Souci sur le PC de mon fils

pear · le 30 mars 2008

Je dois désactiver le parefeu de windows

Oui, mais seulement juste avant de lancer Combofix.

marmotte38 · le 30 mars 2008

Voici le rapport COMBOFIX

Par ailleurs, Antivir m'envoie une alerte pour Trojan TR\CRYPT.XPACK.GEN qu'in n'arrive pas à supprimer apparement... je ne sais pas si cela peut vous aider

ComboFix 08-03-30.1 - Gaet 2008-03-30 13:29:04.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.460 [GMT 2:00]

Endroit: C:\Documents and Settings\Gaet\Bureau\ComboFix.exe

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Gaet\Mes documents\SMANTE~1

C:\Documents and Settings\Gaet\Mes documents\SMANTE~1\S?mantec\

C:\Documents and Settings\Gaet\Mes documents\SSTEM~1

C:\WINDOWS\dwnrpofk.dll

C:\WINDOWS\fnts~1

C:\WINDOWS\qvdntlmw.dll

C:\WINDOWS\sembly~1

C:\WINDOWS\sstem3~1

C:\WINDOWS\system32\SAKUBcfe.ini

C:\WINDOWS\system32\SAKUBcfe.ini2

C:\WINDOWS\system32\wintsvtr.exe

C:\WINDOWS\system32\WwvDKRqr.ini

C:\WINDOWS\system32\WwvDKRqr.ini2

C:\WINDOWS\vbgtorfd.dll

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))

.

2008-03-30 12:13 . 2008-03-30 12:23 <REP> d-------- C:\Program Files\Navilog1

2008-03-30 11:46 . 2008-03-30 11:55 3,076 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-30 11:45 . 2008-03-30 12:27 <REP> d-------- C:\smitfraudfix

2008-03-30 10:17 . 2008-03-30 10:17 <REP> d-------- C:\Program Files\Avira

2008-03-30 10:17 . 2008-03-30 10:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-03-30 08:29 . 2008-03-30 08:29 264,960 --a------ C:\spyware2.JPG

2008-03-30 08:22 . 2008-03-30 08:22 54,454 --a------ C:\spyware.JPG

2008-03-30 07:57 . 2008-03-30 07:57 <REP> d-------- C:\Documents and Settings\Gaet\Application Data\Template

2008-03-29 13:49 . 2008-03-29 13:49 <REP> d-------- C:\Documents and Settings\Gaet\Application Data\PC-Cleaner

2008-03-29 13:47 . 2008-03-29 13:50 <REP> d-------- C:\Program Files\PC-Cleaner

2008-03-29 13:25 . 2008-03-29 13:25 94,208 --a------ C:\WINDOWS\system32\ybizynml.exe

2008-03-29 12:50 . 2008-03-30 12:18 <REP> d-------- C:\Program Files\Spyware Doctor

2008-03-29 12:50 . 2008-03-29 12:50 <REP> d-------- C:\Documents and Settings\Gaet\Application Data\PC Tools

2008-03-29 12:50 . 2007-12-10 15:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-03-29 12:50 . 2007-12-10 15:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-03-29 12:50 . 2008-02-01 13:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-03-29 12:50 . 2007-12-10 15:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-03-29 12:08 . 2008-03-29 12:42 294 ---hs---- C:\WINDOWS\system32\gdnmimbc.ini

2008-03-29 11:59 . 2008-03-29 11:59 114,688 --a------ C:\WINDOWS\system32\tydkfajs.exe

2008-03-28 20:42 . 2008-03-28 20:42 2 --a------ C:\WINDOWS\msoffice.ini

2008-03-28 17:00 . 2008-03-29 12:41 327 --a------ C:\WINDOWS\wininit.ini

2008-03-28 16:29 . 2008-03-30 11:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-28 16:29 . 2008-03-28 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-28 14:29 . 2008-03-30 10:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\afitsvsz

