Se connecter / S'enregistrer
Votre question

Help spyware hyper chiant

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Mars 2008 23:52:29

Salut les gars je galère avec un maudit spyware qui me propose de télécharger un anti spyware pc cleaner toutes les 5 minutes c'est vraiment chiant
Quelqu'un peut m'aider à le virer? merci voilà

Autres pages sur : help spyware hyper chiant

22 Mars 2008 00:41:13

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
22 Mars 2008 01:07:21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:05:30, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Alwil Software\Avast4\aswUpdSv.exe
C:\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\idgdyhgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\yfcysnsx.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Alwil Software\Avast4\ashMaiSv.exe
C:\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: etlrlws - {EF04FFC1-16A5-4683-95AC-BE24D11152F3} - C:\WINDOWS\etlrlws.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\system32\JMRaidSetup.exe" boot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [yfcysnsx] C:\WINDOWS\system32\yfcysnsx.exe
O4 - HKLM\..\Run: [yrdnthtf] C:\WINDOWS\system32\yrdnthtf.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ccleaner] "C:\CCleaner\ccleaner.exe" /AUTO
O4 - HKLM\..\Policies\Explorer\Run: [SThri9Dade] C:\WINDOWS\idgdyhgr.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{84969725-D437-43DB-97AA-17ADDF2CBA01}: NameServer = 81.220.255.4,80.236.0.68
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6651 bytes

voila le resultat merci de m'aider
Contenus similaires
22 Mars 2008 10:58:15

Re,

Avant d'attaquer, je voudrais vérifier des choses.

Télécharge Blacklight (de F-Secure).
Sauvegarde-le sur ton Bureau.

Double-clique fsbl.exe et accepte la licence; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

*******

Sais tu faire un zip ?

Peux-tu s'il te plaît copier ces différents fichier dans un dossier sur le bureau que tu zipperas immédiatement après: les fichiers :
  • C:\WINDOWS\etlrlws.dll
  • C:\WINDOWS\system32\yfcysnsx.exe
  • C:\WINDOWS\system32\yrdnthtf.exe
  • C:\WINDOWS\idgdyhgr.exe

    Pour avoir le maximum de chance de les trouver, fais ceci avant :
  • Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK

  • Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d%u2019exploitation./Appliquer - - > OK


  • Une fois le dossier zippé, envoie le ici s'il te plaît : http://siri.urz.free.fr/upload/
    Et seulement après l'avoir envoyé, supprime-le.
    Merci
    22 Mars 2008 13:30:19

    voila le résultat de blacklight

    03/22/08 13:13:29 [Info]: BlackLight Engine 1.0.67 initialized
    03/22/08 13:13:29 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    03/22/08 13:13:29 [Note]: 7019 4
    03/22/08 13:13:29 [Note]: 7005 0
    03/22/08 13:13:34 [Note]: 7006 0
    03/22/08 13:13:34 [Note]: 7011 1704
    03/22/08 13:13:34 [Note]: 7026 0
    03/22/08 13:13:34 [Note]: 7026 0
    03/22/08 13:13:35 [Note]: FSRAW library version 1.7.1024
    03/22/08 13:15:42 [Note]: 7007 0


    voila j ai envoyé les fichiers a bientot
    22 Mars 2008 13:39:35

    Merci :) 

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: etlrlws - {EF04FFC1-16A5-4683-95AC-BE24D11152F3} - C:\WINDOWS\etlrlws.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [yfcysnsx] C:\WINDOWS\system32\yfcysnsx.exe
    O4 - HKLM\..\Run: [yrdnthtf] C:\WINDOWS\system32\yrdnthtf.exe
    O4 - HKLM\..\Policies\Explorer\Run: [SThri9Dade] C:\WINDOWS\idgdyhgr.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

    Puis Fix Checked !

    ******

    Télécharger OTMoveIt2. ( de OldTimer)

  • Enregistrece fichier sur le Bureau.
  • Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\WINDOWS\etlrlws.dll
    C:\WINDOWS\system32\yfcysnsx.exe
    C:\WINDOWS\system32\yrdnthtf.exe
    C:\WINDOWS\idgdyhgr.exe

  • Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller.
  • Clique sur le bouton rouge Moveit!.
  • Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Ferme OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
    22 Mars 2008 15:28:25

    voila le résultat d'otmovelt2

    C:\WINDOWS\etlrlws.dll unregistered successfully.
    C:\WINDOWS\etlrlws.dll moved successfully.
    C:\WINDOWS\system32\yfcysnsx.exe moved successfully.
    C:\WINDOWS\system32\yrdnthtf.exe moved successfully.
    C:\WINDOWS\idgdyhgr.exe moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03222008_152535


    voila
    22 Mars 2008 15:36:15

    Est-ce mieux ?

    Reposte un HijackThis.
    22 Mars 2008 16:10:40

    voila le résultat monsieur
    dis moi si ma douce machine est guérie.......


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:08:32, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Alwil Software\Avast4\aswUpdSv.exe
    C:\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\eMule\emule.exe
    C:\Alwil Software\Avast4\ashMaiSv.exe
    C:\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\system32\JMRaidSetup.exe" boot
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [qavjptga] C:\WINDOWS\system32\qavjptga.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [ccleaner] "C:\CCleaner\ccleaner.exe" /AUTO
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84969725-D437-43DB-97AA-17ADDF2CBA01}: NameServer = 81.220.255.4,80.236.0.68
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5424 bytes
    22 Mars 2008 16:21:46

    Hmm..

    Télécharge Combofix (de sUBs) sur ton Bureau.

    Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
    Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
    Tape sur la touche 1 (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : C:\Combofix.txt
    22 Mars 2008 16:56:45

    ComboFix 08-03-22.1 - Administrateur 2008-03-22 16:51:43.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1449 [GMT 1:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install\install.exe
    C:\WINDOWS\rs.txt

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-22 15:25 . 2008-03-22 15:25 <REP> d-------- C:\_OTMoveIt
    2008-03-22 05:00 . 2008-03-22 05:00 90,112 --a------ C:\WINDOWS\system32\qavjptga.exe
    2008-03-22 01:05 . 2008-03-22 01:05 <REP> d-------- C:\Trend Micro
    2008-03-21 23:35 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
    2008-03-21 23:35 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2008-03-21 23:35 . 2008-03-21 23:35 3,120 --a------ C:\WINDOWS\system32\118290.54
    2008-03-21 23:35 . 2008-03-21 23:35 3,120 --a------ C:\WINDOWS\118294.78
    2008-03-21 23:35 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2008-03-21 23:18 . 2008-03-22 00:45 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-03-21 23:02 . 2008-03-21 23:02 <REP> d-------- C:\Spybot - Search & Destroy
    2008-03-21 22:38 . 2008-03-21 22:21 36,156,585 --a------ C:\WINDOWS\LPT$VPN.181
    2008-03-21 22:35 . 2008-03-21 22:35 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-03-21 22:21 . 2008-03-21 22:21 <REP> d-------- C:\WINDOWS\report
    2008-03-21 22:21 . 2008-03-21 22:35 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-03-21 22:21 . 2008-03-21 22:21 36,156,585 --a------ C:\WINDOWS\VPTNFILE.181
    2008-03-21 22:21 . 2008-03-21 22:21 1,934,920 --a------ C:\WINDOWS\tsc.ptn
    2008-03-21 22:21 . 2008-03-21 22:35 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-03-21 22:21 . 2008-03-21 22:21 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-03-21 22:21 . 2008-03-21 22:35 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-03-21 22:21 . 2008-03-21 22:21 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-03-21 22:21 . 2008-03-21 22:47 823 --a------ C:\WINDOWS\tsc.ini
    2008-03-21 22:20 . 2008-03-21 22:20 <REP> d-------- C:\WINDOWS\AU_Log
    2008-03-21 22:20 . 2008-03-21 22:20 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-03-21 22:20 . 2008-03-21 22:20 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-03-21 22:20 . 2008-03-21 22:20 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-03-21 22:20 . 2008-03-21 22:35 170 --a------ C:\WINDOWS\GetServer.ini
    2008-03-21 21:27 . 2008-03-21 21:27 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
    2008-03-21 21:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-03-21 19:56 . 2008-03-21 19:56 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-03-21 19:48 . 2008-03-21 21:21 <REP> d-------- C:\Program Files\Google
    2008-03-21 19:29 . 2008-03-21 19:29 3,038 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-21 19:28 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-21 19:28 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-21 19:28 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-21 19:28 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-21 19:28 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-21 19:28 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-21 19:28 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-21 18:59 . 2008-03-22 02:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-21 18:47 . 2008-03-21 22:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-21 18:45 . 2008-03-21 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-21 18:36 . 2008-03-21 18:36 <REP> d-------- C:\CCleaner
    2008-03-21 17:44 . 2008-03-21 17:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-03-21 17:18 . 2008-03-21 17:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC-Cleaner
    2008-03-21 15:44 . 2008-03-21 15:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-21 15:44 . 2008-03-21 15:44 <REP> d-------- C:\Lavasoft
    2008-03-21 15:44 . 2008-03-21 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-21 15:36 . 2008-03-21 15:36 <REP> d-------- C:\Documents and Settings\Administrateur\Bureauvirii
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\BureauTrojan.Win32.BlackBird.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\BureauFWebdEditor.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\Bureaufwebd.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\Bureaufkwp2.0.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\Bureaufkwp1.5.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\Bureaufilemanagerclient.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\BureauEditorFKWP2.0.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\BureauEditorFKWP1.5.exe
    2008-03-21 15:35 . 2008-03-21 10:50 212,992 --a------ C:\WINDOWS\drnpfdxlsk.dll
    2008-03-21 15:35 . 2008-03-21 10:50 208,896 --a------ C:\WINDOWS\altvxvm.dll
    2008-03-21 15:19 . 2008-03-21 15:19 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-03-21 15:00 . 2008-03-21 15:00 <REP> d-------- C:\Documents and Settings\Administrateur\.thumbnails
    2008-03-21 14:53 . 2008-03-21 15:08 <REP> d-------- C:\Documents and Settings\Administrateur\.gimp-2.4
    2008-03-21 14:52 . 2008-03-21 14:52 <REP> d-------- C:\GIMP-2.0
    2008-03-21 14:51 . 2008-03-21 14:51 <REP> d-------- C:\Program Files\Fichiers communs\GTK
    2008-03-21 13:11 . 2008-03-21 13:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-21 11:29 . 2008-03-21 11:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Pollux Gamelabs
    2008-03-21 11:12 . 2008-03-21 11:12 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-03-20 19:56 . 2001-03-19 14:25 722,192 --a------ C:\WINDOWS\system32\VB40032.DLL
    2008-03-20 19:56 . 2001-03-19 14:25 61,952 --a------ C:\WINDOWS\ST4UNST.EXE
    2008-03-20 19:56 . 2001-03-19 14:25 37,376 --a------ C:\WINDOWS\system32\ven2232.olb
    2008-03-20 19:56 . 2001-03-19 14:25 35,136 --a------ C:\WINDOWS\system32\VB4FR32.DLL
    2008-03-20 19:56 . 2008-03-20 19:56 8,192 --a------ C:\WINDOWS\system32\dmfafr50.ocy
    2008-03-20 19:56 . 2008-03-20 20:01 4,096 --a------ C:\WINDOWS\system32\dmfafr50.dly
    2008-03-20 19:56 . 2008-03-20 19:56 27 ---h----- C:\TraFgFr.Tra
    2008-03-20 18:24 . 2008-03-20 18:24 <REP> d-------- C:\Python25
    2008-03-20 02:03 . 2008-03-20 02:03 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-03-20 02:03 . 2008-03-20 02:03 <REP> d-------- C:\Veoh Networks
    2008-03-19 22:46 . 2008-03-19 23:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
    2008-03-19 19:44 . 2008-03-19 19:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CrystalApp
    2008-03-19 19:40 . 2008-03-19 19:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PlaneShift
    2008-03-19 19:40 . 2008-03-19 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CrystalSpace
    2008-03-19 19:38 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-03-19 18:29 . 2008-03-22 15:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-19 18:29 . 2008-03-19 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-19 16:35 . 2008-03-19 16:35 <REP> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
    2008-03-19 16:34 . 2008-03-21 17:53 <REP> d-------- C:\DAEMON Tools
    2008-03-19 16:32 . 2008-03-19 16:32 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-19 03:03 . 2004-08-04 01:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-03-18 21:26 . 2008-03-18 21:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
    2008-03-18 20:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-03-18 20:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-03-18 20:58 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-03-18 20:46 . 2008-03-22 09:34 <REP> d-------- C:\eMule
    2008-03-18 20:26 . 2008-03-18 20:26 1,158 --a------ C:\WINDOWS\mozver.dat
    2008-03-18 20:22 . 2008-03-18 20:22 <REP> d-------- C:\WINDOWS\Sun
    2008-03-18 20:22 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-03-18 20:21 . 2008-03-18 20:22 <REP> d-------- C:\Program Files\Java
    2008-03-18 20:21 . 2008-03-18 20:21 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-03-18 20:10 . 2008-03-18 20:10 <REP> d-------- C:\Blender Foundation
    2008-03-18 19:59 . 2008-03-18 19:59 <REP> d-------- C:\WinRAR
    2008-03-18 19:56 . 2008-03-18 19:57 <REP> d-------- C:\Program Files\DivX

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-21 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-18 12:26 --------- d-----w C:\Program Files\Realtek
    2008-03-18 12:25 --------- d-----w C:\Program Files\Analog Devices
    2008-03-18 12:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-03-18 12:17 --------- d-----w C:\Program Files\Intel
    2008-03-18 12:03 --------- d-----w C:\Program Files\microsoft frontpage
    2008-03-18 12:01 --------- d-----w C:\Program Files\Services en ligne
    2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
    "Veoh"="C:\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968]
    "ccleaner"="C:\CCleaner\ccleaner.exe" [2008-02-20 15:15 816368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
    "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44 1953792]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:55 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-06-28 17:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:55 33792 C:\WINDOWS\system32\rundll32.exe]
    "avast!"="C:\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "DAEMON Tools"="C:\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "qavjptga"="C:\WINDOWS\system32\qavjptga.exe" [2008-03-22 05:00 90112]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Veoh Networks\\Veoh\\VeohClient.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2107:UDP"= 2107:UDP:Windows Media Format SDK (wmplayer.exe)
    "2106:UDP"= 2106:UDP:Windows Media Format SDK (wmplayer.exe)
    "2109:UDP"= 2109:UDP:Windows Media Format SDK (wmplayer.exe)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{512a59e9-f4e7-11dc-aeb0-806d6172696f}]
    \Shell\AutoRun\command - E:\Bin\Assetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-18 18:54:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 16:52:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-22 16:52:58
    ComboFix-quarantined-files.txt 2008-03-22 15:52:50
    .
    2008-03-19 16:58:36 --- E O F ---

    voila pour combofix
    22 Mars 2008 17:04:48

    Re,

    Télécharge SmitfraudFix (de S!ri)
    Enregistre le sur ton bureau.

    Lance-le en double cliquant sur SmitfraudFix.exe
    Appuie sur une touche comme demandé.
    Exécute l’option 1, un rapport va apparaître, poste le .
    22 Mars 2008 17:38:47

    SmitFraudFix v2.307

    Rapport fait à 17:36:36,89, 22/03/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Alwil Software\Avast4\aswUpdSv.exe
    C:\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\eMule\emule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Alwil Software\Avast4\ashMaiSv.exe
    C:\Alwil Software\Avast4\ashWebSv.exe
    C:\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    127.0.0.1 www.legal-at-spybot.info
    127.0.0.1 legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 81.220.255.4
    DNS Server Search Order: 80.236.0.68

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{84969725-D437-43DB-97AA-17ADDF2CBA01}: NameServer=81.220.255.4,80.236.0.68
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{84969725-D437-43DB-97AA-17ADDF2CBA01}: NameServer=81.220.255.4,80.236.0.68
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{84969725-D437-43DB-97AA-17ADDF2CBA01}: NameServer=81.220.255.4,80.236.0.68


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    voila monsieur on en est ou?
    22 Mars 2008 18:05:53

    Bizarre..

    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
    Relance SmitfraudFix.
    Prends cette fois l’option 2. (Oui à toutes les questions)

    Si tu dois redémarrer, ton ordi fais-le .
    Poste le rapport qui se situe dans C:\rapport.txt .

