PC très infecté

zabouille · le 4 mars 2009

Depuis 3 jours, mon PC a été infecté à la suite d'un chargement malheureux de ma part d'un logiciel de type "cleaner" dont je ne me souviens plus du nom.

AVAST a été directement éradiqué par le virus, ensuite impossibilité d'executer CCLEANER et SPYBOT S&D qui ne répondaient absolument plus.

Le centre de sécurité WINDOWS et le pare-feu ont été désactivés automatiquement également. Depuis j'ai de multiples problèmes, bien entendu.

J'ai réussi avec difficulté à télécharger ANTIVIR et après avoir désinstallé AVAST, j'ai lancé le nettoyage par ANTIVIR depuis le démarrage en mode "sans échec".

Il a détecté de nombreux fichiers infestés par "bagle.trash", "bagle.gen.B" et "rootkit.gen" qu'il a supprimés.

J'ai suivi à la lettre la procédure donnée sur le forum, puis après 3 jours essayés à installer et lancer "hijackthis", je viens seulement d'y parvenir et je poste le log. Si vous pouviez me donner un coup de main. Merci d'avance.

P.S. je ne suis pas sure d'avoir téléchargé HJT au bon endroit mais c'est tout ce que j'ai pu faire.

Scan saved at 20:19:08, on 04/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\mobsync.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Windows\System32\nvraidservice.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\OrangeHSS\systray\systrayapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\OrangeHSS\Launcher\Launcher.exe

C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe

C:\Program Files\OrangeHSS\Deskboard\deskboard.exe

C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe

C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Users\isa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IASFXR40\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ke.voila.fr/S/voila?kw=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [yiyocik] "c:\users\isa\appdata\local\yiyocik.exe" yiyocik

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [flec003.exe] C:\Users\isa\AppData\Roaming\hidires\flec003.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.mappy.com

O15 - Trusted Zone: http://*.orange.fr

O15 - Trusted Zone: http://rw.search.ke.voila.fr

O15 - Trusted Zone: http://orange.weborama.fr

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--

End of file - 10070 bytes

pear · le 4 mars 2009

Bonsoir,

Téléchargez Toolbar-S&D sur le Bureau.

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne sert à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Lancez l'installation du programme en exécutant le fichier téléchargé.

Redémarrez en mode sans échec

Double-cliquez sur le raccourci de Toolbar-S&D.

Sélectionnez la langue souhaitée en tapant la lettre de votre choix puis en validant avec la touche Entrée.

Choisisssez l'option 1 (Recherche).

Patientez jusqu'à la fin de la recherche.

Postez le rapport généré. (C:\TB.txt)

Relancez Toolbar-S&D en double-cliquant sur le raccourci. Tapez sur "2" et validez par"Entrée".

Ne fermez pas la fenêtre lors de la suppression !

Un rapport sera généré,

postez son contenu ici.

NOTE : Si le Bureau ne réapparait pas, appuyer simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Allez à l'onglet "Processus". Cliquez en haut à gauche sur Fichier ->"Exécuter..."

Tapez explorer et validez.

color=#0000FF]

Vous devez désactiver la protection en temps réel de votre Antivirus qui peut considérer certains composants de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne sert à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

[/color]

Si vous êtes Sous Vista:

Désactivez le contrôle des comptes utilisateurs (Vous le réactiverez par la suite):

http://www.zebulon.fr/astuces/220-desactiv...dans-vista.html

- Démarrer puis panneau de configuration->"Comptes d'utilisateurs"

- Cliquer ensuite sur désactiver et valider.

Télécharger Navilog1

. et enregistrez-le sur le bureau.

Ensuite double cliquer sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, Faire un Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisir "Exécuter en tant qu'administrateur".

Pour activer la commande "Exécuter en tant qu'administrateur "sur les raccourcis , si vous n'avez pas les droits Administrateur:

1. Cliquez avec le bouton droit sur l'icône du raccourci, puis cliquez sur Propriétés.

2. Sur l'onglet Raccourci, cliquez sur avancé.

3. Activez la case à cocher suivante :

"Cette option peut vous autoriser à exécuter ce raccourci en tant qu'autre utilisateur ou à continuer en tant que vous-même tout en protégeant votre ordinateur et vos données de programmes non autorisés"

Si cela ne s'exécutait pas:

Démarrer ->Exécuter->Services.msc->Connexion secondaire->Démarrage Manuel

Réessayer

Au menu principal, Faire le choix 1

Suivre les instructions et patienter jusqu'au message :

*** Analyse Terminée le ..... ***

Enregistrer le rapport pour pouvoir le poster

Ensuite lancez l'option 2

Le fix vous informe qu'il va redémarrer le PC

Fermer toutes les fenêtres ouvertes et enregistrer les documents personnels ouverts

Appuyer sur une touche comme demandé.

(si le Pc ne redémarre pas automatiquement, Redémarrer)

Au redémarrage du PC, choisir la session habituelle.

Patienter jusqu'au message :

"*** Nettoyage Terminé le ..... ***"

Le bloc-notes va s'ouvrir.

Sauvegarder le rapport de manière à le retrouver

Refermer le bloc-notes

.Le bureau va réapparaitre

Démarrer -> panneau de configuration -> options internet

Cliquer sur l'onglet "Contenu" puis onglet "Certificats"

et si vous trouvez ceci, en particulier ,dans "éditeurs approuvés" :

electronic-group ; egroup ; Montorgueil ; VIP ; "Sunny Day Design Ltd"

=> Supprimez-les tous

PS:Si le bureau ne réapparaît pas, CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.

Puis à l'onglet "processus". Cliquer en haut à gauche sur fichiers et choisir "exécuter"

Taper explorer et valider.

Postez les 2 rapports

Il faut lancer la procédure dans tous les comptes utilisateurs où le problème apparaît car Navilog1 ne nettoie que

le compte sur lequel on l'exécute,après les avoir passés en mode "administrateur" (sinon navilog1 ne s'exécute pas)

Si c'est fait ou que vous êtes seul utilisateur:

Désinstaller Navilog1 Via ajout/suppression des programmes --> Navilog1

Ensuite supprimer ce dossier : C:\Program Files\navilog1

Renommer ComboFix

Attention, par défaut, Firefox ne permet pas le renommage avant sauvegarde, utiliser plutôt IE

Pour le renommer:

Clic droit sur http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Choisir "Enregistrer la cible du lien..sous...."

Choisir le bureau

En bas, à Nom du Fichier:

tapez par exemple votrenom.exe

Cliquez enfin sur -> Enregistrer

Sur le bureau

Lancez Combofix en double cliquant sur votrenom.exe

En cas de problème, :

méthode illustrée

Télécharger combofix.exe de sUBs

et sauvegardez le sur le bureau

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs ,Teatimer de Spybot car ils pourraient perturber le fonctionnement de cet outil

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

Connecter tous les disques amovibles (disque dur externe, clé USB…).

*Double cliquer sur combofix.exe pour le lancer.

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

Pour lancer le scan

* Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

* Le scan pourrait prendre un certain temps:Soyez patient!

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

[/color]

Modifié le 4 mars 2009 par pear

zabouille · le 4 mars 2009

merci pour votre réponse rapide.

J'ai executé "toolbar" comme indiqué, les deux rapports ont été générés.

J'ai du relancer le PC en mode normal pour télécharger "navilog" et "combofix".

Est-ce que je dois reprendre le processus depuis le début, ou bien continuer en lancant "navilog" puis "combofix", et dois-je les executer en "mode sans échec"?

Pour info, je ne peux plus ouvrir "SPYBOT" du tout, donc impossible d'y modifier quoi que ce soit, et je n'ai plus d'antivirus puisqu'avast était cômplètement inutilisable.

Désolée pour les questions, je ne m'y connais pas trop.

zabouille · le 4 mars 2009

[J'ai répondu moi-même à la question et j'ai recommencé la procédure.

Tout a fonctionné correctement.

Je vais poster les rapports dans un autre message dès que je les récupère tous.

zabouille · le 4 mars 2009

Bonsoir,

voici les deux premiers rapports de "toolbar" :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15

USER : isa ( Administrator )

BOOT : Fail-safe boot

C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go)

D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 04/03/2009|22:00 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\ProgramData\GamesBar

C:\ProgramData\GamesBar\08-11-21-20-39-24

C:\ProgramData\GamesBar\08-11-21-20-39-24.xm_

C:\ProgramData\GamesBar\08-11-21-20-39-26

C:\ProgramData\GamesBar\08-11-21-20-39-26.xm_

C:\ProgramData\GamesBar\08-11-21-20-39-34

C:\ProgramData\GamesBar\08-11-21-20-39-34.xm_

C:\ProgramData\GamesBar\08-11-22-20-40-05

C:\ProgramData\GamesBar\08-11-22-20-40-05.xm_

C:\ProgramData\GamesBar\08-11-22-20-40-07

C:\ProgramData\GamesBar\08-11-22-20-40-07.xm_

C:\ProgramData\GamesBar\08-11-22-20-40-10

C:\ProgramData\GamesBar\08-11-22-20-40-10.xm_

C:\ProgramData\GamesBar\08-11-22-20-40-16

C:\ProgramData\GamesBar\08-11-22-20-40-16.xm_

C:\ProgramData\GamesBar\08-11-22-20-40-27

C:\ProgramData\GamesBar\08-11-22-20-40-27.xm_

C:\ProgramData\GamesBar\7_wonders_treasures_of_seven16x16.gif

C:\ProgramData\GamesBar\about.gif

C:\ProgramData\GamesBar\action.gif

C:\ProgramData\GamesBar\arcade.gif

C:\ProgramData\GamesBar\around_the_world_in_80_days16x16.gif

C:\ProgramData\GamesBar\big_city_adventure_sydney16x16.gif

C:\ProgramData\GamesBar\buy.gif

C:\ProgramData\GamesBar\cards.gif

C:\ProgramData\GamesBar\cooking_dash16x16.gif

C:\ProgramData\GamesBar\deals.gif

C:\ProgramData\GamesBar\download.gif

C:\ProgramData\GamesBar\escape_from_the_museum16x16.gif

C:\ProgramData\GamesBar\farm_frenzy_216x16.gif

C:\ProgramData\GamesBar\feedback.gif

C:\ProgramData\GamesBar\help.gif

C:\ProgramData\GamesBar\highlight.gif

C:\ProgramData\GamesBar\home_sweet_home_216x16.gif

C:\ProgramData\GamesBar\jewel_quest_316x16.gif

C:\ProgramData\GamesBar\jigsaw.gif

C:\ProgramData\GamesBar\kids.gif

C:\ProgramData\GamesBar\magic_encyclopedia16x16.gif

C:\ProgramData\GamesBar\mahjong.gif

C:\ProgramData\GamesBar\mygames.gif

C:\ProgramData\GamesBar\mystery_stories_island_of_hope16x16.gif

C:\ProgramData\GamesBar\natalie_brooks16x16.gif

C:\ProgramData\GamesBar\newGames.gif

C:\ProgramData\GamesBar\oberonconfig.xm_

C:\ProgramData\GamesBar\obSearchHistory.dat

C:\ProgramData\GamesBar\partner.gif

C:\ProgramData\GamesBar\popup_off.gif

C:\ProgramData\GamesBar\popup_on.gif

C:\ProgramData\GamesBar\puzzle.gif

C:\ProgramData\GamesBar\restoring_rhonda16x16.gif

C:\ProgramData\GamesBar\search.gif

C:\ProgramData\GamesBar\sendafriend.gif

C:\ProgramData\GamesBar\sports.gif

C:\ProgramData\GamesBar\the_hidden_object_show16x16.gif

C:\ProgramData\GamesBar\the_pini_society16x16.gif

C:\ProgramData\GamesBar\trial.gif

C:\ProgramData\GamesBar\uninstall.gif

C:\ProgramData\GamesBar\update.gif

C:\ProgramData\GamesBar\womens_murder_club_fr16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\7_wonders_treasures_of_seven16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\about.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\action.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\arcade.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\around_the_world_in_80_days16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\big_city_adventure_sydney16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\buy.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\cards.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\cooking_dash16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\deals.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\download.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\escape_from_the_museum16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\farm_frenzy_216x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\feedback.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\help.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\highlight.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\home_sweet_home_216x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\jewel_quest_316x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\jigsaw.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\kids.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\magic_encyclopedia16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\mahjong.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\mygames.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\mystery_stories_island_of_hope16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\natalie_brooks16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\newGames.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\partner.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\popup_off.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\popup_on.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\puzzle.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\restoring_rhonda16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\search.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\sendafriend.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\sports.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\the_hidden_object_show16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\the_pini_society16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\trial.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\uninstall.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\update.gif

C:\ProgramData\GamesBar\08-11-21-20-39-24\womens_murder_club_fr16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\7_wonders_treasures_of_seven16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\about.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\action.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\arcade.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\around_the_world_in_80_days16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\big_city_adventure_sydney16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\buy.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\cards.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\cooking_dash16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\deals.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\download.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\escape_from_the_museum16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\farm_frenzy_216x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\feedback.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\help.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\highlight.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\home_sweet_home_216x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\jewel_quest_316x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\jigsaw.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\kids.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\magic_encyclopedia16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\mahjong.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\mygames.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\mystery_stories_island_of_hope16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\natalie_brooks16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\newGames.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\partner.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\popup_off.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\popup_on.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\puzzle.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\restoring_rhonda16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\search.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\sendafriend.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\sports.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\the_hidden_object_show16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\the_pini_society16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\trial.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\uninstall.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\update.gif

C:\ProgramData\GamesBar\08-11-21-20-39-26\womens_murder_club_fr16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\7_wonders_treasures_of_seven16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\about.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\action.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\arcade.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\around_the_world_in_80_days16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\big_city_adventure_sydney16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\buy.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\cards.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\cooking_dash16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\deals.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\download.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\escape_from_the_museum16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\farm_frenzy_216x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\feedback.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\help.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\highlight.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\home_sweet_home_216x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\jewel_quest_316x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\jigsaw.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\kids.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\magic_encyclopedia16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\mahjong.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\mygames.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\mystery_stories_island_of_hope16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\natalie_brooks16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\newGames.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\partner.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\popup_off.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\popup_on.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\puzzle.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\restoring_rhonda16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\search.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\sendafriend.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\sports.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\the_hidden_object_show16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\the_pini_society16x16.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\trial.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\uninstall.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\update.gif

C:\ProgramData\GamesBar\08-11-21-20-39-34\womens_murder_club_fr16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\7_wonders_treasures_of_seven16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\about.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\action.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\arcade.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\around_the_world_in_80_days16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\big_city_adventure_sydney16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\buy.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\cards.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\cooking_dash16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\deals.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\download.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\escape_from_the_museum16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\farm_frenzy_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\feedback.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\help.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\highlight.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\home_sweet_home_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\jewel_quest_316x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\jigsaw.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\kids.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\magic_encyclopedia16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\mahjong.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\mygames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\mystery_stories_island_of_hope16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\natalie_brooks16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\newGames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\partner.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\popup_off.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\popup_on.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\puzzle.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\restoring_rhonda16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\search.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\sendafriend.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\sports.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\the_hidden_object_show16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\the_pini_society16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\trial.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\uninstall.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\update.gif

C:\ProgramData\GamesBar\08-11-22-20-40-05\womens_murder_club_fr16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\7_wonders_treasures_of_seven16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\about.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\action.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\arcade.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\around_the_world_in_80_days16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\big_city_adventure_sydney16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\buy.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\cards.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\cooking_dash16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\deals.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\download.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\escape_from_the_museum16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\farm_frenzy_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\feedback.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\help.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\highlight.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\home_sweet_home_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\jewel_quest_316x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\jigsaw.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\kids.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\magic_encyclopedia16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\mahjong.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\mygames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\mystery_stories_island_of_hope16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\natalie_brooks16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\newGames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\partner.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\popup_off.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\popup_on.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\puzzle.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\restoring_rhonda16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\search.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\sendafriend.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\sports.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\the_hidden_object_show16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\the_pini_society16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\trial.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\uninstall.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\update.gif

C:\ProgramData\GamesBar\08-11-22-20-40-07\womens_murder_club_fr16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\7_wonders_treasures_of_seven16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\about.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\action.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\arcade.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\around_the_world_in_80_days16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\big_city_adventure_sydney16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\buy.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\cards.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\cooking_dash16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\deals.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\download.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\escape_from_the_museum16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\farm_frenzy_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\feedback.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\help.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\highlight.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\home_sweet_home_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\jewel_quest_316x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\jigsaw.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\kids.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\magic_encyclopedia16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\mahjong.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\mygames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\mystery_stories_island_of_hope16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\natalie_brooks16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\newGames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\partner.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\popup_off.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\popup_on.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\puzzle.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\restoring_rhonda16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\search.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\sendafriend.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\sports.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\the_hidden_object_show16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\the_pini_society16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\trial.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\uninstall.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\update.gif

C:\ProgramData\GamesBar\08-11-22-20-40-10\womens_murder_club_fr16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\7_wonders_treasures_of_seven16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\about.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\action.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\arcade.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\around_the_world_in_80_days16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\big_city_adventure_sydney16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\buy.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\cards.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\cooking_dash16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\deals.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\download.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\escape_from_the_museum16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\farm_frenzy_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\feedback.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\help.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\highlight.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\home_sweet_home_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\jewel_quest_316x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\jigsaw.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\kids.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\magic_encyclopedia16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\mahjong.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\mygames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\mystery_stories_island_of_hope16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\natalie_brooks16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\newGames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\partner.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\popup_off.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\popup_on.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\puzzle.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\restoring_rhonda16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\search.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\sendafriend.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\sports.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\the_hidden_object_show16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\the_pini_society16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\trial.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\uninstall.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\update.gif

C:\ProgramData\GamesBar\08-11-22-20-40-16\womens_murder_club_fr16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\7_wonders_treasures_of_seven16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\about.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\action.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\arcade.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\around_the_world_in_80_days16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\big_city_adventure_sydney16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\buy.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\cards.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\cooking_dash16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\deals.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\download.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\escape_from_the_museum16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\farm_frenzy_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\feedback.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\help.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\highlight.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\home_sweet_home_216x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\jewel_quest_316x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\jigsaw.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\kids.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\magic_encyclopedia16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\mahjong.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\mygames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\mystery_stories_island_of_hope16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\natalie_brooks16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\newGames.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\partner.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\popup_off.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\popup_on.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\puzzle.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\restoring_rhonda16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\search.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\sendafriend.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\sports.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\the_hidden_object_show16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\the_pini_society16x16.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\trial.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\uninstall.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\update.gif

C:\ProgramData\GamesBar\08-11-22-20-40-27\womens_murder_club_fr16x16.gif

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\GamesBar

C:\Program Files\GamesBar

C:\Program Files\GamesBar\Localization-French.ini

C:\Program Files\GamesBar\Localization2-French.ini

C:\Program Files\GamesBar\oberontb.dll

C:\Program Files\GamesBar\OBGet.exe

C:\Program Files\GamesBar\uninst.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"

"Default_Page_URL"="http://fr.fr.acer.yahoo.com"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

--------------------\\ Recherche d'autres infections

C:\Windows\system32\mdelk.exe

C:\Windows\system32\wintems.exe

==> BAGLE <==

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa]

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 04/03/2009|22:00 - Option : [1]

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15

USER : isa ( Administrator )

BOOT : Fail-safe boot

C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go)

D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 04/03/2009|22:03 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-24

Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-24.xm_

Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-26

Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-26.xm_

Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-34

Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-34.xm_

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-05

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-05.xm_

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-07

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-07.xm_

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-10

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-10.xm_

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-16

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-16.xm_

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-27

Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-27.xm_

Supprime! - C:\ProgramData\GamesBar\7_wonders_treasures_of_seven16x16.gif

Supprime! - C:\ProgramData\GamesBar\about.gif

Supprime! - C:\ProgramData\GamesBar\action.gif

Supprime! - C:\ProgramData\GamesBar\arcade.gif

Supprime! - C:\ProgramData\GamesBar\around_the_world_in_80_days16x16.gif

Supprime! - C:\ProgramData\GamesBar\big_city_adventure_sydney16x16.gif

Supprime! - C:\ProgramData\GamesBar\buy.gif

Supprime! - C:\ProgramData\GamesBar\cards.gif

Supprime! - C:\ProgramData\GamesBar\cooking_dash16x16.gif

Supprime! - C:\ProgramData\GamesBar\deals.gif

Supprime! - C:\ProgramData\GamesBar\download.gif

Supprime! - C:\ProgramData\GamesBar\escape_from_the_museum16x16.gif

Supprime! - C:\ProgramData\GamesBar\farm_frenzy_216x16.gif

Supprime! - C:\ProgramData\GamesBar\feedback.gif

Supprime! - C:\ProgramData\GamesBar\help.gif

Supprime! - C:\ProgramData\GamesBar\highlight.gif

Supprime! - C:\ProgramData\GamesBar\home_sweet_home_216x16.gif

Supprime! - C:\ProgramData\GamesBar\jewel_quest_316x16.gif

Supprime! - C:\ProgramData\GamesBar\jigsaw.gif

Supprime! - C:\ProgramData\GamesBar\kids.gif

Supprime! - C:\ProgramData\GamesBar\magic_encyclopedia16x16.gif

Supprime! - C:\ProgramData\GamesBar\mahjong.gif

Supprime! - C:\ProgramData\GamesBar\mygames.gif

Supprime! - C:\ProgramData\GamesBar\mystery_stories_island_of_hope16x16.gif

Supprime! - C:\ProgramData\GamesBar\natalie_brooks16x16.gif

Supprime! - C:\ProgramData\GamesBar\newGames.gif

Supprime! - C:\ProgramData\GamesBar\oberonconfig.xm_

Supprime! - C:\ProgramData\GamesBar\obSearchHistory.dat

Supprime! - C:\ProgramData\GamesBar\partner.gif

Supprime! - C:\ProgramData\GamesBar\popup_off.gif

Supprime! - C:\ProgramData\GamesBar\popup_on.gif

Supprime! - C:\ProgramData\GamesBar\puzzle.gif

Supprime! - C:\ProgramData\GamesBar\restoring_rhonda16x16.gif

Supprime! - C:\ProgramData\GamesBar\search.gif

Supprime! - C:\ProgramData\GamesBar\sendafriend.gif

Supprime! - C:\ProgramData\GamesBar\sports.gif

Supprime! - C:\ProgramData\GamesBar\the_hidden_object_show16x16.gif

Supprime! - C:\ProgramData\GamesBar\the_pini_society16x16.gif

Supprime! - C:\ProgramData\GamesBar\trial.gif

Supprime! - C:\ProgramData\GamesBar\uninstall.gif

Supprime! - C:\ProgramData\GamesBar\update.gif

Supprime! - C:\ProgramData\GamesBar\womens_murder_club_fr16x16.gif

Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\GamesBar

Supprime! - C:\Program Files\GamesBar\Localization-French.ini

Supprime! - C:\Program Files\GamesBar\Localization2-French.ini

Supprime! - C:\Program Files\GamesBar\oberontb.dll

Supprime! - C:\Program Files\GamesBar\OBGet.exe

Supprime! - C:\Program Files\GamesBar\uninst.exe

Supprime! - C:\ProgramData\GamesBar

Supprime! - C:\Program Files\GamesBar

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"'>http://www.msn.com/"'>http://www.msn.com/"

"Default_Page_URL"="http://fr.fr.acer.yahoo.com"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

--------------------\\ Recherche d'autres infections

C:\Windows\system32\mdelk.exe

C:\Windows\system32\wintems.exe

==> BAGLE <==

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa]

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 04/03/2009|22:00 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 04/03/2009|22:04 - Option : [2]

et ensuite les deux mêmes rapports après mon post de 22h28

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15

USER : isa ( Administrator )

BOOT : Fail-safe boot

C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go)

D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 04/03/2009|22:46 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://fr.fr.acer.yahoo.com"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

--------------------\\ Recherche d'autres infections

C:\Windows\system32\mdelk.exe

C:\Windows\system32\wintems.exe

C:\Windows\system32\ban_list.txt

==> BAGLE <==

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa]

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 04/03/2009|22:00 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 04/03/2009|22:04 - Option : [2]

3 - "C:\ToolBar SD\TB_3.txt" - 04/03/2009|22:47 - Option : [1]

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15

USER : isa ( Administrator )

BOOT : Fail-safe boot

C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go)

D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 04/03/2009|22:48 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://fr.fr.acer.yahoo.com"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

--------------------\\ Recherche d'autres infections

C:\Windows\system32\mdelk.exe

C:\Windows\system32\wintems.exe

C:\Windows\system32\ban_list.txt

==> BAGLE <==

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa]

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 04/03/2009|22:00 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 04/03/2009|22:04 - Option : [2]

3 - "C:\ToolBar SD\TB_3.txt" - 04/03/2009|22:47 - Option : [1]

4 - "C:\ToolBar SD\TB_4.txt" - 04/03/2009|22:48 - Option : [2]

Ensuite j'envoie les rapports de Navilog et de combofix...

zabouille · le 4 mars 2009

Voilà les derniers rapports :

le premier de "Navilog" :

Search Navipromo version 3.7.5 commencé le 04/03/2009 à 23:00:12,73

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15

USER : isa ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go)

D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\Windows" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

*** Recherche dossiers dans "C:\ProgramData" ***

*** Recherche dossiers dans "c:\users\isa\appdata\roaming\micros~1\windows\startm~1\programs" ***

*** Recherche dossiers dans "C:\Users\isa\AppData\Local\virtualstore\Program Files" ***

*** Recherche dossiers dans "C:\Users\isa\AppData\Local" ***

*** Recherche dossiers dans "C:\Users\isa\AppData\Roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Windows\System32\wintems.exe

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\isa\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\isa\AppData\Local" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"yiyocik"="\"c:\\users\\isa\\appdata\\local\\yiyocik.exe\" yiyocik"

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\Windows\system32" :

* Dans "C:\Users\isa\AppData\Local\Microsoft" :

* Dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" :

* Dans "C:\Users\isa\AppData\Local" :

yiyocik.exe trouvé !

yiyocik.dat trouvé !

yiyocik_nav.dat trouvé !

yiyocik_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup absent !

Certificat Electronic-Group trouvé !

Certificat Montorgueil absent !

Certificat OOO-Favorit trouvé !

Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 04/03/2009 à 23:19:53,95 ***

Le second de "Navilog" :

Clean Navipromo version 3.7.5 commencé le 04/03/2009 à 23:22:10,82

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15

USER : isa ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go)

D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

Mode suppression automatique

avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\Windows\System32\wintems.exe réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\Windows\System32\wintems.exe !!ERREUR SUPPRESSION!!

** 2ème passage avec résultats Catchme **

* Dans "C:\Windows\system32" *

wintems.exe trouvé !

Copie wintems.exe réalisée avec succès !

wintems.exe !!ERREUR SUPPRESSION!!

C:\Windows\system32\wintems.exe trouvé !

Copie C:\Windows\system32\wintems.exe réalisée avec succès !

C:\Windows\system32\wintems.exe !!ERREUR SUPPRESSION!!

* Dans "C:\Users\isa\AppData\Local\Microsoft" *

C:\Windows\system32\wintems.exe trouvé !

Copie C:\Windows\system32\wintems.exe réalisée avec succès !

C:\Windows\system32\wintems.exe !!ERREUR SUPPRESSION!!

* Dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" *

C:\Windows\system32\wintems.exe trouvé !

Copie C:\Windows\system32\wintems.exe réalisée avec succès !

C:\Windows\system32\wintems.exe !!ERREUR SUPPRESSION!!

* Dans "C:\Users\isa\AppData\Local" *

C:\Windows\system32\wintems.exe trouvé !

Copie C:\Windows\system32\wintems.exe réalisée avec succès !

C:\Windows\system32\wintems.exe !!ERREUR SUPPRESSION!!

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *

* Suppression dans "C:\Users\isa\AppData\Local\Microsoft" *

* Suppression dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" *

* Suppression dans "C:\Users\isa\AppData\Local" *

*** Suppression dossiers dans "C:\Windows" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

*** Suppression dossiers dans "C:\ProgramData" ***

*** Suppression dossiers dans c:\users\isa\appdata\roaming\micros~1\windows\startm~1\programs ***

*** Suppression dossiers dans "C:\Users\isa\AppData\Local\virtualstore\Program Files" ***

*** Suppression dossiers dans "C:\Users\isa\AppData\Local" ***

*** Suppression dossiers dans "C:\Users\isa\AppData\Roaming" ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !

Nettoyage contenu C:\Users\isa\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\Windows\system32" *

* Dans "C:\Users\isa\AppData\Local\Microsoft" *

* Dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" *

* Dans "C:\Users\isa\AppData\Local" *

yiyocik.exe trouvé !

Copie yiyocik.exe réalisée avec succès !

yiyocik.exe supprimé !

yiyocik.dat trouvé !

Copie yiyocik.dat réalisée avec succès !

yiyocik.dat supprimé !

yiyocik_nav.dat trouvé !

Copie yiyocik_nav.dat réalisée avec succès !

yiyocik_nav.dat supprimé !

yiyocik_navps.dat trouvé !

Copie yiyocik_navps.dat réalisée avec succès !

yiyocik_navps.dat supprimé !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !

Certificat Electronic-Group supprimé !

Certificat Montorgueil absent !

Certificat OOO-Favorit supprimé !

Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

*** Nettoyage terminé le 04/03/2009 à 23:25:55,07 ***

zabouille · le 4 mars 2009

Et pour finir le rapport de "combofix"

J'ai l'impression que le PC va déjà beaucoup mieux.

Merci encore pour vos conseils judicieux.

Juste une petite question : est-ce que je peux d'ores et déjà réinstaller "antivir" ou faut-il attendre encore?

ComboFix 09-03-03.01 - SYSTEM 2009-03-04 23:38:24.1 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2734 [GMT 1:00]

Lancé depuis: c:\users\isa\Desktop\isa.exe

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\QUAD Utilities

c:\users\isa\AppData\Roaming\.#

c:\users\isa\AppData\Roaming\.#\MBX@AC0@1D02990.###

c:\users\isa\AppData\Roaming\.#\MBX@AC0@1D029C0.###

c:\users\isa\AppData\Roaming\.#\MBX@AC0@1D029F0.###

c:\users\isa\AppData\Roaming\drivers\downld

c:\users\isa\AppData\Roaming\drivers\downld\1002587.exe

c:\users\isa\AppData\Roaming\drivers\downld\1006019.exe

c:\users\isa\AppData\Roaming\drivers\downld\1006908.exe

c:\users\isa\AppData\Roaming\drivers\downld\102180.exe

c:\users\isa\AppData\Roaming\drivers\downld\102336.exe

c:\users\isa\AppData\Roaming\drivers\downld\102976.exe

c:\users\isa\AppData\Roaming\drivers\downld\103054.exe

c:\users\isa\AppData\Roaming\drivers\downld\103787.exe

c:\users\isa\AppData\Roaming\drivers\downld\103943.exe

c:\users\isa\AppData\Roaming\drivers\downld\104083.exe

c:\users\isa\AppData\Roaming\drivers\downld\105846.exe

c:\users\isa\AppData\Roaming\drivers\downld\105862.exe

c:\users\isa\AppData\Roaming\drivers\downld\106829.exe

c:\users\isa\AppData\Roaming\drivers\downld\1106093.exe

c:\users\isa\AppData\Roaming\drivers\downld\1106359.exe

c:\users\isa\AppData\Roaming\drivers\downld\1106374.exe

c:\users\isa\AppData\Roaming\drivers\downld\111696.exe

c:\users\isa\AppData\Roaming\drivers\downld\112882.exe

c:\users\isa\AppData\Roaming\drivers\downld\112991.exe

c:\users\isa\AppData\Roaming\drivers\downld\113350.exe

c:\users\isa\AppData\Roaming\drivers\downld\113833.exe

c:\users\isa\AppData\Roaming\drivers\downld\1141880.exe

c:\users\isa\AppData\Roaming\drivers\downld\1142488.exe

c:\users\isa\AppData\Roaming\drivers\downld\1142504.exe

c:\users\isa\AppData\Roaming\drivers\downld\1144704.exe

c:\users\isa\AppData\Roaming\drivers\downld\1145359.exe

c:\users\isa\AppData\Roaming\drivers\downld\114879.exe

c:\users\isa\AppData\Roaming\drivers\downld\1153330.exe

c:\users\isa\AppData\Roaming\drivers\downld\116267.exe

c:\users\isa\AppData\Roaming\drivers\downld\116532.exe

c:\users\isa\AppData\Roaming\drivers\downld\116751.exe

c:\users\isa\AppData\Roaming\drivers\downld\1168790.exe

c:\users\isa\AppData\Roaming\drivers\downld\1168868.exe

c:\users\isa\AppData\Roaming\drivers\downld\117047.exe

c:\users\isa\AppData\Roaming\drivers\downld\1171941.exe

c:\users\isa\AppData\Roaming\drivers\downld\1177448.exe

c:\users\isa\AppData\Roaming\drivers\downld\1178649.exe

c:\users\isa\AppData\Roaming\drivers\downld\1179117.exe

c:\users\isa\AppData\Roaming\drivers\downld\1182409.exe

c:\users\isa\AppData\Roaming\drivers\downld\119605.exe

c:\users\isa\AppData\Roaming\drivers\downld\120198.exe

c:\users\isa\AppData\Roaming\drivers\downld\120307.exe

c:\users\isa\AppData\Roaming\drivers\downld\120838.exe

c:\users\isa\AppData\Roaming\drivers\downld\121134.exe

c:\users\isa\AppData\Roaming\drivers\downld\121618.exe

c:\users\isa\AppData\Roaming\drivers\downld\1217619.exe

c:\users\isa\AppData\Roaming\drivers\downld\121914.exe

c:\users\isa\AppData\Roaming\drivers\downld\1219709.exe

c:\users\isa\AppData\Roaming\drivers\downld\121992.exe

c:\users\isa\AppData\Roaming\drivers\downld\1223063.exe

c:\users\isa\AppData\Roaming\drivers\downld\123022.exe

c:\users\isa\AppData\Roaming\drivers\downld\123755.exe

c:\users\isa\AppData\Roaming\drivers\downld\124317.exe

c:\users\isa\AppData\Roaming\drivers\downld\125222.exe

c:\users\isa\AppData\Roaming\drivers\downld\125908.exe

c:\users\isa\AppData\Roaming\drivers\downld\126376.exe

c:\users\isa\AppData\Roaming\drivers\downld\1269005.exe

c:\users\isa\AppData\Roaming\drivers\downld\127016.exe

c:\users\isa\AppData\Roaming\drivers\downld\127062.exe

c:\users\isa\AppData\Roaming\drivers\downld\127203.exe

c:\users\isa\AppData\Roaming\drivers\downld\1272437.exe

c:\users\isa\AppData\Roaming\drivers\downld\1272936.exe

c:\users\isa\AppData\Roaming\drivers\downld\127437.exe

c:\users\isa\AppData\Roaming\drivers\downld\127515.exe

c:\users\isa\AppData\Roaming\drivers\downld\127593.exe

c:\users\isa\AppData\Roaming\drivers\downld\1278272.exe

c:\users\isa\AppData\Roaming\drivers\downld\1280175.exe

c:\users\isa\AppData\Roaming\drivers\downld\1280191.exe

c:\users\isa\AppData\Roaming\drivers\downld\128030.exe

c:\users\isa\AppData\Roaming\drivers\downld\128591.exe

c:\users\isa\AppData\Roaming\drivers\downld\128716.exe

c:\users\isa\AppData\Roaming\drivers\downld\129246.exe

c:\users\isa\AppData\Roaming\drivers\downld\129621.exe

c:\users\isa\AppData\Roaming\drivers\downld\129933.exe

c:\users\isa\AppData\Roaming\drivers\downld\1301344.exe

c:\users\isa\AppData\Roaming\drivers\downld\130853.exe

c:\users\isa\AppData\Roaming\drivers\downld\1309909.exe

c:\users\isa\AppData\Roaming\drivers\downld\1310439.exe

c:\users\isa\AppData\Roaming\drivers\downld\131072.exe

c:\users\isa\AppData\Roaming\drivers\downld\131087.exe

c:\users\isa\AppData\Roaming\drivers\downld\131586.exe

c:\users\isa\AppData\Roaming\drivers\downld\131883.exe

c:\users\isa\AppData\Roaming\drivers\downld\132320.exe

c:\users\isa\AppData\Roaming\drivers\downld\132569.exe

c:\users\isa\AppData\Roaming\drivers\downld\132881.exe

c:\users\isa\AppData\Roaming\drivers\downld\133068.exe

c:\users\isa\AppData\Roaming\drivers\downld\133146.exe

c:\users\isa\AppData\Roaming\drivers\downld\133614.exe

c:\users\isa\AppData\Roaming\drivers\downld\134285.exe

c:\users\isa\AppData\Roaming\drivers\downld\134769.exe

c:\users\isa\AppData\Roaming\drivers\downld\135408.exe

c:\users\isa\AppData\Roaming\drivers\downld\136407.exe

c:\users\isa\AppData\Roaming\drivers\downld\136563.exe

c:\users\isa\AppData\Roaming\drivers\downld\136750.exe

c:\users\isa\AppData\Roaming\drivers\downld\137748.exe

c:\users\isa\AppData\Roaming\drivers\downld\138154.exe

c:\users\isa\AppData\Roaming\drivers\downld\138825.exe

c:\users\isa\AppData\Roaming\drivers\downld\1409469.exe

c:\users\isa\AppData\Roaming\drivers\downld\1411325.exe

c:\users\isa\AppData\Roaming\drivers\downld\1411341.exe

c:\users\isa\AppData\Roaming\drivers\downld\1414461.exe

c:\users\isa\AppData\Roaming\drivers\downld\1415553.exe

c:\users\isa\AppData\Roaming\drivers\downld\143411.exe

c:\users\isa\AppData\Roaming\drivers\downld\144269.exe

c:\users\isa\AppData\Roaming\drivers\downld\1450715.exe

c:\users\isa\AppData\Roaming\drivers\downld\1452806.exe

c:\users\isa\AppData\Roaming\drivers\downld\1453258.exe

c:\users\isa\AppData\Roaming\drivers\downld\147264.exe

c:\users\isa\AppData\Roaming\drivers\downld\14806554.exe

c:\users\isa\AppData\Roaming\drivers\downld\14806585.exe

c:\users\isa\AppData\Roaming\drivers\downld\148949.exe

c:\users\isa\AppData\Roaming\drivers\downld\150119.exe

c:\users\isa\AppData\Roaming\drivers\downld\150150.exe

c:\users\isa\AppData\Roaming\drivers\downld\151258.exe

c:\users\isa\AppData\Roaming\drivers\downld\153738.exe

c:\users\isa\AppData\Roaming\drivers\downld\154144.exe

c:\users\isa\AppData\Roaming\drivers\downld\154799.exe

c:\users\isa\AppData\Roaming\drivers\downld\156157.exe

c:\users\isa\AppData\Roaming\drivers\downld\156437.exe

c:\users\isa\AppData\Roaming\drivers\downld\157405.exe

c:\users\isa\AppData\Roaming\drivers\downld\157685.exe

c:\users\isa\AppData\Roaming\drivers\downld\157717.exe

c:\users\isa\AppData\Roaming\drivers\downld\1590851.exe

c:\users\isa\AppData\Roaming\drivers\downld\159167.exe

c:\users\isa\AppData\Roaming\drivers\downld\1598651.exe

c:\users\isa\AppData\Roaming\drivers\downld\1609384.exe

c:\users\isa\AppData\Roaming\drivers\downld\161383.exe

c:\users\isa\AppData\Roaming\drivers\downld\161741.exe

c:\users\isa\AppData\Roaming\drivers\downld\161757.exe

c:\users\isa\AppData\Roaming\drivers\downld\1618837.exe

c:\users\isa\AppData\Roaming\drivers\downld\1627168.exe

c:\users\isa\AppData\Roaming\drivers\downld\163535.exe

c:\users\isa\AppData\Roaming\drivers\downld\1636434.exe

c:\users\isa\AppData\Roaming\drivers\downld\164175.exe

c:\users\isa\AppData\Roaming\drivers\downld\16490569.exe

c:\users\isa\AppData\Roaming\drivers\downld\16490631.exe

c:\users\isa\AppData\Roaming\drivers\downld\16490647.exe

c:\users\isa\AppData\Roaming\drivers\downld\16531769.exe

c:\users\isa\AppData\Roaming\drivers\downld\16537275.exe

c:\users\isa\AppData\Roaming\drivers\downld\16537962.exe

c:\users\isa\AppData\Roaming\drivers\downld\16538976.exe

c:\users\isa\AppData\Roaming\drivers\downld\16541020.exe

c:\users\isa\AppData\Roaming\drivers\downld\16541472.exe

c:\users\isa\AppData\Roaming\drivers\downld\165719.exe

c:\users\isa\AppData\Roaming\drivers\downld\16585371.exe

c:\users\isa\AppData\Roaming\drivers\downld\16600815.exe

c:\users\isa\AppData\Roaming\drivers\downld\16615292.exe

c:\users\isa\AppData\Roaming\drivers\downld\166156.exe

c:\users\isa\AppData\Roaming\drivers\downld\1666667.exe

c:\users\isa\AppData\Roaming\drivers\downld\1668259.exe

c:\users\isa\AppData\Roaming\drivers\downld\1668274.exe

c:\users\isa\AppData\Roaming\drivers\downld\167498.exe

c:\users\isa\AppData\Roaming\drivers\downld\167872.exe

c:\users\isa\AppData\Roaming\drivers\downld\168153.exe

c:\users\isa\AppData\Roaming\drivers\downld\16856188.exe

c:\users\isa\AppData\Roaming\drivers\downld\16856204.exe

c:\users\isa\AppData\Roaming\drivers\downld\16871586.exe

c:\users\isa\AppData\Roaming\drivers\downld\1692314.exe

c:\users\isa\AppData\Roaming\drivers\downld\1693812.exe

c:\users\isa\AppData\Roaming\drivers\downld\169385.exe

c:\users\isa\AppData\Roaming\drivers\downld\1694592.exe

c:\users\isa\AppData\Roaming\drivers\downld\1695668.exe

c:\users\isa\AppData\Roaming\drivers\downld\169713.exe

c:\users\isa\AppData\Roaming\drivers\downld\1697821.exe

c:\users\isa\AppData\Roaming\drivers\downld\1698211.exe

c:\users\isa\AppData\Roaming\drivers\downld\1721237.exe

c:\users\isa\AppData\Roaming\drivers\downld\1723499.exe

c:\users\isa\AppData\Roaming\drivers\downld\1724279.exe

c:\users\isa\AppData\Roaming\drivers\downld\1724887.exe

c:\users\isa\AppData\Roaming\drivers\downld\1726353.exe

c:\users\isa\AppData\Roaming\drivers\downld\17288420.exe

c:\users\isa\AppData\Roaming\drivers\downld\17288561.exe

c:\users\isa\AppData\Roaming\drivers\downld\17288904.exe

c:\users\isa\AppData\Roaming\drivers\downld\17305019.exe

c:\users\isa\AppData\Roaming\drivers\downld\17305034.exe

c:\users\isa\AppData\Roaming\drivers\downld\173831.exe

c:\users\isa\AppData\Roaming\drivers\downld\174206.exe

c:\users\isa\AppData\Roaming\drivers\downld\1742312.exe

c:\users\isa\AppData\Roaming\drivers\downld\17508429.exe

c:\users\isa\AppData\Roaming\drivers\downld\17516977.exe

c:\users\isa\AppData\Roaming\drivers\downld\17517679.exe

c:\users\isa\AppData\Roaming\drivers\downld\1755463.exe

c:\users\isa\AppData\Roaming\drivers\downld\176203.exe

c:\users\isa\AppData\Roaming\drivers\downld\176374.exe

c:\users\isa\AppData\Roaming\drivers\downld\1764262.exe

c:\users\isa\AppData\Roaming\drivers\downld\17732836.exe

c:\users\isa\AppData\Roaming\drivers\downld\17747406.exe

c:\users\isa\AppData\Roaming\drivers\downld\17757047.exe

c:\users\isa\AppData\Roaming\drivers\downld\1780299.exe

c:\users\isa\AppData\Roaming\drivers\downld\1781562.exe

c:\users\isa\AppData\Roaming\drivers\downld\1781999.exe

c:\users\isa\AppData\Roaming\drivers\downld\17836920.exe

c:\users\isa\AppData\Roaming\drivers\downld\17836982.exe

c:\users\isa\AppData\Roaming\drivers\downld\17837169.exe

c:\users\isa\AppData\Roaming\drivers\downld\178964.exe

c:\users\isa\AppData\Roaming\drivers\downld\179775.exe

c:\users\isa\AppData\Roaming\drivers\downld\180149.exe

c:\users\isa\AppData\Roaming\drivers\downld\180711.exe

c:\users\isa\AppData\Roaming\drivers\downld\181304.exe

c:\users\isa\AppData\Roaming\drivers\downld\18154522.exe

c:\users\isa\AppData\Roaming\drivers\downld\18155474.exe

c:\users\isa\AppData\Roaming\drivers\downld\18155755.exe

c:\users\isa\AppData\Roaming\drivers\downld\181850.exe

c:\users\isa\AppData\Roaming\drivers\downld\181865.exe

c:\users\isa\AppData\Roaming\drivers\downld\183706.exe

c:\users\isa\AppData\Roaming\drivers\downld\185173.exe

c:\users\isa\AppData\Roaming\drivers\downld\185219.exe

c:\users\isa\AppData\Roaming\drivers\downld\186093.exe

c:\users\isa\AppData\Roaming\drivers\downld\186233.exe

c:\users\isa\AppData\Roaming\drivers\downld\188823.exe

c:\users\isa\AppData\Roaming\drivers\downld\1889546.exe

c:\users\isa\AppData\Roaming\drivers\downld\1890451.exe

c:\users\isa\AppData\Roaming\drivers\downld\1890466.exe

c:\users\isa\AppData\Roaming\drivers\downld\191179.exe

c:\users\isa\AppData\Roaming\drivers\downld\193722.exe

c:\users\isa\AppData\Roaming\drivers\downld\193831.exe

c:\users\isa\AppData\Roaming\drivers\downld\197434.exe

c:\users\isa\AppData\Roaming\drivers\downld\1998263.exe

c:\users\isa\AppData\Roaming\drivers\downld\1999215.exe

c:\users\isa\AppData\Roaming\drivers\downld\1999230.exe

c:\users\isa\AppData\Roaming\drivers\downld\2002366.exe

c:\users\isa\AppData\Roaming\drivers\downld\2003676.exe

c:\users\isa\AppData\Roaming\drivers\downld\2003692.exe