2008-03-28 14:29 . 98,304 C:\WINDOWS\system32\ahkxofkx.exe

2008-03-02 11:36 . 2008-03-02 11:36 268 --ah----- C:\sqmdata16.sqm

2008-03-02 11:36 . 2008-03-02 11:36 244 --ah----- C:\sqmnoopt16.sqm

2008-02-22 13:17 . 2008-02-22 13:17 <REP> d-------- C:\Program Files\DivX

2008-02-21 04:05 . 2008-02-21 04:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-02-21 04:05 . 2008-02-21 04:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-02-02 12:58 . 2008-02-02 12:58 268 --ah----- C:\sqmdata15.sqm

2008-02-02 12:58 . 2008-02-02 12:58 244 --ah----- C:\sqmnoopt15.sqm

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 11:36 --------- d-----w C:\Program Files\Steam

2008-03-30 11:36 --------- d-----w C:\Documents and Settings\Gaet\Application Data\Skype

2008-03-30 11:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-30 11:33 --------- d-----w C:\Program Files\Moon Secure Antivirus

2008-03-30 10:01 --------- d-----w C:\Documents and Settings\Gaet\Application Data\OpenOffice.org2

2008-03-28 18:43 --------- d-----w C:\Program Files\Fichiers communs\aolshare

2008-03-28 18:43 --------- d-----w C:\Program Files\Fichiers communs\AOL

2008-03-28 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2008-03-28 18:33 --------- d-----w C:\Program Files\Yahoo!

2008-03-28 14:42 --------- d-----w C:\Program Files\Warcraft III

2008-03-28 14:27 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-02-23 21:28 --------- d-----w C:\Program Files\GUILD WARS

2008-02-06 12:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-06 12:15 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys

2007-12-24 22:43 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-07 14:37 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E96B1FB-2310-4552-9A02-27677D005307}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B75C5E6-A52E-4F8C-8A27-EFC415575B04}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D58212-2091-4DFE-85C7-31AE36C6F29D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]

"Steam"="c:\program files\steam\steam.exe" [2008-03-28 11:54 1271032]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-16 12:21 190024]

"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52 98304]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

"rsazddul"="C:\WINDOWS\system32\ahkxofkx.exe" [ ]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"xnblnnla"="C:\WINDOWS\system32\tydkfajs.exe" [ ]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-25 00:43 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 01:09 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 01:06 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 01:10 114688]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-04 20:42 98304]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 03:01 86016]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-04 20:41 26112]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 23:11 866584]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]

"Moon Secure Antivirus"="C:\Program Files\Moon Secure Antivirus\moontray.exe" [2007-01-24 20:49 1153536]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 14:28 29696 C:\WINDOWS\KHALMNPR.Exe]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-30 12:07 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 14:45 36040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXoMeeC]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"C:\\Programmes\\Activision\\Rome - Total War\\RomeTW-BI.exe"=

"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARMPDemo.exe"=

"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=

"C:\\Program Files\\Sierra\\FEAR MP Demo\\FEARServer.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Third Wave Games\\War World - Tactical Combat DEMO 1.09\\War World.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\Steam\\SteamApps\\dsfge83\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"C:\\Program Files\\THQ\\Titan Quest\\Titan Quest.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"C:\\Team17\\Worms World Party\\wwp.exe"=

"C:\\Program Files\\Steam\\steam.exe"=

"C:\\Program Files\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Documents and Settings\\Gaet\\Bureau\\Counter-Strike Source\\hl2.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:6112

"6112:UDP"= 6112:UDP:6112bis

R2 msav;Moon Secure Antivirus Core;C:\Program Files\Moon Secure Antivirus\msavcore.exe [2007-01-24 20:49]

S3 Am772;SMC2602W 11 Mbps Wireless 802.11 Adapter;C:\WINDOWS\system32\DRIVERS\Am772.sys [2004-01-26 14:40]

S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 03:00]

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-03-30 11:37:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2008-03-30 11:19:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

pear · le 30 mars 2008

)Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Lancez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

KillAll::

File::