    *******

    Repasse COmbofix, poste moi le nouveau rapport ;) 
    22 Mars 2008 18:38:39

    SmitFraudFix v2.307

    Rapport fait à 18:26:37,23, 22/03/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.1001-search.info
    127.0.0.1 1001-search.info
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.132.com
    127.0.0.1 132.com
    127.0.0.1 www.136136.net
    127.0.0.1 136136.net
    127.0.0.1 www.139mm.com
    127.0.0.1 139mm.com
    127.0.0.1 www.163ns.com
    127.0.0.1 163ns.com
    127.0.0.1 171203.com
    127.0.0.1 17-plus.com
    127.0.0.1 www.1800searchonline.com
    127.0.0.1 1800searchonline.com
    127.0.0.1 www.180searchassistant.com
    127.0.0.1 180searchassistant.com
    127.0.0.1 www.180solutions.com
    127.0.0.1 180solutions.com
    127.0.0.1 www.181.365soft.info
    127.0.0.1 181.365soft.info
    127.0.0.1 www.1987324.com
    127.0.0.1 1987324.com
    127.0.0.1 www.1-domains-registrations.com
    127.0.0.1 1-domains-registrations.com
    127.0.0.1 www.1-extreme.biz
    127.0.0.1 1-extreme.biz
    127.0.0.1 www.1sexparty.com
    127.0.0.1 1sexparty.com
    127.0.0.1 www.1stantivirus.com
    127.0.0.1 1stantivirus.com
    127.0.0.1 www.1stpagehere.com
    127.0.0.1 1stpagehere.com
    127.0.0.1 www.1stsearchportal.com
    127.0.0.1 1stsearchportal.com
    127.0.0.1 2.82211.net
    127.0.0.1 www.2006ooo.com
    127.0.0.1 www.2007-download.com
    127.0.0.1 2007-download.com
    127.0.0.1 www.2020search.com
    127.0.0.1 2020search.com
    127.0.0.1 20x2p.com
    127.0.0.1 www.24.365soft.info
    127.0.0.1 24.365soft.info
    127.0.0.1 www.24-7pharmacy.info
    127.0.0.1 24-7pharmacy.info
    127.0.0.1 www.24-7searching-and-more.com
    127.0.0.1 24-7searching-and-more.com
    127.0.0.1 www.24teen.com
    127.0.0.1 24teen.com
    127.0.0.1 www.2every.net
    127.0.0.1 2every.net
    127.0.0.1 2ndpower.com
    127.0.0.1 www.2search.com
    127.0.0.1 2search.com
    127.0.0.1 www.2search.org
    127.0.0.1 2search.org
    127.0.0.1 www.2squared.com
    127.0.0.1 2squared.com
    127.0.0.1 www.3322.org
    127.0.0.1 3322.org
    127.0.0.1 365soft.info
    127.0.0.1 www.36site.com
    127.0.0.1 36site.com
    127.0.0.1 3721.com
    127.0.0.1 39-93.com
    127.0.0.1 www.3abetterinternet.com
    127.0.0.1 3abetterinternet.com
    127.0.0.1 www.3bay.it
    127.0.0.1 3bay.it
    127.0.0.1 www.3ebay.it
    127.0.0.1 3ebay.it
    127.0.0.1 www.3xclipsonline.com
    127.0.0.1 3xclipsonline.com
    127.0.0.1 www.3xcurves.com
    127.0.0.1 3xcurves.com
    127.0.0.1 www.3xfestival.com
    127.0.0.1 3xfestival.com
    127.0.0.1 www.3x-festival.com
    127.0.0.1 3x-festival.com
    127.0.0.1 www.3x-galls.com
    127.0.0.1 3x-galls.com
    127.0.0.1 www.3xmiracle.com
    127.0.0.1 3xmiracle.com
    127.0.0.1 www.3xmoviesblog.com
    127.0.0.1 3xmoviesblog.com
    127.0.0.1 www.404dns.com
    127.0.0.1 404dns.com
    127.0.0.1 www.4199.com
    127.0.0.1 4199.com
    127.0.0.1 www.4corn.net
    127.0.0.1 4corn.net
    127.0.0.1 www.4ebay.it
    127.0.0.1 4ebay.it
    127.0.0.1 4klm.com
    127.0.0.1 www.4mpg.com
    127.0.0.1 4mpg.com
    127.0.0.1 www.4repubblica.it
    127.0.0.1 4repubblica.it
    127.0.0.1 www.4softget.com
    127.0.0.1 4softget.com
    127.0.0.1 www.5iscali.it
    127.0.0.1 5iscali.it
    127.0.0.1 www.5repubblica.it
    127.0.0.1 5repubblica.it
    127.0.0.1 www.5starvideos.com
    127.0.0.1 5starvideos.com
    127.0.0.1 www.5tiscali.it
    127.0.0.1 5tiscali.it
    127.0.0.1 www.5zgmu7o20kt5d8yq.com
    127.0.0.1 5zgmu7o20kt5d8yq.com
    127.0.0.1 www.680180.net
    127.0.0.1 680180.net
    127.0.0.1 www.6iscali.it
    127.0.0.1 6iscali.it
    127.0.0.1 www.6njaga.com
    127.0.0.1 6njaga.com
    127.0.0.1 www.6sek.com
    127.0.0.1 6sek.com
    127.0.0.1 www.6tiscali.it
    127.0.0.1 6tiscali.it
    127.0.0.1 www.70-music.com
    127.0.0.1 70-music.com
    127.0.0.1 www.7322.com
    127.0.0.1 7322.com
    127.0.0.1 75tz.com
    127.0.0.1 www.777search.com
    127.0.0.1 777search.com
    127.0.0.1 www.777top.com
    127.0.0.1 777top.com
    127.0.0.1 www.7939.com
    127.0.0.1 7939.com
    127.0.0.1 www.7search.com
    127.0.0.1 7search.com
    127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
    127.0.0.1 www.80-music.com
    127.0.0.1 80-music.com
    127.0.0.1 82211.net
    127.0.0.1 8866.org
    127.0.0.1 www.888.com
    127.0.0.1 888.com
    127.0.0.1 www.8ad.com
    127.0.0.1 8ad.com
    127.0.0.1 www.90-music.com
    127.0.0.1 90-music.com
    127.0.0.1 www.9505.com
    127.0.0.1 9505.com
    127.0.0.1 www.971searchbox.com
    127.0.0.1 971searchbox.com
    127.0.0.1 a.bestmanage.org
    127.0.0.1 www.aaabesthomepage.com
    127.0.0.1 aaabesthomepage.com
    127.0.0.1 aaasexypics.com
    127.0.0.1 www.aaawebfinder.com
    127.0.0.1 aaawebfinder.com
    127.0.0.1 www.aaqadarsztriv.com
    127.0.0.1 aaqadarsztriv.com
    127.0.0.1 www.aaqada-rsztriv.com
    127.0.0.1 aaqada-rsztriv.com
    127.0.0.1 www.aaqadaueorn.com
    127.0.0.1 aaqadaueorn.com
    127.0.0.1 www.aaqada-ueorn.com
    127.0.0.1 aaqada-ueorn.com
    127.0.0.1 www.aaqada-ygco.com
    127.0.0.1 aaqada-ygco.com
    127.0.0.1 www.aaqada-ymct.com
    127.0.0.1 aaqada-ymct.com
    127.0.0.1 aavc.com
    127.0.0.1 www.abcdperformance.com
    127.0.0.1 abcdperformance.com
    127.0.0.1 www.abc-find.info
    127.0.0.1 abc-find.info
    127.0.0.1 www.abcsearch.com
    127.0.0.1 abcsearch.com
    127.0.0.1 www.abetterinternet.com
    127.0.0.1 abetterinternet.com
    127.0.0.1 www.abnetsoft.info
    127.0.0.1 abnetsoft.info
    127.0.0.1 www.aboutclicker.com
    127.0.0.1 aboutclicker.com
    127.0.0.1 www.abrp.net
    127.0.0.1 abrp.net
    127.0.0.1 www.absolutee.com
    127.0.0.1 absolutee.com
    127.0.0.1 www.abyssmedia.com
    127.0.0.1 abyssmedia.com
    127.0.0.1 www.ac66.cn
    127.0.0.1 ac66.cn
    127.0.0.1 access.Navinetwork.com
    127.0.0.1 access.rapid-pass.net
    127.0.0.1 www.accessactivexvideo.com
    127.0.0.1 accessactivexvideo.com
    127.0.0.1 www.accessclips.com
    127.0.0.1 accessclips.com
    127.0.0.1 www.access-dvd.com
    127.0.0.1 access-dvd.com
    127.0.0.1 www.accesskeygenerator.com
    127.0.0.1 accesskeygenerator.com
    127.0.0.1 www.accessorygeeks.com
    127.0.0.1 accessorygeeks.com
    127.0.0.1 www.accessthefuture.net
    127.0.0.1 accessthefuture.net
    127.0.0.1 www.accessvid.net
    127.0.0.1 accessvid.net
    127.0.0.1 www.acemedic.com
    127.0.0.1 acemedic.com
    127.0.0.1 www.ace-webmaster.com
    127.0.0.1 ace-webmaster.com
    127.0.0.1 acjp.com
    127.0.0.1 www.acrobat-2007.com
    127.0.0.1 acrobat-2007.com
    127.0.0.1 www.acrobat-8.com
    127.0.0.1 acrobat-8.com
    127.0.0.1 www.acrobat-center.com
    127.0.0.1 acrobat-center.com
    127.0.0.1 www.acrobat-hq.com
    127.0.0.1 acrobat-hq.com
    127.0.0.1 www.acrobatreader-8.com
    127.0.0.1 acrobatreader-8.com
    127.0.0.1 www.acrobat-reader-8.de
    127.0.0.1 acrobat-reader-8.de
    127.0.0.1 www.acrobat-stop.com
    127.0.0.1 acrobat-stop.com
    127.0.0.1 www.actionbreastcancer.org
    127.0.0.1 actionbreastcancer.org
    127.0.0.1 www.activesearcher.info
    127.0.0.1 activesearcher.info
    127.0.0.1 www.activexaccessobject.com
    127.0.0.1 activexaccessobject.com
    127.0.0.1 www.activexaccessvideo.com
    127.0.0.1 activexaccessvideo.com
    127.0.0.1 www.activexemedia.com
    127.0.0.1 activexemedia.com
    127.0.0.1 www.activexmediaobject.com
    127.0.0.1 activexmediaobject.com
    127.0.0.1 www.activexmediapro.com
    127.0.0.1 activexmediapro.com
    127.0.0.1 www.activexmediasite.com
    127.0.0.1 activexmediasite.com
    127.0.0.1 www.activexmediasoftware.com
    127.0.0.1 activexmediasoftware.com
    127.0.0.1 www.activexmediasource.com
    127.0.0.1 activexmediasource.com
    127.0.0.1 www.activexmediatool.com
    127.0.0.1 activexmediatool.com
    127.0.0.1 www.activexmediatour.com
    127.0.0.1 activexmediatour.com
    127.0.0.1 www.activexsoftwares.com
    127.0.0.1 activexsoftwares.com
    127.0.0.1 www.activexsource.com
    127.0.0.1 activexsource.com
    127.0.0.1 www.activexupdate.com
    127.0.0.1 activexupdate.com
    127.0.0.1 www.activexvideo.com
    127.0.0.1 activexvideo.com
    127.0.0.1 www.activexvideotool.com
    127.0.0.1 activexvideotool.com
    127.0.0.1 www.ad.marketingsector.com
    127.0.0.1 ad.marketingsector.com
    127.0.0.1 www.ad.mokead.com
    127.0.0.1 ad.mokead.com
    127.0.0.1 ad.oinadserver.com
    127.0.0.1 ad.outerinfoads.com
    127.0.0.1 www.ad25.com
    127.0.0.1 ad25.com
    127.0.0.1 www.ad45.com
    127.0.0.1 ad45.com
    127.0.0.1 www.ad77.com
    127.0.0.1 ad77.com
    127.0.0.1 www.ad86.com
    127.0.0.1 ad86.com
    127.0.0.1 www.adamsupportgroup.org
    127.0.0.1 adamsupportgroup.org
    127.0.0.1 www.adarmor.com
    127.0.0.1 adarmor.com
    127.0.0.1 www.adasearch.com
    127.0.0.1 adasearch.com
    127.0.0.1 adaware.cc
    127.0.0.1 www.adawarenow.com
    127.0.0.1 adawarenow.com
    127.0.0.1 adchannel.contextplus.net
    127.0.0.1 www.addetect.com
    127.0.0.1 addetect.com
    127.0.0.1 www.add-hhh.info
    127.0.0.1 add-hhh.info
    127.0.0.1 www.addictivetechnologies.com
    127.0.0.1 addictivetechnologies.com
    127.0.0.1 www.addictivetechnologies.net
    127.0.0.1 addictivetechnologies.net
    127.0.0.1 www.addioerrori.com
    127.0.0.1 addioerrori.com
    127.0.0.1 www.add-manager.com
    127.0.0.1 add-manager.com
    127.0.0.1 www.adgate.info
    127.0.0.1 adgate.info
    127.0.0.1 www.adintelligence.net
    127.0.0.1 adintelligence.net
    127.0.0.1 www.adioserrores.com
    127.0.0.1 adioserrores.com
    127.0.0.1 www.adipics.com
    127.0.0.1 adipics.com
    127.0.0.1 www.adlogix.com
    127.0.0.1 adlogix.com
    127.0.0.1 www.admin2cash.biz
    127.0.0.1 admin2cash.biz
    127.0.0.1 adnet-plus.com
    127.0.0.1 www.adnetserver.com
    127.0.0.1 adnetserver.com
    127.0.0.1 adobe-download-now.com
    127.0.0.1 www.adobe-downloads.com
    127.0.0.1 adobe-downloads.com
    127.0.0.1 www.adobe-reader-8.fr
    127.0.0.1 adobe-reader-8.fr
    127.0.0.1 www.adprotect.com
    127.0.0.1 adprotect.com
    127.0.0.1 ads.centralmedia.ws
    127.0.0.1 ads.k8l.info
    127.0.0.1 ads.kmpads.com
    127.0.0.1 ads.kw.revenue.net
    127.0.0.1 ads.marketingsector.com
    127.0.0.1 ads.searchingbooth.com
    127.0.0.1 ads.z-quest.com
    127.0.0.1 ads1.revenue.net
    127.0.0.1 www.ads183.com
    127.0.0.1 ads183.com
    127.0.0.1 www.adscontex.com
    127.0.0.1 adscontex.com
    127.0.0.1 www.adservices1.enhance.com
    127.0.0.1 adservices1.enhance.com
    127.0.0.1 adservs.com
    127.0.0.1 www.adsextend.net
    127.0.0.1 adsextend.net
    127.0.0.1 www.adshttp.com
    127.0.0.1 adshttp.com
    127.0.0.1 www.adsniffer.com
    127.0.0.1 adsniffer.com
    127.0.0.1 www.adsonwww.com
    127.0.0.1 adsonwww.com
    127.0.0.1 www.adspics.com
    127.0.0.1 adspics.com
    127.0.0.1 www.adsrevenue.net
    127.0.0.1 adsrevenue.net
    127.0.0.1 www.adtrak.net
    127.0.0.1 adtrak.net
    127.0.0.1 adtrgt.com
    127.0.0.1 www.adult777search.info
    127.0.0.1 adult777search.info
    127.0.0.1 www.adultan.com
    127.0.0.1 adultan.com
    127.0.0.1 www.adult-engine-search.com
    127.0.0.1 adult-engine-search.com
    127.0.0.1 www.adult-erotic-guide.net
    127.0.0.1 adult-erotic-guide.net
    127.0.0.1 www.adultfilmsite.com
    127.0.0.1 adultfilmsite.com
    127.0.0.1 www.adult-friends-finder.net
    127.0.0.1 adult-friends-finder.net
    127.0.0.1 adultgambling.org
    127.0.0.1 adult-host.org
    127.0.0.1 www.adulthyperlinks.com
    127.0.0.1 adulthyperlinks.com
    127.0.0.1 www.adultmovieplus.com
    127.0.0.1 adultmovieplus.com
    127.0.0.1 www.adult-mpg.net
    127.0.0.1 adult-mpg.net
    127.0.0.1 adult-personal.us
    127.0.0.1 adultsgames.net
    127.0.0.1 www.adultsonlyvids.com
    127.0.0.1 adultsonlyvids.com
    127.0.0.1 www.adultsper.com
    127.0.0.1 adultsper.com
    127.0.0.1 www.adulttds.com
    127.0.0.1 adulttds.com
    127.0.0.1 www.adultzoneworld.com
    127.0.0.1 adultzoneworld.com
    127.0.0.1 www.advcash.biz
    127.0.0.1 advcash.biz
    127.0.0.1 advert.exaccess.ru
    127.0.0.1 www.advertisemoney.info
    127.0.0.1 advertisemoney.info
    127.0.0.1 advertising.paltalk.com
    127.0.0.1 www.advertising-money.info
    127.0.0.1 advertising-money.info
    127.0.0.1 ad-ware.cc
    127.0.0.1 www.ad-w-a-r-e.com
    127.0.0.1 ad-w-a-r-e.com
    127.0.0.1 www.a-d-w-a-r-e.com
    127.0.0.1 a-d-w-a-r-e.com
    127.0.0.1 www.adware.pro
    127.0.0.1 adware.pro
    127.0.0.1 www.adwarealert.com
    127.0.0.1 adwarealert.com
    127.0.0.1 www.ad-warealert.com
    127.0.0.1 ad-warealert.com
    127.0.0.1 www.adwarearrest.com
    127.0.0.1 adwarearrest.com
    127.0.0.1 www.adwarebazooka.com
    127.0.0.1 adwarebazooka.com
    127.0.0.1 www.adwarecommander.com
    127.0.0.1 adwarecommander.com
    127.0.0.1 www.adwarefinder.com
    127.0.0.1 adwarefinder.com
    127.0.0.1 www.adwaregold.com
    127.0.0.1 adwaregold.com
    127.0.0.1 www.adwarepatrol.com
    127.0.0.1 adwarepatrol.com
    127.0.0.1 www.adwareplatinum.com
    127.0.0.1 adwareplatinum.com
    127.0.0.1 www.adwareprotectionsite.com
    127.0.0.1 adwareprotectionsite.com
    127.0.0.1 www.adwarepunisher.com
    127.0.0.1 adwarepunisher.com
    127.0.0.1 www.adwareremover.ws
    127.0.0.1 adwareremover.ws
    127.0.0.1 www.adwaresafety.com
    127.0.0.1 adwaresafety.com
    127.0.0.1 www.adwarexp.com
    127.0.0.1 adwarexp.com
    127.0.0.1 affiliate.idownload.com
    127.0.0.1 www.aflgate.com
    127.0.0.1 aflgate.com
    127.0.0.1 africaspromise.org
    127.0.0.1 agava.com
    127.0.0.1 agava.ru
    127.0.0.1 agentstudio.com
    127.0.0.1 www.aginegialle.it
    127.0.0.1 aginegialle.it
    127.0.0.1 aifind.info
    127.0.0.1 www.aifind.info
    127.0.0.1 www.airtleworld.com
    127.0.0.1 airtleworld.com
    127.0.0.1 www.aitalia.it
    127.0.0.1 aitalia.it
    127.0.0.1 akamai.downloadv3.com
    127.0.0.1 www.aklitalia.it
    127.0.0.1 aklitalia.it
    127.0.0.1 akril.com
    127.0.0.1 alcatel.ws
    127.0.0.1 www.alertspy.com
    127.0.0.1 alertspy.com
    127.0.0.1 www.alfacleaner.com
    127.0.0.1 alfacleaner.com
    127.0.0.1 alfa-search.com
    127.0.0.1 www.alialia.it
    127.0.0.1 alialia.it
    127.0.0.1 www.aliotalia.it
    127.0.0.1 aliotalia.it
    127.0.0.1 www.alirtalia.it
    127.0.0.1 alirtalia.it
    127.0.0.1 www.alitaia.it
    127.0.0.1 alitaia.it
    127.0.0.1 www.alitaklia.it
    127.0.0.1 alitaklia.it
    127.0.0.1 www.alitala.it
    127.0.0.1 alitala.it
    127.0.0.1 www.alitali.it
    127.0.0.1 alitali.it
    127.0.0.1 www.alitaliaq.it
    127.0.0.1 alitaliaq.it
    127.0.0.1 www.alitalias.it
    127.0.0.1 alitalias.it
    127.0.0.1 www.alitaliaz.it
    127.0.0.1 alitaliaz.it
    127.0.0.1 www.alitalioa.it
    127.0.0.1 alitalioa.it
    127.0.0.1 www.alitalisa.it
    127.0.0.1 alitalisa.it
    127.0.0.1 www.alitaliua.it
    127.0.0.1 alitaliua.it
    127.0.0.1 www.alitalkia.it
    127.0.0.1 alitalkia.it
    127.0.0.1 www.alitaloia.it
    127.0.0.1 alitaloia.it
    127.0.0.1 www.alitaluia.it
    127.0.0.1 alitaluia.it
    127.0.0.1 www.alitaslia.it
    127.0.0.1 alitaslia.it
    127.0.0.1 www.alitlia.it
    127.0.0.1 alitlia.it
    127.0.0.1 www.alitralia.it
    127.0.0.1 alitralia.it
    127.0.0.1 www.alitsalia.it
    127.0.0.1 alitsalia.it
    127.0.0.1 www.aliutalia.it
    127.0.0.1 aliutalia.it
    127.0.0.1 www.ALL1COUNT.NET
    127.0.0.1 ALL1COUNT.NET
    127.0.0.1 www.all4internet.com
    127.0.0.1 all4internet.com
    127.0.0.1 allabtcars.com
    127.0.0.1 allabtjeeps.com
    127.0.0.1 www.all-bittorrent.com
    127.0.0.1 all-bittorrent.com
    127.0.0.1 www.allcollisions.com
    127.0.0.1 allcollisions.com
    127.0.0.1 allcybersearch.com
    127.0.0.1 www.allcybersearch.com
    127.0.0.1 www.alldnserrors.com
    127.0.0.1 alldnserrors.com
    127.0.0.1 www.all-downloads-now.com
    127.0.0.1 all-downloads-now.com
    127.0.0.1 www.all-edonkey.com
    127.0.0.1 all-edonkey.com
    127.0.0.1 www.allertaminacce.com
    127.0.0.1 allertaminacce.com
    127.0.0.1 allforadult.com
    127.0.0.1 allhyperlinks.com
    127.0.0.1 www.alliesecurity.com
    127.0.0.1 alliesecurity.com
    127.0.0.1 all-inet.com
    127.0.0.1 allinternetbusiness.com
    127.0.0.1 www.all-limewire.com
    127.0.0.1 all-limewire.com
    127.0.0.1 www.allmegabucks.com
    127.0.0.1 allmegabucks.com
    127.0.0.1 www.allprotections.com
    127.0.0.1 allprotections.com
    127.0.0.1 www.allresultz.net
    127.0.0.1 allresultz.net
    127.0.0.1 www.allsearch.us
    127.0.0.1 allsearch.us
    127.0.0.1 www.allsecuritynotes.com
    127.0.0.1 allsecuritynotes.com
    127.0.0.1 www.allsecuritysite.com
    127.0.0.1 allsecuritysite.com
    127.0.0.1 www.allstarsvideos.net
    127.0.0.1 allstarsvideos.net
    127.0.0.1 www.alltiettantivirus.com
    127.0.0.1 alltiettantivirus.com
    127.0.0.1 www.alltruesoftware.com
    127.0.0.1 alltruesoftware.com
    127.0.0.1 www.allvideoactivex.com
    127.0.0.1 allvideoactivex.com
    127.0.0.1 www.almanah.biz
    127.0.0.1 almanah.biz
    127.0.0.1 almarvideos.com
    127.0.0.1 www.aloitalia.it
    127.0.0.1 aloitalia.it
    127.0.0.1 www.aluitalia.it
    127.0.0.1 aluitalia.it
    127.0.0.1 www.amaena.com
    127.0.0.1 amaena.com
    127.0.0.1 amandamountains.com
    127.0.0.1 www.amateurliveshow.com
    127.0.0.1 amateurliveshow.com
    127.0.0.1 www.amediasoftware.com
    127.0.0.1 amediasoftware.com
    127.0.0.1 www.amediasource.com
    127.0.0.1 amediasource.com
    127.0.0.1 www.americanautobargains.com
    127.0.0.1 americanautobargains.com
    127.0.0.1 www.americancarbargains.com
    127.0.0.1 americancarbargains.com
    127.0.0.1 american-teens.net
    127.0.0.1 amigeek.com
    127.0.0.1 www.amigobore.com
    127.0.0.1 amigobore.com
    127.0.0.1 amisbusiness.com
    127.0.0.1 www.ampmsearch.com
    127.0.0.1 ampmsearch.com
    127.0.0.1 www.analcord.com
    127.0.0.1 analcord.com
    127.0.0.1 analmovi.com
    127.0.0.1 www.anarchylolita.com
    127.0.0.1 anarchylolita.com
    127.0.0.1 anarchyporn.com
    127.0.0.1 www.andromedical.com
    127.0.0.1 andromedical.com
    127.0.0.1 www.animepornmag.com
    127.0.0.1 animepornmag.com
    127.0.0.1 anin.org
    127.0.0.1 www.anjpn-avxiz.biz
    127.0.0.1 anjpn-avxiz.biz
    127.0.0.1 www.anjpnzqav.biz
    127.0.0.1 anjpnzqav.biz
    127.0.0.1 www.anjpn-zqav.biz
    127.0.0.1 anjpn-zqav.biz
    127.0.0.1 annaromeo.com
    127.0.0.1 www.antiddos.us
    127.0.0.1 antiddos.us
    127.0.0.1 www.Antiespiadorado.com
    127.0.0.1 Antiespiadorado.com
    127.0.0.1 www.Antiespionspack.com
    127.0.0.1 Antiespionspack.com
    127.0.0.1 www.Antigusanos2008.com
    127.0.0.1 Antigusanos2008.com
    127.0.0.1 www.antispamassistant.com
    127.0.0.1 antispamassistant.com
    127.0.0.1 www.antispamdeluxe.com
    127.0.0.1 antispamdeluxe.com
    127.0.0.1 www.Antispionage.com
    127.0.0.1 Antispionage.com
    127.0.0.1 www.Antispionagepro.com
    127.0.0.1 Antispionagepro.com
    127.0.0.1 www.antispyadvanced.com
    127.0.0.1 antispyadvanced.com
    127.0.0.1 www.antispydns.biz
    127.0.0.1 antispydns.biz
    127.0.0.1 www.antispylab.com
    127.0.0.1 antispylab.com
    127.0.0.1 www.antispysolutions.com
    127.0.0.1 antispysolutions.com
    127.0.0.1 www.antispyware.com
    127.0.0.1 antispyware.com
    127.0.0.1 www.antispywareboot.com
    127.0.0.1 antispywareboot.com
    127.0.0.1 www.antispywarebot.com
    127.0.0.1 antispywarebot.com
    127.0.0.1 www.antispywarebox.com
    127.0.0.1 antispywarebox.com
    127.0.0.1 www.antispywaredownloads.com
    127.0.0.1 antispywaredownloads.com
    127.0.0.1 antispywaresuite.com
    127.0.0.1 www.antispywaresuite.com
    127.0.0.1 Antispywaresuite.com
    127.0.0.1 www.Antispywaresuite.com
    127.0.0.1 www.antispywareupdates.net
    127.0.0.1 antispywareupdates.net
    127.0.0.1 www.antispywarexp.com
    127.0.0.1 antispywarexp.com
    127.0.0.1 www.Antispyweb.net
    127.0.0.1 Antispyweb.net
    127.0.0.1 www.Antiver2008.com
    127.0.0.1 Antiver2008.com
    127.0.0.1 www.antivermins.com
    127.0.0.1 antivermins.com
    127.0.0.1 www.anti-vermins.com
    127.0.0.1 anti-vermins.com
    127.0.0.1 www.antivir2007.com
    127.0.0.1 antivir2007.com
    127.0.0.1 www.antivirgear.com
    127.0.0.1 antivirgear.com
    127.0.0.1 www.antivirus.fastfreedownload.com
    127.0.0.1 antivirus.fastfreedownload.com
    127.0.0.1 www.antivirusadvance.com
    127.0.0.1 antivirusadvance.com
    127.0.0.1 www.antivirusaskeladd.com
    127.0.0.1 antivirusaskeladd.com
    127.0.0.1 www.antivirusgereedschap.com
    127.0.0.1 antivirusgereedschap.com
    127.0.0.1 www.antivirusgolden.com
    127.0.0.1 antivirusgolden.com
    127.0.0.1 www.antivirus-hq.net
    127.0.0.1 antivirus-hq.net
    127.0.0.1 www.antiviruspcsuite.com
    127.0.0.1 antiviruspcsuite.com
    127.0.0.1 www.antiviruspremium.com
    127.0.0.1 antiviruspremium.com
    127.0.0.1 www.anti-virus-pro.com
    127.0.0.1 anti-virus-pro.com
    127.0.0.1 www.antivirusprotector.com
    127.0.0.1 antivirusprotector.com
    127.0.0.1 www.antivirusscherm.com
    127.0.0.1 antivirusscherm.com
    127.0.0.1 www.antivirussecuritypro.com
    127.0.0.1 antivirussecuritypro.com
    127.0.0.1 www.antivirus-stop.com
    127.0.0.1 antivirus-stop.com
    127.0.0.1 antiworm2008.com
    127.0.0.1 www.antiworm2008.com
    127.0.0.1 Antiworm2008.com
    127.0.0.1 www.Antiworm2008.com
    127.0.0.1 www.Antiwurm2008.com
    127.0.0.1 Antiwurm2008.com
    127.0.0.1 antrocity.com
    127.0.0.1 www.anyofus.com
    127.0.0.1 anyofus.com
    127.0.0.1 www.anysn.seproger.com
    127.0.0.1 anysn.seproger.com
    127.0.0.1 anything4health.com
    127.0.0.1 www.apicpreview.com
    127.0.0.1 apicpreview.com
    127.0.0.1 www.appealcircuit.com
    127.0.0.1 appealcircuit.com
    127.0.0.1 www.approvedlinks.com
    127.0.0.1 approvedlinks.com
    127.0.0.1 apps.deskwizz.com
    127.0.0.1 apps.webservicehost.com
    127.0.0.1 www.aprotectedpage.com
    127.0.0.1 aprotectedpage.com
    127.0.0.1 apsua.com
    127.0.0.1 www.archivioadulti.com
    127.0.0.1 archivioadulti.com
    127.0.0.1 www.archiviosex.net
    127.0.0.1 archiviosex.net
    127.0.0.1 aregay.com
    127.0.0.1 www.ares.click-new-download.com
    127.0.0.1 ares.click-new-download.com
    127.0.0.1 www.ares-freebie.com
    127.0.0.1 ares-freebie.com
    127.0.0.1 www.arespro2007.com
    127.0.0.1 arespro2007.com
    127.0.0.1 www.aresultra.com
    127.0.0.1 aresultra.com
    127.0.0.1 www.ares-usa.com
    127.0.0.1 ares-usa.com
    127.0.0.1 arheo.com
    127.0.0.1 arizonaweb.org
    127.0.0.1 armitageinn.com
    127.0.0.1 www.arquivojpgs.smtp.ru
    127.0.0.1 arquivojpgs.smtp.ru
    127.0.0.1 artachnid.com
    127.0.0.1 art-func.com
    127.0.0.1 art-xxx.com
    127.0.0.1 www.asafebrowser.com
    127.0.0.1 asafebrowser.com
    127.0.0.1 www.asafetyalways.com
    127.0.0.1 asafetyalways.com
    127.0.0.1 www.asafetynotice.com
    127.0.0.1 asafetynotice.com
    127.0.0.1 www.asafetypage.com
    127.0.0.1 asafetypage.com
    127.0.0.1 www.asdbiz.biz
    127.0.0.1 asdbiz.biz
    127.0.0.1 www.asdeykuddq.com
    127.0.0.1 asdeykuddq.com
    127.0.0.1 www.asecurebar.com
    127.0.0.1 asecurebar.com
    127.0.0.1 www.asecureboard.com
    127.0.0.1 asecureboard.com
    127.0.0.1 www.asecurevalue.com
    127.0.0.1 asecurevalue.com
    127.0.0.1 www.asecurityissue.com
    127.0.0.1 asecurityissue.com
    127.0.0.1 www.asecuritynotice.com
    127.0.0.1 asecuritynotice.com
    127.0.0.1 www.asecuritypaper.com
    127.0.0.1 asecuritypaper.com
    127.0.0.1 www.asecuritystuff.com
    127.0.0.1 asecuritystuff.com
    127.0.0.1 asiankingkong.com
    127.0.0.1 www.asianpornmag.com
    127.0.0.1 asianpornmag.com
    127.0.0.1 www.asiantoolbar.com
    127.0.0.1 asiantoolbar.com
    127.0.0.1 www.asidseiupc.com
    127.0.0.1 asidseiupc.com
    127.0.0.1 www.aslitalia.it
    127.0.0.1 aslitalia.it
    127.0.0.1 ass-gals.com
    127.0.0.1 www.assureprotection.com
    127.0.0.1 assureprotection.com
    127.0.0.1 asta-killer.com
    127.0.0.1 www.asupereva.it
    127.0.0.1 asupereva.it
    127.0.0.1 www.ataprogram.com
    127.0.0.1 ataprogram.com
    127.0.0.1 athenrye.com
    127.0.0.1 www.atotalsafety.com
    127.0.0.1 atotalsafety.com
    127.0.0.1 www.atrueprotection.com
    127.0.0.1 atrueprotection.com
    127.0.0.1 www.atruesecurity.com
    127.0.0.1 atruesecurity.com
    127.0.0.1 www.attackware.com
    127.0.0.1 attackware.com
    127.0.0.1 www.attrezzi.biz
    127.0.0.1 attrezzi.biz
    127.0.0.1 www.aucunsvirus.com
    127.0.0.1 aucunsvirus.com
    127.0.0.1 www.aulde.net
    127.0.0.1 aulde.net
    127.0.0.1 www.aupereva.it
    127.0.0.1 aupereva.it
    127.0.0.1 www.autobargains.org
    127.0.0.1 autobargains.org
    127.0.0.1 www.autobargainsnetwork.com
    127.0.0.1 autobargainsnetwork.com
    127.0.0.1 www.autocontext.begun.ru
    127.0.0.1 autocontext.begun.ru
    127.0.0.1 autoescrowpay.com
    127.0.0.1 www.avadvance.com
    127.0.0.1 avadvance.com
    127.0.0.1 www.avast.free-software-center.com
    127.0.0.1 avast.free-software-center.com
    127.0.0.1 www.avast-2007.com
    127.0.0.1 avast-2007.com
    127.0.0.1 www.avast-downloads.com
    127.0.0.1 avast-downloads.com
    127.0.0.1 www.avast-hq.com
    127.0.0.1 avast-hq.com
    127.0.0.1 www.avforce.com
    127.0.0.1 avforce.com
    127.0.0.1 www.avg.grab-it-today.net
    127.0.0.1 avg.grab-it-today.net
    127.0.0.1 www.avg.softwarecenterz.com
    127.0.0.1 avg.softwarecenterz.com
    127.0.0.1 www.avg-secure.com
    127.0.0.1 avg-secure.com
    127.0.0.1 avian-ads.com
    127.0.0.1 www.avideoaxaccess.com
    127.0.0.1 avideoaxaccess.com
    127.0.0.1 www.avideosurfer.com
    127.0.0.1 avideosurfer.com
    127.0.0.1 www.aviewersoft.com
    127.0.0.1 aviewersoft.com
    127.0.0.1 www.avpcheckupdate.com
    127.0.0.1 avpcheckupdate.com
    127.0.0.1 www.avsmanufacture.com
    127.0.0.1 avsmanufacture.com
    127.0.0.1 www.avsystemcare.com
    127.0.0.1 avsystemcare.com
    127.0.0.1 www.avxizaaqada.biz
    127.0.0.1 avxizaaqada.biz
    127.0.0.1 www.avxiz-anjpn.biz
    127.0.0.1 avxiz-anjpn.biz
    127.0.0.1 www.avxizueorn.biz
    127.0.0.1 avxizueorn.biz
    127.0.0.1 www.avxiz-ueorn.biz
    127.0.0.1 avxiz-ueorn.biz
    127.0.0.1 www.avxiz-vtvcp.biz
    127.0.0.1 avxiz-vtvcp.biz
    127.0.0.1 www.avxiz-ygco.biz
    127.0.0.1 avxiz-ygco.biz
    127.0.0.1 www.avxiz-zqav.biz
    127.0.0.1 avxiz-zqav.biz
    127.0.0.1 www.awarenesstech.com
    127.0.0.1 awarenesstech.com
    127.0.0.1 www.awarninglist.com
    127.0.0.1 awarninglist.com
    127.0.0.1 awbeta.net-nucleus.com
    127.0.0.1 www.awesomehomepage.com
    127.0.0.1 awesomehomepage.com
    127.0.0.1 awmcash.biz
    127.0.0.1 awmdabest.com
    127.0.0.1 www.axemediasoftware.com
    127.0.0.1 axemediasoftware.com
    127.0.0.1 www.aximageobject.com
    127.0.0.1 aximageobject.com
    127.0.0.1 www.axmediaproject.com
    127.0.0.1 axmediaproject.com
    127.0.0.1 www.axmediasoftware.com
    127.0.0.1 axmediasoftware.com
    127.0.0.1 www.axmediasolutions.com
    127.0.0.1 axmediasolutions.com
    127.0.0.1 www.axobjectpage.com
    127.0.0.1 axobjectpage.com
    127.0.0.1 www.axobjectsource.com
    127.0.0.1 axobjectsource.com
    127.0.0.1 www.axsoftwaretool.com
    127.0.0.1 axsoftwaretool.com
    127.0.0.1 www.axvideoproject.com
    127.0.0.1 axvideoproject.com
    127.0.0.1 www.axvideosetup.com
    127.0.0.1 axvideosetup.com
    127.0.0.1 ayakawamura.com
    127.0.0.1 ayb.dns-look-up.com
    127.0.0.1 ayb.netbios-wait.com
    127.0.0.1 ayumitaniguchi.com
    127.0.0.1 azebar.com
    127.0.0.1 www.azureusclub.com
    127.0.0.1 azureusclub.com
    127.0.0.1 www.azureus-freebie.com
    127.0.0.1 azureus-freebie.com
    127.0.0.1 www.azzetta.it
    127.0.0.1 azzetta.it
    127.0.0.1 b.casalemedia.com
    127.0.0.1 b122.mcboo.com
    127.0.0.1 www.babe.k-lined.com
    127.0.0.1 babe.k-lined.com
    127.0.0.1 www.babe.the-killer.bz
    127.0.0.1 babe.the-killer.bz
    127.0.0.1 www.babenet.com
    127.0.0.1 babenet.com
    127.0.0.1 www.babespornmag.com
    127.0.0.1 babespornmag.com
    127.0.0.1 www.babeweb.de
    127.0.0.1 babeweb.de
    127.0.0.1 www.baccarat-other.info
    127.0.0.1 baccarat-other.info
    127.0.0.1 www.Backstripgirls.com
    127.0.0.1 Backstripgirls.com
    127.0.0.1 backup.mabou.org
    127.0.0.1 www.balotierra.com
    127.0.0.1 balotierra.com
    127.0.0.1 bannedhost.net
    127.0.0.1 barbudafarms.com
    127.0.0.1 www.bardownload.com
    127.0.0.1 bardownload.com
    127.0.0.1 barnandfence.com
    127.0.0.1 batsearch.com
    127.0.0.1 baygraphicsllc.com
    127.0.0.1 bbbsearch.com
    127.0.0.1 bb-search.com
    127.0.0.1 www.bcnproduction.com
    127.0.0.1 bcnproduction.com
    127.0.0.1 bdsmlibrary.net
    127.0.0.1 www.bdsmpornmag.com
    127.0.0.1 bdsmpornmag.com
    127.0.0.1 www.bearshare.click-new-download.com
    127.0.0.1 bearshare.click-new-download.com
    127.0.0.1 www.bearshare.download-me.info
    127.0.0.1 bearshare.download-me.info
    127.0.0.1 www.bearshare.mp3-muzic.com
    127.0.0.1 bearshare.mp3-muzic.com
    127.0.0.1 www.bearshare-download.org
    127.0.0.1 bearshare-download.org
    127.0.0.1 www.bearshare-downloads.net
    127.0.0.1 bearshare-downloads.net
    127.0.0.1 www.bearsharelive.co.uk
    127.0.0.1 bearsharelive.co.uk
    127.0.0.1 www.bearshare-music-downloads.com
    127.0.0.1 bearshare-music-downloads.com
    127.0.0.1 www.bearsharepro2007.com
    127.0.0.1 bearsharepro2007.com
    127.0.0.1 www.bearshare-usa.com
    127.0.0.1 bearshare-usa.com
    127.0.0.1 bedhome.com
    127.0.0.1 bediadance.com
    127.0.0.1 www.beebappyy.biz
    127.0.0.1 beebappyy.biz
    127.0.0.1 www.begin2search.com
    127.0.0.1 begin2search.com
    127.0.0.1 bellabasketsfl.com
    127.0.0.1 bernaolatwin.com
    127.0.0.1 www.beruijindegunhadesun.com
    127.0.0.1 beruijindegunhadesun.com
    127.0.0.1 www.best3xclips.com
    127.0.0.1 best3xclips.com
    127.0.0.1 www.bestadults.com
    127.0.0.1 bestadults.com
    127.0.0.1 best-counter.com
    127.0.0.1 bestcrawler.com
    127.0.0.1 www.bestdailyvids.com
    127.0.0.1 bestdailyvids.com
    127.0.0.1 bestfor.ru
    127.0.0.1 www.bestfuckvids.com
    127.0.0.1 bestfuckvids.com
    127.0.0.1 best-hardpics.com
    127.0.0.1 www.bestmanage.org
    127.0.0.1 bestmanage.org
    127.0.0.1 www.bestmanage0.org
    127.0.0.1 bestmanage0.org
    127.0.0.1 www.bestmanage1.org
    127.0.0.1 bestmanage1.org
    127.0.0.1 www.bestmanage2.org
    127.0.0.1 bestmanage2.org
    127.0.0.1 www.bestmanage3.org
    127.0.0.1 bestmanage3.org
    127.0.0.1 www.bestmanage4.org
    127.0.0.1 bestmanage4.org
    127.0.0.1 www.bestmanage5.org
    127.0.0.1 bestmanage5.org
    127.0.0.1 www.bestmanage6.org
    127.0.0.1 bestmanage6.org
    127.0.0.1 www.bestmanage7.org
    127.0.0.1 bestmanage7.org
    127.0.0.1 www.bestmanage8.org
    127.0.0.1 bestmanage8.org
    127.0.0.1 www.bestmanage9.org
    127.0.0.1 bestmanage9.org
    127.0.0.1 www.bestoffersnetworks.com
    127.0.0.1 bestoffersnetworks.com
    127.0.0.1 bestporngate.com
    127.0.0.1 www.bestsafetyguide.net
    127.0.0.1 bestsafetyguide.net
    127.0.0.1 www.bestsearch.cc
    127.0.0.1 bestsearch.cc
    127.0.0.1 www.best-spyware.info
    127.0.0.1 best-spyware.info
    127.0.0.1 www.best-targeted-traffic.com
    127.0.0.1 best-targeted-traffic.com
    127.0.0.1 www.best-voyeur.info
    127.0.0.1 best-voyeur.info
    127.0.0.1 bestweblinks.com
    127.0.0.1 best-winning-casino.com
    127.0.0.1 www.bestworldgirls-for-u.net
    127.0.0.1 bestworldgirls-for-u.net
    127.0.0.1 www.bestxclips.com
    127.0.0.1 bestxclips.com
    127.0.0.1 bestxporno.com
    127.0.0.1 www.bestxxxmpegs.com
    127.0.0.1 bestxxxmpegs.com
    127.0.0.1 www.bettersearch.biz
    127.0.0.1 bettersearch.biz
    127.0.0.1 www.bgazzetta.it
    127.0.0.1 bgazzetta.it
    127.0.0.1 www.bgoogle.it
    127.0.0.1 bgoogle.it
    127.0.0.1 www.bigtrafficnetwork.com
    127.0.0.1 bigtrafficnetwork.com
    127.0.0.1 www.bigwww.com
    127.0.0.1 bigwww.com
    127.0.0.1 bin.errorprotector.com
    127.0.0.1 bins.media-motor.net
    127.0.0.1 bins2.media-motor.net
    127.0.0.1 bis.180solutions.com
    127.0.0.1 bitchesonline.net
    127.0.0.1 www.bitcomet-freebie.com
    127.0.0.1 bitcomet-freebie.com
    127.0.0.1 www.bittorrent.click-new-download.com
    127.0.0.1 bittorrent.click-new-download.com
    127.0.0.1 biz.biz
    127.0.0.1 www.bkvcompany.com
    127.0.0.1 bkvcompany.com
    127.0.0.1 www.blackblues00.com
    127.0.0.1 blackblues00.com
    127.0.0.1 www.blackcodec.com
    127.0.0.1 blackcodec.com
    127.0.0.1 www.blackcodec.net
    127.0.0.1 blackcodec.net
    127.0.0.1 www.blackhats.tc
    127.0.0.1 blackhats.tc
    127.0.0.1 www.blackhawksoftware.com
    127.0.0.1 blackhawksoftware.com
    127.0.0.1 blackjack-free.net
    127.0.0.1 blazefind.com
    127.0.0.1 blender.xu.pl
    127.0.0.1 www.blockcheckercontrol.com
    127.0.0.1 blockcheckercontrol.com
    127.0.0.1 blondetgp.com
    127.0.0.1 www.blue-elefant.com
    127.0.0.1 blue-elefant.com
    127.0.0.1 www.bm.theaimonline.com
    127.0.0.1 bm.theaimonline.com
    127.0.0.1 www.bnmgate.com
    127.0.0.1 bnmgate.com
    127.0.0.1 bodaciousbabette.com
    127.0.0.1 www.bonzi.com
    127.0.0.1 bonzi.com
    127.0.0.1 boobdoll.com
    127.0.0.1 boobsandtits.com
    127.0.0.1 boobsclub.com
    127.0.0.1 www.bookedspace.com
    127.0.0.1 bookedspace.com
    127.0.0.1 www.boom.com.vn
    127.0.0.1 boom.com.vn
    127.0.0.1 boredlife.com
    127.0.0.1 bowlofogumbo.com
    127.0.0.1 www.bpfq02.com
    127.0.0.1 bpfq02.com
    127.0.0.1 www.bqgate.com
    127.0.0.1 bqgate.com
    127.0.0.1 br.errorsafe.com
    127.0.0.1 br.winantivirus.com
    127.0.0.1 br.winfixer.com
    127.0.0.1 bradcoem.org
    127.0.0.1 www.braincodec.com
    127.0.0.1 braincodec.com
    127.0.0.1 brandiyoung.com
    127.0.0.1 www.bravesentry.com
    127.0.0.1 bravesentry.com
    127.0.0.1 www.breenten.biz
    127.0.0.1 breenten.biz
    127.0.0.1 www.brodbfm.net
    127.0.0.1 brodbfm.net
    127.0.0.1 brookeburn.com
    127.0.0.1 www.browserwise.com
    127.0.0.1 browserwise.com
    127.0.0.1 bsa.safetydownload.com
    127.0.0.1 www.bsplaycodec.com
    127.0.0.1 bsplaycodec.com
    127.0.0.1 bucps.com
    127.0.0.1 buhartes.info
    127.0.0.1 buldog-stats.com
    127.0.0.1 www.bullseye-network.com
    127.0.0.1 bullseye-network.com
    127.0.0.1 burgerkingbigscreen.com
    127.0.0.1 www.burningsite.com
    127.0.0.1 burningsite.com
    127.0.0.1 www.burnsrecyclinginc.com
    127.0.0.1 burnsrecyclinginc.com
    127.0.0.1 buscards.net
    127.0.0.1 bustyrussell.com
    127.0.0.1 www.busysearch.net
    127.0.0.1 busysearch.net
    127.0.0.1 buttejazz.org
    127.0.0.1 www.buy-find.info
    127.0.0.1 buy-find.info
    127.0.0.1 buyselldomain.net
    127.0.0.1 www.buytraff.biz
    127.0.0.1 buytraff.biz
    127.0.0.1 buz.ru
    127.0.0.1 www.bvdtechinque.com
    127.0.0.1 bvdtechinque.com
    127.0.0.1 www.bvirgilio.it
    127.0.0.1 bvirgilio.it
    127.0.0.1 c.centralmedia.ws
    127.0.0.1 www.c.enhance.com
    127.0.0.1 c.enhance.com
    127.0.0.1 c.goclick.com
    127.0.0.1 www.c4tdownload.com
    127.0.0.1 c4tdownload.com
    127.0.0.1 www.c5.www4free.info
    127.0.0.1 c5.www4free.info
    127.0.0.1 www.cache.surfaccuracy.com
    127.0.0.1 cache.surfaccuracy.com
    127.0.0.1 cache.ysbweb.com
    127.0.0.1 www.cadesfinjeriokas.com
    127.0.0.1 cadesfinjeriokas.com
    127.0.0.1 calcioturris.com
    127.0.0.1 www.calendaralerts.net
    127.0.0.1 calendaralerts.net
    127.0.0.1 www.callinghome.biz
    127.0.0.1 callinghome.biz
    127.0.0.1 www.cameouk.co.uk
    127.0.0.1 cameouk.co.uk
    127.0.0.1 cameup.com
    127.0.0.1 www.camouflageclothingonline.net
    127.0.0.1 camouflageclothingonline.net
    127.0.0.1 campaigns.outerinfo.net
    127.0.0.1 camup.net
    127.0.0.1 canberracricketcoaching.com
    127.0.0.1 candycantaloupes.com
    127.0.0.1 www.canidetect.org
    127.0.0.1 canidetect.org
    127.0.0.1 www.cantfind.com
    127.0.0.1 cantfind.com
    127.0.0.1 careers.dulcineasystems.net
    127.0.0.1 carsands.com
    127.0.0.1 carsrentals.net
    127.0.0.1 cartoes.uol.com.br
    127.0.0.1 www.casalemedia.com
    127.0.0.1 casalemedia.com
    127.0.0.1 www.cashdeluxe.net
    127.0.0.1 cashdeluxe.net
    127.0.0.1 www.cashengines.com
    127.0.0.1 cashengines.com
    127.0.0.1 cashsearch.biz
    127.0.0.1 www.cashsurfers.com
    127.0.0.1 cashsurfers.com
    127.0.0.1 www.CashUnlim.com
    127.0.0.1 CashUnlim.com
    127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
    127.0.0.1 casino2win.net
    127.0.0.1 casino-gambling-1.net
    127.0.0.1 casino-gambling-2.net
    127.0.0.1 casinomidas.net
    127.0.0.1 casinonline.net
    127.0.0.1 casino-onlines.net
    127.0.0.1 www.castingsamateur.com
    127.0.0.1 castingsamateur.com
    127.0.0.1 catallogue.com
    127.0.0.1 www.catch-dc.info
    127.0.0.1 catch-dc.info
    127.0.0.1 categories.mygeek.com
    127.0.0.1 catsss.da.ru
    127.0.0.1 caxa.ru
    127.0.0.1 cc.panet.org
    127.0.0.1 www.ccecaedbebfcaf.com
    127.0.0.1 ccecaedbebfcaf.com
    127.0.0.1 cclebali.org
    127.0.0.1 www.ccorriere.it
    127.0.0.1 ccorriere.it
    127.0.0.1 www.cdcopysite.com
    127.0.0.1 cdcopysite.com
    127.0.0.1 www.cdegate.com
    127.0.0.1 cdegate.com
    127.0.0.1 cdn.drivecleaner.com
    127.0.0.1 cdn.errorsafe.com
    127.0.0.1 cdn.movies-etc.com
    127.0.0.1 cdn.winsoftware.com
    127.0.0.1 cdn2.movies-etc.com
    127.0.0.1 www.cdorriere.it
    127.0.0.1 cdorriere.it
    127.0.0.1 ceewawires.org
    127.0.0.1 centralmedia.ws
    127.0.0.1 certumgroup.com
    127.0.0.1 www.cforriere.it
    127.0.0.1 cforriere.it
    127.0.0.1 www.check.jupitersatellites.biz
    127.0.0.1 check.jupitersatellites.biz
    127.0.0.1 www.checkin100.com
    127.0.0.1 checkin100.com
    127.0.0.1 www.checkssecurity.com
    127.0.0.1 checkssecurity.com
    127.0.0.1 chelancatering.com
    127.0.0.1 www.chenshijituan.com
    127.0.0.1 chenshijituan.com
    127.0.0.1 childrenvilla.com
    127.0.0.1 www.chilly3xvids.com
    127.0.0.1 chilly3xvids.com
    127.0.0.1 www.chillymovs.com
    127.0.0.1 chillymovs.com
    127.0.0.1 chips-4-free.com
    127.0.0.1 chrisswasey.com
    127.0.0.1 chriswallace.net
    127.0.0.1 www.cia-trjn.myvnc.com
    127.0.0.1 cia-trjn.myvnc.com
    127.0.0.1 www.cinemadownload.com
    127.0.0.1 cinemadownload.com
    127.0.0.1 www.ciorriere.it
    127.0.0.1 ciorriere.it
    127.0.0.1 www.cirriere.it
    127.0.0.1 cirriere.it
    127.0.0.1 ckick4thumbs.com
    127.0.0.1 cl55.biz
    127.0.0.1 clackamasliteraryreview.com
    127.0.0.1 www.clckm.com
    127.0.0.1 clckm.com
    127.0.0.1 www.cleancodec.com
    127.0.0.1 cleancodec.com
    127.0.0.1 www.cleansoftwares.com
    127.0.0.1 cleansoftwares.com
    127.0.0.1 clearsearch.cc
    127.0.0.1 clearsearch.net
    127.0.0.1 clickaire.com
    127.0.0.1 www.click-codec.com
    127.0.0.1 click-codec.com
    127.0.0.1 www.clickhere4search.com
    127.0.0.1 clickhere4search.com
    127.0.0.1 www.click-new-download.com
    127.0.0.1 click-new-download.com
    127.0.0.1 click-now.net
    127.0.0.1 www.clickspring.net
    127.0.0.1 clickspring.net
    127.0.0.1 www.click-to-download.com
    127.0.0.1 click-to-download.com
    127.0.0.1 www.clicktomakeasearch.com
    127.0.0.1 clicktomakeasearch.com
    127.0.0.1 clickyestoenter.net
    127.0.0.1 client.exeupdate.com
    127.0.0.1 client.myadultexplorer.com
    127.0.0.1 www.cliks.org
    127.0.0.1 cliks.org
    127.0.0.1 www.clipsfestival.com
    127.0.0.1 clipsfestival.com
    127.0.0.1 www.clipsreality.com
    127.0.0.1 clipsreality.com
    127.0.0.1 www.clorriere.it
    127.0.0.1 clorriere.it
    127.0.0.1 clrsch.com
    127.0.0.1 www.clubxxxvideo.com
    127.0.0.1 clubxxxvideo.com
    127.0.0.1 clusif.free.fr
    127.0.0.1 cmtapestry.com
    127.0.0.1 www.cnetadd.com
    127.0.0.1 cnetadd.com
    127.0.0.1 www.cnomy.com
    127.0.0.1 cnomy.com
    127.0.0.1 www.cnzz.com
    127.0.0.1 cnzz.com
    127.0.0.1 code.ignphrases.com
    127.0.0.1 codec.ninoa.com
    127.0.0.1 www.codecbsplay.com
    127.0.0.1 codecbsplay.com
    127.0.0.1 www.codecdvd.net
    127.0.0.1 codecdvd.net
    127.0.0.1 www.codecdvi.com
    127.0.0.1 codecdvi.com
    127.0.0.1 www.codec-fun.com
    127.0.0.1 codec-fun.com
    127.0.0.1 www.codechard.com
    127.0.0.1 codechard.com
    127.0.0.1 www.codechot.net
    127.0.0.1 codechot.net
    127.0.0.1 www.codechq.net
    127.0.0.1 codechq.net
    127.0.0.1 www.codecmeg.net
    127.0.0.1 codecmeg.net
    127.0.0.1 www.codecmega.net
    127.0.0.1 codecmega.net
    127.0.0.1 www.codecmoon.com
    127.0.0.1 codecmoon.com
    127.0.0.1 www.codecmpg.com
    127.0.0.1 codecmpg.com
    127.0.0.1 www.codecnice.net
    127.0.0.1 codecnice.net
    127.0.0.1 www.codecops.net
    127.0.0.1 codecops.net
    127.0.0.1 www.codecplay.com
    127.0.0.1 codecplay.com
    127.0.0.1 www.codecpretty.net
    127.0.0.1 codecpretty.net
    127.0.0.1 www.codecpro.net
    127.0.0.1 codecpro.net
    127.0.0.1 www.codecsoft.net
    127.0.0.1 codecsoft.net
    127.0.0.1 www.codectime.com
    127.0.0.1 codectime.com
    127.0.0.1 www.codecultra.net
    127.0.0.1 codecultra.net
    127.0.0.1 www.codecvids.com
    127.0.0.1 codecvids.com
    127.0.0.1 www.codecvip.com
    127.0.0.1 codecvip.com
    127.0.0.1 www.codecviva.com
    127.0.0.1 codecviva.com
    127.0.0.1 www.codeczang.net
    127.0.0.1 codeczang.net
    127.0.0.1 www.codrriere.it
    127.0.0.1 codrriere.it
    127.0.0.1 www.coeriere.it
    127.0.0.1 coeriere.it
    127.0.0.1 www.coerriere.it
    127.0.0.1 coerriere.it
    127.0.0.1 www.cofrriere.it
    127.0.0.1 cofrriere.it
    127.0.0.1 www.cogrriere.it
    127.0.0.1 cogrriere.it
    127.0.0.1 www.coirriere.it
    127.0.0.1 coirriere.it
    127.0.0.1 command.adservs.com
    127.0.0.1 www.commonname.com
    127.0.0.1 www.computerpcgames.net
    127.0.0.1 computerpcgames.net
    127.0.0.1 www.computerrecover.com
    127.0.0.1 computerrecover.com
    127.0.0.1 config.180solutions.com
    127.0.0.1 www.content.dollarrevenue.com
    127.0.0.1 content.dollarrevenue.com
    127.0.0.1 www.content.ireit.com
    127.0.0.1 content.ireit.com
    127.0.0.1 content.onerateld.com
    127.0.0.1 www.contentmatch.net
    127.0.0.1 contentmatch.net
    127.0.0.1 www.contextplus.net
    127.0.0.1 contextplus.net
    127.0.0.1 www.contra-virus.com
    127.0.0.1 contra-virus.com
    127.0.0.1 www.controlmeh.com
    127.0.0.1 controlmeh.com
    127.0.0.1 www.convenient-search.com
    127.0.0.1 convenient-search.com
    127.0.0.1 www.cooldeskalert.com
    127.0.0.1 cooldeskalert.com
    127.0.0.1 coolfetishsite.com
    127.0.0.1 coolfreehost.com
    127.0.0.1 coolfreepage.com
    127.0.0.1 coolfreepages.com
    127.0.0.1 cool-homepage.co
    127.0.0.1 cool-homepage.com
    127.0.0.1 coolmoneysearch.com
    127.0.0.1 coolpornsearch.com
    127.0.0.1 cool-search.net
    127.0.0.1 cool-search.netfartpost.com
    127.0.0.1 coolsearcher.info
    127.0.0.1 www.coolservecorp.net
    127.0.0.1 coolservecorp.net
    127.0.0.1 www.coolwebsearch.com
    127.0.0.1 coolwebsearch.com
    127.0.0.1 cool-web-search.com
    127.0.0.1 coolwebsearsh.com
    127.0.0.1 www.coolwwwsearch.com
    127.0.0.1 coolwwwsearch.com
    127.0.0.1 cool-xxx.net
    127.0.0.1 www.coorriere.it
    127.0.0.1 coorriere.it
    127.0.0.1 copmtraine.com
    127.0.0.1 www.coprriere.it
    127.0.0.1 coprriere.it
    127.0.0.1 www.core.psyche-evolution.com
    127.0.0.1 core.psyche-evolution.com
    127.0.0.1 www.coreiere.it
    127.0.0.1 coreiere.it
    127.0.0.1 www.coreriere.it
    127.0.0.1 coreriere.it
    127.0.0.1 www.corrdiere.it
    127.0.0.1 corrdiere.it
    127.0.0.1 www.correiere.it
    127.0.0.1 correiere.it
    127.0.0.1 www.corrfiere.it
    127.0.0.1 corrfiere.it
    127.0.0.1 www.corrgiere.it
    127.0.0.1 corrgiere.it
    127.0.0.1 www.corridere.it
    127.0.0.1 corridere.it
    127.0.0.1 www.corriedre.it
    127.0.0.1 corriedre.it
    127.0.0.1 www.corriee.it
    127.0.0.1 corriee.it
    127.0.0.1 www.corrieere.it
    127.0.0.1 corrieere.it
    127.0.0.1 www.corriefre.it
    127.0.0.1 corriefre.it
    127.0.0.1 www.corriegre.it
    127.0.0.1 corriegre.it
    127.0.0.1 www.corrierde.it
    127.0.0.1 corrierde.it
    127.0.0.1 www.corriered.it
    127.0.0.1 corriered.it
    127.0.0.1 www.corrieree.it
    127.0.0.1 corrieree.it
    127.0.0.1 www.corrieref.it
    127.0.0.1 corrieref.it
    127.0.0.1 www.corrierer.it
    127.0.0.1 corrierer.it
    127.0.0.1 www.corrieres.it
    127.0.0.1 corrieres.it
    127.0.0.1 www.corrierew.it
    127.0.0.1 corrierew.it
    127.0.0.1 www.corrierfe.it
    127.0.0.1 corrierfe.it
    127.0.0.1 www.corrierge.it
    127.0.0.1 corrierge.it
    127.0.0.1 www.corrierr.it
    127.0.0.1 corrierr.it
    127.0.0.1 www.corrierre.it
    127.0.0.1 corrierre.it
    127.0.0.1 www.corrierse.it
    127.0.0.1 corrierse.it
    127.0.0.1 www.corrierte.it
    127.0.0.1 corrierte.it
    127.0.0.1 www.corrierw.it
    127.0.0.1 corrierw.it
    127.0.0.1 www.corrierwe.it
    127.0.0.1 corrierwe.it
    127.0.0.1 www.corriesre.it
    127.0.0.1 corriesre.it
    127.0.0.1 www.corriete.it
    127.0.0.1 corriete.it
    127.0.0.1 www.corrietre.it
    127.0.0.1 corrietre.it
    127.0.0.1 www.corriewre.it
    127.0.0.1 corriewre.it
    127.0.0.1 www.corrifere.it
    127.0.0.1 corrifere.it
    127.0.0.1 www.corriiere.it
    127.0.0.1 corriiere.it
    127.0.0.1 www.corrilere.it
    127.0.0.1 corrilere.it
    127.0.0.1 www.corrioere.it
    127.0.0.1 corrioere.it
    127.0.0.1 www.corrire.it
    127.0.0.1 corrire.it
    127.0.0.1 www.corrirere.it
    127.0.0.1 corrirere.it
    127.0.0.1 www.corrirre.it
    127.0.0.1 corrirre.it
    127.0.0.1 www.corrisere.it
    127.0.0.1 corrisere.it
    127.0.0.1 www.corriuere.it
    127.0.0.1 corriuere.it
    127.0.0.1 www.corriwere.it
    127.0.0.1 corriwere.it
    127.0.0.1 www.corriwre.it
    127.0.0.1 corriwre.it
    127.0.0.1 www.corrliere.it
    127.0.0.1 corrliere.it
    127.0.0.1 www.corroere.it
    127.0.0.1 corroere.it
    127.0.0.1 www.corroiere.it
    127.0.0.1 corroiere.it
    127.0.0.1 www.corrriere.it
    127.0.0.1 corrriere.it
    127.0.0.1 www.corrtiere.it
    127.0.0.1 corrtiere.it
    127.0.0.1 www.corruere.it
    127.0.0.1 corruere.it
    127.0.0.1 www.corruiere.it
    127.0.0.1 corruiere.it
    127.0.0.1 www.cortiere.it
    127.0.0.1 cortiere.it
    127.0.0.1 www.cortriere.it
    127.0.0.1 cortriere.it
    127.0.0.1 www.costrike.com
    127.0.0.1 costrike.com
    127.0.0.1 www.cotriere.it
    127.0.0.1 cotriere.it
    127.0.0.1 www.cotrriere.it
    127.0.0.1 cotrriere.it
    127.0.0.1 couldnotfind.com
    127.0.0.1 count.cc
    127.0.0.1 count.hitscount.net
    127.0.0.1 count-all.com
    127.0.0.1 www.countdutycall.info
    127.0.0.1 countdutycall.info
    127.0.0.1 counter.sexmaniack.com
    127.0.0.1 www.courtrecordslookup.com
    127.0.0.1 courtrecordslookup.com
    127.0.0.1 www.cporriere.it
    127.0.0.1 cporriere.it
    127.0.0.1 www.cprriere.it
    127.0.0.1 cprriere.it
    127.0.0.1 cpvfeed.com
    127.0.0.1 cracks.me.uk
    127.0.0.1 www.cracks4all.com
    127.0.0.1 cracks4all.com
    127.0.0.1 www.crapsgold.info
    127.0.0.1 crapsgold.info
    127.0.0.1 Crazygirls-world.com
    127.0.0.1 www.crazywinnings.com
    127.0.0.1 crazywinnings.com
    127.0.0.1 creamedcutties.com
    127.0.0.1 www.createaccesskey.com
    127.0.0.1 createaccesskey.com
    127.0.0.1 www.creatonsoft.com
    127.0.0.1 creatonsoft.com
    127.0.0.1 creditsearchonline.com
    127.0.0.1 crestring.com
    127.0.0.1 crooder.com
    127.0.0.1 www.crriere.it
    127.0.0.1 crriere.it
    127.0.0.1 www.cryptdrive.com
    127.0.0.1 cryptdrive.com
    127.0.0.1 www.crystalysmedia.com
    127.0.0.1 crystalysmedia.com
    127.0.0.1 www.csx.adservs.com
    127.0.0.1 csx.adservs.com
    127.0.0.1 cts.180solutions.com
    127.0.0.1 www.cuisinartoven.com
    127.0.0.1 cuisinartoven.com
    127.0.0.1 www.curedc.info
    127.0.0.1 curedc.info
    127.0.0.1 www.curepcsolutions.com
    127.0.0.1 curepcsolutions.com
    127.0.0.1 curvedspaces.com
    127.0.0.1 www.cutadult.com
    127.0.0.1 cutadult.com
    127.0.0.1 www.cvirgilio.it
    127.0.0.1 cvirgilio.it
    127.0.0.1 www.cvorriere.it
    127.0.0.1 cvorriere.it
    127.0.0.1 cvs.jps.ru
    127.0.0.1 cvsymphony.com
    127.0.0.1 www.cxorriere.it
    127.0.0.1 cxorriere.it
    127.0.0.1 www.cyberrape.com
    127.0.0.1 cyberrape.com
    127.0.0.1 cydom.com
    127.0.0.1 www.cydoor.com
    127.0.0.1 cydoor.com
    127.0.0.1 www.daily3xlinks.com
    127.0.0.1 daily3xlinks.com
    127.0.0.1 www.dailybestclips.com
    127.0.0.1 dailybestclips.com
    127.0.0.1 daily-gals.com
    127.0.0.1 www.dailyhugemovs.com
    127.0.0.1 dailyhugemovs.com
    127.0.0.1 www.dailykeys.com
    127.0.0.1 dailykeys.com
    127.0.0.1 www.dailypornmag.com
    127.0.0.1 dailypornmag.com
    127.0.0.1 dailyteenspic.com
    127.0.0.1 www.dailytoolbar.com
    127.0.0.1 dailytoolbar.com
    127.0.0.1 www.dailyxvids.com
    127.0.0.1 dailyxvids.com
    127.0.0.1 dancingbabycd.com
    127.0.0.1 www.dapsol.com
    127.0.0.1 dapsol.com
    127.0.0.1 www.dapsolution.com
    127.0.0.1 dapsolution.com
    127.0.0.1 www.data-hoster.com
    127.0.0.1 data-hoster.com
    127.0.0.1 datanotary.com
    127.0.0.1 datareco.com
    127.0.0.1 www.dateanybabe.com
    127.0.0.1 dateanybabe.com
    127.0.0.1 www.dateanychick.com
    127.0.0.1 dateanychick.com
    127.0.0.1 www.datingdoctorsite.com
    127.0.0.1 datingdoctorsite.com
    127.0.0.1 www.dating-galaxy.info
    127.0.0.1 dating-galaxy.info
    127.0.0.1 dating-search.net
    127.0.0.1 davemarshall.org
    127.0.0.1 db105.com
    127.0.0.1 www.dbdecicated.com
    127.0.0.1 dbdecicated.com
    127.0.0.1 www.dbxcompany.com
    127.0.0.1 dbxcompany.com
    127.0.0.1 dcdl.dmcast.com
    127.0.0.1 dcfitusa.com
    127.0.0.1 www.dcorriere.it
    127.0.0.1 dcorriere.it
    127.0.0.1 www.dcurtis.com
    127.0.0.1 dcurtis.com
    127.0.0.1 dcww.dmcast.com
    127.0.0.1 de.ag
    127.0.0.1 de.drivecleaner.com
    127.0.0.1 de.errorsafe.com
    127.0.0.1 de.winantivirus.com
    127.0.0.1 de98.remsys.org
    127.0.0.1 www.debay.it
    127.0.0.1 debay.it
    127.0.0.1 www.decknews.com
    127.0.0.1 decknews.com
    127.0.0.1 dedmazay.3322.org
    127.0.0.1 www.dedsearch.com
    127.0.0.1 dedsearch.com
    127.0.0.1 defaultsearch.net
    127.0.0.1 www.Defensaantimalware.com
    127.0.0.1 Defensaantimalware.com
    127.0.0.1 www.deja-rue.com
    127.0.0.1 deja-rue.com
    127.0.0.1 www.delficodec.com
    127.0.0.1 delficodec.com
    127.0.0.1 www.democodec.com
    127.0.0.1 democodec.com
    127.0.0.1 www.derklaif.biz
    127.0.0.1 derklaif.biz
    127.0.0.1 www.derrari.it
    127.0.0.1 derrari.it
    127.0.0.1 desarrollocreativo.com
    127.0.0.1 www.deskbar.worldtostart.com
    127.0.0.1 deskbar.worldtostart.com
    127.0.0.1 www.deskwizz.com
    127.0.0.1 deskwizz.com
    127.0.0.1 www.destruktor.to.pl
    127.0.0.1 destruktor.to.pl
    127.0.0.1 www.detectivehound.com
    127.0.0.1 detectivehound.com
    127.0.0.1 www.detectivesearches.com
    127.0.0.1 detectivesearches.com
    127.0.0.1 dev.ntcor.com
    127.0.0.1 develip.com
    127.0.0.1 dewis.spb.ru
    127.0.0.1 dewis.us
    127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
    127.0.0.1 www.dgbusiness.com
    127.0.0.1 dgbusiness.com
    127.0.0.1 dialer2004.com
    127.0.0.1 www.dialerclub.com
    127.0.0.1 dialerclub.com
    127.0.0.1 www.dialer-shop.com
    127.0.0.1 dialer-shop.com
    127.0.0.1 www.dialoff.com
    127.0.0.1 dialoff.com
    127.0.0.1 www.did.i-used.cc
    127.0.0.1 did.i-used.cc
    127.0.0.1 dietpills4free.com
    127.0.0.1 dietpussy.com
    127.0.0.1 www.digikeygen.com
    127.0.0.1 digikeygen.com
    127.0.0.1 digistreamsa.com
    127.0.0.1 www.digitalcoders.net
    127.0.0.1 digitalcoders.net
    127.0.0.1 www.digitalfan.com
    127.0.0.1 digital-pornography.com
    127.0.0.1 dionforvalleycouncil.org
    127.0.0.1 www.directdvdpro.com
    127.0.0.1 directdvdpro.com
    127.0.0.1 www.directporta.info
    127.0.0.1 directporta.info
    127.0.0.1 www.directsearchzone.com
    127.0.0.1 directsearchzone.com
    127.0.0.1 www.diskretter.com
    127.0.0.1 diskretter.com
    127.0.0.1 dist.checkin100.com
    127.0.0.1 dl.ad-ware.cc
    127.0.0.1 dl.malwarewipe.com
    127.0.0.1 dl.mcboo.com
    127.0.0.1 www.dl.targetsaver.com
    127.0.0.1 dl.targetsaver.com
    127.0.0.1 dl.web-nexus.net
    127.0.0.1 dl1.antivermins.com
    127.0.0.1 dl1.antivirgear.com
    127.0.0.1 dl1.spydawn.com
    127.0.0.1 dl1.virusprotectpro.com
    127.0.0.1 dl10.spyfalcon.com
    127.0.0.1 dl16.spyfalcon.com
    127.0.0.1 dl2.spyfalcon.com
    127.0.0.1 dl2.spyheal.com
    127.0.0.1 dl2.spywarestrike.com
    127.0.0.1 dl3.spyfalcon.com
    127.0.0.1 dl3.spyheal.com
    127.0.0.1 dl3.spywarestrike.com
    127.0.0.1 dl4.spyfalcon.com
    127.0.0.1 dl4.spywarestrike.com
    127.0.0.1 dl5.spyfalcon.com
    127.0.0.1 dl5.spywarestrike.com
    127.0.0.1 dl6.spywarestrike.com
    127.0.0.1 dl7.spywarestrike.com
    127.0.0.1 dl8.spyheal.com
    127.0.0.1 dl8.spywarestrike.com
    127.0.0.1 dl9.spyfalcon.com
    127.0.0.1 dload.contextplus.net
    127.0.0.1 www.dltsolution.com
    127.0.0.1 dltsolution.com
    127.0.0.1 www.dmcast.com
    127.0.0.1 dmcast.com
    127.0.0.1 www.dmqfirm.com
    127.0.0.1 dmqfirm.com
    127.0.0.1 www.dnaads.com
    127.0.0.1 dnaads.com
    127.0.0.1 dnl.mabou.org
    127.0.0.1 www.dns-look-up.com
    127.0.0.1 dns-look-up.com
    127.0.0.1 doctorwaldron.com
    127.0.0.1 document-not-found.pornpic.org
    127.0.0.1 doggyaction.com
    127.0.0.1 www.dogproblemswebsite.com
    127.0.0.1 dogproblemswebsite.com
    127.0.0.1 doktorxxx.com
    127.0.0.1 dollarrevenue.com
    127.0.0.1 www.domaincar.com
    127.0.0.1 domaincar.com
    127.0.0.1 domains2003.net
    127.0.0.1 domains-for-you-online.com
    127.0.0.1 domain-your-registration.com
    127.0.0.1 domkrat.com
    127.0.0.1 www.doofo.com
    127.0.0.1 doofo.com
    127.0.0.1 www.dotcomtoolbar.com
    127.0.0.1 dotcomtoolbar.com
    127.0.0.1 down.136136.net
    127.0.0.1 download.abetterinternet.com
    127.0.0.1 download.adintelligence.net
    127.0.0.1 www.download.antispywarebot.com
    127.0.0.1 download.antispywarebot.com
    127.0.0.1 www.download.bardownload.com
    127.0.0.1 download.bardownload.com
    127.0.0.1 www.download.bravesentry.com
    127.0.0.1 download.bravesentry.com
    127.0.0.1 download.cdn.drivecleaner.com
    127.0.0.1 download.cdn.errorsafe.com
    127.0.0.1 download.cdn.winsoftware.com
    127.0.0.1 download.contextplus.net
    127.0.0.1 download.errorsafe.com
    127.0.0.1 www.download.jupitersatellites.biz
    127.0.0.1 download.jupitersatellites.biz
    127.0.0.1 download.MalwareAlarm.com
    127.0.0.1 download.searchtabs.net
    127.0.0.1 www.download.secureyournet.biz
    127.0.0.1 download.secureyournet.biz
    127.0.0.1 download.spyonthis.net
    127.0.0.1 download.spy-shredder.com
    127.0.0.1 download.systemdoctor.com
    127.0.0.1 download.winantispyware.com
    127.0.0.1 download.winantivirus.com
    127.0.0.1 download.windrivecleaner.com
    127.0.0.1 download.winfixer.com
    127.0.0.1 download10.spywarequake.com
    127.0.0.1 download11.spywarequake.com
    127.0.0.1 download12.spywarequake.com
    127.0.0.1 download13.spywarequake.com
    127.0.0.1 download15.spywarequake.com
    127.0.0.1 download2.spywarequake.com
    127.0.0.1 www.download-2007.com
    127.0.0.1 download-2007.com
    127.0.0.1 download3.spyaxe.com
    127.0.0.1 download3.spywarequake.com
    127.0.0.1 www.download3xpics.com
    127.0.0.1 download3xpics.com
    127.0.0.1 download4.spyaxe.com
    127.0.0.1 download4.spywarequake.com
    127.0.0.1 download5.spyaxe.com
    127.0.0.1 download5.spywarequake.com
    127.0.0.1 download6.spyaxe.com
    127.0.0.1 download7.spywarequake.com
    127.0.0.1 download8.spywarequake.com
    127.0.0.1 download9.spywarequake.com
    127.0.0.1 www.downloadacceleratorsite.com
    127.0.0.1 downloadacceleratorsite.com
    127.0.0.1 www.download-ad-aware.com
    127.0.0.1 download-ad-aware.com
    127.0.0.1 www.download-all-4-free.com
    127.0.0.1 download-all-4-free.com
    127.0.0.1 www.download-all-area.com
    127.0.0.1 download-all-area.com
    127.0.0.1 www.download-antivir.com
    127.0.0.1 download-antivir.com
    127.0.0.1 www.downloadanysong.com
    127.0.0.1 downloadanysong.com
    127.0.0.1 www.downloadaresnow.com
    127.0.0.1 downloadaresnow.com
    127.0.0.1 www.download-avast.com
    127.0.0.1 download-avast.com
    127.0.0.1 www.downloadcorporation.com
    127.0.0.1 downloadcorporation.com
    127.0.0.1 www.download-dvdshrink.com
    127.0.0.1 download-dvdshrink.com
    127.0.0.1 www.download-for-free.net
    127.0.0.1 download-for-free.net
    127.0.0.1 www.downloadfreesoft.com
    127.0.0.1 downloadfreesoft.com
    127.0.0.1 www.downloadfreeway.com
    127.0.0.1 downloadfreeway.com
    127.0.0.1 www.downloadimesh.com
    127.0.0.1 downloadimesh.com
    127.0.0.1 www.download-itunes-now.com
    127.0.0.1 download-itunes-now.com
    127.0.0.1 www.download-limewire.org
    127.0.0.1 download-limewire.org
    127.0.0.1 www.downloadlost.tv
    127.0.0.1 downloadlost.tv
    127.0.0.1 www.downloadmax.net
    127.0.0.1 downloadmax.net
    127.0.0.1 www.download-mcafee.com
    127.0.0.1 download-mcafee.com
    127.0.0.1 download-me.info
    127.0.0.1 www.downloadmediaax.com
    127.0.0.1 downloadmediaax.com
    127.0.0.1 www.downloadpics.net
    127.0.0.1 downloadpics.net
    127.0.0.1 www.downloadprovider.net
    127.0.0.1 downloadprovider.net
    127.0.0.1 www.download-real-player.com
    127.0.0.1 download-real-player.com
    127.0.0.1 downloads.180solutions.com
    127.0.0.1 downloads.adaware.cc
    127.0.0.1 www.downloadservicearea.com
    127.0.0.1 downloadservicearea.com
    127.0.0.1 www.downloads-free.org
    127.0.0.1 downloads-free.org
    127.0.0.1 www.downloadsglobe.com
    127.0.0.1 downloadsglobe.com
    127.0.0.1 www.download-this.us
    127.0.0.1 download-this.us
    127.0.0.1 www.download-trillian.com
    127.0.0.1 download-trillian.com
    127.0.0.1 www.downloadv3.com
    127.0.0.1 downloadv3.com
    127.0.0.1 www.downloadvax.com
    127.0.0.1 downloadvax.com
    127.0.0.1 www.download-windvd.com
    127.0.0.1 download-windvd.com
    127.0.0.1 www.download-winrar.com
    127.0.0.1 download-winrar.com
    127.0.0.1 downloadwizard.com
    127.0.0.1 www.downloadxmoveis.com
    127.0.0.1 downloadxmoveis.com
    127.0.0.1 www.downloadxvids.com
    127.0.0.1 downloadxvids.com
    127.0.0.1 downloadzcenter.com
    127.0.0.1 downloadzcentral.com
    127.0.0.1 www.downloadzfree.com
    127.0.0.1 downloadzfree.com
    127.0.0.1 downloadznow.net
    127.0.0.1 www.download-zone-free.com
    127.0.0.1 download-zone-free.com
    127.0.0.1 www.download-zone-free.net
    127.0.0.1 download-zone-free.net
    127.0.0.1 dp-host.com
    127.0.0.1 dr.mcboo.com
    127.0.0.1 www.dr.webhancer.com
    127.0.0.1 dr.webhancer.com
    127.0.0.1 www.dr2.webhancer.com
    127.0.0.1 dr2.webhancer.com
    127.0.0.1 dr38.mcboo.com
    127.0.0.1 dr47.mcboo.com
    127.0.0.1 dragqueen.gay-clan.com
    127.0.0.1 www.drepubblica.it
    127.0.0.1 drepubblica.it
    127.0.0.1 www.drivecleaner.com
    127.0.0.1 drivecleaner.com
    127.0.0.1 www.drivecleanr.com
    127.0.0.1 drivecleanr.com
    127.0.0.1 drocherway.com
    127.0.0.1 www.dropspam.com
    127.0.0.1 dropspam.com
    127.0.0.1 drug-sources-exposed.com
    127.0.0.1 drvvv.com
    127.0.0.1 www.dsupereva.it
    127.0.0.1 dsupereva.it
    127.0.0.1 www.dtlproduct.com
    127.0.0.1 dtlproduct.com
    127.0.0.1 www.dudu.com
    127.0.0.1 dudu.com
    127.0.0.1 dulcineasystems.net
    127.0.0.1 dumpserv.com
    127.0.0.1 duolaimi.net
    127.0.0.1 dutch-sex.com
    127.0.0.1 www.dvdaccess.net
    127.0.0.1 dvdaccess.net
    127.0.0.1 dvdbank.org
    127.0.0.1 www.dvd-codec.com
    127.0.0.1 dvd-codec.com
    127.0.0.1 www.dvdcodec.net
    127.0.0.1 dvdcodec.net
    127.0.0.1 www.dvdsmovies.net
    127.0.0.1 dvdsmovies.net
    127.0.0.1 www.dvdsvideos.net
    127.0.0.1 dvdsvideos.net
    127.0.0.1 www.dvdtocdsite.com
    127.0.0.1 dvdtocdsite.com
    127.0.0.1 www.dvdxgold.com
    127.0.0.1 dvdxgold.com
    127.0.0.1 www.dvdxpremium.com
    127.0.0.1 dvdxpremium.com
    127.0.0.1 www.dvicodec.com
    127.0.0.1 dvicodec.com
    127.0.0.1 dynamique.drivecleaner.com
    127.0.0.1 www.e3bay.it
    127.0.0.1 e3bay.it
    127.0.0.1 www.e4bay.it
    127.0.0.1 e4bay.it
    127.0.0.1 eager-sex.com
    127.0.0.1 www.earthllnk.net
    127.0.0.1 earthllnk.net
    127.0.0.1 eases.net
    127.0.0.1 easyantispy.com
    127.0.0.1 www.easybestdeals.com
    127.0.0.1 easybestdeals.com
    127.0.0.1 easycategories.com
    127.0.0.1 www.easycdrip.com
    127.0.0.1 easycdrip.com
    127.0.0.1 www.easymovieplayer.com
    127.0.0.1 easymovieplayer.com
    127.0.0.1 www.easymp3musicnow.com
    127.0.0.1 easymp3musicnow.com
    127.0.0.1 www.easymus.cn
    127.0.0.1 easymus.cn
    127.0.0.1 www.easy-pharmacy.info
    127.0.0.1 easy-pharmacy.info
    127.0.0.1 www.easypspdownloads.com
    127.0.0.1 easypspdownloads.com
    127.0.0.1 easy-search.net
    127.0.0.1 www.easysearch4you.com
    127.0.0.1 easysearch4you.com
    127.0.0.1 easysearchingtips.com
    127.0.0.1 www.easyspyware.com
    127.0.0.1 easyspyware.com
    127.0.0.1 www.easywww.info
    127.0.0.1 easywww.info
    127.0.0.1 www.eba6y.it
    127.0.0.1 eba6y.it
    127.0.0.1 www.eba7y.it
    127.0.0.1 eba7y.it
    127.0.0.1 www.ebaay.it
    127.0.0.1 ebaay.it
    127.0.0.1 www.ebagy.it
    127.0.0.1 ebagy.it
    127.0.0.1 www.ebahy.it
    127.0.0.1 ebahy.it
    127.0.0.1 www.ebajy.it
    127.0.0.1 ebajy.it
    127.0.0.1 www.ebaqy.it
    127.0.0.1 ebaqy.it
    127.0.0.1 www.ebasy.it
    127.0.0.1 ebasy.it
    127.0.0.1 www.ebaty.it
    127.0.0.1 ebaty.it
    127.0.0.1 www.ebauy.it
    127.0.0.1 ebauy.it
    127.0.0.1 ebav.com
    127.0.0.1 ebaw.com
    127.0.0.1 www.ebawy.it
    127.0.0.1 ebawy.it
    127.0.0.1 www.ebaxy.it
    127.0.0.1 ebaxy.it
    127.0.0.1 www.ebay6.it
    127.0.0.1 ebay6.it
    127.0.0.1 www.ebay7.it
    127.0.0.1 ebay7.it
    127.0.0.1 www.ebayg.it
    127.0.0.1 ebayg.it
    127.0.0.1 www.ebayh.it
    127.0.0.1 ebayh.it
    127.0.0.1 www.ebayj.it
    127.0.0.1 ebayj.it
    127.0.0.1 www.ebayt.it
    127.0.0.1 ebayt.it
    127.0.0.1 www.ebayu.it
    127.0.0.1 ebayu.it
    127.0.0.1 www.ebazy.it
    127.0.0.1 ebazy.it
    127.0.0.1 ebch.com
    127.0.0.1 ebdv.com
    127.0.0.1 ebdw.com
    127.0.0.1 www.ebestfind.org
    127.0.0.1 ebestfind.org
    127.0.0.1 www.ebgay.it
    127.0.0.1 ebgay.it
    127.0.0.1 ebgo.com
    127.0.0.1 www.ebhay.it
    127.0.0.1 ebhay.it
    127.0.0.1 ebjp.com
    127.0.0.1 ebkb.com
    127.0.0.1 ebkn.com
    127.0.0.1 ebky.com
    127.0.0.1 eblv.com
    127.0.0.1 ebmu.com
    127.0.0.1 www.ebnay.it
    127.0.0.1 ebnay.it
    127.0.0.1 ebonypornmag.com
    127.0.0.1 www.ebonypornmag.com
    127.0.0.1 ebony-pornmag.com
    127.0.0.1 www.ebony-pornmag.com
    127.0.0.1 www.ebqay.it
    127.0.0.1 ebqay.it
    127.0.0.1 www.ebsay.it
    127.0.0.1 ebsay.it
    127.0.0.1 www.ebsy.it
    127.0.0.1 ebsy.it
    127.0.0.1 www.ebvay.it
    127.0.0.1 ebvay.it
    127.0.0.1 ebvr.com
    127.0.0.1 www.ebway.it
    127.0.0.1 ebway.it
    127.0.0.1 www.ebwmanufacture.com
    127.0.0.1 ebwmanufacture.com
    127.0.0.1 www.ebxay.it
    127.0.0.1 ebxay.it
    127.0.0.1 www.ebzay.it
    127.0.0.1 ebzay.it
    127.0.0.1 www.echterschutz.com
    127.0.0.1 echterschutz.com
    127.0.0.1 ecmh.com
    127.0.0.1 ecmp.com
    127.0.0.1 ecosrioplatenses.org
    127.0.0.1 ecpm.com
    127.0.0.1 ecstasyporn.net
    127.0.0.1 ecwz.com
    127.0.0.1 ecyb.com
    127.0.0.1 www.edbay.it
    127.0.0.1 edbay.it
    127.0.0.1 edhq.com
    127.0.0.1 www.edietprogram.com
    127.0.0.1 edietprogram.com
    127.0.0.1 edty.com
    127.0.0.1 eduy.com
    127.0.0.1 www.eebay.it
    127.0.0.1 eebay.it
    127.0.0.1 eeev.com
    127.0.0.1 www.eepubblica.it
    127.0.0.1 eepubblica.it
    127.0.0.1 www.efbay.it
    127.0.0.1 efbay.it
    127.0.0.1 www.efcsoftware.com
    127.0.0.1 efcsoftware.com
    127.0.0.1 www.egbay.it
    127.0.0.1 egbay.it
    127.0.0.1 www.ehbay.it
    127.0.0.1 ehbay.it
    127.0.0.1 eikokoike.com
    127.0.0.1 www.elitecodec.com
    127.0.0.1 elitecodec.com
    127.0.0.1 www.elitemediagroup.net
    127.0.0.1 elitemediagroup.net
    127.0.0.1 e-localad.com
    127.0.0.1 www.elseif.biz
    127.0.0.1 elseif.biz
    127.0.0.1 www.emailicon.org
    127.0.0.1 emailicon.org
    127.0.0.1 emch.com
    127.0.0.1 www.emcodec.com
    127.0.0.1 emcodec.com
    127.0.0.1 www.emediacodec.com
    127.0.0.1 emediacodec.com
    127.0.0.1 www.e-mp3now.com
    127.0.0.1 e-mp3now.com
    127.0.0.1 www.emule.click-new-download.com
    127.0.0.1 emule.click-new-download.com
    127.0.0.1 www.emule.mp3-muzic.com
    127.0.0.1 emule.mp3-muzic.com
    127.0.0.1 www.emuledownloadhome.com
    127.0.0.1 emuledownloadhome.com
    127.0.0.1 www.emule-freebie.com
    127.0.0.1 emule-freebie.com
    127.0.0.1 www.enay.it
    127.0.0.1 enay.it
    127.0.0.1 www.enbay.it
    127.0.0.1 enbay.it
    127.0.0.1 www.encodeinstrument.com
    127.0.0.1 encodeinstrument.com
    127.0.0.1 www.endcodec.com
    127.0.0.1 endcodec.com
    127.0.0.1 www.energy-factor.com
    127.0.0.1 energy-factor.com
    127.0.0.1 www.engineplay.com
    127.0.0.1 engineplay.com
    127.0.0.1 www.engine-ticket.com
    127.0.0.1 engine-ticket.com
    127.0.0.1 www.enhance.com
    127.0.0.1 enhance.com
    127.0.0.1 www.enhancevideos.com
    127.0.0.1 enhancevideos.com
    127.0.0.1 enitinvest.net
    127.0.0.1 enjoywebsurf.com
    127.0.0.1 www.entertainsite.net
    127.0.0.1 entertainsite.net
    127.0.0.1 www.enterthesearch.com
    127.0.0.1 enterthesearch.com
    127.0.0.1 www.entirexxx.com
    127.0.0.1 entirexxx.com
    127.0.0.1 envolo.peopleonpage.com
    127.0.0.1 e-plus.cc
    127.0.0.1 epornsex.com
    127.0.0.1 www.eprotectionline.com
    127.0.0.1 eprotectionline.com
    127.0.0.1 www.eprotectpage.com
    127.0.0.1 eprotectpage.com
    127.0.0.1 www.erbay.it
    127.0.0.1 erbay.it
    127.0.0.1 www.erepubblica.it
    127.0.0.1 erepubblica.it
    127.0.0.1 ergosites.com
    127.0.0.1 www.erossoalice.it
    127.0.0.1 erossoalice.it
    127.0.0.1 www.errari.it
    127.0.0.1 errari.it
    127.0.0.1 www.errclean.com
    127.0.0.1 errclean.com
    127.0.0.1 www.error404site.com
    127.0.0.1 error404site.com
    127.0.0.1 www.error404site.net
    127.0.0.1 error404site.net
    127.0.0.1 www.errordoctor.com
    127.0.0.1 errordoctor.com
    127.0.0.1 www.errorfri.com
    127.0.0.1 errorfri.com
    127.0.0.1 www.errorkiller.com
    127.0.0.1 errorkiller.com
    127.0.0.1 www.errorout.com
    127.0.0.1 errorout.com
    127.0.0.1 www.errorprotector.com
    127.0.0.1 errorprotector.com
    127.0.0.1 www.errorsafe.com
    127.0.0.1 errorsafe.com
    127.0.0.1 www.errorsdns.com
    127.0.0.1 errorsdns.com
    127.0.0.1 www.errorskydd.com
    127.0.0.1 errorskydd.com
    127.0.0.1 www.errorsmart.com
    127.0.0.1 errorsmart.com
    127.0.0.1 www.errorsoshi.com
    127.0.0.1 errorsoshi.com
    127.0.0.1 www.errorsweeper.com
    127.0.0.1 errorsweeper.com
    127.0.0.1 ert0003.e76.163ns.com
    127.0.0.1 ert47.a1.wrs.mcboo.com
    127.0.0.1 www.ertikadeswiokinganfujas.com
    127.0.0.1 ertikadeswiokinganfujas.com
    127.0.0.1 es.winantivirus.com
    127.0.0.1 es0-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es1-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es2-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es3-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es4-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es5-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es6-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es7-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es8-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 es9-www.5zgmu7o20kt5d8yq.com
    127.0.0.1 www.esafetylist.com
    127.0.0.1 esafetylist.com
    127.0.0.1 www.esafetypage.com
    127.0.0.1 esafetypage.com
    127.0.0.1 www.esbay.it
    127.0.0.1 esbay.it
    127.0.0.1 www.esearch2005.com
    127.0.0.1 esearch2005.com
    127.0.0.1 www.esecuritynote.com
    127.0.0.1 esecuritynote.com
    127.0.0.1 www.esecuritypage.com
    127.0.0.1 esecuritypage.com
    127.0.0.1 www.esupereva.it
    127.0.0.1 esupereva.it
    127.0.0.1 www.etdscanner.com
    127.0.0.1 etdscanner.com
    127.0.0.1 www.etomi.all-downloads-now.com
    127.0.0.1 etomi.all-downloads-now.com
    127.0.0.1 www.eupdatepage.com
    127.0.0.1 eupdatepage.com
    127.0.0.1 euuu.com
    127.0.0.1 www.evbay.it
    127.0.0.1 evbay.it
    127.0.0.1 evidence-detector.biz
    127.0.0.1 www.evidenceeraser.com
    127.0.0.1 evidenceeraser.com
    127.0.0.1 evilspidercomics.com
    127.0.0.1 www.evko.biz
    127.0.0.1 evko.biz
    127.0.0.1 www.ewbay.it
    127.0.0.1 ewbay.it
    127.0.0.1 ewebsearch.net
    127.0.0.1 e-websitesolutions.com
    127.0.0.1 ewizard.cc
    127.0.0.1 www.exaccess.ru
    127.0.0.1 exaccess.ru
    127.0.0.1 excellentsckin.com
    127.0.0.1 www.exclusivexxxclips.com
    127.0.0.1 exclusivexxxclips.com
    127.0.0.1 www.exeupdate.com
    127.0.0.1 exeupdate.com
    127.0.0.1 www.exflow.org
    127.0.0.1 exflow.org
    127.0.0.1 exit.megago.com
    127.0.0.1 www.expandvideo.com
    127.0.0.1 expandvideo.com
    127.0.0.1 www.explorertool.net
    127.0.0.1 explorertool.net
    127.0.0.1 www.exportplay.com
    127.0.0.1 exportplay.com
    127.0.0.1 www.extremepaidsurveys.com
    127.0.0.1 extremepaidsurveys.com
    127.0.0.1 extremeseek.net
    127.0.0.1 www.eza1netsearch.com
    127.0.0.1 eza1netsearch.com
    127.0.0.1 www.ezcybersearch.com
    127.0.0.1 ezcybersearch.com
    127.0.0.1 www.ezdvdx.com
    127.0.0.1 ezdvdx.com
    127.0.0.1 ez-searching.com
    127.0.0.1 www.ezwebsearching.com
    127.0.0.1 ezwebsearching.com
    127.0.0.1 www.ezycontract.com
    127.0.0.1 ezycontract.com
    127.0.0.1 f0.thezirius.com
    127.0.0.1 f1.bestmanage.org
    127.0.0.1 f1.thezirius.com
    127.0.0.1 f1.truth-is-out-there.org
    127.0.0.1 www.f1organizer.com
    127.0.0.1 f1organizer.com
    127.0.0.1 f2.bestmanage.org
    127.0.0.1 f2.thezirius.com
    127.0.0.1 f2.truth-is-out-there.org
    127.0.0.1 f3.bestmanage.org
    127.0.0.1 f3.thezirius.com
    127.0.0.1 f3.truth-is-out-there.org
    127.0.0.1 f4.bestmanage.org
    127.0.0.1 f4.thezirius.com
    127.0.0.1 f4.truth-is-out-there.org
    127.0.0.1 f5.bestmanage.org
    127.0.0.1 f5.thezirius.com
    127.0.0.1 f5.truth-is-out-there.org
    127.0.0.1 f6.bestmanage.org
    127.0.0.1 f6.thezirius.com
    127.0.0.1 f7.bestmanage.org
    127.0.0.1 f7.thezirius.com
    127.0.0.1 f7.truth-is-out-there.org
    127.0.0.1 f8.bestmanage.org
    127.0.0.1 f8.thezirius.com
    127.0.0.1 f8.truth-is-out-there.org
    127.0.0.1 f9.bestmanage.org
    127.0.0.1 f9.thezirius.com
    127.0.0.1 f9.truth-is-out-there.org
    127.0.0.1 www.fairsearcher.com
    127.0.0.1 fairsearcher.com
    127.0.0.1 faithstevens.com
    127.0.0.1 fantasiewelten.com
    127.0.0.1 www.fapparatus.com
    127.0.0.1 fapparatus.com
    127.0.0.1 farmacept32.phpnet.us
    127.0.0.1 farmsteadbandb.com
    127.0.0.1 farse.com
    127.0.0.1 fartpost.com
    127.0.0.1 fastfreedownload.com
    127.0.0.1 www.fastmediaservice.com
    127.0.0.1 fastmediaservice.com
    127.0.0.1 www.fastmetasearch.com
    127.0.0.1 fastmetasearc
    22 Mars 2008 19:11:49

    ce maudit spyware est toujours la
    22 Mars 2008 19:19:41

    Repasse COmbofix :) 
    22 Mars 2008 19:29:42

    ComboFix 08-03-22.1 - Administrateur 2008-03-22 19:27:45.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1434 [GMT 1:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-22 15:25 . 2008-03-22 15:25 <REP> d-------- C:\_OTMoveIt
    2008-03-22 05:00 . 2008-03-22 05:00 90,112 --a------ C:\WINDOWS\system32\qavjptga.exe
    2008-03-22 01:05 . 2008-03-22 01:05 <REP> d-------- C:\Trend Micro
    2008-03-21 23:35 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
    2008-03-21 23:35 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2008-03-21 23:35 . 2008-03-21 23:35 3,120 --a------ C:\WINDOWS\system32\118290.54
    2008-03-21 23:35 . 2008-03-21 23:35 3,120 --a------ C:\WINDOWS\118294.78
    2008-03-21 23:35 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2008-03-21 23:18 . 2008-03-22 00:45 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-03-21 23:02 . 2008-03-21 23:02 <REP> d-------- C:\Spybot - Search & Destroy
    2008-03-21 22:38 . 2008-03-21 22:21 36,156,585 --a------ C:\WINDOWS\LPT$VPN.181
    2008-03-21 22:35 . 2008-03-21 22:35 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-03-21 22:21 . 2008-03-21 22:21 <REP> d-------- C:\WINDOWS\report
    2008-03-21 22:21 . 2008-03-21 22:35 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-03-21 22:21 . 2008-03-21 22:21 36,156,585 --a------ C:\WINDOWS\VPTNFILE.181
    2008-03-21 22:21 . 2008-03-21 22:21 1,934,920 --a------ C:\WINDOWS\tsc.ptn
    2008-03-21 22:21 . 2008-03-21 22:35 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-03-21 22:21 . 2008-03-21 22:21 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-03-21 22:21 . 2008-03-21 22:35 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-03-21 22:21 . 2008-03-21 22:21 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-03-21 22:21 . 2008-03-21 22:47 823 --a------ C:\WINDOWS\tsc.ini
    2008-03-21 22:20 . 2008-03-21 22:20 <REP> d-------- C:\WINDOWS\AU_Log
    2008-03-21 22:20 . 2008-03-21 22:20 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-03-21 22:20 . 2008-03-21 22:20 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-03-21 22:20 . 2008-03-21 22:20 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-03-21 22:20 . 2008-03-21 22:35 170 --a------ C:\WINDOWS\GetServer.ini
    2008-03-21 21:27 . 2008-03-21 21:27 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
    2008-03-21 21:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-03-21 19:56 . 2008-03-21 19:56 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-03-21 19:48 . 2008-03-21 21:21 <REP> d-------- C:\Program Files\Google
    2008-03-21 19:29 . 2008-03-22 18:26 2,564 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-21 19:28 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-21 19:28 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-21 19:28 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-21 19:28 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-21 19:28 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-21 19:28 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-21 19:28 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-21 18:59 . 2008-03-22 02:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-21 18:47 . 2008-03-21 22:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-21 18:45 . 2008-03-21 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-21 18:36 . 2008-03-21 18:36 <REP> d-------- C:\CCleaner
    2008-03-21 17:44 . 2008-03-21 17:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-03-21 17:18 . 2008-03-21 17:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC-Cleaner
    2008-03-21 15:44 . 2008-03-21 15:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-21 15:44 . 2008-03-21 15:44 <REP> d-------- C:\Lavasoft
    2008-03-21 15:44 . 2008-03-21 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-21 15:36 . 2008-03-21 15:36 <REP> d-------- C:\Documents and Settings\Administrateur\Bureauvirii
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\BureauTrojan.Win32.BlackBird.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\BureauFWebdEditor.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\Bureaufwebd.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\Bureaufkwp2.0.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\Bureaufkwp1.5.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\Bureaufilemanagerclient.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\BureauEditorFKWP2.0.exe
    2008-03-21 15:36 . 2008-03-21 15:36 4,096 --a------ C:\Documents and Settings\Administrateur\BureauEditorFKWP1.5.exe
    2008-03-21 15:35 . 2008-03-21 10:50 212,992 --a------ C:\WINDOWS\drnpfdxlsk.dll
    2008-03-21 15:35 . 2008-03-21 10:50 208,896 --a------ C:\WINDOWS\altvxvm.dll
    2008-03-21 15:19 . 2008-03-21 15:19 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-03-21 15:00 . 2008-03-21 15:00 <REP> d-------- C:\Documents and Settings\Administrateur\.thumbnails
    2008-03-21 14:53 . 2008-03-21 15:08 <REP> d-------- C:\Documents and Settings\Administrateur\.gimp-2.4
    2008-03-21 14:52 . 2008-03-21 14:52 <REP> d-------- C:\GIMP-2.0
    2008-03-21 14:51 . 2008-03-21 14:51 <REP> d-------- C:\Program Files\Fichiers communs\GTK
    2008-03-21 13:11 . 2008-03-21 13:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-21 11:29 . 2008-03-21 11:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Pollux Gamelabs
    2008-03-21 11:12 . 2008-03-21 11:12 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-03-20 19:56 . 2001-03-19 14:25 722,192 --a------ C:\WINDOWS\system32\VB40032.DLL
    2008-03-20 19:56 . 2001-03-19 14:25 61,952 --a------ C:\WINDOWS\ST4UNST.EXE
    2008-03-20 19:56 . 2001-03-19 14:25 37,376 --a------ C:\WINDOWS\system32\ven2232.olb
    2008-03-20 19:56 . 2001-03-19 14:25 35,136 --a------ C:\WINDOWS\system32\VB4FR32.DLL
    2008-03-20 19:56 . 2008-03-20 19:56 8,192 --a------ C:\WINDOWS\system32\dmfafr50.ocy
    2008-03-20 19:56 . 2008-03-20 20:01 4,096 --a------ C:\WINDOWS\system32\dmfafr50.dly
    2008-03-20 19:56 . 2008-03-20 19:56 27 ---h----- C:\TraFgFr.Tra
    2008-03-20 18:24 . 2008-03-20 18:24 <REP> d-------- C:\Python25
    2008-03-20 02:03 . 2008-03-20 02:03 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-03-20 02:03 . 2008-03-20 02:03 <REP> d-------- C:\Veoh Networks
    2008-03-19 22:46 . 2008-03-19 23:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
    2008-03-19 19:44 . 2008-03-19 19:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CrystalApp
    2008-03-19 19:40 . 2008-03-19 19:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PlaneShift
    2008-03-19 19:40 . 2008-03-19 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CrystalSpace
    2008-03-19 19:38 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-03-19 18:29 . 2008-03-22 15:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-19 18:29 . 2008-03-19 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-19 16:35 . 2008-03-19 16:35 <REP> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
    2008-03-19 16:34 . 2008-03-21 17:53 <REP> d-------- C:\DAEMON Tools
    2008-03-19 16:32 . 2008-03-19 16:32 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-19 03:03 . 2004-08-04 01:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-03-18 21:26 . 2008-03-18 21:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
    2008-03-18 20:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-03-18 20:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-03-18 20:58 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-03-18 20:46 . 2008-03-22 09:34 <REP> d-------- C:\eMule
    2008-03-18 20:26 . 2008-03-18 20:26 1,158 --a------ C:\WINDOWS\mozver.dat
    2008-03-18 20:22 . 2008-03-18 20:22 <REP> d-------- C:\WINDOWS\Sun
    2008-03-18 20:22 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-03-18 20:21 . 2008-03-18 20:22 <REP> d-------- C:\Program Files\Java
    2008-03-18 20:21 . 2008-03-18 20:21 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-03-18 20:10 . 2008-03-18 20:10 <REP> d-------- C:\Blender Foundation
    2008-03-18 19:59 . 2008-03-18 19:59 <REP> d-------- C:\WinRAR
    2008-03-18 19:56 . 2008-03-18 19:57 <REP> d-------- C:\Program Files\DivX

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-21 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-18 12:26 --------- d-----w C:\Program Files\Realtek
    2008-03-18 12:25 --------- d-----w C:\Program Files\Analog Devices
    2008-03-18 12:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-03-18 12:17 --------- d-----w C:\Program Files\Intel
    2008-03-18 12:03 --------- d-----w C:\Program Files\microsoft frontpage
    2008-03-18 12:01 --------- d-----w C:\Program Files\Services en ligne
    2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-22_16.52.46,90 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-22 17:29:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat
    + 2008-03-22 17:29:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
    "Veoh"="C:\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968]
    "ccleaner"="C:\CCleaner\ccleaner.exe" [2008-02-20 15:15 816368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
    "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44 1953792]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:55 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-06-28 17:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:55 33792 C:\WINDOWS\system32\rundll32.exe]
    "avast!"="C:\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "DAEMON Tools"="C:\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "qavjptga"="C:\WINDOWS\system32\qavjptga.exe" [2008-03-22 05:00 90112]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Veoh Networks\\Veoh\\VeohClient.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2107:UDP"= 2107:UDP:Windows Media Format SDK (wmplayer.exe)
    "2106:UDP"= 2106:UDP:Windows Media Format SDK (wmplayer.exe)
    "2109:UDP"= 2109:UDP:Windows Media Format SDK (wmplayer.exe)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{512a59e9-f4e7-11dc-aeb0-806d6172696f}]
    \Shell\AutoRun\command - E:\Bin\Assetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-18 18:54:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 19:28:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-22 19:28:44
    ComboFix-quarantined-files.txt 2008-03-22 18:28:37
    ComboFix2.txt 2008-03-22 17:37:01
    ComboFix3.txt 2008-03-22 15:52:59
    .
    2008-03-19 16:58:36 --- E O F ---


    le revoila
    22 Mars 2008 19:40:54

    Copie le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\qavjptga.exe
    C:\Documents and Settings\Administrateur\BureauTrojan.Win32.BlackBird.exe
    C:\Documents and Settings\Administrateur\BureauFWebdEditor.exe
    C:\Documents and Settings\Administrateur\Bureaufwebd.exe
    C:\Documents and Settings\Administrateur\Bureaufkwp2.0.exe
    C:\Documents and Settings\Administrateur\Bureaufkwp1.5.exe
    C:\Documents and Settings\Administrateur\Bureaufilemanagerclient.exe
    C:\Documents and Settings\Administrateur\BureauEditorFKWP2.0.exe
    C:\Documents and Settings\Administrateur\BureauEditorFKWP1.5.exe
    C:\WINDOWS\drnpfdxlsk.dll
    C:\WINDOWS\altvxvm.dll
    C:\WINDOWS\mozver.dat

    Folder::
    C:\Documents and Settings\Administrateur\Bureauvirii

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "qavjptga"=-


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    22 Mars 2008 19:53:44

    voila pour combofix le rapport hijackthis viendra dans un autre message de suite

    ComboFix 08-03-22.1 - Administrateur 2008-03-22 19:45:32.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1448 [GMT 1:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\Documents and Settings\Administrateur\BureauEditorFKWP1.5.exe
    C:\Documents and Settings\Administrateur\BureauEditorFKWP2.0.exe
    C:\Documents and Settings\Administrateur\Bureaufilemanagerclient.exe
    C:\Documents and Settings\Administrateur\Bureaufkwp1.5.exe
    C:\Documents and Settings\Administrateur\Bureaufkwp2.0.exe
    C:\Documents and Settings\Administrateur\Bureaufwebd.exe
    C:\Documents and Settings\Administrateur\BureauFWebdEditor.exe
    C:\Documents and Settings\Administrateur\BureauTrojan.Win32.BlackBird.exe
    C:\WINDOWS\altvxvm.dll
    C:\WINDOWS\drnpfdxlsk.dll
    C:\WINDOWS\mozver.dat
    C:\WINDOWS\system32\qavjptga.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\BureauEditorFKWP1.5.exe
    C:\Documents and Settings\Administrateur\BureauEditorFKWP2.0.exe
    C:\Documents and Settings\Administrateur\Bureaufilemanagerclient.exe
    C:\Documents and Settings\Administrateur\Bureaufkwp1.5.exe
    C:\Documents and Settings\Administrateur\Bureaufkwp2.0.exe
    C:\Documents and Settings\Administrateur\Bureaufwebd.exe
    C:\Documents and Settings\Administrateur\BureauFWebdEditor.exe
    C:\Documents and Settings\Administrateur\BureauTrojan.Win32.BlackBird.exe
    C:\Documents and Settings\Administrateur\Bureauvirii
    C:\Documents and Settings\Administrateur\Bureauvirii\Trojan-Downloader.Win32.Agent.bl.exe
    C:\Documents and Settings\Administrateur\Bureauvirii\Trojan-Downloader.Win32.Agent.p.exe
    C:\Documents and Settings\Administrateur\Bureauvirii\Trojan-Downloader.Win32.Agent.r.exe
    C:\Documents and Settings\Administrateur\Bureauvirii\Trojan-Downloader.Win32.Agent.t.exe
    C:\Documents and Settings\Administrateur\Bureauvirii\Trojan-Downloader.Win32.Agent.v.exe
    C:\WINDOWS\altvxvm.dll
    C:\WINDOWS\drnpfdxlsk.dll
    C:\WINDOWS\mozver.dat
    C:\WINDOWS\system32\qavjptga.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
    .

    2008-03-22 15:25 . 2008-03-22 15:25 <REP> d-------- C:\_OTMoveIt
    2008-03-22 01:05 . 2008-03-22 01:05 <REP> d-------- C:\Trend Micro
    2008-03-21 23:35 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
    2008-03-21 23:35 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2008-03-21 23:35 . 2008-03-21 23:35 3,120 --a------ C:\WINDOWS\system32\118290.54
    2008-03-21 23:35 . 2008-03-21 23:35 3,120 --a------ C:\WINDOWS\118294.78
    2008-03-21 23:35 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2008-03-21 23:18 . 2008-03-22 00:45 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-03-21 23:02 . 2008-03-21 23:02 <REP> d-------- C:\Spybot - Search & Destroy
    2008-03-21 22:38 . 2008-03-21 22:21 36,156,585 --a------ C:\WINDOWS\LPT$VPN.181
    2008-03-21 22:35 . 2008-03-21 22:35 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-03-21 22:21 . 2008-03-21 22:21 <REP> d-------- C:\WINDOWS\report
    2008-03-21 22:21 . 2008-03-21 22:35 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-03-21 22:21 . 2008-03-21 22:21 36,156,585 --a------ C:\WINDOWS\VPTNFILE.181
    2008-03-21 22:21 . 2008-03-21 22:21 1,934,920 --a------ C:\WINDOWS\tsc.ptn
    2008-03-21 22:21 . 2008-03-21 22:35 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-03-21 22:21 . 2008-03-21 22:21 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-03-21 22:21 . 2008-03-21 22:35 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-03-21 22:21 . 2008-03-21 22:21 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-03-21 22:21 . 2008-03-21 22:47 823 --a------ C:\WINDOWS\tsc.ini
    2008-03-21 22:20 . 2008-03-21 22:20 <REP> d-------- C:\WINDOWS\AU_Log
    2008-03-21 22:20 . 2008-03-21 22:20 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-03-21 22:20 . 2008-03-21 22:20 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-03-21 22:20 . 2008-03-21 22:20 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-03-21 22:20 . 2008-03-21 22:35 170 --a------ C:\WINDOWS\GetServer.ini
    2008-03-21 21:27 . 2008-03-21 21:27 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
    2008-03-21 21:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-03-21 19:56 . 2008-03-21 19:56 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-03-21 19:48 . 2008-03-21 21:21 <REP> d-------- C:\Program Files\Google
    2008-03-21 19:29 . 2008-03-22 18:26 2,564 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-21 19:28 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-21 19:28 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-21 19:28 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-21 19:28 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-21 19:28 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-21 19:28 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-21 19:28 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-21 18:59 . 2008-03-22 02:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-21 18:47 . 2008-03-21 22:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-21 18:45 . 2008-03-21 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-21 18:36 . 2008-03-21 18:36 <REP> d-------- C:\CCleaner
    2008-03-21 17:44 . 2008-03-21 17:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-03-21 17:18 . 2008-03-21 17:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC-Cleaner
    2008-03-21 15:44 . 2008-03-21 15:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-21 15:44 . 2008-03-21 15:44 <REP> d-------- C:\Lavasoft
    2008-03-21 15:44 . 2008-03-21 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-21 15:19 . 2008-03-21 15:19 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-03-21 15:00 . 2008-03-21 15:00 <REP> d-------- C:\Documents and Settings\Administrateur\.thumbnails
    2008-03-21 14:53 . 2008-03-21 15:08 <REP> d-------- C:\Documents and Settings\Administrateur\.gimp-2.4
    2008-03-21 14:52 . 2008-03-21 14:52 <REP> d-------- C:\GIMP-2.0
    2008-03-21 14:51 . 2008-03-21 14:51 <REP> d-------- C:\Program Files\Fichiers communs\GTK
    2008-03-21 13:11 . 2008-03-21 13:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-21 11:29 . 2008-03-21 11:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Pollux Gamelabs
    2008-03-21 11:12 . 2008-03-21 11:12 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-03-20 19:56 . 2001-03-19 14:25 722,192 --a------ C:\WINDOWS\system32\VB40032.DLL
    2008-03-20 19:56 . 2001-03-19 14:25 61,952 --a------ C:\WINDOWS\ST4UNST.EXE
    2008-03-20 19:56 . 2001-03-19 14:25 37,376 --a------ C:\WINDOWS\system32\ven2232.olb
    2008-03-20 19:56 . 2001-03-19 14:25 35,136 --a------ C:\WINDOWS\system32\VB4FR32.DLL
    2008-03-20 19:56 . 2008-03-20 19:56 8,192 --a------ C:\WINDOWS\system32\dmfafr50.ocy
    2008-03-20 19:56 . 2008-03-20 20:01 4,096 --a------ C:\WINDOWS\system32\dmfafr50.dly
    2008-03-20 19:56 . 2008-03-20 19:56 27 ---h----- C:\TraFgFr.Tra
    2008-03-20 18:24 . 2008-03-20 18:24 <REP> d-------- C:\Python25
    2008-03-20 02:03 . 2008-03-20 02:03 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-03-20 02:03 . 2008-03-20 02:03 <REP> d-------- C:\Veoh Networks
    2008-03-19 22:46 . 2008-03-19 23:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
    2008-03-19 19:44 . 2008-03-19 19:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CrystalApp
    2008-03-19 19:40 . 2008-03-19 19:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PlaneShift
    2008-03-19 19:40 . 2008-03-19 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CrystalSpace
    2008-03-19 19:38 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-03-19 18:29 . 2008-03-22 15:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-19 18:29 . 2008-03-19 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-19 16:35 . 2008-03-19 16:35 <REP> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
    2008-03-19 16:34 . 2008-03-21 17:53 <REP> d-------- C:\DAEMON Tools
    2008-03-19 16:32 . 2008-03-19 16:32 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-19 03:03 . 2004-08-04 01:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-03-18 21:26 . 2008-03-18 21:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
    2008-03-18 20:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-03-18 20:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-03-18 20:58 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-03-18 20:46 . 2008-03-22 09:34 <REP> d-------- C:\eMule
    2008-03-18 20:22 . 2008-03-18 20:22 <REP> d-------- C:\WINDOWS\Sun
    2008-03-18 20:22 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-03-18 20:21 . 2008-03-18 20:22 <REP> d-------- C:\Program Files\Java
    2008-03-18 20:21 . 2008-03-18 20:21 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-03-18 20:10 . 2008-03-18 20:10 <REP> d-------- C:\Blender Foundation
    2008-03-18 19:59 . 2008-03-18 19:59 <REP> d-------- C:\WinRAR
    2008-03-18 19:56 . 2008-03-18 19:57 <REP> d-------- C:\Program Files\DivX
    2008-03-18 19:54 . 2008-03-18 19:54 <REP> d-------- C:\Program Files\QuickTime
    2008-03-18 19:54 . 2008-03-18 19:54 <REP> d-------- C:\Program Files\Apple Software Update
    2008-03-18 19:54 . 2008-03-18 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-03-18 19:54 . 2008-03-18 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-03-18 19:49 . 2008-03-21 17:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-03-18 19:48 . 2008-03-18 19:48 <REP> d-------- C:\Program Files\VideoLAN
    2008-03-18 19:48 . 2008-03-18 19:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
    2008-03-18 19:45 . 2008-03-18 19:45 0 --a------ C:\WINDOWS\nsreg.dat
    2008-03-18 19:21 . 2008-03-18 19:21 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
    2008-03-18 19:20 . 2008-03-18 19:20 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-03-18 19:15 . 2008-03-18 19:20 <REP> d-------- C:\Program Files\Windows Live
    2008-03-18 19:15 . 2008-03-18 19:19 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-03-18 19:15 . 2008-03-18 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-21 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-18 12:26 --------- d-----w C:\Program Files\Realtek
    2008-03-18 12:25 --------- d-----w C:\Program Files\Analog Devices
    2008-03-18 12:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-03-18 12:17 --------- d-----w C:\Program Files\Intel
    2008-03-18 12:03 --------- d-----w C:\Program Files\microsoft frontpage
    2008-03-18 12:01 --------- d-----w C:\Program Files\Services en ligne
    2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-22_16.52.46,90 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-22 18:47:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_620.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
    "Veoh"="C:\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968]
    "ccleaner"="C:\CCleaner\ccleaner.exe" [2008-02-20 15:15 816368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
    "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44 1953792]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:55 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-06-28 17:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:55 33792 C:\WINDOWS\system32\rundll32.exe]
    "avast!"="C:\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "DAEMON Tools"="C:\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Veoh Networks\\Veoh\\VeohClient.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2107:UDP"= 2107:UDP:Windows Media Format SDK (wmplayer.exe)
    "2106:UDP"= 2106:UDP:Windows Media Format SDK (wmplayer.exe)
    "2109:UDP"= 2109:UDP:Windows Media Format SDK (wmplayer.exe)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{512a59e9-f4e7-11dc-aeb0-806d6172696f}]
    \Shell\AutoRun\command - E:\Bin\Assetup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-18 18:54:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 19:47:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Alwil Software\Avast4\aswUpdSv.exe
    C:\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Alwil Software\Avast4\ashMaiSv.exe
    C:\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dumprep.exe
    C:\WINDOWS\system32\dwwin.exe
    .
    **************************************************************************
    .
    Completion time: 2008-03-22 19:50:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-22 18:50:29
    ComboFix2.txt 2008-03-22 18:28:45
    ComboFix3.txt 2008-03-22 17:37:01
    ComboFix4.txt 2008-03-22 15:52:59
    .
    2008-03-19 16:58:36 --- E O F ---
    22 Mars 2008 19:54:45

    et voila le hijackthis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:53, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Alwil Software\Avast4\aswUpdSv.exe
    C:\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Veoh Networks\Veoh\VeohClient.exe
    C:\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Alwil Software\Avast4\ashMaiSv.exe
    C:\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\system32\JMRaidSetup.exe" boot
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [ccleaner] "C:\CCleaner\ccleaner.exe" /AUTO
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84969725-D437-43DB-97AA-17ADDF2CBA01}: NameServer = 81.220.255.4,80.236.0.68
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5744 bytes
    22 Mars 2008 20:37:22

    C'est comment maintenant ?
    22 Mars 2008 21:06:31

    pour le moment le truc ne revient pas j'espere que ca va durer
    merci beaucoup de ton aide j'aurais trop galeré sans toi
    je te recontacterais si le probleme persite

    merci encore voila
    23 Mars 2008 11:34:39

    Re,

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
    Poste le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

    ****


    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS