Pc infecté de pub, PC rame... - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Pc infecté de pub, PC rame...
 
goun81
Profil : IDNaute
Plus d'informations
n°325332
28-07-2008 à 16:25:36

Bonjour,

Je reviens vers vous pour un nouveau soucis qui touche le pc de ma copine. Comme les pros sont ici, je vous expose mon soucis:

elle utilise Mozilla. A chaque fois qu'elle ouvre et qu'elle click pour réduire, Mozilla se ferme...
des pubs par dizaine arrive toutes les 5 min environs,

son pc rame comme c'est pas permis.

Voici un rapport HIJACKTHIS, en espérant que cela vous parle!

****************************************************

Logfile of HijackThis v1.99.1
Scan saved at 16:12, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\system32\vbfodkshc.exe
C:\WINDOWS\mrofinu1001186.exe
C:\Program Files\Mojicon\Mojicon\mojiim.exe
C:\Program Files\Mojicon\Mojicon\mojiwin.exe
C:\Program Files\Mojicon\Mojicon\mojiversion.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
J:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Documents and Settings\Administrateur\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\otaby.exe
C:\PROGRA~1\TSKS~1\spoolsv.exe
C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\ipobmh.exe
C:\Program Files\Svconr\Svconr.exe
C:\WINDOWS\F?nts\??plorer.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\GetPack\GetPack20.exe
C:\Program Files\GetModule\GetModule20.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Boonty\BoontyBox\BoontyBoxEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v2.0-delta.exe
j:\721fe062eca8f6a215386e\mrtstub.exe

O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
O2 - BHO: (no name) - {D930EF6E-24F1-0F20-FF4D-71A2E0E918B0} - C:\WINDOWS\system32\eqv.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\vbfodkshc.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [mojiim] C:\Program Files\Mojicon\Mojicon\mojiim.exe
O4 - HKLM\..\Run: [mojioutlook] regsvr32 "C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" -s
O4 - HKLM\..\Run: [mojiexpress] regsvr32 "C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" -s
O4 - HKLM\..\Run: [mojiwin] C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O4 - HKLM\..\Run: [mojiversion] C:\Program Files\Mojicon\Mojicon\mojiversion.exe
O4 - HKLM\..\Run: [{d4bfaa67-4026-014f-5674-02bc612d9a51}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yvczvochgojsjaij.dll" DllStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Veoh] "J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Administrateur\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\otaby.exe
O4 - HKCU\..\Run: [Seno] "C:\PROGRA~1\TSKS~1\spoolsv.exe" -vt yazb
O4 - HKCU\..\Run: [Gashrv] "C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\ipobmh.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [Hae] C:\WINDOWS\F?nts\??plorer.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [GetPack20] "C:\Program Files\GetPack\GetPack20.exe"
O4 - HKCU\..\Run: [GetModule20] "C:\Program Files\GetModule\GetModule20.exe"
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: BoontyBox VNUnet.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/fr_b [...] Player.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/fr_d [...] 0.0.33.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

*****************************************************


Merci!!

Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

Egwene
Profil : Helper
Plus d'informations
n°325342
28-07-2008 à 16:58:37

:hello: Bonjour,

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux lorsque tu seras en mode sans échec.

Ton infection utilise le social engineering comme vecteur de propagation.
Pour en savoir plus sur les infections se propageant via MSN, clique **ICI**.

Télécharge MSNFix (de !aur3n7) sur ton Bureau :

Dézippe-le sur C:\ et redémarre en mode sans échec :
Redémarre l'ordinateur et dès qu'il commence à charger appuie continuellement sur la touche F8. Un menu devrait apparaitre où tu auras la possibilité de choisir le mode sans échec.

Note 1 : Si tu es sous Windows Vista, fais un clic droit sur le programme et choisis Exécuter en tant qu'Administrateur.

  • Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat (L’extension bat peut ne pas apparaître).
  • Exécute l'option R.
  • Si l'infection est détectée, presse une touche pour lancer le nettoyage (N).
  • Si tu dois redémarrer l’ordinateur fais le manuellement.
  • Poste le rapport situé dans le dossier MSNFix.


Note 2 : Le nom du rapport correspond à l'heure de sa création : date_heure.log

Note 3 : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci.

Aide : Comment utiliser MSNFix.


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
goun81
Profil : IDNaute
Plus d'informations
n°325359
28-07-2008 à 18:17:07

alors voici le résultat du log de MSNFIX:

*********************************************************

MSNFix 1.736

C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\MSNFix
Fix exécuté le 28/07/2008 - 18:00:25,92 By Administrateur
mode sans échec

************************ Recherche les fichiers présents

... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
... C:\Program Files\svconr\svconr.exe
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
... C:\Program Files\JavaCore\JavaCore.exe
... C:\Program Files\JavaCore\UnInstall.exe
... C:\Program Files\outerinfo\FF\chrome.manifest
... C:\Program Files\outerinfo\FF\components\FF.dll
... C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
... C:\Program Files\outerinfo\FF\install.rdf
... C:\Program Files\outerinfo\Terms.rtf
... C:\WINDOWS\b153.exe
... C:\WINDOWS\b156.exe
... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\config.cfg
... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\SRUninstall.exe
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
... C:\Program Files\Temporary\InsiDERInst.exe
... C:\??????.exe
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
... C:\Program Files\JavaCore\JavaCore.exe
... C:\Program Files\JavaCore\UnInstall.exe
... C:\Program Files\Temporary\InsiDERInst.exe
... C:\autorun.inf
... C:\Autorun.inf
... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

... C:\Program Files\Spcron\
... C:\Program Files\Svconr\
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\
... C:\Program Files\outerinfo\
... C:\Program Files\Temporary\
... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\
... C:\Program Files\Inet_Get_2\
... C:\Program Files\InetGet2\
... C:\Program Files\ISM\
... C:\Program Files\QdrPack\
... C:\Program Files\Temporary\
... C:\Install\
... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
.. OK ... C:\Program Files\svconr\svconr.exe
.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
.. OK ... C:\Program Files\JavaCore\JavaCore.exe
.. OK ... C:\Program Files\JavaCore\UnInstall.exe
.. OK ... C:\Program Files\outerinfo\FF\chrome.manifest
.. OK ... C:\Program Files\outerinfo\FF\components\FF.dll
.. OK ... C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
.. OK ... C:\Program Files\outerinfo\FF\install.rdf
.. OK ... C:\Program Files\outerinfo\Terms.rtf
.. OK ... C:\WINDOWS\b153.exe
.. OK ... C:\WINDOWS\b156.exe
.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\config.cfg
.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\SRUninstall.exe
.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
/!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\Temporary\InsiDERInst.exe
.. OK ... C:\??????.exe
.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
/!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
.. OK ... C:\Program Files\JavaCore\JavaCore.exe
.. OK ... C:\Program Files\JavaCore\UnInstall.exe
.. OK ... C:\Program Files\Temporary\InsiDERInst.exe
.. OK ... C:\autorun.inf
.. OK ... C:\Autorun.inf
.. OK ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
.. OK ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
/!\ ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp


************************ Suppression des dossiers

/!\ ... C:\Program Files\Spcron\
/!\ ... C:\Program Files\Svconr\
/!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\
/!\ ... C:\Program Files\outerinfo\
/!\ ... C:\Program Files\Temporary\
/!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\
.. OK ... C:\Program Files\Inet_Get_2\
.. OK ... C:\Program Files\InetGet2\
/!\ ... C:\Program Files\ISM\
/!\ ... C:\Program Files\QdrPack\
/!\ ... C:\Program Files\Temporary\
.. OK ... C:\Install\
/!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
.. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
.. OK ... C:\WINDOWS\b???.exe



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28072008_18040648.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.p [...] /32-alerte


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

********************************************************

sinon, j'ai 2 messages qui arrivent, 2 messages d'erreur:

Erreur, C:\programfiles\avira\antivir...

et Erreur: C:\windows\sytem32\ndaTqsVqrX.dll est introuvable...

Je remets un petit HIJACKTHIS réactualisé suite au MSNFIX:

******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 18:11, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\vbfodkshc.exe
C:\Program Files\Mojicon\Mojicon\mojiim.exe
C:\Program Files\Mojicon\Mojicon\mojiwin.exe
C:\Program Files\Mojicon\Mojicon\mojiversion.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TSKS~1\spoolsv.exe
C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\ipobmh.exe
C:\WINDOWS\F?nts\??plorer.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GetPack\GetPack20.exe
C:\Program Files\GetModule\GetModule20.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\HijackThis.exe

O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
O2 - BHO: (no name) - {D930EF6E-24F1-0F20-FF4D-71A2E0E918B0} - C:\WINDOWS\system32\eqv.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\vbfodkshc.exe
O4 - HKLM\..\Run: [mojiim] C:\Program Files\Mojicon\Mojicon\mojiim.exe
O4 - HKLM\..\Run: [mojioutlook] regsvr32 "C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" -s
O4 - HKLM\..\Run: [mojiexpress] regsvr32 "C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" -s
O4 - HKLM\..\Run: [mojiwin] C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O4 - HKLM\..\Run: [mojiversion] C:\Program Files\Mojicon\Mojicon\mojiversion.exe
O4 - HKLM\..\Run: [{d4bfaa67-4026-014f-5674-02bc612d9a51}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yvczvochgojsjaij.dll" DllStart
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Veoh] "J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Seno] "C:\PROGRA~1\TSKS~1\spoolsv.exe" -vt yazb
O4 - HKCU\..\Run: [Gashrv] "C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\ipobmh.exe
O4 - HKCU\..\Run: [Hae] C:\WINDOWS\F?nts\??plorer.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [GetPack20] "C:\Program Files\GetPack\GetPack20.exe"
O4 - HKCU\..\Run: [GetModule20] "C:\Program Files\GetModule\GetModule20.exe"
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: BoontyBox VNUnet.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/fr_b [...] Player.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/fr_d [...] 0.0.33.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

*****************************************************


Sinon, Mozilla foire toujours.


Un grand merci en tout cas de te pencher sur mon ptit soucis

Egwene
Profil : Helper
Plus d'informations
n°325364
28-07-2008 à 18:32:27

Re,

Tu as utilisé une mauvaise version d'hijackthis. Désinstalle-la.

Télécharge et installe la celle que je t'ai donnée dans mon lien ( à lire ! ).
Hijackthis

***

1) Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.

Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.


Il se trouve également. dans le dossier SDFix >Report.txt<

Note : Si SDFix ne se lance pas (ça arrive!)

* Démarrer->Exécuter
* Copie/colle ceci:

Citation :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe


* Clique sur ok, et valide.
* Redémarre et essaye de nouveau de lancer SDFix.

Aide : Comment faire démarrer son ordinateur en mode sans échec.

2) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue

Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée

  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :

main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :

  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :

main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.




Ce que fait DSS :

  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.


;)


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
goun81
Profil : IDNaute
Plus d'informations
n°325750
30-07-2008 à 00:20:42

voilà tous les rapports,

on commence par SDFix:



SDFix: Version 1.209
Run by Administrateur on 29/07/2008 at 22:54

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Resetting SecurityProviders Value
Resetting AppInit_DLLs value


Rebooting


Checking Files :

Trojan Files Found:

C:\ABQCNP~1.EXE - Deleted
C:\AEOJCM~1.EXE - Deleted
C:\AHIZMF~1.EXE - Deleted
C:\AILBCO~1.EXE - Deleted
C:\AINPXV~1.EXE - Deleted
C:\AJDQDE~1.EXE - Deleted
C:\AJFOKX~1.EXE - Deleted
C:\ANCDWH~1.EXE - Deleted
C:\ANWTOQ~1.EXE - Deleted
C:\AOBUKF~1.EXE - Deleted
C:\AOTBQH~1.EXE - Deleted
C:\APXHOX~1.EXE - Deleted
C:\ATTIHH~1.EXE - Deleted
C:\ATXLNE~1.EXE - Deleted
C:\AUMONJ~1.EXE - Deleted
C:\AWYUTP~1.EXE - Deleted
C:\AXGVGS~1.EXE - Deleted
C:\AXSFFJ~1.EXE - Deleted
C:\AYYTVK~1.EXE - Deleted
C:\AZWMUM~1.EXE - Deleted
C:\BABHDK~1.EXE - Deleted
C:\BACLQR~1.EXE - Deleted
C:\BAFYMU~1.EXE - Deleted
C:\BBDQKW~1.EXE - Deleted
C:\BESYPA~1.EXE - Deleted
C:\BFXBLH~1.EXE - Deleted
C:\BGGNUT~1.EXE - Deleted
C:\BHGSMW~1.EXE - Deleted
C:\BHLIYU~1.EXE - Deleted
C:\BHLZRH~1.EXE - Deleted
C:\BHNCLE~1.EXE - Deleted
C:\BHNRIO~1.EXE - Deleted
C:\BIFYJO~1.EXE - Deleted
C:\BIHLKV~1.EXE - Deleted
C:\BJECPA~1.EXE - Deleted
C:\BJLZHI~1.EXE - Deleted
C:\BJOFZJ~1.EXE - Deleted
C:\BKLFJW~1.EXE - Deleted
C:\BKRRDZ~1.EXE - Deleted
C:\BKYWJG~1.EXE - Deleted
C:\BLJJLA~1.EXE - Deleted
C:\BOSHER~1.EXE - Deleted
C:\BPZGZT~1.EXE - Deleted
C:\BRKPAU~1.EXE - Deleted
C:\BSVKRM~1.EXE - Deleted
C:\BUOGCF~1.EXE - Deleted
C:\BVFDGJ~1.EXE - Deleted
C:\BVKMZU~1.EXE - Deleted
C:\BVZPGS~1.EXE - Deleted
C:\BWTBEX~1.EXE - Deleted
C:\BWTZKH~1.EXE - Deleted
C:\BYMCTZ~1.EXE - Deleted
C:\BZVBHS~1.EXE - Deleted
C:\BZZQVA~1.EXE - Deleted
C:\CAMUFX~1.EXE - Deleted
C:\CBKOEW~1.EXE - Deleted
C:\CCHSVS~1.EXE - Deleted
C:\CCIURI~1.EXE - Deleted
C:\CCWALN~1.EXE - Deleted
C:\CDADQL~1.EXE - Deleted
C:\CDUDMV~1.EXE - Deleted
C:\CDWEXF~1.EXE - Deleted
C:\CEDQUR~1.EXE - Deleted
C:\CEQYBA~1.EXE - Deleted
C:\CFPGNW~1.EXE - Deleted
C:\CFPGRY~1.EXE - Deleted
C:\CFTDKC~1.EXE - Deleted
C:\CGPFEW~1.EXE - Deleted
C:\CKQEYF~1.EXE - Deleted
C:\CLMPXS~1.EXE - Deleted
C:\CMKRTY~1.EXE - Deleted
C:\CNWQQV~1.EXE - Deleted
C:\COIHMJ~1.EXE - Deleted
C:\CRCEAJ~1.EXE - Deleted
C:\CRITFS~1.EXE - Deleted
C:\CSAQUZ~1.EXE - Deleted
C:\CTHINO~1.EXE - Deleted
C:\CTQVRZ~1.EXE - Deleted
C:\CUBQTW~1.EXE - Deleted
C:\CUXJGG~1.EXE - Deleted
C:\CVOMJB~1.EXE - Deleted
C:\CVQVTG~1.EXE - Deleted
C:\CXFARL~1.EXE - Deleted
C:\CYFYEF~1.EXE - Deleted
C:\CZBTQV~1.EXE - Deleted
C:\CZWHZY~1.EXE - Deleted
C:\DARDHY~1.EXE - Deleted
C:\DBQFDY~1.EXE - Deleted
C:\DCBNGI~1.EXE - Deleted
C:\DCLHRS~1.EXE - Deleted
C:\DDBPUE~1.EXE - Deleted
C:\DHDRTS~1.EXE - Deleted
C:\DHQVSX~1.EXE - Deleted
C:\DIYKEA~1.EXE - Deleted
C:\DJIEBV~1.EXE - Deleted
C:\DJMPVS~1.EXE - Deleted
C:\DLBUWZ~1.EXE - Deleted
C:\DMLFPT~1.EXE - Deleted
C:\DNTXCW~1.EXE - Deleted
C:\DOXJBA~1.EXE - Deleted
C:\DPIIJX~1.EXE - Deleted
C:\DPTOWD~1.EXE - Deleted
C:\DQAEPE~1.EXE - Deleted
C:\DSKBJU~1.EXE - Deleted
C:\DTCHFN~1.EXE - Deleted
C:\DUMPLN~1.EXE - Deleted
C:\DUPANE~1.EXE - Deleted
C:\DVOTPC~1.EXE - Deleted
C:\DVVJQX~1.EXE - Deleted
C:\DVYSWQ~1.EXE - Deleted
C:\DYLLFS~1.EXE - Deleted
C:\DYMZUB~1.EXE - Deleted
C:\DYPREE~1.EXE - Deleted
C:\DYQURI~1.EXE - Deleted
C:\DYRTSH~1.EXE - Deleted
C:\DZJTNA~1.EXE - Deleted
C:\EAFHCS~1.EXE - Deleted
C:\ECFODL~1.EXE - Deleted
C:\ECKMLS~1.EXE - Deleted
C:\ECMUNN~1.EXE - Deleted
C:\EDARGT~1.EXE - Deleted
C:\EEWUYQ~1.EXE - Deleted
C:\EHAQAL~1.EXE - Deleted
C:\EHIYGQ~1.EXE - Deleted
C:\EICNPZ~1.EXE - Deleted
C:\EJHQIY~1.EXE - Deleted
C:\EJSPRZ~1.EXE - Deleted
C:\EJVJGO~1.EXE - Deleted
C:\EKADSW~1.EXE - Deleted
C:\EKEUBR~1.EXE - Deleted
C:\EMVIFN~1.EXE - Deleted
C:\ENLHBP~1.EXE - Deleted
C:\ENQYSK~1.EXE - Deleted
C:\EOGRXU~1.EXE - Deleted
C:\EOXRHW~1.EXE - Deleted
C:\EPPQBC~1.EXE - Deleted
C:\EPPSKC~1.EXE - Deleted
C:\EQUXRG~1.EXE - Deleted
C:\ERPBEN~1.EXE - Deleted
C:\ERYMOX~1.EXE - Deleted
C:\EWEKPX~1.EXE - Deleted
C:\EWKFLG~1.EXE - Deleted
C:\EWLIOW~1.EXE - Deleted
C:\EXLFYA~1.EXE - Deleted
C:\EYMZYM~1.EXE - Deleted
C:\FCDMQX~1.EXE - Deleted
C:\FDAZAF~1.EXE - Deleted
C:\FEAOJA~1.EXE - Deleted
C:\FELGPP~1.EXE - Deleted
C:\FFZUTA~1.EXE - Deleted
C:\FGVQWA~1.EXE - Deleted
C:\FJIPEK~1.EXE - Deleted
C:\FJXLDD~1.EXE - Deleted
C:\FMKLAK~1.EXE - Deleted
C:\FMMPDS~1.EXE - Deleted
C:\FNVDDX~1.EXE - Deleted
C:\FPFZYM~1.EXE - Deleted
C:\FPGQQB~1.EXE - Deleted
C:\FRCVHR~1.EXE - Deleted
C:\FRJVYI~1.EXE - Deleted
C:\FRKONJ~1.EXE - Deleted
C:\FRREKT~1.EXE - Deleted
C:\FSCIKM~1.EXE - Deleted
C:\FSHCLI~1.EXE - Deleted
C:\FUUZVI~1.EXE - Deleted
C:\FUVTHJ~1.EXE - Deleted
C:\FVCCBK~1.EXE - Deleted
C:\FVDXQJ~1.EXE - Deleted
C:\FZMHTA~1.EXE - Deleted
C:\GACXCF~1.EXE - Deleted
C:\GBBSKU~1.EXE - Deleted
C:\GBFJJT~1.EXE - Deleted
C:\GBFWCK~1.EXE - Deleted
C:\GBGRUK~1.EXE - Deleted
C:\GBKVYF~1.EXE - Deleted
C:\GBXXBY~1.EXE - Deleted
C:\GCLOPP~1.EXE - Deleted
C:\GCLTDJ~1.EXE - Deleted
C:\GDXXAX~1.EXE - Deleted
C:\GEDDUD~1.EXE - Deleted
C:\GEQSHR~1.EXE - Deleted
C:\GEWMXT~1.EXE - Deleted
C:\GFBHEW~1.EXE - Deleted
C:\GGAQJL~1.EXE - Deleted
C:\GGLTAI~1.EXE - Deleted
C:\GGRQHR~1.EXE - Deleted
C:\GHJJYE~1.EXE - Deleted
C:\GHQGSI~1.EXE - Deleted
C:\GJWYUI~1.EXE - Deleted
C:\GKPGEZ~1.EXE - Deleted
C:\GMWXOO~1.EXE - Deleted
C:\GNHZQC~1.EXE - Deleted
C:\GPHLXG~1.EXE - Deleted
C:\GPULVO~1.EXE - Deleted
C:\GQPPIX~1.EXE - Deleted
C:\GRUOGM~1.EXE - Deleted
C:\GSRWZT~1.EXE - Deleted
C:\GTPXBM~1.EXE - Deleted
C:\GUXXPY~1.EXE - Deleted
C:\GVEHEZ~1.EXE - Deleted
C:\GVGHXR~1.EXE - Deleted
C:\GVXPCW~1.EXE - Deleted
C:\GWMEZA~1.EXE - Deleted
C:\GYIVHS~1.EXE - Deleted
C:\GZIGVP~1.EXE - Deleted
C:\GZMPEY~1.EXE - Deleted
C:\HAEQIG~1.EXE - Deleted
C:\HAQKKK~1.EXE - Deleted
C:\HBERJN~1.EXE - Deleted
C:\HDBKIL~1.EXE - Deleted
C:\HDVDIP~1.EXE - Deleted
C:\HFCYUM~1.EXE - Deleted
C:\HGZJBA~1.EXE - Deleted
C:\HHRUPB~1.EXE - Deleted
C:\HIHUZI~1.EXE - Deleted
C:\HKNPAX~1.EXE - Deleted
C:\HKZZBE~1.EXE - Deleted
C:\HLYMCV~1.EXE - Deleted
C:\HMEFKA~1.EXE - Deleted
C:\HMYRAK~1.EXE - Deleted
C:\HNGUQC~1.EXE - Deleted
C:\HOZNFU~1.EXE - Deleted
C:\HPUYXH~1.EXE - Deleted
C:\HQRIGP~1.EXE - Deleted
C:\HSOCOT~1.EXE - Deleted
C:\HSOVNW~1.EXE - Deleted
C:\HSQNPY~1.EXE - Deleted
C:\HVYZBU~1.EXE - Deleted
C:\HWNHGX~1.EXE - Deleted
C:\HWPZGH~1.EXE - Deleted
C:\HWQZAF~1.EXE - Deleted
C:\HYWLQR~1.EXE - Deleted
C:\HZEICS~1.EXE - Deleted
C:\HZFDXR~1.EXE - Deleted
C:\HZINQK~1.EXE - Deleted
C:\IAFGEY~1.EXE - Deleted
C:\IBBTLK~1.EXE - Deleted
C:\ICIVSN~1.EXE - Deleted
C:\ICWVSR~1.EXE - Deleted
C:\IEJGCL~1.EXE - Deleted
C:\IFEHFM~1.EXE - Deleted
C:\IFXBBZ~1.EXE - Deleted
C:\IGBXDC~1.EXE - Deleted
C:\IHYIGS~1.EXE - Deleted
C:\IKDVPJ~1.EXE - Deleted
C:\IKDXUM~1.EXE - Deleted
C:\IKTYKA~1.EXE - Deleted
C:\ILJQPI~1.EXE - Deleted
C:\IMEBBP~1.EXE - Deleted
C:\IMZHDY~1.EXE - Deleted
C:\IPAOHR~1.EXE - Deleted
C:\IPXMTY~1.EXE - Deleted
C:\IQTLQP~1.EXE - Deleted
C:\ISBFBY~1.EXE - Deleted
C:\ISWPXS~1.EXE - Deleted
C:\IWJOHA~1.EXE - Deleted
C:\IWLUOR~1.EXE - Deleted
C:\IXYYIL~1.EXE - Deleted
C:\IYZJGI~1.EXE - Deleted
C:\IZAFTO~1.EXE - Deleted
C:\IZDVHT~1.EXE - Deleted
C:\JARYNE~1.EXE - Deleted
C:\JCICXH~1.EXE - Deleted
C:\JEGQQZ~1.EXE - Deleted
C:\JESWHM~1.EXE - Deleted
C:\JFLEOB~1.EXE - Deleted
C:\JFYOUM~1.EXE - Deleted
C:\JGASSS~1.EXE - Deleted
C:\JHSOHB~1.EXE - Deleted
C:\JICXTT~1.EXE - Deleted
C:\JKCHEY~1.EXE - Deleted
C:\JLSFFF~1.EXE - Deleted
C:\JMLVSI~1.EXE - Deleted
C:\JMNZWI~1.EXE - Deleted
C:\JOORQN~1.EXE - Deleted
C:\JPJLBF~1.EXE - Deleted
C:\JPRURW~1.EXE - Deleted
C:\JRHNTU~1.EXE - Deleted
C:\JSCAUN~1.EXE - Deleted
C:\JSKHSK~1.EXE - Deleted
C:\JSSVQS~1.EXE - Deleted
C:\JTIDUS~1.EXE - Deleted
C:\JTKXFT~1.EXE - Deleted
C:\JULIXY~1.EXE - Deleted
C:\JVGABA~1.EXE - Deleted
C:\JWPXJJ~1.EXE - Deleted
C:\JXFVNS~1.EXE - Deleted
C:\JXYFYF~1.EXE - Deleted
C:\JYHIUG~1.EXE - Deleted
C:\JZDAND~1.EXE - Deleted
C:\KABTKT~1.EXE - Deleted
C:\KADTRA~1.EXE - Deleted
C:\KBRVOD~1.EXE - Deleted
C:\KCHKGJ~1.EXE - Deleted
C:\KEAIMA~1.EXE - Deleted
C:\KEUYWN~1.EXE - Deleted
C:\KEVFBI~1.EXE - Deleted
C:\KFTCWX~1.EXE - Deleted
C:\KFWUMM~1.EXE - Deleted
C:\KHQZZH~1.EXE - Deleted
C:\KHSPKR~1.EXE - Deleted
C:\KHUEZR~1.EXE - Deleted
C:\KJGEBX~1.EXE - Deleted
C:\KKRETR~1.EXE - Deleted
C:\KLACEG~1.EXE - Deleted
C:\KLBQVS~1.EXE - Deleted
C:\KNNXCX~1.EXE - Deleted
C:\KQOBJE~1.EXE - Deleted
C:\KRXEYK~1.EXE - Deleted
C:\KSVESS~1.EXE - Deleted
C:\KTELES~1.EXE - Deleted
C:\KTEXKB~1.EXE - Deleted
C:\KTYJAX~1.EXE - Deleted
C:\KUDMNI~1.EXE - Deleted
C:\KWVTJZ~1.EXE - Deleted
C:\KXEQUF~1.EXE - Deleted
C:\KXNYED~1.EXE - Deleted
C:\KXVDLV~1.EXE - Deleted
C:\KYMDBH~1.EXE - Deleted
C:\KZJUYA~1.EXE - Deleted
C:\LBDIXJ~1.EXE - Deleted
C:\LCDOFX~1.EXE - Deleted
C:\LDUYEO~1.EXE - Deleted
C:\LEXCJS~1.EXE - Deleted
C:\LFBDWH~1.EXE - Deleted
C:\LGGSEL~1.EXE - Deleted
C:\LGGTWE~1.EXE - Deleted
C:\LGKDEE~1.EXE - Deleted
C:\LIZEFS~1.EXE - Deleted
C:\LJWRHP~1.EXE - Deleted
C:\LKITEA~1.EXE - Deleted
C:\LLWSHC~1.EXE - Deleted
C:\LMLNBU~1.EXE - Deleted
C:\LPDLFI~1.EXE - Deleted
C:\LPYTVH~1.EXE - Deleted
C:\LQSDND~1.EXE - Deleted
C:\LSNRVF~1.EXE - Deleted
C:\LSRXRZ~1.EXE - Deleted
C:\LTEEQC~1.EXE - Deleted
C:\LUDZTH~1.EXE - Deleted
C:\LUWXZM~1.EXE - Deleted
C:\LXGRQJ~1.EXE - Deleted
C:\LYDLPN~1.EXE - Deleted
C:\LYUJNL~1.EXE - Deleted
C:\LYZSJI~1.EXE - Deleted
C:\MBLZIY~1.EXE - Deleted
C:\MBMUAT~1.EXE - Deleted
C:\MDWSDN~1.EXE - Deleted
C:\MEFLHP~1.EXE - Deleted
C:\MFMPCP~1.EXE - Deleted
C:\MFPVHU~1.EXE - Deleted
C:\MFXCAU~1.EXE - Deleted
C:\MGUSBW~1.EXE - Deleted
C:\MILLHH~1.EXE - Deleted
C:\MIQSFP~1.EXE - Deleted
C:\MJPMFH~1.EXE - Deleted
C:\MKDZQO~1.EXE - Deleted
C:\MKJQCM~1.EXE - Deleted
C:\MLNTMU~1.EXE - Deleted
C:\MLYUZX~1.EXE - Deleted
C:\MLZOIK~1.EXE - Deleted
C:\MMNSQJ~1.EXE - Deleted
C:\MMOLRX~1.EXE - Deleted
C:\MNHMNO~1.EXE - Deleted
C:\MNNFDO~1.EXE - Deleted
C:\MNNWQR~1.EXE - Deleted
C:\MQFPOJ~1.EXE - Deleted
C:\MQTTWB~1.EXE - Deleted
C:\MQVEUP~1.EXE - Deleted
C:\MSDTNX~1.EXE - Deleted
C:\MTKSUA~1.EXE - Deleted
C:\MTLZAP~1.EXE - Deleted
C:\MUMZUT~1.EXE - Deleted
C:\MUPIBF~1.EXE - Deleted
C:\MUTGQC~1.EXE - Deleted
C:\MUTJEW~1.EXE - Deleted
C:\MVJGNW~1.EXE - Deleted
C:\MVWTQK~1.EXE - Deleted
C:\MVZCBF~1.EXE - Deleted
C:\MWAVPD~1.EXE - Deleted
C:\MWGVDY~1.EXE - Deleted
C:\MYCXVH~1.EXE - Deleted
C:\MZDYDI~1.EXE - Deleted
C:\MZMGTD~1.EXE - Deleted
C:\MZPVEJ~1.EXE - Deleted
C:\MZSRQM~1.EXE - Deleted
C:\NBJALV~1.EXE - Deleted
C:\NEWYNP~1.EXE - Deleted
C:\NFWXDI~1.EXE - Deleted
C:\NGNBPT~1.EXE - Deleted
C:\NJSJAQ~1.EXE - Deleted
C:\NMOIPX~1.EXE - Deleted
C:\NMURJP~1.EXE - Deleted
C:\NNDRFM~1.EXE - Deleted
C:\NOZXSZ~1.EXE - Deleted
C:\NPPGRW~1.EXE - Deleted
C:\NPSRGA~1.EXE - Deleted
C:\NQDEIN~1.EXE - Deleted
C:\NQZSBR~1.EXE - Deleted
C:\NSOARN~1.EXE - Deleted
C:\NSRCQK~1.EXE - Deleted
C:\NUYJQA~1.EXE - Deleted
C:\NWPNGK~1.EXE - Deleted
C:\NYIZNB~1.EXE - Deleted
C:\NYWFMQ~1.EXE - Deleted
C:\OAAUNE~1.EXE - Deleted
C:\OBHRCW~1.EXE - Deleted
C:\OBPMIY~1.EXE - Deleted
C:\OBSFZT~1.EXE - Deleted
C:\ODCOOS~1.EXE - Deleted
C:\ODJWUG~1.EXE - Deleted
C:\ODKUKM~1.EXE - Deleted
C:\OFBLJP~1.EXE - Deleted
C:\OFEKTB~1.EXE - Deleted
C:\OFWNIO~1.EXE - Deleted
C:\OHZTHX~1.EXE - Deleted
C:\OJOQWU~1.EXE - Deleted
C:\OJUEWJ~1.EXE - Deleted
C:\OJWKCN~1.EXE - Deleted
C:\OLCRQK~1.EXE - Deleted
C:\OMFANJ~1.EXE - Deleted
C:\OMRSRK~1.EXE - Deleted
C:\ONHWOE~1.EXE - Deleted
C:\ONMMMW~1.EXE - Deleted
C:\ONSDYD~1.EXE - Deleted
C:\OOHCTS~1.EXE - Deleted
C:\OOHQTA~1.EXE - Deleted
C:\OOHXQL~1.EXE - Deleted
C:\OOYLJH~1.EXE - Deleted
C:\OPQSBM~1.EXE - Deleted
C:\ORGDCQ~1.EXE - Deleted
C:\ORTTRB~1.EXE - Deleted
C:\OSMCSR~1.EXE - Deleted
C:\OTXSSW~1.EXE - Deleted
C:\OUTJYQ~1.EXE - Deleted
C:\OUZPSB~1.EXE - Deleted
C:\OVFGLO~1.EXE - Deleted
C:\OVLYQZ~1.EXE - Deleted
C:\OWBMJS~1.EXE - Deleted
C:\OWSUAO~1.EXE - Deleted
C:\OXNWSL~1.EXE - Deleted
C:\OYGAPM~1.EXE - Deleted
C:\OYKTCM~1.EXE - Deleted
C:\OYUNEK~1.EXE - Deleted
C:\OYVBVE~1.EXE - Deleted
C:\OZHFJJ~1.EXE - Deleted
C:\OZIHCV~1.EXE - Deleted
C:\OZPKFX~1.EXE - Deleted
C:\PAPMOU~1.EXE - Deleted
C:\PAYBEP~1.EXE - Deleted
C:\PDNVYN~1.EXE - Deleted
C:\PFJGRC~1.EXE - Deleted
C:\PHTPHR~1.EXE - Deleted
C:\PIIBKO~1.EXE - Deleted
C:\PINUFD~1.EXE - Deleted
C:\PIWPAS~1.EXE - Deleted
C:\PJEXKO~1.EXE - Deleted
C:\PKLJXP~1.EXE - Deleted
C:\PKTOAL~1.EXE - Deleted
C:\PKVEUX~1.EXE - Deleted
C:\PMFRJI~1.EXE - Deleted
C:\PMQWMW~1.EXE - Deleted
C:\PNUNRA~1.EXE - Deleted
C:\PPSXOQ~1.EXE - Deleted
C:\PPZXCT~1.EXE - Deleted
C:\PQRVSP~1.EXE - Deleted
C:\PSJNSU~1.EXE - Deleted
C:\PTPRCH~1.EXE - Deleted
C:\PTRTZM~1.EXE - Deleted
C:\PTTGFK~1.EXE - Deleted
C:\PTWEZE~1.EXE - Deleted
C:\PVLILX~1.EXE - Deleted
C:\PWXIXD~1.EXE - Deleted
C:\PXSRYR~1.EXE - Deleted
C:\PXWMQC~1.EXE - Deleted
C:\PYOWSG~1.EXE - Deleted
C:\PYVEIS~1.EXE - Deleted
C:\PZBPJR~1.EXE - Deleted
C:\PZDKBH~1.EXE - Deleted
C:\PZOCED~1.EXE - Deleted
C:\QARZZL~1.EXE - Deleted
C:\QBRDMS~1.EXE - Deleted
C:\QCBWAL~1.EXE - Deleted
C:\QCGFUA~1.EXE - Deleted
C:\QCOEAA~1.EXE - Deleted
C:\QDDHZZ~1.EXE - Deleted
C:\QDPAKK~1.EXE - Deleted
C:\QDWNPJ~1.EXE - Deleted
C:\QEHJWK~1.EXE - Deleted
C:\QFSOIP~1.EXE - Deleted
C:\QFTVWD~1.EXE - Deleted
C:\QGSQWA~1.EXE - Deleted
C:\QGTMFE~1.EXE - Deleted
C:\QHEKGJ~1.EXE - Deleted
C:\QHGVQK~1.EXE - Deleted
C:\QIDSSZ~1.EXE - Deleted
C:\QIJLWM~1.EXE - Deleted
C:\QITDJN~1.EXE - Deleted
C:\QJROBJ~1.EXE - Deleted
C:\QKOCTG~1.EXE - Deleted
C:\QMCMKV~1.EXE - Deleted
C:\QMLVIO~1.EXE - Deleted
C:\QNHRKA~1.EXE - Deleted
C:\QNIOJQ~1.EXE - Deleted
C:\QNXOWF~1.EXE - Deleted
C:\QQXGOF~1.EXE - Deleted
C:\QRRPPC~1.EXE - Deleted
C:\QSGDPI~1.EXE - Deleted
C:\QSIQFQ~1.EXE - Deleted
C:\QSPNPC~1.EXE - Deleted
C:\QSPORN~1.EXE - Deleted
C:\QSWWKH~1.EXE - Deleted
C:\QTRXEM~1.EXE - Deleted
C:\QTTPNA~1.EXE - Deleted
C:\QUDXMX~1.EXE - Deleted
C:\QULFVN~1.EXE - Deleted
C:\QVKDSU~1.EXE - Deleted
C:\QVKLWZ~1.EXE - Deleted
C:\QVLMDW~1.EXE - Deleted
C:\QWZGDB~1.EXE - Deleted
C:\QYSUJG~1.EXE - Deleted
C:\QZKYMF~1.EXE - Deleted
C:\QZTMLC~1.EXE - Deleted
C:\RAYYRT~1.EXE - Deleted
C:\RBCRHB~1.EXE - Deleted
C:\RBZFIQ~1.EXE - Deleted
C:\RCZRAL~1.EXE - Deleted
C:\RDPPFE~1.EXE - Deleted
C:\REJWPE~1.EXE - Deleted
C:\RFCZZG~1.EXE - Deleted
C:\RFKLMS~1.EXE - Deleted
C:\RFQFPJ~1.EXE - Deleted
C:\RGSZXU~1.EXE - Deleted
C:\RHIJGA~1.EXE - Deleted
C:\RHIQUH~1.EXE - Deleted
C:\RHPFYY~1.EXE - Deleted
C:\RICMUF~1.EXE - Deleted
C:\RIVGDL~1.EXE - Deleted
C:\RIVUZF~1.EXE - Deleted
C:\RJDTGX~1.EXE - Deleted
C:\RJGLHR~1.EXE - Deleted
C:\RJSNBJ~1.EXE - Deleted
C:\RJZYSU~1.EXE - Deleted
C:\RKCLXO~1.EXE - Deleted
C:\RLJZAG~1.EXE - Deleted
C:\RLUUNC~1.EXE - Deleted
C:\RMYVHE~1.EXE - Deleted
C:\ROCGJJ~1.EXE - Deleted
C:\RPCURR~1.EXE - Deleted
C:\RQSTQW~1.EXE - Deleted
C:\RRPBTP~1.EXE - Deleted
C:\RRVERZ~1.EXE - Deleted
C:\RSXDLI~1.EXE - Deleted
C:\RTFEMZ~1.EXE - Deleted
C:\RTMTRE~1.EXE - Deleted
C:\RTZXMI~1.EXE - Deleted
C:\RWEWEW~1.EXE - Deleted
C:\RWJMMC~1.EXE - Deleted
C:\RWKXNG~1.EXE - Deleted
C:\RWUZHI~1.EXE - Deleted
C:\RWWAIT~1.EXE - Deleted
C:\RWWGPS~1.EXE - Deleted
C:\RWZEQA~1.EXE - Deleted
C:\RXLEKB~1.EXE - Deleted
C:\RXNORA~1.EXE - Deleted
C:\RXVHHU~1.EXE - Deleted
C:\RXZISB~1.EXE - Deleted
C:\RYAKIY~1.EXE - Deleted
C:\RYPZKS~1.EXE - Deleted
C:\RZALPY~1.EXE - Deleted
C:\RZPGSI~1.EXE - Deleted
C:\SBCJBL~1.EXE - Deleted
C:\SBKOED~1.EXE - Deleted
C:\SCANVD~1.EXE - Deleted
C:\SCEEFY~1.EXE - Deleted
C:\SCINTU~1.EXE - Deleted
C:\SCMOGI~1.EXE - Deleted
C:\SESYWH~1.EXE - Deleted
C:\SEVEDC~1.EXE - Deleted
C:\SFMECH~1.EXE - Deleted
C:\SHJRVG~1.EXE - Deleted
C:\SJFAGW~1.EXE - Deleted
C:\SNACNO~1.EXE - Deleted
C:\SOCYZH~1.EXE - Deleted
C:\SQLCIU~1.EXE - Deleted
C:\SSLRWI~1.EXE - Deleted
C:\SSZITS~1.EXE - Deleted
C:\STLXYJ~1.EXE - Deleted
C:\SVRHBK~1.EXE - Deleted
C:\SWQFPB~1.EXE - Deleted
C:\SXMJKP~1.EXE - Deleted
C:\SYYCKV~1.EXE - Deleted
C:\TAJHHR~1.EXE - Deleted
C:\TBPDUO~1.EXE - Deleted
C:\TDYSBQ~1.EXE - Deleted
C:\TECMDB~1.EXE - Deleted
C:\TEZONB~1.EXE - Deleted
C:\TFHFPK~1.EXE - Deleted
C:\TFJRRL~1.EXE - Deleted
C:\TGCYND~1.EXE - Deleted
C:\TGVZEV~1.EXE - Deleted
C:\THOKHX~1.EXE - Deleted
C:\TIKDWU~1.EXE - Deleted
C:\TIUUTT~1.EXE - Deleted
C:\TJLUHP~1.EXE - Deleted
C:\TKIXNG~1.EXE - Deleted
C:\TLBILC~1.EXE - Deleted
C:\TNSLHZ~1.EXE - Deleted
C:\TNSUFE~1.EXE - Deleted
C:\TORILY~1.EXE - Deleted
C:\TQEFBE~1.EXE - Deleted
C:\TQMUPV~1.EXE - Deleted
C:\TRCOPF~1.EXE - Deleted
C:\TRUUFZ~1.EXE - Deleted
C:\TRWBGG~1.EXE - Deleted
C:\TRYKYU~1.EXE - Deleted
C:\TTNJDU~1.EXE - Deleted
C:\TUGGUC~1.EXE - Deleted
C:\TUIHHB~1.EXE - Deleted
C:\TURZPA~1.EXE - Deleted
C:\TVMTEW~1.EXE - Deleted
C:\TVOQHK~1.EXE - Deleted
C:\TVUSBN~1.EXE - Deleted
C:\TWRSTS~1.EXE - Deleted
C:\TWTTEC~1.EXE - Deleted
C:\TWVBLQ~1.EXE - Deleted
C:\TWVPOC~1.EXE - Deleted
C:\TXJZJY~1.EXE - Deleted
C:\TXLZXS~1.EXE - Deleted
C:\TXUILP~1.EXE - Deleted
C:\TYPZNB~1.EXE - Deleted
C:\TYQBJM~1.EXE - Deleted
C:\TZKMBC~1.EXE - Deleted
C:\TZMYLS~1.EXE - Deleted
C:\UAYACZ~1.EXE - Deleted
C:\UBXPVA~1.EXE - Deleted
C:\UCOWYC~1.EXE - Deleted
C:\UDNFFL~1.EXE - Deleted
C:\UEHSPU~1.EXE - Deleted
C:\UEJTOD~1.EXE - Deleted
C:\UEMHKH~1.EXE - Deleted
C:\UGICDU~1.EXE - Deleted
C:\UHSQFO~1.EXE - Deleted
C:\UINHMN~1.EXE - Deleted
C:\UJRMAJ~1.EXE - Deleted
C:\UJYNTK~1.EXE - Deleted
C:\UKNYRV~1.EXE - Deleted
C:\UNBILZ~1.EXE - Deleted
C:\UNELXR~1.EXE - Deleted
C:\UNHZSM~1.EXE - Deleted
C:\UNLYGB~1.EXE - Deleted
C:\UNZJDJ~1.EXE - Deleted
C:\UOODQB~1.EXE - Deleted
C:\UPQPXX~1.EXE - Deleted
C:\UPQRAQ~1.EXE - Deleted
C:\UPWFFX~1.EXE - Deleted
C:\UQHILQ~1.EXE - Deleted
C:\USOFAQ~1.EXE - Deleted
C:\USSAJK~1.EXE - Deleted
C:\UTLORX~1.EXE - Deleted
C:\UUNWGX~1.EXE - Deleted
C:\UUUHRJ~1.EXE - Deleted
C:\UWRESB~1.EXE - Deleted
C:\UXVUSP~1.EXE - Deleted
C:\UYKSWK~1.EXE - Deleted
C:\UZBVQQ~1.EXE - Deleted
C:\UZQNMA~1.EXE - Deleted
C:\VADEGO~1.EXE - Deleted
C:\VAEVFB~1.EXE - Deleted
C:\VBKTTD~1.EXE - Deleted
C:\VCZGOA~1.EXE - Deleted
C:\VDQNIV~1.EXE - Deleted
C:\VEZADI~1.EXE - Deleted
C:\VFDMER~1.EXE - Deleted
C:\VFJJSB~1.EXE - Deleted
C:\VGEQFY~1.EXE - Deleted
C:\VGJBTQ~1.EXE - Deleted
C:\VGTDGD~1.EXE - Deleted
C:\VHVQON~1.EXE - Deleted
C:\VHVVWN~1.EXE - Deleted
C:\VICGHY~1.EXE - Deleted
C:\VIHWUM~1.EXE - Deleted
C:\VKKWFM~1.EXE - Deleted
C:\VLVHQY~1.EXE - Deleted
C:\VMZENE~1.EXE - Deleted
C:\VNHMNQ~1.EXE - Deleted
C:\VNVFUI~1.EXE - Deleted
C:\VOFNRX~1.EXE - Deleted
C:\VRKGOU~1.EXE - Deleted
C:\VSGOKS~1.EXE - Deleted
C:\VVULHZ~1.EXE - Deleted
C:\VWEYFO~1.EXE - Deleted
C:\VWIIUN~1.EXE - Deleted
C:\VWUROY~1.EXE - Deleted
C:\VXFQFQ~1.EXE - Deleted
C:\VXVYSI~1.EXE - Deleted
C:\VXXXMK~1.EXE - Deleted
C:\VZNYJC~1.EXE - Deleted
C:\VZYUCQ~1.EXE - Deleted
C:\WAFOUB~1.EXE - Deleted
C:\WAJCVP~1.EXE - Deleted
C:\WAPBUY~1.EXE - Deleted
C:\WBEOJM~1.EXE - Deleted
C:\WCASOV~1.EXE - Deleted
C:\WCBXPF~1.EXE - Deleted
C:\WCCGXO~1.EXE - Deleted
C:\WEZBGN~1.EXE - Deleted
C:\WGFUUV~1.EXE - Deleted
C:\WGUXQC~1.EXE - Deleted
C:\WIDZUR~1.EXE - Deleted
C:\WIHZZP~1.EXE - Deleted
C:\WIVIZJ~1.EXE - Deleted
C:\WJYQMS~1.EXE - Deleted
C:\WKDKLK~1.EXE - Deleted
C:\WKDNSU~1.EXE - Deleted
C:\WKSPBI~1.EXE - Deleted
C:\WLGKCP~1.EXE - Deleted
C:\WLTCZO~1.EXE - Deleted
C:\WNNYVK~1.EXE - Deleted
C:\WNYCYG~1.EXE - Deleted
C:\WODEPF~1.EXE - Deleted
C:\WOVHWP~1.EXE - Deleted
C:\WQHEGJ~1.EXE - Deleted
C:\WSFTYF~1.EXE - Deleted
C:\WSWQPS~1.EXE - Deleted
C:\WTMLPG~1.EXE - Deleted
C:\WTVEEL~1.EXE - Deleted
C:\WVVVYB~1.EXE - Deleted
C:\WWAXTK~1.EXE - Deleted
C:\WXOMQR~1.EXE - Deleted
C:\WYRSFR~1.EXE - Deleted
C:\WZJZRQ~1.EXE - Deleted
C:\XCRMCJ~1.EXE - Deleted
C:\XCTASV~1.EXE - Deleted
C:\XCVYOL~1.EXE - Deleted
C:\XDORSW~1.EXE - Deleted
C:\XEZMCS~1.EXE - Deleted
C:\XGENWJ~1.EXE - Deleted
C:\XGWBDU~1.EXE - Deleted
C:\XHBKNP~1.EXE - Deleted
C:\XIMUIH~1.EXE - Deleted
C:\XKWKHG~1.EXE - Deleted
C:\XKWQBE~1.EXE - Deleted
C:\XLOVJZ~1