C:\sqmdata15.sqm

C:\sqmnoopt15.sqm

C:\sqmdata16.sqm

C:\sqmnoopt16.sqm

C:\spyware2.JPG

C:\spyware.JPG

C:\WINDOWS\system32\ybizynml.exe

C:\WINDOWS\system32\gdnmimbc.ini

C:\WINDOWS\system32\tydkfajs.exe

C:\WINDOWS\system32\ahkxofkx.exe

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\SAKUBcfe.ini2

C:\WINDOWS\system32\WwvDKRqr.ini2

C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

Folder::

C:\Documents and Settings\All Users\Application Data\afitsvsz

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXoMeeC]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

rsazddul"=-

xnblnnla"=-

LDM"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\Program Files\Logitech\\Desktop Messenger\8876480\Program\backWeb-8876480.exe"=-

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Et un nouvel Hijackthis, svp.

Modifié le 30 mars 2008 par pear

marmotte38 · le 30 mars 2008

Voici le rapport COMBOFIX

ComboFix 08-03-30.1 - Gaet 2008-03-30 15:00:42.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.616 [GMT 2:00]

Endroit: C:\Documents and Settings\Gaet\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Gaet\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

FILE ::

C:\spyware.JPG

C:\spyware2.JPG

C:\sqmdata15.sqm

C:\sqmdata16.sqm

C:\sqmnoopt15.sqm

C:\sqmnoopt16.sqm

C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

C:\WINDOWS\system32\ahkxofkx.exe

C:\WINDOWS\system32\gdnmimbc.ini

C:\WINDOWS\system32\SAKUBcfe.ini2

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\tydkfajs.exe

C:\WINDOWS\system32\WwvDKRqr.ini2

C:\WINDOWS\system32\ybizynml.exe

.

The following files were disabled during the run:

C:\Program Files\Moon Secure Antivirus\MoonSysH.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\afitsvsz

C:\spyware.JPG

C:\spyware2.JPG

C:\sqmdata15.sqm

C:\sqmdata16.sqm

C:\sqmnoopt15.sqm

C:\sqmnoopt16.sqm

C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

C:\WINDOWS\system32\gdnmimbc.ini

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\ybizynml.exe

.

---- Previous Run -------

.

C:\Documents and Settings\Gaet\Mes documents\SMANTE~1

C:\Documents and Settings\Gaet\Mes documents\SMANTE~1\S?mantec\

C:\Documents and Settings\Gaet\Mes documents\SSTEM~1

C:\WINDOWS\dwnrpofk.dll

C:\WINDOWS\fnts~1

C:\WINDOWS\qvdntlmw.dll

C:\WINDOWS\sembly~1

C:\WINDOWS\sstem3~1

C:\WINDOWS\system32\SAKUBcfe.ini

C:\WINDOWS\system32\SAKUBcfe.ini2

C:\WINDOWS\system32\wintsvtr.exe

C:\WINDOWS\system32\WwvDKRqr.ini

C:\WINDOWS\system32\WwvDKRqr.ini2

C:\WINDOWS\vbgtorfd.dll

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))

.

2008-03-30 13:37 . 2008-03-30 13:37 268 --ah----- C:\sqmdata17.sqm

2008-03-30 13:37 . 2008-03-30 13:37 244 --ah----- C:\sqmnoopt17.sqm

2008-03-30 12:13 . 2008-03-30 12:23 <REP> d-------- C:\Program Files\Navilog1

2008-03-30 11:45 . 2008-03-30 12:27 <REP> d-------- C:\smitfraudfix

2008-03-30 10:17 . 2008-03-30 10:17 <REP> d-------- C:\Program Files\Avira

2008-03-30 10:17 . 2008-03-30 10:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-03-30 07:57 . 2008-03-30 07:57 <REP> d-------- C:\Documents and Settings\Gaet\Application Data\Template

2008-03-29 13:49 . 2008-03-29 13:49 <REP> d-------- C:\Documents and Settings\Gaet\Application Data\PC-Cleaner

2008-03-29 13:47 . 2008-03-29 13:50 <REP> d-------- C:\Program Files\PC-Cleaner

2008-03-29 12:50 . 2008-03-30 13:51 <REP> d-------- C:\Program Files\Spyware Doctor