c:\users\isa\AppData\Roaming\drivers\downld\2023598.exe

c:\users\isa\AppData\Roaming\drivers\downld\2025969.exe

c:\users\isa\AppData\Roaming\drivers\downld\2026421.exe

c:\users\isa\AppData\Roaming\drivers\downld\2027170.exe

c:\users\isa\AppData\Roaming\drivers\downld\2028590.exe

c:\users\isa\AppData\Roaming\drivers\downld\2029151.exe

c:\users\isa\AppData\Roaming\drivers\downld\205172.exe

c:\users\isa\AppData\Roaming\drivers\downld\205375.exe

c:\users\isa\AppData\Roaming\drivers\downld\205515.exe

c:\users\isa\AppData\Roaming\drivers\downld\205999.exe

c:\users\isa\AppData\Roaming\drivers\downld\206358.exe

c:\users\isa\AppData\Roaming\drivers\downld\207028.exe

c:\users\isa\AppData\Roaming\drivers\downld\2085499.exe

c:\users\isa\AppData\Roaming\drivers\downld\208557.exe

c:\users\isa\AppData\Roaming\drivers\downld\2087418.exe

c:\users\isa\AppData\Roaming\drivers\downld\2087589.exe

c:\users\isa\AppData\Roaming\drivers\downld\209166.exe

c:\users\isa\AppData\Roaming\drivers\downld\209400.exe

c:\users\isa\AppData\Roaming\drivers\downld\209634.exe

c:\users\isa\AppData\Roaming\drivers\downld\211162.exe

c:\users\isa\AppData\Roaming\drivers\downld\211178.exe

c:\users\isa\AppData\Roaming\drivers\downld\211989.exe

c:\users\isa\AppData\Roaming\drivers\downld\213112.exe

c:\users\isa\AppData\Roaming\drivers\downld\216404.exe

c:\users\isa\AppData\Roaming\drivers\downld\217278.exe

c:\users\isa\AppData\Roaming\drivers\downld\217761.exe

c:\users\isa\AppData\Roaming\drivers\downld\219493.exe

c:\users\isa\AppData\Roaming\drivers\downld\219899.exe

c:\users\isa\AppData\Roaming\drivers\downld\221802.exe

c:\users\isa\AppData\Roaming\drivers\downld\225140.exe

c:\users\isa\AppData\Roaming\drivers\downld\225343.exe

c:\users\isa\AppData\Roaming\drivers\downld\225452.exe

c:\users\isa\AppData\Roaming\drivers\downld\226622.exe

c:\users\isa\AppData\Roaming\drivers\downld\228026.exe

c:\users\isa\AppData\Roaming\drivers\downld\228479.exe

c:\users\isa\AppData\Roaming\drivers\downld\242815.exe

c:\users\isa\AppData\Roaming\drivers\downld\246606.exe

c:\users\isa\AppData\Roaming\drivers\downld\248306.exe

c:\users\isa\AppData\Roaming\drivers\downld\253844.exe

c:\users\isa\AppData\Roaming\drivers\downld\254312.exe

c:\users\isa\AppData\Roaming\drivers\downld\254359.exe

c:\users\isa\AppData\Roaming\drivers\downld\256808.exe

c:\users\isa\AppData\Roaming\drivers\downld\257464.exe

c:\users\isa\AppData\Roaming\drivers\downld\257479.exe

c:\users\isa\AppData\Roaming\drivers\downld\263220.exe

c:\users\isa\AppData\Roaming\drivers\downld\263485.exe

c:\users\isa\AppData\Roaming\drivers\downld\266948.exe

c:\users\isa\AppData\Roaming\drivers\downld\267136.exe

c:\users\isa\AppData\Roaming\drivers\downld\268352.exe

c:\users\isa\AppData\Roaming\drivers\downld\268898.exe

c:\users\isa\AppData\Roaming\drivers\downld\269881.exe

c:\users\isa\AppData\Roaming\drivers\downld\270614.exe

c:\users\isa\AppData\Roaming\drivers\downld\270926.exe

c:\users\isa\AppData\Roaming\drivers\downld\271223.exe

c:\users\isa\AppData\Roaming\drivers\downld\275216.exe

c:\users\isa\AppData\Roaming\drivers\downld\296823.exe

c:\users\isa\AppData\Roaming\drivers\downld\297353.exe

c:\users\isa\AppData\Roaming\drivers\downld\297462.exe

c:\users\isa\AppData\Roaming\drivers\downld\297805.exe

c:\users\isa\AppData\Roaming\drivers\downld\303203.exe

c:\users\isa\AppData\Roaming\drivers\downld\304389.exe

c:\users\isa\AppData\Roaming\drivers\downld\304404.exe

c:\users\isa\AppData\Roaming\drivers\downld\312407.exe

c:\users\isa\AppData\Roaming\drivers\downld\314139.exe

c:\users\isa\AppData\Roaming\drivers\downld\314544.exe

c:\users\isa\AppData\Roaming\drivers\downld\316089.exe

c:\users\isa\AppData\Roaming\drivers\downld\316510.exe

c:\users\isa\AppData\Roaming\drivers\downld\316526.exe

c:\users\isa\AppData\Roaming\drivers\downld\321674.exe

c:\users\isa\AppData\Roaming\drivers\downld\322454.exe

c:\users\isa\AppData\Roaming\drivers\downld\324903.exe

c:\users\isa\AppData\Roaming\drivers\downld\32558469.exe

c:\users\isa\AppData\Roaming\drivers\downld\32562026.exe

c:\users\isa\AppData\Roaming\drivers\downld\32562041.exe

c:\users\isa\AppData\Roaming\drivers\downld\325839.exe

c:\users\isa\AppData\Roaming\drivers\downld\325854.exe

c:\users\isa\AppData\Roaming\drivers\downld\32609668.exe

c:\users\isa\AppData\Roaming\drivers\downld\32610698.exe

c:\users\isa\AppData\Roaming\drivers\downld\32611447.exe

c:\users\isa\AppData\Roaming\drivers\downld\32612352.exe

c:\users\isa\AppData\Roaming\drivers\downld\32625815.exe

c:\users\isa\AppData\Roaming\drivers\downld\32626205.exe

c:\users\isa\AppData\Roaming\drivers\downld\32672849.exe

c:\users\isa\AppData\Roaming\drivers\downld\32675813.exe

c:\users\isa\AppData\Roaming\drivers\downld\32677451.exe

c:\users\isa\AppData\Roaming\drivers\downld\328116.exe

c:\users\isa\AppData\Roaming\drivers\downld\329146.exe

c:\users\isa\AppData\Roaming\drivers\downld\329162.exe

c:\users\isa\AppData\Roaming\drivers\downld\32941483.exe

c:\users\isa\AppData\Roaming\drivers\downld\32941951.exe

c:\users\isa\AppData\Roaming\drivers\downld\32941966.exe

c:\users\isa\AppData\Roaming\drivers\downld\33147903.exe

c:\users\isa\AppData\Roaming\drivers\downld\33160586.exe

c:\users\isa\AppData\Roaming\drivers\downld\33160602.exe

c:\users\isa\AppData\Roaming\drivers\downld\33174611.exe

c:\users\isa\AppData\Roaming\drivers\downld\33177138.exe

c:\users\isa\AppData\Roaming\drivers\downld\33177153.exe

c:\users\isa\AppData\Roaming\drivers\downld\33244390.exe

c:\users\isa\AppData\Roaming\drivers\downld\33246012.exe

c:\users\isa\AppData\Roaming\drivers\downld\33246527.exe

c:\users\isa\AppData\Roaming\drivers\downld\334076.exe

c:\users\isa\AppData\Roaming\drivers\downld\33445959.exe

c:\users\isa\AppData\Roaming\drivers\downld\33454788.exe

c:\users\isa\AppData\Roaming\drivers\downld\33466442.exe

c:\users\isa\AppData\Roaming\drivers\downld\33544801.exe

c:\users\isa\AppData\Roaming\drivers\downld\33547671.exe

c:\users\isa\AppData\Roaming\drivers\downld\33548108.exe

c:\users\isa\AppData\Roaming\drivers\downld\33554192.exe

c:\users\isa\AppData\Roaming\drivers\downld\33555222.exe

c:\users\isa\AppData\Roaming\drivers\downld\33555237.exe

c:\users\isa\AppData\Roaming\drivers\downld\338288.exe

c:\users\isa\AppData\Roaming\drivers\downld\338303.exe

c:\users\isa\AppData\Roaming\drivers\downld\339536.exe

c:\users\isa\AppData\Roaming\drivers\downld\341002.exe

c:\users\isa\AppData\Roaming\drivers\downld\341517.exe

c:\users\isa\AppData\Roaming\drivers\downld\342796.exe

c:\users\isa\AppData\Roaming\drivers\downld\343264.exe

c:\users\isa\AppData\Roaming\drivers\downld\344029.exe

c:\users\isa\AppData\Roaming\drivers\downld\360845.exe

c:\users\isa\AppData\Roaming\drivers\downld\363232.exe

c:\users\isa\AppData\Roaming\drivers\downld\363841.exe

c:\users\isa\AppData\Roaming\drivers\downld\363965.exe

c:\users\isa\AppData\Roaming\drivers\downld\364433.exe

c:\users\isa\AppData\Roaming\drivers\downld\364449.exe

c:\users\isa\AppData\Roaming\drivers\downld\366259.exe

c:\users\isa\AppData\Roaming\drivers\downld\366992.exe

c:\users\isa\AppData\Roaming\drivers\downld\367007.exe

c:\users\isa\AppData\Roaming\drivers\downld\372904.exe

c:\users\isa\AppData\Roaming\drivers\downld\374261.exe

c:\users\isa\AppData\Roaming\drivers\downld\375525.exe

c:\users\isa\AppData\Roaming\drivers\downld\376773.exe

c:\users\isa\AppData\Roaming\drivers\downld\382686.exe

c:\users\isa\AppData\Roaming\drivers\downld\382717.exe

c:\users\isa\AppData\Roaming\drivers\downld\384043.exe

c:\users\isa\AppData\Roaming\drivers\downld\386414.exe

c:\users\isa\AppData\Roaming\drivers\downld\386976.exe

c:\users\isa\AppData\Roaming\drivers\downld\389971.exe

c:\users\isa\AppData\Roaming\drivers\downld\392326.exe

c:\users\isa\AppData\Roaming\drivers\downld\392373.exe

c:\users\isa\AppData\Roaming\drivers\downld\403746.exe

c:\users\isa\AppData\Roaming\drivers\downld\403948.exe

c:\users\isa\AppData\Roaming\drivers\downld\404338.exe

c:\users\isa\AppData\Roaming\drivers\downld\404401.exe

c:\users\isa\AppData\Roaming\drivers\downld\405680.exe

c:\users\isa\AppData\Roaming\drivers\downld\405696.exe

c:\users\isa\AppData\Roaming\drivers\downld\410703.exe

c:\users\isa\AppData\Roaming\drivers\downld\412934.exe

c:\users\isa\AppData\Roaming\drivers\downld\412965.exe

c:\users\isa\AppData\Roaming\drivers\downld\413324.exe

c:\users\isa\AppData\Roaming\drivers\downld\423807.exe

c:\users\isa\AppData\Roaming\drivers\downld\425399.exe

c:\users\isa\AppData\Roaming\drivers\downld\427785.exe

c:\users\isa\AppData\Roaming\drivers\downld\43696535.exe

c:\users\isa\AppData\Roaming\drivers\downld\43700201.exe

c:\users\isa\AppData\Roaming\drivers\downld\43700232.exe

c:\users\isa\AppData\Roaming\drivers\downld\43734193.exe

c:\users\isa\AppData\Roaming\drivers\downld\43740246.exe

c:\users\isa\AppData\Roaming\drivers\downld\43741635.exe

c:\users\isa\AppData\Roaming\drivers\downld\43742836.exe

c:\users\isa\AppData\Roaming\drivers\downld\43745207.exe

c:\users\isa\AppData\Roaming\drivers\downld\43746330.exe

c:\users\isa\AppData\Roaming\drivers\downld\43768904.exe

c:\users\isa\AppData\Roaming\drivers\downld\43772710.exe

c:\users\isa\AppData\Roaming\drivers\downld\43773786.exe

c:\users\isa\AppData\Roaming\drivers\downld\448549.exe

c:\users\isa\AppData\Roaming\drivers\downld\449407.exe

c:\users\isa\AppData\Roaming\drivers\downld\449423.exe

c:\users\isa\AppData\Roaming\drivers\downld\490779.exe

c:\users\isa\AppData\Roaming\drivers\downld\491761.exe

c:\users\isa\AppData\Roaming\drivers\downld\491808.exe

c:\users\isa\AppData\Roaming\drivers\downld\494055.exe

c:\users\isa\AppData\Roaming\drivers\downld\494975.exe

c:\users\isa\AppData\Roaming\drivers\downld\494991.exe

c:\users\isa\AppData\Roaming\drivers\downld\495084.exe

c:\users\isa\AppData\Roaming\drivers\downld\496317.exe

c:\users\isa\AppData\Roaming\drivers\downld\496332.exe

c:\users\isa\AppData\Roaming\drivers\downld\505365.exe

c:\users\isa\AppData\Roaming\drivers\downld\506816.exe

c:\users\isa\AppData\Roaming\drivers\downld\506956.exe

c:\users\isa\AppData\Roaming\drivers\downld\510154.exe

c:\users\isa\AppData\Roaming\drivers\downld\511293.exe

c:\users\isa\AppData\Roaming\drivers\downld\511308.exe

c:\users\isa\AppData\Roaming\drivers\downld\515723.exe

c:\users\isa\AppData\Roaming\drivers\downld\518999.exe

c:\users\isa\AppData\Roaming\drivers\downld\519701.exe

c:\users\isa\AppData\Roaming\drivers\downld\520606.exe

c:\users\isa\AppData\Roaming\drivers\downld\522166.exe

c:\users\isa\AppData\Roaming\drivers\downld\522884.exe

c:\users\isa\AppData\Roaming\drivers\downld\528578.exe

c:\users\isa\AppData\Roaming\drivers\downld\531651.exe

c:\users\isa\AppData\Roaming\drivers\downld\532915.exe

c:\users\isa\AppData\Roaming\drivers\downld\532977.exe

c:\users\isa\AppData\Roaming\drivers\downld\533102.exe

c:\users\isa\AppData\Roaming\drivers\downld\534506.exe

c:\users\isa\AppData\Roaming\drivers\downld\534631.exe

c:\users\isa\AppData\Roaming\drivers\downld\534787.exe

c:\users\isa\AppData\Roaming\drivers\downld\535255.exe

c:\users\isa\AppData\Roaming\drivers\downld\536128.exe

c:\users\isa\AppData\Roaming\drivers\downld\537392.exe

c:\users\isa\AppData\Roaming\drivers\downld\537985.exe

c:\users\isa\AppData\Roaming\drivers\downld\538936.exe

c:\users\isa\AppData\Roaming\drivers\downld\539092.exe

c:\users\isa\AppData\Roaming\drivers\downld\54023.exe

c:\users\isa\AppData\Roaming\drivers\downld\540325.exe

c:\users\isa\AppData\Roaming\drivers\downld\540917.exe

c:\users\isa\AppData\Roaming\drivers\downld\540933.exe

c:\users\isa\AppData\Roaming\drivers\downld\542025.exe

c:\users\isa\AppData\Roaming\drivers\downld\542446.exe

c:\users\isa\AppData\Roaming\drivers\downld\542977.exe

c:\users\isa\AppData\Roaming\drivers\downld\543835.exe

c:\users\isa\AppData\Roaming\drivers\downld\543850.exe

c:\users\isa\AppData\Roaming\drivers\downld\543866.exe

c:\users\isa\AppData\Roaming\drivers\downld\543881.exe

c:\users\isa\AppData\Roaming\drivers\downld\54506.exe

c:\users\isa\AppData\Roaming\drivers\downld\546377.exe

c:\users\isa\AppData\Roaming\drivers\downld\546409.exe

c:\users\isa\AppData\Roaming\drivers\downld\546814.exe

c:\users\isa\AppData\Roaming\drivers\downld\54693.exe

c:\users\isa\AppData\Roaming\drivers\downld\547376.exe

c:\users\isa\AppData\Roaming\drivers\downld\548000.exe

c:\users\isa\AppData\Roaming\drivers\downld\549014.exe

c:\users\isa\AppData\Roaming\drivers\downld\549029.exe

c:\users\isa\AppData\Roaming\drivers\downld\550652.exe

c:\users\isa\AppData\Roaming\drivers\downld\550667.exe

c:\users\isa\AppData\Roaming\drivers\downld\553444.exe

c:\users\isa\AppData\Roaming\drivers\downld\555223.exe

c:\users\isa\AppData\Roaming\drivers\downld\555285.exe

c:\users\isa\AppData\Roaming\drivers\downld\55770.exe

c:\users\isa\AppData\Roaming\drivers\downld\558592.exe

c:\users\isa\AppData\Roaming\drivers\downld\56004.exe

c:\users\isa\AppData\Roaming\drivers\downld\560620.exe

c:\users\isa\AppData\Roaming\drivers\downld\560636.exe

c:\users\isa\AppData\Roaming\drivers\downld\561509.exe

c:\users\isa\AppData\Roaming\drivers\downld\567313.exe

c:\users\isa\AppData\Roaming\drivers\downld\567921.exe

c:\users\isa\AppData\Roaming\drivers\downld\568888.exe

c:\users\isa\AppData\Roaming\drivers\downld\569481.exe

c:\users\isa\AppData\Roaming\drivers\downld\570308.exe

c:\users\isa\AppData\Roaming\drivers\downld\571260.exe

c:\users\isa\AppData\Roaming\drivers\downld\571384.exe

c:\users\isa\AppData\Roaming\drivers\downld\573085.exe

c:\users\isa\AppData\Roaming\drivers\downld\574192.exe

c:\users\isa\AppData\Roaming\drivers\downld\576345.exe

c:\users\isa\AppData\Roaming\drivers\downld\577094.exe

c:\users\isa\AppData\Roaming\drivers\downld\577874.exe

c:\users\isa\AppData\Roaming\drivers\downld\578982.exe

c:\users\isa\AppData\Roaming\drivers\downld\579044.exe

c:\users\isa\AppData\Roaming\drivers\downld\579434.exe

c:\users\isa\AppData\Roaming\drivers\downld\58016.exe

c:\users\isa\AppData\Roaming\drivers\downld\581883.exe

c:\users\isa\AppData\Roaming\drivers\downld\58203.exe

c:\users\isa\AppData\Roaming\drivers\downld\582694.exe

c:\users\isa\AppData\Roaming\drivers\downld\583818.exe

c:\users\isa\AppData\Roaming\drivers\downld\58484.exe

c:\users\isa\AppData\Roaming\drivers\downld\585378.exe

c:\users\isa\AppData\Roaming\drivers\downld\585674.exe

c:\users\isa\AppData\Roaming\drivers\downld\58578.exe

c:\users\isa\AppData\Roaming\drivers\downld\585861.exe

c:\users\isa\AppData\Roaming\drivers\downld\588669.exe

c:\users\isa\AppData\Roaming\drivers\downld\588934.exe

c:\users\isa\AppData\Roaming\drivers\downld\589153.exe

c:\users\isa\AppData\Roaming\drivers\downld\58983.exe

c:\users\isa\AppData\Roaming\drivers\downld\591477.exe

c:\users\isa\AppData\Roaming\drivers\downld\592320.exe

c:\users\isa\AppData\Roaming\drivers\downld\593069.exe

c:\users\isa\AppData\Roaming\drivers\downld\593630.exe

c:\users\isa\AppData\Roaming\drivers\downld\594379.exe

c:\users\isa\AppData\Roaming\drivers\downld\595019.exe

c:\users\isa\AppData\Roaming\drivers\downld\60294.exe

c:\users\isa\AppData\Roaming\drivers\downld\603271.exe

c:\users\isa\AppData\Roaming\drivers\downld\60403.exe

c:\users\isa\AppData\Roaming\drivers\downld\60465.exe

c:\users\isa\AppData\Roaming\drivers\downld\60855.exe

c:\users\isa\AppData\Roaming\drivers\downld\610572.exe

c:\users\isa\AppData\Roaming\drivers\downld\61089.exe

c:\users\isa\AppData\Roaming\drivers\downld\61230.exe

c:\users\isa\AppData\Roaming\drivers\downld\614144.exe

c:\users\isa\AppData\Roaming\drivers\downld\614862.exe

c:\users\isa\AppData\Roaming\drivers\downld\616235.exe

c:\users\isa\AppData\Roaming\drivers\downld\61776.exe

c:\users\isa\AppData\Roaming\drivers\downld\61791.exe

c:\users\isa\AppData\Roaming\drivers\downld\618481.exe

c:\users\isa\AppData\Roaming\drivers\downld\61979.exe

c:\users\isa\AppData\Roaming\drivers\downld\619994.exe

c:\users\isa\AppData\Roaming\drivers\downld\62025.exe

c:\users\isa\AppData\Roaming\drivers\downld\621180.exe

c:\users\isa\AppData\Roaming\drivers\downld\622038.exe

c:\users\isa\AppData\Roaming\drivers\downld\622147.exe

c:\users\isa\AppData\Roaming\drivers\downld\62322.exe

c:\users\isa\AppData\Roaming\drivers\downld\62431.exe

c:\users\isa\AppData\Roaming\drivers\downld\62447.exe

c:\users\isa\AppData\Roaming\drivers\downld\62462.exe

c:\users\isa\AppData\Roaming\drivers\downld\625688.exe

c:\users\isa\AppData\Roaming\drivers\downld\626312.exe

c:\users\isa\AppData\Roaming\drivers\downld\626328.exe

c:\users\isa\AppData\Roaming\drivers\downld\62650.exe

c:\users\isa\AppData\Roaming\drivers\downld\62665.exe

c:\users\isa\AppData\Roaming\drivers\downld\629510.exe

c:\users\isa\AppData\Roaming\drivers\downld\630977.exe

c:\users\isa\AppData\Roaming\drivers\downld\632459.exe

c:\users\isa\AppData\Roaming\drivers\downld\639354.exe

c:\users\isa\AppData\Roaming\drivers\downld\640742.exe

c:\users\isa\AppData\Roaming\drivers\downld\642583.exe

c:\users\isa\AppData\Roaming\drivers\downld\64522.exe

c:\users\isa\AppData\Roaming\drivers\downld\646795.exe

c:\users\isa\AppData\Roaming\drivers\downld\648839.exe

c:\users\isa\AppData\Roaming\drivers\downld\64943.exe

c:\users\isa\AppData\Roaming\drivers\downld\65036.exe

c:\users\isa\AppData\Roaming\drivers\downld\650539.exe

c:\users\isa\AppData\Roaming\drivers\downld\652427.exe

c:\users\isa\AppData\Roaming\drivers\downld\654611.exe

c:\users\isa\AppData\Roaming\drivers\downld\65520.exe

c:\users\isa\AppData\Roaming\drivers\downld\656857.exe

c:\users\isa\AppData\Roaming\drivers\downld\66487.exe

c:\users\isa\AppData\Roaming\drivers\downld\664985.exe

c:\users\isa\AppData\Roaming\drivers\downld\666529.exe

c:\users\isa\AppData\Roaming\drivers\downld\669712.exe

c:\users\isa\AppData\Roaming\drivers\downld\67766.exe

c:\users\isa\AppData\Roaming\drivers\downld\67782.exe

c:\users\isa\AppData\Roaming\drivers\downld\682956.exe

c:\users\isa\AppData\Roaming\drivers\downld\686248.exe

c:\users\isa\AppData\Roaming\drivers\downld\687122.exe

c:\users\isa\AppData\Roaming\drivers\downld\68765.exe

c:\users\isa\AppData\Roaming\drivers\downld\687824.exe

c:\users\isa\AppData\Roaming\drivers\downld\688136.exe

c:\users\isa\AppData\Roaming\drivers\downld\688619.exe

c:\users\isa\AppData\Roaming\drivers\downld\688635.exe

c:\users\isa\AppData\Roaming\drivers\downld\689321.exe

c:\users\isa\AppData\Roaming\drivers\downld\691240.exe

c:\users\isa\AppData\Roaming\drivers\downld\691490.exe

c:\users\isa\AppData\Roaming\drivers\downld\692129.exe

c:\users\isa\AppData\Roaming\drivers\downld\693986.exe

c:\users\isa\AppData\Roaming\drivers\downld\695202.exe

c:\users\isa\AppData\Roaming\drivers\downld\695218.exe

c:\users\isa\AppData\Roaming\drivers\downld\695936.exe

c:\users\isa\AppData\Roaming\drivers\downld\696856.exe

c:\users\isa\AppData\Roaming\drivers\downld\696872.exe

c:\users\isa\AppData\Roaming\drivers\downld\69935.exe

c:\users\isa\AppData\Roaming\drivers\downld\70153.exe

c:\users\isa\AppData\Roaming\drivers\downld\70511032.exe

c:\users\isa\AppData\Roaming\drivers\downld\70512139.exe

c:\users\isa\AppData\Roaming\drivers\downld\70512171.exe

c:\users\isa\AppData\Roaming\drivers\downld\70534182.exe

c:\users\isa\AppData\Roaming\drivers\downld\70536600.exe

c:\users\isa\AppData\Roaming\drivers\downld\70537677.exe

c:\users\isa\AppData\Roaming\drivers\downld\70538769.exe

c:\users\isa\AppData\Roaming\drivers\downld\70540984.exe

c:\users\isa\AppData\Roaming\drivers\downld\70541358.exe

c:\users\isa\AppData\Roaming\drivers\downld\70586739.exe

c:\users\isa\AppData\Roaming\drivers\downld\70593416.exe

c:\users\isa\AppData\Roaming\drivers\downld\70595818.exe

c:\users\isa\AppData\Roaming\drivers\downld\706606.exe

c:\users\isa\AppData\Roaming\drivers\downld\70727561.exe

c:\users\isa\AppData\Roaming\drivers\downld\70730198.exe

c:\users\isa\AppData\Roaming\drivers\downld\70730213.exe

c:\users\isa\AppData\Roaming\drivers\downld\70762.exe

c:\users\isa\AppData\Roaming\drivers\downld\70777.exe

c:\users\isa\AppData\Roaming\drivers\downld\70839227.exe

c:\users\isa\AppData\Roaming\drivers\downld\70842768.exe

c:\users\isa\AppData\Roaming\drivers\downld\70842784.exe

c:\users\isa\AppData\Roaming\drivers\downld\70848992.exe

c:\users\isa\AppData\Roaming\drivers\downld\70851130.exe

c:\users\isa\AppData\Roaming\drivers\downld\70884732.exe

c:\users\isa\AppData\Roaming\drivers\downld\70887431.exe

c:\users\isa\AppData\Roaming\drivers\downld\70887899.exe

c:\users\isa\AppData\Roaming\drivers\downld\70956461.exe

c:\users\isa\AppData\Roaming\drivers\downld\70962358.exe

c:\users\isa\AppData\Roaming\drivers\downld\70965572.exe

c:\users\isa\AppData\Roaming\drivers\downld\709913.exe

c:\users\isa\AppData\Roaming\drivers\downld\71022325.exe

c:\users\isa\AppData\Roaming\drivers\downld\71025929.exe

c:\users\isa\AppData\Roaming\drivers\downld\71026350.exe

c:\users\isa\AppData\Roaming\drivers\downld\71032060.exe

c:\users\isa\AppData\Roaming\drivers\downld\71033635.exe

c:\users\isa\AppData\Roaming\drivers\downld\71033651.exe

c:\users\isa\AppData\Roaming\drivers\downld\710381.exe

c:\users\isa\AppData\Roaming\drivers\downld\71120.exe

c:\users\isa\AppData\Roaming\drivers\downld\71144536.exe

c:\users\isa\AppData\Roaming\drivers\downld\71150496.exe

c:\users\isa\AppData\Roaming\drivers\downld\715077.exe

c:\users\isa\AppData\Roaming\drivers\downld\71588.exe

c:\users\isa\AppData\Roaming\drivers\downld\716231.exe

c:\users\isa\AppData\Roaming\drivers\downld\716247.exe

c:\users\isa\AppData\Roaming\drivers\downld\71698.exe

c:\users\isa\AppData\Roaming\drivers\downld\71729.exe

c:\users\isa\AppData\Roaming\drivers\downld\731473.exe

c:\users\isa\AppData\Roaming\drivers\downld\737011.exe

c:\users\isa\AppData\Roaming\drivers\downld\73788.exe

c:\users\isa\AppData\Roaming\drivers\downld\738165.exe

c:\users\isa\AppData\Roaming\drivers\downld\741581.exe

c:\users\isa\AppData\Roaming\drivers\downld\742408.exe

c:\users\isa\AppData\Roaming\drivers\downld\742798.exe

c:\users\isa\AppData\Roaming\drivers\downld\742814.exe

c:\users\isa\AppData\Roaming\drivers\downld\743812.exe

c:\users\isa\AppData\Roaming\drivers\downld\743828.exe

c:\users\isa\AppData\Roaming\drivers\downld\74740.exe

c:\users\isa\AppData\Roaming\drivers\downld\74755.exe

c:\users\isa\AppData\Roaming\drivers\downld\749865.exe

c:\users\isa\AppData\Roaming\drivers\downld\75005.exe

c:\users\isa\AppData\Roaming\drivers\downld\75020.exe

c:\users\isa\AppData\Roaming\drivers\downld\751129.exe

c:\users\isa\AppData\Roaming\drivers\downld\751222.exe

c:\users\isa\AppData\Roaming\drivers\downld\76955.exe

c:\users\isa\AppData\Roaming\drivers\downld\76970.exe

c:\users\isa\AppData\Roaming\drivers\downld\77672.exe

c:\users\isa\AppData\Roaming\drivers\downld\77688.exe

c:\users\isa\AppData\Roaming\drivers\downld\79030.exe

c:\users\isa\AppData\Roaming\drivers\downld\79123.exe

c:\users\isa\AppData\Roaming\drivers\downld\824434.exe

c:\users\isa\AppData\Roaming\drivers\downld\824465.exe

c:\users\isa\AppData\Roaming\drivers\downld\826727.exe

c:\users\isa\AppData\Roaming\drivers\downld\826742.exe

c:\users\isa\AppData\Roaming\drivers\downld\827273.exe

c:\users\isa\AppData\Roaming\drivers\downld\827959.exe

c:\users\isa\AppData\Roaming\drivers\downld\82883.exe

c:\users\isa\AppData\Roaming\drivers\downld\82914.exe

c:\users\isa\AppData\Roaming\drivers\downld\82930.exe

c:\users\isa\AppData\Roaming\drivers\downld\834995.exe

c:\users\isa\AppData\Roaming\drivers\downld\837070.exe

c:\users\isa\AppData\Roaming\drivers\downld\837366.exe

c:\users\isa\AppData\Roaming\drivers\downld\841687.exe

c:\users\isa\AppData\Roaming\drivers\downld\860236.exe

c:\users\isa\AppData\Roaming\drivers\downld\862701.exe

c:\users\isa\AppData\Roaming\drivers\downld\863137.exe

c:\users\isa\AppData\Roaming\drivers\downld\86362.exe

c:\users\isa\AppData\Roaming\drivers\downld\87719.exe

c:\users\isa\AppData\Roaming\drivers\downld\87750.exe

c:\users\isa\AppData\Roaming\drivers\downld\893760.exe

c:\users\isa\AppData\Roaming\drivers\downld\893901.exe

c:\users\isa\AppData\Roaming\drivers\downld\89466.exe

c:\users\isa\AppData\Roaming\drivers\downld\895617.exe

c:\users\isa\AppData\Roaming\drivers\downld\895710.exe

c:\users\isa\AppData\Roaming\drivers\downld\900593.exe

c:\users\isa\AppData\Roaming\drivers\downld\901389.exe

c:\users\isa\AppData\Roaming\drivers\downld\902106.exe

c:\users\isa\AppData\Roaming\drivers\downld\90277.exe

c:\users\isa\AppData\Roaming\drivers\downld\903214.exe

c:\users\isa\AppData\Roaming\drivers\downld\903807.exe

c:\users\isa\AppData\Roaming\drivers\downld\90886.exe

c:\users\isa\AppData\Roaming\drivers\downld\91868.exe

c:\users\isa\AppData\Roaming\drivers\downld\92992.exe

c:\users\isa\AppData\Roaming\drivers\downld\93413.exe

c:\users\isa\AppData\Roaming\drivers\downld\98530.exe

c:\users\isa\AppData\Roaming\drivers\downld\988703.exe

c:\users\isa\AppData\Roaming\drivers\downld\989670.exe

c:\users\isa\AppData\Roaming\drivers\downld\990450.exe

c:\users\isa\AppData\Roaming\drivers\downld\991511.exe

c:\users\isa\AppData\Roaming\drivers\downld\992587.exe

c:\users\isa\AppData\Roaming\drivers\downld\992993.exe

c:\users\isa\AppData\Roaming\drivers\downld\99715.exe

c:\users\isa\AppData\Roaming\drivers\srosa2.sys

c:\users\isa\AppData\Roaming\drivers\wfsintwq.sys

c:\users\isa\AppData\Roaming\drivers\winupgro.exe

c:\users\isa\AppData\Roaming\hidires

c:\users\isa\AppData\Roaming\hidires\flec003.exe

c:\users\isa\AppData\Roaming\hidires\names.txt

c:\users\isa\AppData\Roaming\m

c:\users\isa\AppData\Roaming\m\data.oct

c:\users\isa\AppData\Roaming\m\flec006.exe

c:\users\isa\AppData\Roaming\m\list.oct

c:\users\isa\AppData\Roaming\m\shared\1ClickZoom.zip

c:\users\isa\AppData\Roaming\m\shared\A+ File Protection 2.6.zip

c:\users\isa\AppData\Roaming\m\shared\Advanced Net Monitor for Classroom Professional 2.5.4.zip

c:\users\isa\AppData\Roaming\m\shared\AllStar Video to iPod Converter 3.50.zip

c:\users\isa\AppData\Roaming\m\shared\ar-CVevaluation 4.2.zip

c:\users\isa\AppData\Roaming\m\shared\Argentum MyFiles 2.5.zip

c:\users\isa\AppData\Roaming\m\shared\Art of War Screen Saver 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\ASPNetVideo 2.0.zip

c:\users\isa\AppData\Roaming\m\shared\Ateksoft WebCamera Plus 2.0.zip

c:\users\isa\AppData\Roaming\m\shared\ATN Night Vision Monoculars Screensaver 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\AudioSpect 0.95.zip

c:\users\isa\AppData\Roaming\m\shared\AviScript 2.9.zip

c:\users\isa\AppData\Roaming\m\shared\Backup Password Recovery Key 8.0 build 2514 Key.zip

c:\users\isa\AppData\Roaming\m\shared\BioniX Wallpaper 5.7.77.zip

c:\users\isa\AppData\Roaming\m\shared\Bitdefender.Internet.Security.v10.by.dark shelow@hotmail.com.zip

c:\users\isa\AppData\Roaming\m\shared\BugMeNot 2.0.zip

c:\users\isa\AppData\Roaming\m\shared\CD Sequencer 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\Celframe Office Pro 4.15.000.zip

c:\users\isa\AppData\Roaming\m\shared\Chicken Invaders 1.3.zip

c:\users\isa\AppData\Roaming\m\shared\Christmas Tree Screensaver 1.06.zip

c:\users\isa\AppData\Roaming\m\shared\Classical Radio 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\Clever Internet Suite 6.2 [Key+Serial].zip

c:\users\isa\AppData\Roaming\m\shared\Clockmaker Icon Generator 1.1.1.zip

c:\users\isa\AppData\Roaming\m\shared\Color Syntax 1.0.0.47.zip

c:\users\isa\AppData\Roaming\m\shared\Comic Collector Professional 6.0.zip

c:\users\isa\AppData\Roaming\m\shared\Conversational Spanish 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\Cool MMS Template Builder Personal 1.01.zip

c:\users\isa\AppData\Roaming\m\shared\Country Music's Sugarland Firefox Theme 1.1.1.zip

c:\users\isa\AppData\Roaming\m\shared\DataDrafter Personal Edition 1.3.zip

c:\users\isa\AppData\Roaming\m\shared\DataKeeper 1.09.zip

c:\users\isa\AppData\Roaming\m\shared\DaToInfo 2.0 (With Crack).zip

c:\users\isa\AppData\Roaming\m\shared\Desktop Authority Express 6.60.zip

c:\users\isa\AppData\Roaming\m\shared\Desktop iCalendar 1.2.6.zip

c:\users\isa\AppData\Roaming\m\shared\DeviceLock Me 1.42 (Crack).zip

c:\users\isa\AppData\Roaming\m\shared\Dictionary Gadget 1.0.0.0.zip

c:\users\isa\AppData\Roaming\m\shared\Directory Compare 2.zip

c:\users\isa\AppData\Roaming\m\shared\Disk and Registry Alert 2.39 (KeyGen).zip

c:\users\isa\AppData\Roaming\m\shared\DriveVar 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\DTaskManager 1.50.zip

c:\users\isa\AppData\Roaming\m\shared\DVD Creator 2.0 KeyGen.zip

c:\users\isa\AppData\Roaming\m\shared\DvdReMake 3.2.2 KeyGen.zip

c:\users\isa\AppData\Roaming\m\shared\Dynamic Copyright It! 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\E20-540 Practice Exam Testing Engine Software 1.0 Key.zip

c:\users\isa\AppData\Roaming\m\shared\East Asia Satellite 0.1.zip

c:\users\isa\AppData\Roaming\m\shared\Easy Ringtone Maker 2.0.4.zip

c:\users\isa\AppData\Roaming\m\shared\ePlum GetPictures 2.1.zip

c:\users\isa\AppData\Roaming\m\shared\Equivalent Script 1.1 [Patch].zip

c:\users\isa\AppData\Roaming\m\shared\eScan Virus Control Edition 9.0.722.1.zip

c:\users\isa\AppData\Roaming\m\shared\Evonergy Ezy Retouch 1.1.9.zip

c:\users\isa\AppData\Roaming\m\shared\Exchange System Manager for Windows Vista 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\EXE Password Lock 1.01 (Crack).zip

c:\users\isa\AppData\Roaming\m\shared\ExpertGPS 2.3.4 Beta 7.zip

c:\users\isa\AppData\Roaming\m\shared\FeedWrite 2.zip

c:\users\isa\AppData\Roaming\m\shared\Flash2AVI Professional 1.0.0.zip

c:\users\isa\AppData\Roaming\m\shared\FlexiMIS 1.0 (KeyGen).zip

c:\users\isa\AppData\Roaming\m\shared\Global Search and Reservations of Hotels 2.0.zip

c:\users\isa\AppData\Roaming\m\shared\HandWallet 4.09.zip

c:\users\isa\AppData\Roaming\m\shared\HSLAB Print Logger EE 5.1.35.584.zip

c:\users\isa\AppData\Roaming\m\shared\iLead DVD to PSP Converter 3.5.3.zip

c:\users\isa\AppData\Roaming\m\shared\Invoice Organizer Deluxe 2.8 (Serial).zip

c:\users\isa\AppData\Roaming\m\shared\Ipod eBook Maker 1.6 (KeyGen).zip

c:\users\isa\AppData\Roaming\m\shared\iPodifier 1.504.zip

c:\users\isa\AppData\Roaming\m\shared\It's Just What I did Blog 0.1.zip

c:\users\isa\AppData\Roaming\m\shared\Jungle Stalker WP 1.00.zip

c:\users\isa\AppData\Roaming\m\shared\Kaspersky Antivirus Personal Pro 5.0.20 KEYGEN.zip

c:\users\isa\AppData\Roaming\m\shared\Kav.Kis.Kaspersky.Antivirus.And.Internet.Security.Cracked.Until.2017.zip

c:\users\isa\AppData\Roaming\m\shared\Largest Files Finder 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\Law Firm Management ToolKit 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\LingvoSoft Dictionary 2006 German Spanish 3.1.41.zip

c:\users\isa\AppData\Roaming\m\shared\LingvoSoft Talking Picture Dictionary 2008 Italian - Arabic 1.2.26.zip

c:\users\isa\AppData\Roaming\m\shared\Log Monitor 0.2.zip

c:\users\isa\AppData\Roaming\m\shared\MB Free Capricorn Astrology 1.60.zip

c:\users\isa\AppData\Roaming\m\shared\MB Free Inner Dreams Number 1.55.zip

c:\users\isa\AppData\Roaming\m\shared\McAfee.AntiSpyware.Enterprise.v8.5sa.patch.crack.multiLanguage.with.serial.

by.ParadoX.zip

c:\users\isa\AppData\Roaming\m\shared\Memorize Website Downloader 1.01.zip

c:\users\isa\AppData\Roaming\m\shared\Movienizer 1.8 Build 50.zip

c:\users\isa\AppData\Roaming\m\shared\MSN content crazy show 5.2.2.zip

c:\users\isa\AppData\Roaming\m\shared\Music Express 4.26.zip

c:\users\isa\AppData\Roaming\m\shared\Net Monitor for Employees 2.8.7 (With Crack).zip

c:\users\isa\AppData\Roaming\m\shared\Offline Site Map Generator 2.3.1.2.zip

c:\users\isa\AppData\Roaming\m\shared\On This Date In History Podcast Feed Widget 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\onealarm.Y.Avast.zip

c:\users\isa\AppData\Roaming\m\shared\Oront Burning Kit 2 Basic 2.5.zip

c:\users\isa\AppData\Roaming\m\shared\PC Audio Converter 1.3.zip

c:\users\isa\AppData\Roaming\m\shared\Peaks Screensaver 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\Peti 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\PhotoZoom Professional 1.2.6.zip

c:\users\isa\AppData\Roaming\m\shared\Php Charts 1.4.1.zip

c:\users\isa\AppData\Roaming\m\shared\Privacy Inspector 2.00.zip

c:\users\isa\AppData\Roaming\m\shared\Protara Standard Edition 1.zip

c:\users\isa\AppData\Roaming\m\shared\PW Bulk Rename 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\Quick Launch Shortcut 2.0 Patch.zip

c:\users\isa\AppData\Roaming\m\shared\RDF Viewer 1.3.zip

c:\users\isa\AppData\Roaming\m\shared\rebuilt.Kaspersky.antivirus.v6.0.Personal.keys.2007.(todo.espaÃ±ol-spanish).zip

c:\users\isa\AppData\Roaming\m\shared\Remote Explorer 01.930.zip

c:\users\isa\AppData\Roaming\m\shared\REN 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\ScheduLAN 5.9.zip

c:\users\isa\AppData\Roaming\m\shared\Secret Garden 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\SF-BusinessCard 2.00 [Patch].zip

c:\users\isa\AppData\Roaming\m\shared\Silent hill mobile.zip

c:\users\isa\AppData\Roaming\m\shared\SimonView Standard 2.2.0.4.zip

c:\users\isa\AppData\Roaming\m\shared\Sine + Cosine Oscillator 1881.zip

c:\users\isa\AppData\Roaming\m\shared\SizeExplorer Pro 3.8.5.zip

c:\users\isa\AppData\Roaming\m\shared\SOASYNC 1.0.0 Build 20080407.zip

c:\users\isa\AppData\Roaming\m\shared\SoftAmbulance Wiperaser 1.13.zip

c:\users\isa\AppData\Roaming\m\shared\SpywareKill 2.5.2117.zip

c:\users\isa\AppData\Roaming\m\shared\SQLH2 2.027.zip

c:\users\isa\AppData\Roaming\m\shared\StatFi 2007 4.8.6.0.zip

c:\users\isa\AppData\Roaming\m\shared\Steganography 1.8.1228 Key+Serial.zip

c:\users\isa\AppData\Roaming\m\shared\Storm Over The Capital Screensaver 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\SuDoku Tutor 3i.zip

c:\users\isa\AppData\Roaming\m\shared\SureInvoice 4.0.zip

c:\users\isa\AppData\Roaming\m\shared\Swiss Alps Screensaver 1.00.zip

c:\users\isa\AppData\Roaming\m\shared\TabClock 1.2.zip

c:\users\isa\AppData\Roaming\m\shared\Taskbar Repair Tool Plus! 1.1.1.zip

c:\users\isa\AppData\Roaming\m\shared\Terracide demo 0.94.zip

c:\users\isa\AppData\Roaming\m\shared\The Mop 4.40 Beta 2 Cracked.zip

c:\users\isa\AppData\Roaming\m\shared\Tropical Splendor 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\Type O'Key 1.0 [With Crack].zip

c:\users\isa\AppData\Roaming\m\shared\Visual Button Ex 1.20.zip

c:\users\isa\AppData\Roaming\m\shared\WazTree II 0.168.zip

c:\users\isa\AppData\Roaming\m\shared\Wedding Tip of the Day and Countdown 1.0.zip

c:\users\isa\AppData\Roaming\m\shared\XBasic 6.23.zip

c:\users\isa\AppData\Roaming\m\shared\Yanoff Minus 3.1.zip

c:\users\isa\AppData\Roaming\m\shared\YouTube FLV to AVI Easy Converter 2.1.3 (Key).zip

c:\users\isa\AppData\Roaming\m\shared\YouTube Video Player 1.0.2.zip

c:\users\isa\AppData\Roaming\m\shared\Zodiac Clock 3D Screensaver 1.0.zip

c:\users\isa\AppData\Roaming\m\srvlist.oct

c:\windows\system32\mdelk.exe

c:\windows\system32\wintems.exe

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SK9OU0S

-------\Legacy_SROSA

-------\Service_sK9Ou0s

-------\Service_srosa

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-04 au 2009-03-04 ))))))))))))))))))))))))))))))))))))

.

2009-03-04 21:48 . 2009-03-04 22:48 <REP> d-------- C:\ToolBar SD

2009-03-04 20:46 . 2009-03-04 20:46 <REP> d-------- c:\program files\yes

2009-03-04 20:16 . 2009-03-04 20:18 <REP> d-------- c:\program files\scanhijt

2009-03-04 20:05 . 2009-03-04 20:07 <REP> d-------- c:\program files\karcher

2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\users\All Users\WindowsSearch

2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\programdata\WindowsSearch

2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\users\All Users\avg8

2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\programdata\avg8

2009-03-01 17:42 . 2009-03-01 17:42 <REP> d-------- c:\program files\CCleaner

2009-03-01 17:23 . 2009-03-04 23:40 <REP> d--h----- c:\users\isa\AppData\Roaming\drivers

2009-03-01 13:22 . 2009-03-01 13:57 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy

2009-03-01 13:22 . 2009-03-01 13:57 <REP> d-------- c:\programdata\Spybot - Search & Destroy

2009-03-01 13:22 . 2009-03-01 13:22 <REP> d-------- c:\program files\Spybot - Search & Destroy

2009-03-01 12:23 . 2009-03-01 12:23 <REP> d-------- c:\users\isa\AppData\Roaming\FloodLightGames

2009-03-01 12:19 . 2009-03-01 12:19 <REP> d-------- c:\users\isa\AppData\Roaming\eSobi

2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\isa\AppData\Roaming\Flood Light Games

2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\All Users\Flood Light Games

2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\programdata\Flood Light Games

2009-02-26 21:12 . 2006-11-28 20:46 28,224 --a------ c:\windows\System32\drivers\PCAMp50.sys

2009-02-26 21:12 . 2006-11-28 20:46 27,072 --a------ c:\windows\System32\drivers\PCASp50.sys

2009-02-26 21:11 . 2009-02-26 21:11 <REP> d-------- c:\program files\Securitoo

2009-02-26 21:11 . 2009-02-26 21:39 <REP> d-------- c:\program files\OrangeHSS

2009-02-26 21:11 . 2007-12-11 20:22 65,536 --a------ c:\windows\System32\Autodial2000.dll

2009-02-26 21:07 . 2009-02-26 21:07 <REP> d-------- c:\program files\Common Files\France Telecom

2009-02-16 20:59 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll

2009-02-16 20:59 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll

2009-02-16 20:59 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax

2009-02-16 20:59 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax

2009-02-16 20:59 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax

2009-02-13 20:11 . 2009-02-13 20:11 <REP> d-------- c:\program files\Canal

2009-02-13 20:10 . 2009-02-13 20:10 <REP> d-------- c:\program files\Common Files\Adobe AIR

2009-02-11 22:24 . 2009-02-11 22:24 <REP> d-------- c:\users\isa\AppData\Roaming\Media Player Classic

2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\users\All Users\Real

2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\program files\K-Lite Codec Pack

2009-02-11 00:42 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-11 00:42 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

2009-02-07 20:18 . 2008-06-25 20:57 446,464 --a------ c:\windows\System32\nvudisp.exe

2009-02-07 20:18 . 2008-06-25 20:57 8,429 --a------ c:\windows\System32\nvdisp.nvu

2009-02-07 20:17 . 2009-02-07 20:17 <REP> d-------- c:\program files\My Company Name

2009-02-06 23:13 . 2009-02-06 23:13 45 --a------ c:\windows\System32\initdebug.nfo

2009-02-04 18:34 . 2009-02-04 18:34 <REP> d-------- c:\users\All Users\BSD

2009-02-04 18:34 . 2009-02-04 18:34 <REP> d-------- c:\programdata\BSD

2009-02-04 18:33 . 2009-02-04 18:33 <REP> d-------- c:\users\isa\AppData\Roaming\BSD Concept

2009-02-04 18:30 . 2009-02-04 18:30 <REP> d-------- c:\users\All Users\BSD Concept

2009-02-04 18:30 . 2009-02-04 18:30 <REP> d-------- c:\programdata\BSD Concept

2009-02-04 18:29 . 2009-02-04 18:29 <REP> d-------- c:\program files\BSD Concept

2009-02-04 16:52 . 2009-02-04 16:52 <REP> d-------- c:\users\isa\AppData\Roaming\Printer Info Cache

2009-02-04 16:52 . 2009-03-03 17:36 <REP> d-------- c:\users\isa\AppData\Roaming\Image Zone Express

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-01 20:29 --------- d-----w c:\program files\7-Zip

2009-03-01 11:41 --------- d-----w c:\program files\Acer GameZone

2009-03-01 11:34 --------- d-----w c:\program files\Common Files\Oberon Media

2009-03-01 11:31 --------- d---a-w c:\programdata\TEMP

2009-03-01 11:22 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-01 11:22 --------- d-----w c:\program files\eSobi

2009-03-01 11:06 --------- d-----w c:\users\isa\AppData\Roaming\uTorrent

2009-02-28 17:25 --------- d-----w c:\program files\Oberon Media

2009-02-11 21:11 --------- d-----w c:\program files\Java

2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail

2009-02-07 19:24 --------- d-----w c:\programdata\NVIDIA

2009-02-03 17:51 --------- d-----w c:\program files\Common Files\Adobe

2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll

2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll

2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 23:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 c:\windows\RtHDVCpl.exe]

c:\users\isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-08-09 344064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"FilterAdministratorToken"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-897740455-3590922161-1516729470-1000]

"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9272E7EA-E5B0-4E65-AA03-61B849992A79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine

"{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia

"{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{542BA28B-703D-48DB-B83F-94E757E578BF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service

"{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD

"{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician

"{F051E17E-51EF-4830-B367-F6DA497077E5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator

"{F158742F-48F9-4833-8369-7CBA8CC22457}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician

"{E8C480A7-0F8F-40E3-951C-B35DCEC99082}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CBE69F7D-80D0-4A78-88AA-458BB971821C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{3472E74A-6E0F-4073-BC32-5308013B35C5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{7175209C-DF98-4A73-8BBA-2DD7418FAA57}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{12457E32-2269-4F32-8199-418A15C8594B}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule

"UDP Query User{7A84D4A4-86CA-400C-AF68-1173647BA356}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule

"TCP Query User{0814C510-F5D5-4BBC-BB0B-6DA28EB05CF0}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= UDP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe

"UDP Query User{65EF53D6-8B7C-4B31-AAC6-26517E77BF6D}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= TCP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 ATMhelpr;ATMhelpr;c:\windows\System32\drivers\ATMHELPR.SYS [2008-09-20 4064]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-21 269448]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-01 1153368]

S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-03-21 30752]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2009-02-26 28224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

2009-03-02 c:\windows\Tasks\WebReg Photosmart C3100 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]

.

- - - - ORPHELINS SUPPRIMES - - - -

BHO-{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)

HKCU-Run-flec003.exe - c:\users\isa\AppData\Roaming\hidires\flec003.exe

HKLM-Run-eRecoveryService - (no file)

.

------- Examen supplémentaire -------

.

uStart Page = www.orange.fr

mWindow Title =

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-04 23:42:43

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(172)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2009-03-04 23:45:25 - La machine a redémarré [isa]

ComboFix-quarantined-files.txt 2009-03-04 22:45:18

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Après-CF: 121,644,589,056 octets libres

1038 --- E O F --- 2009-02-26 20:40:05

pear · le 5 mars 2009

Bonjour,

Scan en ligne

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

Désactiver l'antivirus actuel

Kaspersky

Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

Cybersécurité

est-ce que je peux d'ores et déjà réinstaller "antivir" ou faut-il attendre encore?

S'il avait été installé avant que vous ayez bagle , il l'aurait bloqué.

Je n'en vois pas trace dans les rapports.Seulement Avg8 et Spybot.

Vos protections, antivirus , parefeu etc..ont été détruites par bagle.

IL vous faudra tout réinstaller.

Bagle s'attrape par les cracks,tenez en compte.

Modifié le 5 mars 2009 par pear

zabouille · le 5 mars 2009

Bonsoir,

voici le scan de Kaspersky :

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Thursday, March 5, 2009

Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, March 05, 2009 18:30:40

Records in database: 1871308

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan statistics:

Files scanned: 124302

Threat name: 4

Infected objects: 140

Suspicious objects: 0

Duration of the scan: 01:15:59

File name / Threat name / Threats count

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\161383.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\297462.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\344029.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\593630.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\841687.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\winupgro.exe.vir Infected: Trojan-Downloader.Win32.Bagle.aoe 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\1ClickZoom.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\A+ File Protection 2.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Advanced Net Monitor for Classroom Professional 2.5.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\AllStar Video to iPod Converter 3.50.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ar-CVevaluation 4.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Argentum MyFiles 2.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Art of War Screen Saver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ASPNetVideo 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Ateksoft WebCamera Plus 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ATN Night Vision Monoculars Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\AudioSpect 0.95.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\AviScript 2.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Backup Password Recovery Key 8.0 build 2514 Key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\BioniX Wallpaper 5.7.77.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Bitdefender.Internet.Security.v10.by.dark shelow@hotmail.com.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\BugMeNot 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\CD Sequencer 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Celframe Office Pro 4.15.000.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Chicken Invaders 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Christmas Tree Screensaver 1.06.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Classical Radio 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Clever Internet Suite 6.2 [Key+Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Clockmaker Icon Generator 1.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Color Syntax 1.0.0.47.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Comic Collector Professional 6.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Conversational Spanish 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Cool MMS Template Builder Personal 1.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Country Music's Sugarland Firefox Theme 1.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DataDrafter Personal Edition 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DataKeeper 1.09.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DaToInfo 2.0 (With Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Desktop Authority Express 6.60.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Desktop iCalendar 1.2.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DeviceLock Me 1.42 (Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Dictionary Gadget 1.0.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Directory Compare 2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Disk and Registry Alert 2.39 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DriveVar 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DTaskManager 1.50.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DVD Creator 2.0 KeyGen.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DvdReMake 3.2.2 KeyGen.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Dynamic Copyright It! 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\E20-540 Practice Exam Testing Engine Software 1.0 Key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\East Asia Satellite 0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Easy Ringtone Maker 2.0.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ePlum GetPictures 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Equivalent Script 1.1 [Patch].zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\eScan Virus Control Edition 9.0.722.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Evonergy Ezy Retouch 1.1.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Exchange System Manager for Windows Vista 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\EXE Password Lock 1.01 (Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ExpertGPS 2.3.4 Beta 7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\FeedWrite 2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Flash2AVI Professional 1.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\FlexiMIS 1.0 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Global Search and Reservations of Hotels 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\HandWallet 4.09.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\HSLAB Print Logger EE 5.1.35.584.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\iLead DVD to PSP Converter 3.5.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Invoice Organizer Deluxe 2.8 (Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Ipod eBook Maker 1.6 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\iPodifier 1.504.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\It's Just What I did Blog 0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Jungle Stalker WP 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Kaspersky Antivirus Personal Pro 5.0.20 KEYGEN.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Kav.Kis.Kaspersky.Antivirus.And.Internet.Security.Cracked.Until.2017.zip.vi

r Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Largest Files Finder 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Law Firm Management ToolKit 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\LingvoSoft Dictionary 2006 German Spanish 3.1.41.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\LingvoSoft Talking Picture Dictionary 2008 Italian - Arabic 1.2.26.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Log Monitor 0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\MB Free Capricorn Astrology 1.60.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\MB Free Inner Dreams Number 1.55.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\McAfee.AntiSpyware.Enterprise.v8.5sa.patch.crack.multiLanguage.with.serial.

by.ParadoX.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Memorize Website Downloader 1.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Movienizer 1.8 Build 50.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\MSN content crazy show 5.2.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Music Express 4.26.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Net Monitor for Employees 2.8.7 (With Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Offline Site Map Generator 2.3.1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\On This Date In History Podcast Feed Widget 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\onealarm.Y.Avast.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Oront Burning Kit 2 Basic 2.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\PC Audio Converter 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Peaks Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Peti 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\PhotoZoom Professional 1.2.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Php Charts 1.4.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Privacy Inspector 2.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Protara Standard Edition 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\PW Bulk Rename 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Quick Launch Shortcut 2.0 Patch.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\RDF Viewer 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\rebuilt.Kaspersky.antivirus.v6.0.Personal.keys.2007.(todo.espaÃ±ol-spanish).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Remote Explorer 01.930.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\REN 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ScheduLAN 5.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Secret Garden 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SF-BusinessCard 2.00 [Patch].zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Silent hill mobile.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SimonView Standard 2.2.0.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Sine + Cosine Oscillator 1881.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SizeExplorer Pro 3.8.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SOASYNC 1.0.0 Build 20080407.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SoftAmbulance Wiperaser 1.13.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SpywareKill 2.5.2117.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SQLH2 2.027.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\StatFi 2007 4.8.6.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Steganography 1.8.1228 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Storm Over The Capital Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SuDoku Tutor 3i.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SureInvoice 4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Swiss Alps Screensaver 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\TabClock 1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Taskbar Repair Tool Plus! 1.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Terracide demo 0.94.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\The Mop 4.40 Beta 2 Cracked.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Tropical Splendor 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Type O'Key 1.0 [With Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Visual Button Ex 1.20.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\WazTree II 0.168.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Wedding Tip of the Day and Countdown 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\XBasic 6.23.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Yanoff Minus 3.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\YouTube FLV to AVI Easy Converter 2.1.3 (Key).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\YouTube Video Player 1.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Zodiac Clock 3D Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1

C:\Qoobox\Quarantine\C\Windows\System32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

C:\Qoobox\Quarantine\C\Windows\System32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

C:\Qoobox\Quarantine\Registry_backups\Service_srosa.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp 1

C:\Users\isa\AppData\Local\RtHDVCpl.exe Infected: Trojan-Downloader.Win32.Bagle.aoe 1

C:\Users\isa\Downloads\eMule\Incoming\keygen.exe Infected: Trojan-Downloader.Win32.Bagle.aoe 1

The selected area was scanned.

pear · le 6 mars 2009

Bonjour,

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

File::

C:\Users\isa\AppData\Local\RtHDVCpl.exe

C:\Users\isa\Downloads\eMule\Incoming\keygen.exe

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Modifié le 6 mars 2009 par pear

Connexion

Pas encore inscrit ?

PC très infecté

Messages recommandés

zabouille

pear

zabouille

zabouille

zabouille

zabouille

zabouille

pear

zabouille

pear

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer