    Selected for removal: Yes

    Type: Registry Value
    Vendor: ErrorProtector
    Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Salestart
    Selected for removal: Yes

    RogueRemover has found the objects above.

    --------------------------------------------------------------------------------------------------------------------------------
    0
  13. gringosky
     
    Ca y est, j'ai tout exécuté.
    Ci dessous les rapports de SDFix et de Hijackthis.
    Je ne sais pas s'il y a encore des erreurs, mais j'ai de nouveau accès aux registres, et le message d'erreur à l'entame de windows ne s'affiche plus.
    Un très grand merci pour tout.
    Très bonne continuation.

    SDFix: Version 1.109

    Run by HP_Administrateur on 18/10/2007 at 15:11

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Wed 22 Dec 2004 204 ..SHR --- "C:\BOOT.BAK"
    Wed 22 Dec 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 5 Feb 2005 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
    Mon 9 May 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
    Mon 17 Oct 2005 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
    Mon 17 Oct 2005 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
    Sun 12 Jun 2005 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
    Mon 9 May 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
    Mon 23 May 2005 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
    Sat 5 Feb 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
    Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d03f71700772ecd1d20bacc33c473cd5\BIT5C.tmp"
    Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\HP_Administrateur\Application Data\U3\temp\Launchpad Removal.exe"
    Thu 18 Oct 2007 5,998 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp"
    Fri 3 Nov 2006 579,584 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\R‚daction Manuscrit\~WRL0005.tmp"
    Sun 5 Nov 2006 589,824 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\R‚daction Manuscrit\~WRL0340.tmp"
    Sun 5 Nov 2006 588,800 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\R‚daction Manuscrit\~WRL0482.tmp"
    Sun 5 Nov 2006 589,312 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\R‚daction Manuscrit\~WRL0662.tmp"
    Sun 5 Nov 2006 588,800 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\R‚daction Manuscrit\~WRL0916.tmp"
    Fri 3 Nov 2006 386,560 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\R‚daction Manuscrit\~WRL2466.tmp"
    Sun 5 Nov 2006 589,824 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\R‚daction Manuscrit\~WRL2782.tmp"
    Sun 5 Nov 2006 589,312 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\R‚daction Manuscrit\~WRL3654.tmp"
    Sun 5 Nov 2006 588,288 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\R‚daction Manuscrit\~WRL3659.tmp"
    Fri 7 Oct 2005 74,240 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\IEEE TNN\Publi IEEE TNN\~WRL0672.tmp"
    Tue 11 Oct 2005 71,680 A..H. --- "C:\Documents and Settings\HP_Administrateur\Bureau\Sky\Boulot\IEEE TNN\Publi IEEE TNN\~WRL1150.tmp"

    Finished!

    ---------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:29:25, on 18/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\Program Files\Norton AntiVirus\OPScan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis\eden.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {ABCDECF0-4B15-11D1-ABED-709549C10000} - (no file)
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
    O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusGarde\rtasks.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8065FA02-E52A-443D-873E-58DEC07F2D81}: NameServer = 213.228.0.23,212.27.32.176
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    recolle apres avg et vundofix un nouveau rapport hijackthis
    0
  15. gringosky
     
    Bonsoir,

    Rapport AVG ci dessous.
    Vundofix exécuté, aucun fichié détecté.
    Rapport hijackthis ci dessous.

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 20:24:19 18/10/2007

    + Résultat de l'analyse:

    C:\System Volume Information\_restore{15E1A520-8A89-4825-9793-6282812E3DA8}\RP759\A0057339.exe -> Heuristic.Win32.Dialer : Nettoyé.
    C:\System Volume Information\_restore{15E1A520-8A89-4825-9793-6282812E3DA8}\RP759\A0057340.exe -> Heuristic.Win32.Dialer : Nettoyé.
    C:\System Volume Information\_restore{15E1A520-8A89-4825-9793-6282812E3DA8}\RP759\A0057341.exe -> Heuristic.Win32.Dialer : Nettoyé.
    C:\System Volume Information\_restore{15E1A520-8A89-4825-9793-6282812E3DA8}\RP765\A0058784.exe -> Heuristic.Win32.Dialer : Nettoyé.
    C:\System Volume Information\_restore{15E1A520-8A89-4825-9793-6282812E3DA8}\RP766\A0058852.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Nettoyé.
    C:\qoobox\Quarantine\C\Documents and Settings\HP_Administrateur\Application Data\install_fr[1].exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.z : Nettoyé.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@2o7[3].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.

    Fin du rapport

    -------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:29:55, on 18/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\hijackthis\eden.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rls=GGLD,GGLD:2005-24,GGLD:fr&gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {ABCDECF0-4B15-11D1-ABED-709549C10000} - (no file)
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
    O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusGarde\rtasks.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8065FA02-E52A-443D-873E-58DEC07F2D81}: NameServer = 213.228.0.23,212.27.32.176
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    FIX (fix checked) CES LIGNES AVEC HIJACKTHIS apres avoir coché chacune sur la gauche

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {ABCDECF0-4B15-11D1-ABED-709549C10000} - (no file)

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusGarde\rtasks.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)

    ___________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\Fichiers communs\VirusGarde\stmon.exe
    C:\WINDOWS\AdobeR.exe
    C:\WINDOWS\system32\printer.exe
    C:\Program Files\VirusGarde\rtasks.exe
    C:\WINDOWS\system32\sulimo.dat

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ____________________

    si tout s'est bien passé

    désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

    ____________________

    recolle hijackthis
    0
  17. gringosky
     
    Re-Bonsoir

    J'ai fixé les lignes énoncées,
    J'ai téléchargé OTMoveIt et exécuté avec les citations (rapport ci dessous).
    J'ai ensuite désactivé la restauration du systèm, appliqué, puis réactivé, puis appliqué.
    Enfin, j'ai relancé Hijackthos (rapport ci dessous).

    C:\Program Files\Fichiers communs\VirusGarde\stmon.exe moved successfully.
    File/Folder C:\WINDOWS\AdobeR.exe not found.
    File/Folder C:\WINDOWS\system32\printer.exe not found.
    File/Folder C:\Program Files\VirusGarde\rtasks.exe not found.
    File/Folder C:\WINDOWS\system32\sulimo.dat not found.

    Created on 10/18/2007 20:57:32

    ----------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:03:04, on 18/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\hijackthis\eden.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rls=GGLD,GGLD:2005-24,GGLD:fr&gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
    O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8065FA02-E52A-443D-873E-58DEC07F2D81}: NameServer = 213.228.0.23,212.27.32.176
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    regarde dans poste de travail si presents:

    C:\WINDOWS\AdobeR.exe
    C:\WINDOWS\system32\printer.exe
    C:\Program Files\VirusGarde\rtasks.exe
    C:\WINDOWS\system32\sulimo.dat

    ______________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm

    scan en ligne firefox

    https://www.trendmicro.com/fr_fr/business.html

    ________________

    encore des pbs?
    0
  19. gringosky
     
    Bonjour,

    Pas de fichier aux 4 chemins d'accès mentionnés.
    Rapport de scan Bitdefender ci dessous

    BitDefender Online Scanner

    Scan report generated at: Fri, Oct 19, 2007 - 10:51:35

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

    Statistics

    Time
    01:20:53

    Files
    403583

    Folders
    6966

    Boot Sectors
    3

    Archives
    33011

    Packed Files
    24910

    Results

    Identified Viruses
    2

    Infected Files
    2

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    2

    Engines Info

    Virus Definitions
    835200

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\Flash_Disinfector.exe=>(RAR Sfx o)=>Flash_Disinfector.cmd
    Infected with: Trojan.Batc.Flashdis.A

    C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\Flash_Disinfector.exe=>(RAR Sfx o)=>Flash_Disinfector.cmd
    Disinfection failed

    C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\Flash_Disinfector.exe=>(RAR Sfx o)=>Flash_Disinfector.cmd
    Deleted

    C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\Flash_Disinfector.exe=>(RAR Sfx o)
    Update failed

    C:\Program Files\Norton AntiVirus\Quarantine\284C2086=>(Quarantine-2)=>naked1.rtf.pif
    Infected with: Win32.Netsky.C@mm

    C:\Program Files\Norton AntiVirus\Quarantine\284C2086=>(Quarantine-2)=>naked1.rtf.pif
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\284C2086=>(Quarantine-2)
    Updated

    C:\Program Files\Norton AntiVirus\Quarantine\284C2086
    Update failed

    BitDefender Online Scanner - Real Time Virus Report

    Generated at: Fri, Oct 19, 2007 - 12:47:04

    --------------------------------------------------------------------------------

    Scan Info

    Scanned Files
    410631

    Infected Files
    2

    Virus Detected

    Trojan.Batc.Flashdis.A
    1

    Win32.Netsky.C@mm
    1
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    C:\Documents and Settings\HP_Administrateur\Bureau\Drivers\Flash_Disinfector.exe=>(RAR Sfx o)=>Flash_Disinfector.cmd

    ca c'est logiciels que je t'ai fais installé que tu peux desinstaller

    ___________

    et le reste est un virus qui est dejà en quarantiane dans norton:
    supprime ce qui est en quarantaine dans norton

    C:\Program Files\Norton AntiVirus\Quarantine\284C2086=>(Quarantine-2)=>naked1.rtf.pif
    Infected with: Win32.Netsky.C@mm

    bonne continuation
    0
  21. philippe
     
    Bonjour,
    au secours, g le probleme decrit ci-dessus
    la panique s'empare de moi
    je perds plein de possibilité de mon pc
    il est bourré de travail
    aie
    help

    merci
    0
  • 1
  • 2