Se connecter / S'enregistrer
Votre question

infection virus nokia 19 sur MSN [RESOLU]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Novembre 2007 11:56:40

Je me suis fait infecté par le virus nokia 19 par un contact sur MSN et comme un c... je l'ai ouvert et depuis MSN n'arrète pas de déconner.
J'ai bien éssayé de regardé les autre sujet traitant de se même problème mais je n'ai hélas pa tout compris :(  et cela change aussi d'un sujet a un autre.
J'ai téléchargé hijackthis comme cela a été souvent indiqué dans d'autre sujet mais je ne sais pas qoi faire après.
Je vous envoie le rapport en espèrant qe vous puissié m'aider.
merci :) 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:51, on 02/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Windows\LBTWiz.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Bels\Downloads\anti-virus\HiJackThis.exe
C:\Windows\system32\WerFault.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LBTWiz.exe] C:\Windows\LBTWiz.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSN...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12937 bytes

Autres pages sur : infection virus nokia msn resolu

a b 8 Sécurité
2 Novembre 2007 13:09:13

Un bonjour ?

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
2 Novembre 2007 14:00:13

bonjour (désolé j'avai oublié)
J'ai bien fait se que vous m'avai dit mais je rencontre plusieurs problèmes:

-quand je clique droit dans winrar sur le dossier je n'est pas "extraire tout" je fait donc "extraire vers un dossier" en l'ocurences le bureau.

-ensuite j'ai bien un dossier MSNFix mais, a l'interieur ne se trouve pas MSNFix.bat mais un autre dossier qui se nomme incl et un fichiier de commande qui se nomme MSNFix

-ensuite quand je doouble clique dessus il me met bien une fenètre ds laquelle il me demande ma langue puis d'executer l'option R et il commence a chercher sauf qu'à un moment la fenètre se ferme et je n'ai pa dans le fichier MSNFix de rapport.

le virus est toujours la, s'il vous plait est ce que vous avez une autre solutions.
merci d'avance
Contenus similaires
2 Novembre 2007 14:12:58

salut g u le méme tour, g du formater mon pc et depuis plus rien c la meilleur solution. voila
2 Novembre 2007 14:19:12

merci mais je préfère attendre la solution de Angeldark si elle a une autre manière de résoudre le problème
a b 8 Sécurité
2 Novembre 2007 14:54:59

Tonyjaa : pas de sms :jap: 

Citation :
-quand je clique droit dans winrar sur le dossier je n'est pas "extraire tout" je fait donc "extraire vers un dossier" en l'ocurences le bureau.

C'est pareil.

Citation :
-ensuite j'ai bien un dossier MSNFix mais, a l'interieur ne se trouve pas MSNFix.bat mais un autre dossier qui se nomme incl et un fichiier de commande qui se nomme MSNFix

Tu n'as pas accès aux extensions.

Citation :
-ensuite quand je doouble clique dessus il me met bien une fenètre ds laquelle il me demande ma langue puis d'executer l'option R et il commence a chercher sauf qu'à un moment la fenètre se ferme et je n'ai pa dans le fichier MSNFix de rapport.

Tu as bien regardé dans le dossier MSNFix ?
2 Novembre 2007 17:06:04

2 questions de quel extensions parlé vous et comment les trouvé?
De plus dans le dossier MSNFix il y a dossier qui se nomme incl et dans lequelle je trouve 5 fichiers d'applications qui se nomme:"MD5File, msnchk, Process, swreg, zip", ainsi que 3 documents textes se nommant:" dossier, fichier,upload", ainsi q'un fichier d'Inscription dans le Registre se nommant "banker"
merci d'avance
a b 8 Sécurité
2 Novembre 2007 18:25:42

Citation :
2 questions de quel extensions parlé vous et comment les trouvé?

Elles sont masquées par Windows, c'est normal par défaut.

Citation :
De plus dans le dossier MSNFix il y a dossier qui se nomme incl et dans lequelle je trouve 5 fichiers d'applications qui se nomme:"MD5File, msnchk, Process, swreg, zip", ainsi que 3 documents textes se nommant:" dossier, fichier,upload", ainsi q'un fichier d'Inscription dans le Registre se nommant "banker"
merci d'avance

Normal. Tu peux poster le contenu des fichiers textes ?
2 Novembre 2007 18:39:35

voici le contenue des fichiers:
dossier:
C:\Program Files\Common Files\Carlson\
C:\Program Files\Common Files\Delsim\
C:\PROGRA~1\ISM\
C:\PROGRA~1\ISM2\
C:\PROGRA~1\Bifrost\
C:\PROGRA~1\ddm\
C:\PROGRA~1\InetGet2\
C:\PROGRA~1\Insider\
C:\PROGRA~1\QdrModule\
C:\PROGRA~1\Temporary\
C:\PROGRA~1\WinAble\
C:\PROGRA~1\WinPop\
C:\PROGRA~1WinAble\
C:\AVG_BETA\
C:\Conf\
C:\Install\
C:\Lixo\
C:\oddysee\
C:\Temp\
C:\Windows\_tmp\
C:\Windows\htmCache\
C:\Windows\system32\B1\
C:\Windows\system32\B2\
C:\Windows\system32\openfile\
C:\Windows\system32\Security\
C:\Windows\system32\service\
C:\Windows\system32\updatelinkmsn\

fichier:
C:\Users\Bels\AppData\Roaming\addon.dat
C:\Users\Bels\AppData\Roaming\inside.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\carlton
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Antivirus32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ashDisp.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ashServ.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\atimvex.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\atrvmmx.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\bios.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\BRISA.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\bsyys.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\bsyys.scr
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\carlton
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ccssrss.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\cmd.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Computador.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Diup.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\dll.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\dllvirtual.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\eixdrv.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ExAlien.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\fbguad.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\firefoxx.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Flash.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\GbpSvc.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\HelpDesk.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Hide32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\icpldrvx.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\imglog.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\InstallHelp.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\javaupd.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\javsu.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\juchek.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\jvasu.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\JVM0.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\jvms.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\klpp.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\logon.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\lsssas.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\mdll.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\messengerr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\messenup.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\messgrr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\mjavas.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msm.cmd
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\MSN_MSS.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnconf.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\MSNENVIA.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnfile.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msng.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnmsg.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnmsgr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnsgs.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\mxjxde.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\My_Love.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Ndtstat.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\norton32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ntvvm.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\pdvsym.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\qtapp.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\regfixxsx.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\registtry.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\remote.cmd
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\repara_ae.bat
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Rg2catbd.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\rundl32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\rxnetq.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\smss.scr
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\svchost.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\svchostss.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\svhost.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\sxrork.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\sxrsym.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\syst.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\system32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\systemdll.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\task.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\taskmgrrr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Tasks.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\udll.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\voieup.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\voiork.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wepaint.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Win XP.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\win.scr
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Windows Update.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Windows32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\windowsupdate.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Winhost.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\winupdbc.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\WMedPlayer.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wrdmgr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wrloginpro.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wsnctfy.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wuaucltt.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ying.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\yong.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ZaZ.exe
C:\Program Files\Common Files\Carlson\carlton
C:\Program Files\Common Files\Delsim\del.exe
C:\PROGRA~1\COMMON~1\Microsoft Shared\DAO\svchost.exe
C:\PROGRA~1\COMMON~1\tmp.scr
C:\i.mages.zip
C:\Users\Bels\AppData\Local\addon.dat
C:\PROGRA~1\\NetMeeting\maisumviado.exe
C:\PROGRA~1\\outloo~1\update.exe
C:\PROGRA~1\\WinPop\winpop.exe.lzma
C:\PROGRA~1\a.txt
C:\PROGRA~1\Adobe\AdobeLanc.exe
C:\PROGRA~1\Ajuda.exe
C:\PROGRA~1\Amor.exe
C:\PROGRA~1\Bifrost\klog.dat
C:\PROGRA~1\Bifrost\server.exe
C:\PROGRA~1\Bifrost\sys32.exe
C:\PROGRA~1\Cica.exe
C:\PROGRA~1\Config\Config.exe
C:\PROGRA~1\dll.exe
C:\PROGRA~1\dllvirtual.exe
C:\PROGRA~1\dllwin.exe
C:\PROGRA~1\ExAlien.exe
C:\PROGRA~1\Favoritos.exe
C:\PROGRA~1\fer.exe
C:\PROGRA~1\Firewall.exe
C:\PROGRA~1\Flash.exe
C:\PROGRA~1\GbPlugin\\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\GbpSvc.exe
C:\PROGRA~1\GbPlugin\mdll.exe
C:\PROGRA~1\GbPlugin\msng.exe
C:\PROGRA~1\GbPlugin\Ndtstat.exe
C:\PROGRA~1\GbPlugin\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\udll.exe
C:\PROGRA~1\GbPlugin\yong.exe
C:\PROGRA~1\GbpSvc.exe
C:\PROGRA~1\help.exe
C:\PROGRA~1\HelpDesk.exe
C:\PROGRA~1\icpldrvx.exe
C:\PROGRA~1\ildredr.exe
C:\PROGRA~1\inetget2\installeur.exe
C:\PROGRA~1\Insider\Insider.exe
C:\PROGRA~1\Internet Explorer\bb.exe
C:\PROGRA~1\Internet Explorer\desc.exe
C:\PROGRA~1\Internet Explorer\loadie.exe
C:\PROGRA~1\Internet Explorer\realplayerp.exe
C:\PROGRA~1\ISM2\ISMPack7.exe
C:\PROGRA~1\klog.dat
C:\PROGRA~1\login.scr
C:\PROGRA~1\Logun.exe
C:\PROGRA~1\mdll.exe
C:\PROGRA~1\messenger.exe
C:\PROGRA~1\Messenger\msmsg.exe
C:\PROGRA~1\Messenger\Msnmsgr.exe
C:\PROGRA~1\mexe*.exe
C:\PROGRA~1\Microsoft Office Update\file.exe
C:\PROGRA~1\Microsoft Studio Files\file.exe
C:\PROGRA~1\Microsoft Studio Files\Winlsass32.exe
C:\PROGRA~1\Microsoft\svhost32.exe
C:\PROGRA~1\Movie Maker\ja_era_hehe.exe
C:\PROGRA~1\MSN Messenger Guiños\instalar guiños.exe
C:\PROGRA~1\MSN Messenger\instalar guiños.exe
C:\PROGRA~1\msng.exe
C:\PROGRA~1\msnmsg.exe
C:\PROGRA~1\My_Love.exe
C:\PROGRA~1\Ndtstat.exe
C:\PROGRA~1\NetMeeting\klog.dat
C:\PROGRA~1\NetMeeting\maisumviado.exe
C:\PROGRA~1\orkut.scr
C:\PROGRA~1\outloo~1\express.exe
C:\PROGRA~1\outloo~1\update.exe
C:\PROGRA~1\outlook express\express.exe
C:\PROGRA~1\Outlook Express\inyourface.exe
C:\PROGRA~1\Outlook Express\OutlookEx.exe
C:\PROGRA~1\Outlook Express\setup40.exe
C:\PROGRA~1\Perfect.exe
C:\PROGRA~1\photopaint.exe
C:\PROGRA~1\QdrModule\QdrModule9.exe
C:\PROGRA~1\Real.dll
C:\PROGRA~1\regedti.exe
C:\PROGRA~1\Remove.exe
C:\PROGRA~1\Rg2catbd.exe
C:\PROGRA~1\rm.exe
C:\PROGRA~1\Sandboxie\Control.exe
C:\PROGRA~1\schoty.cmd
C:\PROGRA~1\service.bat
C:\PROGRA~1\smss.exe
C:\PROGRA~1\SOUND.exe
C:\PROGRA~1\spiider.exe
C:\PROGRA~1\svchost.exe
C:\PROGRA~1\System\CDRom.exe
C:\PROGRA~1\System\Flash.exe
C:\PROGRA~1\System\Windows32.exe
C:\PROGRA~1\Tasks.exe
C:\PROGRA~1\Temporary\wininstall.exe
C:\PROGRA~1\udll.exe
C:\PROGRA~1\update.exe
C:\PROGRA~1\VTTimers.exe
C:\PROGRA~1\Wapp.exe
C:\PROGRA~1\Widows.exe
C:\PROGRA~1\WinAble\winable.exe
C:\PROGRA~1\Windows32.exe
C:\PROGRA~1\winINI.exe
C:\PROGRA~1\winpop\uninstall.exe
C:\PROGRA~1\WinPop\UnInstall.exe.lzma
C:\PROGRA~1\winpop\winpop.exe
C:\PROGRA~1\WinPop\winpop.exe.lzma
C:\PROGRA~1\Wm2emt.exe
C:\PROGRA~1\wmplay.exe
C:\PROGRA~1\yong.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ashDisp.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ashServ.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\avgccc.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\bios.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\bsyys.scr
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ccssrss.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\cmd.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Computador.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\dll.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\eixdrv.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ExAlien.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\fbguad.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\firefoxx.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Flash.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\InstallHelp.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\javsu.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\juchek.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\klpp.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\logon.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\lsssas.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\messengerr.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\messgrr.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\msm.cmd
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\msnmsgr.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\My_Love.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\norton32.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ntvvm.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\pdvsym.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\qtapp.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\qupdate.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\regfixxsx.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\registtry.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\remote.cmd
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\repara_ae.bat
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\rundl32.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\rxnetq.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\smss.scr
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\svchost.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\svchostss.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\svhost.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sxrork.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sxrsym.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\system32.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\task.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\taskmgrrr.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Tasks.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\voieup.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\voiork.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wepaint.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Win XP.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Windows Update.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Windows32.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\windowsupdate.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Winhost.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\winupdbc.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WMedPlayer.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wrloginpro.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wuaucltt.exe
C:\111z.exe
C:\2.exe
C:\521785.txt
C:\8e3y4u4a9t9.exe
C:\a.bat
C:\adv.exe
C:\aklr.exe
C:\Amigos.exe
C:\amor.exe
C:\animacao.scr
C:\Annoying crazy frog getting killed.pif
C:\Arquivos de programas\rem.exe
C:\Arquivos de programas\Wapp.exe
C:\arquivos de programas\Windows32.exe
C:\audise.exe
C:\auto1.exe
C:\auto2.exe
C:\auto3.exe
C:\autorun.inf
C:\AVG\Tools\csrss.scr
C:\AVG\Tools\svchost.exe
C:\AVG\Tools\taskmgr.exe
C:\AVG_BETA\DB\arquivo.txt
C:\AVG_BETA\Tools\csrss.scr
C:\AVG_BETA\Tools\msnmsgr.exe
C:\bedroom-thongs.pif
C:\British National Party.jpg
C:\btpaxole.dll
C:\Call.exe
C:\cartao.scr
C:\certmsje.dll
C:\claro.exe
C:\cmd.exe
C:\Conf\13.bmp
C:\Conf\15.bmp
C:\Conf\3.jpg
C:\Conf\cax2.jpg
C:\Conf\info.gif
C:\Conf\logo.jpg
C:\Conf\ms.exe
C:\Conf\msm.cmd
C:\Conf\msm.exe
C:\Conf\msmFF.cmd
C:\Conf\msmho.cmd
C:\Conf\nc.gif
C:\Conf\nd.gif
C:\Conf\nn.gif
C:\Conf\NOVOBB.gif
C:\Conf\novobb.jpg
C:\Conf\novobb2.jpg
C:\Conf\novoSB.gif
C:\Conf\ork.cmd
C:\Conf\tec.jpg
C:\Conf\win.scr
C:\contato.exe
C:\Crazy-Frog.Html
C:\Crazy frog gets killed by train!.pif
C:\Crazy frog gets killed by train!.pif Fat Elvis! lol.pif
C:\csrs.txt
C:\csrss.exe
C:\ctl3diac.exe
C:\DB\arquivo.txt
C:\diy.EXE
C:\dkotyrxbb.exe
C:\dll.exe
C:\dllwin.exe
C:\dnsajobe.dat
C:\dnsajobe.dll
C:\dnsajobe.exe
C:\download1591.exe
C:\dpl1npwm.dat
C:\dpl1npwm.dll
C:\dpl1npwm.exe
C:\dpv1bidi.dll
C:\Drunk_lol.pif
C:\dydhcp.exe
C:\emai.exe
C:\email.inf
C:\Enviado.123
C:\er-1-1148.exe
C:\Fat Elvis! lol.pif
C:\fFa4vV0rR170S5S2.exe
C:\File.exe
C:\FLIPART.EXE
C:\flw334.dll
C:\Foto.exe
C:\Foto_celular.scr
C:\Foto_celular.scr
C:\Foto_Celular.zip
C:\fotomensagem.exe
C:\fotos_posse.zip
C:\funny_pic.scr
C:\g5c5i4x6e4h2.exe
C:\g7n4l2o4i4.exe
C:\g7n4l2o4i4v4.exe
C:\GETDRIVE.EXE
C:\h1b9i6h4u6j1.exe
C:\hellmsn.exe
C:\Hot.pif
C:\How a Blonde Eats a Banana...pif
C:\hptzb02.exe
C:\hy.exe
C:\i.exe
C:\icone.exe
C:\IE.exe
C:\ierro.exe
C:\iexplorer.exe
C:\IF.EXE
C:\image001.exe
C:\img0012-www.photostorage.com
C:\instalador de guiños y emoticonos.exe
C:\Install\Ghost.exe
C:\Install\install.exe
C:\Install_Messenger.exe
C:\inupdbc.exe
C:\IS.EXE
C:\is77.exe
C:\Isass.scr
C:\j7q1c4v1i6s4.exe
C:\Jennifer Lopez.scr
C:\jkrguy.exe
C:\jpb.exe
C:\jshxw.exe
C:\k3d3t4t8n7l.exe
C:\k3d3t4t8n7l8.exe
C:\kao.reg
C:\kbdnmfc4.dll
C:\KimMakihel.exe
C:\kl.exe
C:\ksmmtq.exe
C:\lauro.exe
C:\Lista.txt
C:\Lixo
C:\llka.exe
C:\LMAO.pif
C:\log.txt
C:\LOL that ur pic!.pif
C:\LOL.scr
C:\love_me.pif
C:\lsass.exe
C:\lspt.exe
C:\m1t4z1h1l7q5.exe
C:\Me on holiday!.pif
C:\megakl.exe
C:\melt.bat
C:\Mensagem.exe
C:\Message to n00b LARISSA.txt
C:\MESSAGE_TO_BROPIA.txt
C:\messenger.exe
C:\Microsoft.exe
C:\mis contactos.txt
C:\Mis imágenes\yo_posse_007.jpg.exe
C:\Mona Lisa Wants Her Smile Back.pif
C:\msfk.exe
C:\msm.cmd
C:\msm.exe
C:\msm.exe
C:\msn.exe
C:\MSN_Update1
C:\msnmsg.exe
C:\msnmsgr.exe
C:\msnmsnr.scr
C:\msnsetup.exe
C:\msnsgrsv.exe
C:\msnsgrsv0201.exe
C:\msnsgrszs.exe
C:\MSNWA.exe
C:\mstray.exe
C:\My new photo!.pif
C:\my_photo2005.scr
C:\naked_drunk.pif
C:\naked_party.pif
C:\new_webcam.pif
C:\nmevscrr.exe
C:\nwnmff_e*.exe
C:\nzl.exe
C:\officexp.exe
C:\orkut.exe
C:\orkut.scr
C:\osm.exe
C:\p3h2b3t3q1s9.exe
C:\PastaImagens.exe
C:\pif.exe
C:\prkc.exe
C:\psapuman.exe
C:\psnppack.dll
C:\qwere.exe
C:\raizw.exe
C:\rar.exe
C:\rar1.exe
C:\rar2.exe
C:\RECYCLER\msnservice.exe
C:\RECYCLER\nvscvse.exe
C:\RECYCLER\te32.exe
C:\RemotoMSN.txt
C:\review.txt
C:\ROFL.pif
C:\s10w.exe
C:\sadan.avi.exe
C:\sadov.exe
C:\See my lesbian friends.pif
C:\see_this!!.scr
C:\sendwmdm.exe
C:\server.exe
C:\servico.exe
C:\sexy.exe
C:\sexy_bedroom.pif
C:\show.exe
C:\skew.exe
C:\Small.exe
C:\snsstect.exe
C:\so.exe
C:\SOUND32.exe
C:\start.bat
C:\stock.exe
C:\stock.htm
C:\stock2.exe
C:\SVCH0STll.exe
C:\svchost.exe
C:\svchost.scr
C:\svchost32.exe
C:\Svchosts.exe
C:\sys.txt
C:\syshwbx.exe
C:\syssryh.exe
C:\system.exe
C:\System\iexplore.exe
C:\System\plugin.exe
C:\system1591.exe
C:\system1691.exe
C:\system1791.exe
C:\system2.exe
C:\system2525.exe
C:\system3.exe
C:\system32.exe
C:\system4.exe
C:\system5.exe
C:\szsvc.exe
C:\t7b8i6h6t6j13.exe
C:\text.reg
C:\The Cat And The Fan piccy.pif
C:\tim.exe
C:\Tools\csrss.scr
C:\Topless in Mini Skirt! lol.pif
C:\u5g9p7x1h4a3.exe
C:\underware.pif
C:\up.exe
C:\update.exe
C:\updt.exe
C:\video.exe
C:\vonner.exe
C:\vont.exe
C:\w3v6r2r2h3z5.exe
C:\Webcam.pif
C:\winbash.exe
C:\winbbs.exe
C:\windebug.log
C:\Windows Messeger.exe
C:\Windows Messenger.exe
C:\windows.cmd
C:\winfgt.exe
C:\winHelp.exe
C:\winhpi.exe
C:\winhsd.exe
C:\winimage.exe
C:\winlogin.exe
C:\winlongonf.exe
C:\WINNT\ScktSrvr.exe
C:\WINNT\system\kl.dll
C:\WINNT\system\msmsgs.exe
C:\WINNT\system\msn.dat
C:\WINNT\system\msn.dll
C:\WINNT\system\smsc.exe
C:\WINNT\system\svchost.dat
C:\WINNT\system\xsmith.scr
C:\winpga.exe
C:\WinPH.exe
C:\winptz.exe
C:\winsfr.exe
C:\winupdaet.exe
C:\winupdate128.exe
C:\winupdate32.exe
C:\Winupdbc.exe
C:\winuping.exe
C:\winvrc.exe
C:\winXP.exe
C:\wkssmsjt.dll
C:\wldadisp.dat
C:\wldadisp.dll
C:\wldadisp.exe
C:\wnlsos.exe
C:\wr-1-1148.exe
C:\x.exe
C:\x7g3a8d6u.exe
C:\x7g3a8d6u4c1.exe
C:\x7g3a8d6uc1.exe
C:\Xerr0.exe
C:\xfafasfgx.exe
C:\xr-1-1148.exe
C:\xso.exe
C:\y8o7w8b4f1q5.exe
C:\yz02.exe
C:\zordz.exe
C:\zr-1-1148.exe
C:\Users\Bels\AppData\Local\Temp\??.exe
C:\Users\Bels\AppData\Local\Temp\~ip.tmp
C:\Users\Bels\AppData\Local\Temp\1.html
C:\Users\Bels\AppData\Local\Temp\1.html.$$$
C:\Users\Bels\AppData\Local\Temp\2238.EXE
C:\Users\Bels\AppData\Local\Temp\800_zip_dump.scr
C:\Users\Bels\AppData\Local\Temp\activ.exe
C:\Users\Bels\AppData\Local\Temp\ADF.exe
C:\Users\Bels\AppData\Local\Temp\allgg.exe
C:\Users\Bels\AppData\Local\Temp\anjinhos.exe
C:\Users\Bels\AppData\Local\Temp\bifrost.exe
C:\Users\Bels\AppData\Local\Temp\carinhos.exe
C:\Users\Bels\AppData\Local\Temp\ccAApp.exe
C:\Users\Bels\AppData\Local\Temp\csrss.exe
C:\Users\Bels\AppData\Local\Temp\DfSLdES
C:\Users\Bels\AppData\Local\Temp\drev.exe
C:\Users\Bels\AppData\Local\Temp\firefoxx.exe
C:\Users\Bels\AppData\Local\Temp\fotos.exe
C:\Users\Bels\AppData\Local\Temp\g0ld.com
C:\Users\Bels\AppData\Local\Temp\hkxqwfui.exe
C:\Users\Bels\AppData\Local\Temp\ibguardr.exe
C:\Users\Bels\AppData\Local\Temp\image??.zip
C:\Users\Bels\AppData\Local\Temp\is581.exe
C:\Users\Bels\AppData\Local\Temp\isinst.exe
C:\Users\Bels\AppData\Local\Temp\jjusched.exe
C:\Users\Bels\AppData\Local\Temp\koko.cmd
C:\Users\Bels\AppData\Local\Temp\llsaass.exe
C:\Users\Bels\AppData\Local\Temp\load.exe
C:\Users\Bels\AppData\Local\Temp\logs.exe
C:\Users\Bels\AppData\Local\Temp\lsasss.exe
C:\Users\Bels\AppData\Local\Temp\mensagem.exe
C:\Users\Bels\AppData\Local\Temp\MG.exe
C:\Users\Bels\AppData\Local\Temp\msnclient.exe
C:\Users\Bels\AppData\Local\Temp\msnmsgr.exe
C:\Users\Bels\AppData\Local\Temp\myimage.zip
C:\Users\Bels\AppData\Local\Temp\nts_000.tmp
C:\Users\Bels\AppData\Local\Temp\nts3.tmp
C:\Users\Bels\AppData\Local\Temp\nts4.tmp
C:\Users\Bels\AppData\Local\Temp\nts5.tmp
C:\Users\Bels\AppData\Local\Temp\nts6.tmp
C:\Users\Bels\AppData\Local\Temp\ocx.out
C:\Users\Bels\AppData\Local\Temp\pa_0105.exe
C:\Users\Bels\AppData\Local\Temp\Photo.exe
C:\Users\Bels\AppData\Local\Temp\pork.exe
C:\Users\Bels\AppData\Local\Temp\pqokfkgksd.cmd
C:\Users\Bels\AppData\Local\Temp\realsched.exe
C:\Users\Bels\AppData\Local\Temp\removalfile.bat
C:\Users\Bels\AppData\Local\Temp\RTHDCPL.exe
C:\Users\Bels\AppData\Local\Temp\scs14.tmp
C:\Users\Bels\AppData\Local\Temp\scs15.tmp
C:\Users\Bels\AppData\Local\Temp\second.exe
C:\Users\Bels\AppData\Local\Temp\server.exe
C:\Users\Bels\AppData\Local\Temp\serverivy.exe
C:\Users\Bels\AppData\Local\Temp\services.exe
C:\Users\Bels\AppData\Local\Temp\sistema32.com
C:\Users\Bels\AppData\Local\Temp\spoolsv.exe
C:\Users\Bels\AppData\Local\Temp\svcchhost.exe
C:\Users\Bels\AppData\Local\Temp\svchost.exe
C:\Users\Bels\AppData\Local\Temp\tosvid45.vxd
C:\Users\Bels\AppData\Local\Temp\tug.php
C:\Users\Bels\AppData\Local\Temp\Update.exe
C:\Users\Bels\AppData\Local\Temp\w1.txt.$$$
C:\Users\Bels\AppData\Local\Temp\win.exe
C:\Users\Bels\AppData\Local\Temp\winamp.exe
C:\Users\Bels\AppData\Local\Temp\winlogon.exe
C:\Users\Bels\AppData\Local\Temp\winnttemp100mr\wmplayers.exe
C:\Users\Bels\AppData\Local\Temp\wuaucltt.exe
C:\Users\Bels\AppData\Local\Temp\z1.txt
C:\Users\Bels\ariant.txt
C:\Users\Bels\auto.txt
C:\Users\Bels\egos.txt
C:\Users\Bels\lhaj.txt
C:\Users\Bels\Local Settings\Application Data\addon.dat
C:\Users\Bels\msdirectx.sys
C:\Users\Bels\NETVISION.exe
C:\Users\Bels\new.txt
C:\Users\Bels\qbspin.exe
C:\Users\Bels\winxvc.exe
C:\Users\Bels\yoaoux.exe
C:\Windows\\Cfreer.exe
C:\Windows\01.exe
C:\Windows\11.exe
C:\Windows\22.exe
C:\Windows\33.exe
C:\Windows\44.exe
C:\Windows\a.bat
C:\Windows\a1.exe
C:\Windows\aas.scr
C:\Windows\abcd.exe
C:\Windows\addins\svchost.exe
C:\Windows\aIg.exe
C:\Windows\aimmsn.exe
C:\Windows\alg.exe
C:\Windows\alggx.exe
C:\Windows\anima.exe
C:\Windows\ansmtp.dll
C:\Windows\ansmtpbuild.dll
C:\Windows\Antivirus32.exe
C:\Windows\Arq.ini
C:\Windows\arqui1.exe
C:\Windows\arquivo.exe
C:\Windows\ashDisp.exe
C:\Windows\Ashdsp.exe
C:\Windows\AshleyHottie.zip
C:\Windows\ashServ.exe
C:\Windows\ashSv.exe
C:\Windows\athycxvvx.exe
C:\Windows\athydxvvx.exe
C:\Windows\athyhxvvx.exe
C:\Windows\athylxvvx.exe
C:\Windows\ati3evx.exe
C:\Windows\ati5vxxx.exe
C:\Windows\atrvmmx.exe
C:\Windows\audi.scr
C:\Windows\audise.exe
C:\Windows\av.exe
C:\Windows\avast.exe
C:\Windows\Avconsol.exe
C:\Windows\avgdos.exe
C:\Windows\avp.exe
C:\Windows\Avsgccs.scr
C:\Windows\b122.exe
C:\Windows\b122.exe.bin
C:\Windows\bak\avconsol.exe
C:\Windows\bak\zap.exe
C:\Windows\bass.exe
C:\Windows\bloggermessenger.exe
C:\Windows\blue.exe
C:\Windows\bmp2jpeg.dll
C:\Windows\bohas.scr
C:\Windows\bootvid.dll
C:\Windows\browseui.exe
C:\Windows\bsyys.temp
C:\Windows\bsyys.tmp
C:\Windows\BushIsDumb!.zip
C:\Windows\BWJLM1334.ZIP
C:\Windows\C005_jpg.zip
C:\Windows\c8iu3h.log
C:\Windows\caixa.exe
C:\Windows\cartaos.exe
C:\Windows\CDSpeed.exe
C:\Windows\Cfreer.exe
C:\Windows\charmmpxp.exe
C:\Windows\chcp.exe
C:\Windows\cmd.exe
C:\Windows\code.exe
C:\Windows\comctl64.dll
C:\Windows\Config\amsn.exe
C:\Windows\config\msnmsgr.exe
C:\Windows\config\sistema.exe
C:\Windows\config\svchost.exe
C:\Windows\Config\ying.exe
C:\Windows\cookies.ini
C:\Windows\crss.exe
C:\Windows\crss7.exe
C:\Windows\csrs.scr
C:\Windows\csrss.exe
C:\Windows\csrss.scr
C:\Windows\ctfmon.exe
C:\Windows\Cursors\GbpSvc.exe
C:\Windows\Cursors\IEXPLORE.EXE
C:\Windows\Cursors\mdll.exe
C:\Windows\Cursors\msng.exe
C:\Windows\Cursors\Ndtstat.exe
C:\Windows\Cursors\Pbrushy.exe
C:\Windows\Cursors\Rg2catbd.exe
C:\Windows\Cursors\udll.exe
C:\Windows\Cursors\yong.exe
C:\Windows\DCS515610.zip
C:\Windows\Debug\javaws.exe
C:\Windows\default.cmd
C:\Windows\demon.zip
C:\Windows\digicam2005.zip
C:\Windows\diskdruid.exe
C:\Windows\diskk.exe
C:\Windows\Diup.exe
C:\Windows\dll32
C:\Windows\dllwin.exe
C:\Windows\dllwin.scr
C:\Windows\Downloaded Program Files\Appstart.exe
C:\Windows\dydhcp.exe
C:\Windows\enviafrase.exe
C:\Windows\epwf4q.pif
C:\Windows\Expert_Corp.exe
C:\Windows\exploere.scr
C:\Windows\explorer_.exe
C:\Windows\F0538_jpg.zip
C:\Windows\F0563_jpg.zip
C:\Windows\fechamalintencionado.exe
C:\Windows\fer.exe
C:\Windows\fggwkl.exe
C:\Windows\fggwok.exe
C:\Windows\fgrpkc.exe
C:\Windows\findx.exe
C:\Windows\fire.scr
C:\Windows\firefoxpgm.exe
C:\Windows\folder.exe
C:\Windows\fonts\AUNZIP32.dll
C:\Windows\fonts\AZIP32.dll
C:\Windows\fonts\inetinfo.exe
C:\Windows\fonts\msnmsgr.exe
C:\Windows\fonts\mulherachada.exe
C:\Windows\Fonts\nxzero1.exe
C:\Windows\fonts\OSSMTP.dll
C:\Windows\fonts\taskmgr.exe
C:\Windows\formatsys.exe
C:\Windows\foto.exe
C:\Windows\fotos.exe
C:\Windows\fotos.scr
C:\Windows\fotos2.exe
C:\Windows\freshphotos.zip
C:\Windows\fuckin-around.zip
C:\Windows\funny.zip
C:\Windows\G038_jpg.rar
C:\Windows\G038_jpg.zip
C:\Windows\g7n4l2o4i4v4.exe
C:\Windows\GbpSvc.exe
C:\Windows\gdk.exe
C:\Windows\getps.exe
C:\Windows\gets.exe
C:\Windows\gl0b0.exe
C:\Windows\gordo1.exe
C:\Windows\gsmutx.exe
C:\Windows\hahahha.zip
C:\Windows\Help.exe
C:\Windows\help.scr
C:\Windows\help\Isass.exe
C:\Windows\help\Issas.exe
C:\Windows\Help\korn.scr
C:\Windows\help\msnm.scr
C:\Windows\Help\orgut.scr
C:\Windows\help\svchost.exe
C:\Windows\Help\svhost.exe
C:\Windows\Help\systemb.exe
C:\Windows\helppo.exe
C:\Windows\here.exe
C:\Windows\HEREB.exe
C:\Windows\Hide32.exe
C:\Windows\hork.exe
C:\Windows\hostdll.exe
C:\Windows\Hostren.exe
C:\Windows\hot.exe
C:\Windows\hptzb02.exe
C:\Windows\hpztsb02.exe
C:\Windows\i.exe
C:\Windows\i5fslg.scf
C:\Windows\ie.exe
C:\Windows\iexplore.exe
C:\Windows\iexplorer.exe
C:\Windows\iexplorer6.exe
C:\Windows\iexplorer7.exe
C:\Windows\IFinst27.exe
C:\Windows\imag091307.zip
C:\Windows\images.zip
C:\Windows\ime\mssng.cmd
C:\Windows\ime\PIC30052007.JPEG
C:\Windows\ime\smxs.cmd
C:\Windows\IMG-0012.zip
C:\Windows\IMG-0024.zip
C:\Windows\IMG-3443.zip
C:\Windows\IMG-9404.zip
C:\Windows\IMG0024.zip
C:\Windows\img317.zip
C:\Windows\img4851.zip
C:\Windows\imgac157.zip
C:\Windows\inf\dllhost.exe
C:\Windows\inf\infw.com
C:\Windows\inf\LSAS.exe
C:\Windows\inf\rdshost32.exe
C:\Windows\inf\system1591.exe
C:\Windows\infowshb.dll
C:\Windows\install.exe
C:\Windows\instr32.exe
C:\Windows\instr64.exe
C:\Windows\internt.exe
C:\Windows\Isass.exe
C:\Windows\java\expllorer.exe
C:\Windows\java\msgmsn.exe
C:\Windows\java\msmmsn.exe
C:\Windows\java\mw.exe
C:\Windows\java\Packages.cmd
C:\Windows\java\svchost.exe
C:\Windows\jdbgmgrnt.exe
C:\Windows\jpb.exe
C:\Windows\jshxw.exe
C:\Windows\junchep.exe
C:\Windows\juscheds.exe
C:\Windows\jusjava.exe
C:\Windows\justchd.exe
C:\Windows\jvms.exe
C:\Windows\kernel.exe
C:\Windows\ko6bn9.bmp
C:\Windows\lastnight.zip
C:\Windows\LBTWiz.exe
C:\Windows\Lexplorer.exe
C:\Windows\lg.scr
C:\Windows\linuxxp32.exe
C:\Windows\log46.txt
C:\Windows\loggon.exe
C:\Windows\login.dll
C:\Windows\logo1.gif
C:\Windows\Logun.exe
C:\Windows\lsas32.exe
C:\Windows\lsass.exe
C:\Windows\lsasss.exe
C:\Windows\lsnas.exe
C:\Windows\lspt.exe
C:\Windows\lssman.exe
C:\Windows\mac1.com
C:\Windows\mag091307.zip
C:\Windows\malhaazul.exe
C:\Windows\mdfg4v.ge
C:\Windows\mdll.exe
C:\Windows\media\arquivo.exe
C:\Windows\Media\Call32.exe
C:\Windows\Media\ExP.exe
C:\Windows\MEDIA\hp32.exe
C:\Windows\Media\hptools.exe
C:\Windows\media\messenger.exe
C:\Windows\MEDIA\microsoft.exe
C:\Windows\Media\microsoftware.exe
C:\Windows\Media\rundII32.exe
C:\Windows\Media\w7zip.exe
C:\Windows\Media\WinetWork.exe
C:\Windows\Media\WineWork.exe
C:\Windows\Media\WriteWork.exe
C:\Windows\Mensagem.exe
C:\Windows\mess -.exe
C:\Windows\messenger.exe
C:\Windows\messengerapp.exe
C:\Windows\mfvq4.e
C:\Windows\mfvq5.e
C:\Windows\mgrs.exe
C:\Windows\Microsoft.exe
C:\Windows\mjhor.exe
C:\Windows\mnsns.scr
C:\Windows\monitor1a.exe
C:\Windows\mono.exe
C:\Windows\mono.exe
C:\Windows\mouse32.vxd
C:\Windows\mrofinu*.exe
C:\Windows\ms.exe
C:\Windows\msapp\bifserver.exe
C:\Windows\msapps\bifserver.exe
C:\Windows\msapps\modulo3.txt
C:\Windows\msapps\msinfo\msappts32.exe
C:\Windows\msconfig.exe
C:\Windows\msdnwin.exe
C:\Windows\msg.exe
C:\Windows\msgr.exe
C:\Windows\msmbw.exe
C:\Windows\MsmMsgr.exe
C:\Windows\msmsg.exe
C:\Windows\msmsgr.exe
C:\Windows\msn.exe
C:\Windows\msn.vbs
C:\Windows\msn_profile.zip
C:\Windows\msnappm.exe
C:\Windows\msnbr.exe
C:\Windows\msng.exe
C:\Windows\msngr.exe
C:\Windows\msnimport.exe
C:\Windows\msnlogm.exe
C:\Windows\msnlogs.exe
C:\Windows\msnmsg.exe
C:\Windows\msnmsgr.exe
C:\Windows\msnmsgr1.exe
C:\Windows\msnmsgr2.exe
C:\Windows\msnmsgs.exe
C:\Windows\msnmsngr.exe
C:\Windows\msnmsnr.scr
C:\Windows\msnmsnr.tmp
C:\Windows\msnmssgr2.exe
C:\Windows\msnnsggr2.exe
C:\Windows\msnnsgrl.exe
C:\Windows\MSNP.exe
C:\Windows\msnupdate.zip
C:\Windows\MsnValue.exe
C:\Windows\mssoffice.tmp
C:\Windows\mssq.exe
C:\Windows\mstray.exe
C:\Windows\msync.exe
C:\Windows\Mwsx.exe
C:\Windows\mxjxde.exe
C:\Windows\My-Pictures.zip
C:\Windows\My_Pictures2007
C:\Windows\My_Pictures2007.zip
C:\Windows\myspace-facebook.zip
C:\Windows\myspace.zip
C:\Windows\N039_jpg.zip
C:\Windows\N5881.zip
C:\Windows\Ndtstat.exe
C:\Windows\new.exe
C:\Windows\newname.dat
C:\Windows\nod32.exe
C:\Windows\Nokia_19_jpg.zip
C:\Windows\nomedoprograma.exe
C:\Windows\Norton.exe
C:\Windows\NOTEEPAD.exe
C:\Windows\ntrmv.exe
C:\Windows\nts.exe
C:\Windows\NvCpl.exe
C:\Windows\Nzil.exe
C:\Windows\okuta.exe
C:\Windows\orkut.scr
C:\Windows\ot8q4cp.bmp
C:\Windows\Outlook.exe
C:\Windows\p0017_jpg.zip
C:\Windows\passt.scr
C:\Windows\patchxp21.exe
C:\Windows\PCHEALTER.exe
C:\Windows\pegalista.exe
C:\Windows\perfmon.exe
C:\Windows\photo album 2007.zip
C:\Windows\photo album.zip
C:\Windows\photo.zip
C:\Windows\photo_album 2007.zip
C:\Windows\photo_album2007.zip
C:\Windows\photos-webcam2007.zip
C:\Windows\photos.zip
C:\Windows\PIC20052007.JPEG
C:\Windows\pic48174.zip
C:\Windows\pics.zip
C:\Windows\PictureAlbum2007.zip
C:\Windows\pif.exe
C:\Windows\plick.exe
C:\Windows\ponto.DLL
C:\Windows\practivea.exe
C:\Windows\pruas.exe
C:\Windows\pss\Flash.exe
C:\Windows\pss\Widows.exe
C:\Windows\ptrms.exe
C:\Windows\rcimlby.exe
C:\Windows\rdfhost.dll
C:\Windows\rdihost.dll
C:\Windows\rds.exe
C:\Windows\rdshost.dll
C:\Windows\regcleaner.exe
C:\Windows\regedti.exe
C:\Windows\regserve.cmd
C:\Windows\regserve.exe
C:\Windows\regservee.exe
C:\Windows\regsvr.exe
C:\Windows\retadpu.exe
C:\Windows\retadpu.exe.bin
C:\Windows\retadpu420.exe
C:\Windows\revali.exe
C:\Windows\Rg2catbd.exe
C:\Windows\ributeslideshow.zip
C:\Windows\rica.exe
C:\Windows\rispac.exe
C:\Windows\rnxntup.exe
C:\Windows\rqqsnd.exe
C:\Windows\rtf.bat
C:\Windows\rtutvb5d.dll
C:\Windows\rundl132.exe
C:\Windows\Rundll.exe
C:\Windows\rw.dlt
C:\Windows\s.scr
C:\Windows\S_00305_jpg.zip
C:\Windows\S04_jpg.zip
C:\Windows\s1.exe
C:\Windows\sampaerio.exe
C:\Windows\scanisk.exe
C:\Windows\schost32.exe
C:\Windows\ScktSrvr.exe
C:\Windows\screenwin.scr
C:\Windows\scvhost.exe
C:\Windows\sdrive\kler.exe
C:\Windows\Secs2006.exe
C:\Windows\sendwmdm.exe
C:\Windows\September11thTribute.zip
C:\Windows\serbw.exe
C:\Windows\sercivo.exe
C:\Windows\server.exe
C:\Windows\serverletwindows.exe
C:\Windows\serverletwindowsl.exe
C:\Windows\service.exe
C:\Windows\service.scr
C:\Windows\service2.scr
C:\Windows\service32.exe
C:\Windows\servicee.exe
C:\Windows\servicejava.scr
C:\Windows\servicejava2.scr
C:\Windows\servicer.exe
C:\Windows\services.dll
C:\Windows\services.exe
C:\Windows\servico.exe
C:\Windows\setdebugnt.exe
C:\Windows\SetPoint.exe
C:\Windows\shDisp.exe
C:\Windows\shdosbei.dat
C:\Windows\shdosbei.dll
C:\Windows\shdosbei.exe
C:\Windows\siswin.exe
C:\Windows\sk.exe
C:\Windows\sk070725.exe
C:\Windows\smss.exe
C:\Windows\smss.scr
C:\Windows\smsss.exe
C:\Windows\sndrec32.exe
C:\Windows\softdwind.exe
C:\Windows\sokctes.dll
C:\Windows\sokctes.zip
C:\Windows\spiderpig.zip
C:\Windows\spooldr.exe
C:\Windows\spoolsv.exe
C:\Windows\srsmsn.exe
C:\Windows\srsttn.exe
C:\Windows\ssssm.exe
C:\Windows\stDebug.exe
C:\Windows\Strad.exe
C:\Windows\super.exe
C:\Windows\SVCH0STll.EXE
C:\Windows\svchosk.exe
C:\Windows\svchost
C:\Windows\svchost.com
C:\Windows\svchost.dll
C:\Windows\svchost.exe
C:\Windows\svchost.scr
C:\Windows\svchost32.exe
C:\Windows\svchosta.exe
C:\Windows\svchostd.exe
C:\Windows\svchosts.dll
C:\Windows\svchosts.exe
C:\Windows\svchosts.scr
C:\Windows\svchosts.tmp
C:\Windows\svcr.exe
C:\Windows\svcupdate.exe
C:\Windows\svhost.temp
C:\Windows\svhost.tmp
C:\Windows\svhost32.exe
C:\Windows\svschost.sys
C:\Windows\svxh.exe
C:\Windows\sys1.exe
C:\Windows\SysArc.exe
C:\Windows\SYSHOST.DLL
C:\Windows\sysnet32.exe
C:\Windows\System.exe
C:\Windows\system\ashDisp.exe
C:\Windows\system\ashServ.exe
C:\Windows\system\ashSv.exe
C:\Windows\System\AVG.clean.cmd
C:\Windows\SYSTEM\bios.exe
C:\Windows\System\BomDia.com
C:\Windows\SYSTEM\CMRSS.EXE
C:\Windows\system\down32.cmd
C:\Windows\System\drk.exe
C:\Windows\system\ehSched.exe
C:\Windows\system\explorer.exe
C:\Windows\system\ExplorerXP.exe
C:\Windows\System\firefox.exe
C:\Windows\SYSTEM\ICPLDRVX.EXE
C:\Windows\system\iexplore.exe
C:\Windows\system\IMG024.JPG.zip
C:\Windows\system\kl.dll
C:\Windows\system\lsass.exe
C:\Windows\SYSTEM\lsass32.exe
C:\Windows\SYSTEM\mpeg4dec0.dll
C:\Windows\SYSTEM\msbcs.exe
C:\Windows\system\msmnsgr.exe
C:\Windows\System\msmsgc.cmd
C:\Windows\system\msmsgs.exe
C:\Windows\system\msn.dat
C:\Windows\system\msn.dll
C:\Windows\System\msnmsg.exe
C:\Windows\System\msnmsgr.cmd
C:\Windows\system\msnmsgr.exe
C:\Windows\System\msnmsgs.exe
C:\Windows\System\msnmsngrss.exe
C:\Windows\system\NOTEPAD.exe
C:\Windows\System\nppagent.exe
C:\Windows\system\plugin.exe
C:\Windows\System\regclean.cmd
C:\Windows\SYSTEM\remote.cmd
C:\Windows\System\servelet.exe
C:\Windows\system\services.exe
C:\Windows\System\smsc.exe
C:\Windows\System\Sound.scr
C:\Windows\system\svchost.dat
C:\Windows\system\svchost.exe
C:\Windows\system\svhost.exe
C:\Windows\System\syslogon.exe
C:\Windows\System\taskgr.exe
C:\Windows\system\taskmam.exe
C:\Windows\System\taskngr.exe
C:\Windows\System\WF.exe
C:\Windows\System\winlogon.exe
C:\Windows\System\worm.exe
C:\Windows\SYSTEM\wsass32.exe
C:\Windows\SYSTEM\wzip32.exe
C:\Windows\System\xsmith.scr
C:\Windows\system32.exe
C:\Windows\System32apoa.scr
C:\Windows\System32fpoa.scr
C:\Windows\System32msn.scr
C:\Windows\System32xpoa.scr
C:\Windows\System32zpoa.scr
C:\Windows\system64.exe
C:\Windows\systemos1.exe
C:\Windows\systemrun32.exe
C:\Windows\systen291.exe
C:\Windows\systen299.exe
C:\Windows\systraicon.exe
C:\Windows\sysuatch.exe
C:\Windows\sysuatch.zip
C:\Windows\sysuphatch.exe
C:\Windows\szsvc.exe
C:\Windows\talk32.exe
C:\Windows\tasklist32.exe
C:\Windows\TASKMAN-.exe
C:\Windows\taskmgr.exe
C:\Windows\taskmsgs.exe
C:\Windows\Tasks\derrubabagbd.job
C:\Windows\Tasks\startt.job
C:\Windows\Temp\rundll32.exe
C:\Windows\Temp\taskngr.exe
C:\Windows\tggwkl.exe
C:\Windows\tggwok.exe
C:\Windows\tgrpkc.exe
C:\Windows\thunderbird.exe
C:\Windows\traysssw.exe
C:\Windows\tsitra.exe
C:\Windows\tsitra1148.exe
C:\Windows\udll.exe
C:\Windows\updt.scr
C:\Windows\userinit.exe
C:\Windows\usnsvc.exe
C:\Windows\valentine_card.zip
C:\Windows\verify.exe
C:\Windows\video.exe
C:\Windows\virtualdisk.exe
C:\Windows\virtualmsif.exe
C:\Windows\vmnreg32.exe
C:\Windows\vpcrtf.exe
C:\Windows\vpgr.exe
C:\Windows\W139_jpg.zip
C:\Windows\wab.exe
C:\Windows\wcvs.exe
C:\Windows\wdfmgr.exe
C:\Windows\webdesign.zip
C:\Windows\webshots.scr
C:\Windows\wfgwkl.exe
C:\Windows\wfgwok.exe
C:\Windows\wfrpkc.exe
C:\Windows\win32api.scr
C:\Windows\win32dll.exe
C:\Windows\winamp.exe
C:\Windows\WinBool32.exe
C:\Windows\wind.exe
C:\Windows\windll.exe
C:\Windows\windows.cmd
C:\Windows\windows.exe
C:\Windows\Windows32.exe
C:\Windows\Windows32.scr
C:\Windows\Windows64.scr
C:\Windows\WindowsSp2.exe
C:\Windows\windowsupdate.exe
C:\Windows\WindowsXp2.exe
C:\Windows\WindowsXPdll.exe
C:\Windows\WindowsXPnet.exe
C:\Windows\windrivers.exe
C:\Windows\WinDV.exe
C:\Windows\WinExplor.exe
C:\Windows\WinExplore.exe
C:\Windows\winfp.exe
C:\Windows\winhlp.exe
C:\Windows\winhlp32.dat
C:\Windows\winload.inf
C:\Windows\winlog32.exe
C:\Windows\winlogin.exe
C:\Windows\winlogon.exe
C:\Windows\WinLogT.exe
C:\Windows\winlon.exe
C:\Windows\winn.exe
C:\Windows\winnavegador.exe
C:\Windows\WinNT.exe
C:\Windows\WinNT2.exe
C:\Windows\winnt32.exe
C:\Windows\winpo32.exe
C:\Windows\winpos.exe
C:\Windows\winsrvv.exe
C:\Windows\winstart.exe
C:\Windows\winsxp32.exe
C:\Windows\winsyshp.exe
C:\Windows\wintech.exe
C:\Windows\Winupdbc.exe
C:\Windows\winvhost3.exe
C:\Windows\winvip.exe
C:\Windows\winx.exe
C:\Windows\winxp.exe
C:\Windows\wmdplayer.exe
C:\Windows\wmeiuht.exe
C:\Windows\WNDXP.exe
C:\Windows\wnlsos.exe
C:\Windows\wordpad.pif
C:\Windows\wormlist.exe
C:\Windows\wr.txt
C:\Windows\wrdmgr.exe
C:\Windows\wscty32.exe
C:\Windows\wtflmao.zip
C:\Windows\wxzmsa.gft
C:\Windows\wxzmsa.xft
C:\Windows\wxzmsa.xxt
C:\Windows\wxzoka.gft
C:\Windows\wxzoka.xft
C:\Windows\wxzoka.xxt
C:\Windows\wxzsui.gft
C:\Windows\wxzsui.xft
C:\Windows\wxzsui.xxt
C:\Windows\wxzwok.gft
C:\Windows\wxzwok.xft
C:\Windows\wxzwok.xxt
C:\Windows\X_0005_jpg.zip
C:\Windows\xcodex.exe
C:\Windows\xhntuok.exe
C:\Windows\xisp.exe
C:\Windows\xjmelr.exe
C:\Windows\xpos.exe
C:\Windows\xrapp.exe
C:\Windows\xzmsa.adt
C:\Windows\xzoka.adt
C:\Windows\xzsui.adt
C:\Windows\xzwok.adt
C:\Windows\ydll.exe
C:\Windows\ying.exe
C:\Windows\yong.exe
C:\Windows\Z058_jpg.zip
C:\Windows\Zap.exe
C:\Windows\ZaZ.exe
C:\Windows\Zos.exe
C:\Windows\Zser.exe
C:\Windows\system32\ SOUNDMAN.EXE
C:\Windows\system32\11.exe
C:\Windows\system32\1512.exe
C:\Windows\system32\2007rox.dll
C:\Windows\system32\22.exe
C:\Windows\system32\2934.exe
C:\Windows\system32\33.exe
C:\Windows\system32\44.exe
C:\Windows\system32\6to4seri.dll
C:\Windows\system32\6w5b1ksec.dll
C:\Windows\system32\abgsvc.exe
C:\Windows\system32\ACER.exe
C:\Windows\system32\adaware.exe
C:\Windows\system32\ahiclln.exe
C:\Windows\system32\ahr.exe
C:\Windows\system32\ahui32.exe
C:\Windows\system32\aIg.exe
C:\Windows\system32\alf.exe
C:\Windows\system32\alg.scr
C:\Windows\system32\algcs.scr
C:\Windows\system32\algs.exe
C:\Windows\system32\allge.scr
C:\Windows\system32\amsn.exe
C:\Windows\system32\AntiVirus.exe
C:\Windows\system32\Antivirus32.exe
C:\Windows\system32\apoa.scr
C:\Windows\system32\ashDisp.exe
C:\Windows\system32\ashServ.exe
C:\Windows\system32\ashSv.exe
C:\Windows\system32\asrchk.exe
C:\Windows\system32\atraslay.dll
C:\Windows\system32\Atsys.ddd
C:\Windows\system32\Atsys.exe
C:\Windows\system32\Atualizacao.exe
C:\Windows\system32\audiohq.exe
C:\Windows\system32\audise.exe
C:\Windows\system32\authrasm.exe
C:\Windows\system32\Auto.exe
C:\Windows\system32\autoexec.bat
C:\Windows\system32\autorun.ini
C:\Windows\system32\avg64.exe
C:\Windows\system32\azip32.dll
C:\Windows\system32\b35sl2.dll
C:\Windows\system32\bak\hide32.exe
C:\Windows\system32\ban_list.txt
C:\Windows\system32\Bifrost\server.exe
C:\Windows\system32\bios.exe
C:\Windows\system32\black.exe
C:\Windows\system32\blue.exe
C:\Windows\system32\bohe.exe
C:\Windows\system32\BRISA.exe
C:\Windows\system32\bssys.exe
C:\Windows\system32\bsys.exe
C:\Windows\system32\bsys.scr
C:\Windows\system32\bsyys.scr
C:\Windows\system32\btpaxole.dll
C:\Windows\system32\cartao.scr
C:\Windows\system32\cbi.exe
C:\Windows\system32\ccsysup.exe
C:\Windows\system32\ccsysupd.exe
C:\Windows\system32\celcred.scr
C:\Windows\system32\celular.exe
C:\Windows\system32\certmsje.dll
C:\Windows\system32\chmod.exe
C:\Windows\system32\chmod3.exe
C:\Windows\system32\Cica.exe
C:\Windows\system32\cica.scr
C:\Windows\system32\cjavau.exe
C:\Windows\system32\cmrss.dll.exe
C:\Windows\system32\cmrss.exe
C:\Windows\system32\cmrss.scr
C:\Windows\system32\code.exe
C:\Windows\system32\codec.exe
C:\Windows\system32\Com\klog.dat
C:\Windows\system32\Com\lssas.exe
C:\Windows\system32\Com\lssass.exe
C:\Windows\system32\Com\se_fudeu.exe
C:\Windows\system32\Config\svchost.exe
C:\Windows\system32\Config\winlogon.exe
C:\Windows\system32\csrrs.scr
C:\Windows\system32\csrs.exe
C:\Windows\system32\csrs.scr
C:\Windows\system32\csrs.txt
C:\Windows\system32\cssrs.scr
C:\Windows\system32\ctfman.exe
C:\Windows\system32\ctl3diac.exe
C:\Windows\system32\cvisvc.exe
C:\Windows\system32\cymdda.dll
C:\Windows\system32\d1.exe
C:\Windows\system32\d3dpwmst.dat
C:\Windows\system32\d3dpwmst.dll
C:\Windows\system32\d3dpwmst.exe
C:\Windows\system32\danilo.exe
C:\Windows\system32\ddcywvt.dll
C:\Windows\system32\ddemwmad.dat
C:\Windows\system32\ddemwmad.dll
C:\Windows\system32\ddemwmad.exe
C:\Windows\system32\Death.exe
C:\Windows\system32\defender.exe
C:\Windows\system32\DefLib.sys
C:\Windows\system32\delplme.bat
C:\Windows\system32\delplme.cmd
C:\Windows\system32\delplme.com
C:\Windows\system32\deqq\alial
C:\Windows\system32\deqq\cult.exe
C:\Windows\system32\deqq\dlcl.edp
C:\Windows\system32\deqq\ger.exe
C:\Windows\system32\deqq\gt.x
C:\Windows\system32\deqq\hosts
C:\Windows\system32\deqq\knlps.exe
C:\Windows\system32\deqq\knlps.sys
C:\Windows\system32\deqq\ksat.bat
C:\Windows\system32\deqq\medo.dl
C:\Windows\system32\deqq\orrl.exe
C:\Windows\system32\deqq\palsp.exe
C:\Windows\system32\deqq\repcale.exe
C:\Windows\system32\deqq\riqa
C:\Windows\system32\deqq\w.e
C:\Windows\system32\deqq\zema
C:\Windows\system32\desi.exe
C:\Windows\system32\desktop.exe
C:\Windows\system32\dhcp\formsw.exe
C:\Windows\system32\dhcp\spolsv.exe
C:\Windows\system32\dhcp\spoolsv.exe
C:\Windows\system32\dhcp\spoolsvs.exe
C:\Windows\system32\dhcp\trays.exe
C:\Windows\system32\dhcpkbdh.exe
C:\Windows\system32\diagisr.dll
C:\Windows\system32\didi.exe
C:\Windows\system32\direct3dfx.dll
C:\Windows\system32\direct3dx.dll
C:\Windows\system32\directfxd.exe
C:\Windows\system32\directxd.exe
C:\Windows\system32\disk.exe
C:\Windows\system32\disk10.exe
C:\Windows\system32\Diup.exe
C:\Windows\system32\dl.exe
C:\Windows\system32\dllcache\again.exe
C:\Windows\system32\dllcache\copiandotudo.exe
C:\Windows\system32\dllcache\curioso.exe
C:\Windows\system32\dllcache\denovo_aqui.exe
C:\Windows\system32\dllcache\Flinstone.exe
C:\Windows\system32\dllcache\inside.exe
C:\Windows\system32\dllcache\invadido.exe
C:\Windows\system32\dllcache\inyourface.exe
C:\Windows\system32\dllcache\iron_maiden.exe
C:\Windows\system32\dllcache\ja_era_hehe.exe
C:\Windows\system32\dllcache\jhost.exe
C:\Windows\system32\dllcache\jucheck.exe
C:\Windows\system32\dllcache\jvshost.exe
C:\Windows\system32\dllcache\klog.dat
C:\Windows\system32\dllcache\msnworm.exe
C:\Windows\system32\dllcache\mswan.exe
C:\Windows\system32\dllcache\naoadianta.exe
C:\Windows\system32\dllcache\nirvena.exe
C:\Windows\system32\dllcache\novamente.exe
C:\Windows\system32\dllcache\poisonivy.exe
C:\Windows\system32\dllcache\protweb.exe
C:\Windows\system32\dllcache\qsch0st.exe
C:\Windows\system32\dllcache\Rtsecar.exe
C:\Windows\system32\dllcache\scvhost.exe
C:\Windows\system32\dllcache\se_fudeu.exe
C:\Windows\system32\dllcache\starting.exe
C:\Windows\system32\dllcache\Terror_MSN.exe
C:\Windows\system32\dllcache\testandoA.exe
C:\Windows\system32\dllcache\tsorfib.exe
C:\Windows\system32\dllcache\verme_chato.exe
C:\Windows\system32\dllcache\winmga.exe
C:\Windows\system32\dllcache\winrcn.exe
C:\Windows\system32\dllcache\winsno.exe
C:\Windows\system32\dllcache\winsntp.exe
C:\Windows\system32\dllcache\winsony.exe
C:\Windows\system32\dllcache\ZoneAlarm.exe
C:\Windows\system32\dllhostup.exe
C:\Windows\system32\dllvirtual.dll
C:\Windows\system32\dllvirtual.exe
C:\Windows\system32\dllvirtual.js
C:\Windows\system32\dlssd.exe
C:\Windows\system32\dnsajobe.dat
C:\Windows\system32\dnsajobe.dll
C:\Windows\system32\dnsajobe.exe
C:\Windows\system32\doriot.exe
C:\Windows\system32\dpl1npwm.dat
C:\Windows\system32\dpl1npwm.dll
C:\Windows\system32\dpl1npwm.exe
C:\Windows\system32\dpv1bidi.dll
C:\Windows\system32\dpwsmmfu.dat
C:\Windows\system32\dpwsmmfu.dll
C:\Windows\system32\dpwsmmfu.exe
C:\Windows\system32\dragon.txt
C:\Windows\system32\drift.scr
C:\Windows\system32\drivers\0001.scr
C:\Windows\system32\drivers\8cc342db.sys
C:\Windows\system32\drivers\atapi16.sys
C:\Windows\system32\drivers\backsys.sys
C:\Windows\system32\drivers\Csrs.exe
C:\Windows\system32\drivers\drivers\isapnp.exe
C:\Windows\system32\drivers\drivers\task.exe
C:\Windows\system32\drivers\etc\hosts.exe
C:\Windows\system32\drivers\etc\services.exe
C:\Windows\system32\drivers\etc\svchosts.exe
C:\Windows\system32\drivers\isapnp.exe
C:\Windows\system32\drivers\oreans32.sys
C:\Windows\system32\drivers\privada.exe
C:\Windows\system32\drivers\root\system
C:\Windows\system32\drivers\services.exe
C:\Windows\system32\drivers\sndrec32.exe
C:\Windows\system32\drivers\Sndrec64.exe
C:\Windows\system32\drivers\sys.exe
C:\Windows\system32\drivers\System.exe
C:\Windows\system32\drivers\taskmgr.exe
C:\Windows\system32\drivers\winlogon.exe
C:\Windows\system32\drsmartload1135a.exe
C:\Windows\system32\drsys32.exe
C:\Windows\system32\Drunk_lol.pif
C:\Windows\system32\dsys.scr
C:\Windows\system32\dxdll\svchost.exe
C:\Windows\system32\dxovx.dll
C:\Windows\system32\dydhcp.exe
C:\Windows\system32\ehSched.exe
C:\Windows\system32\epson.scr
C:\Windows\system32\ersvsync.dat
C:\Windows\system32\ersvsync.dll
C:\Windows\system32\ersvsync.exe
C:\Windows\system32\Estra.exe
C:\Windows\system32\ExCorp.exe
C:\Windows\system32\Exec32.exe
C:\Windows\system32\explore.exe
C:\Windows\system32\EXPLORER.EXE
C:\Windows\system32\explori.exe
C:\Windows\system32\f1.exe
C:\Windows\system32\faate32.exe
C:\Windows\system32\faT.exe
C:\Windows\system32\file.exe
C:\Windows\system32\firewall.exe
C:\Windows\system32\firewallav.dll
C:\Windows\system32\flw334.dll
C:\Windows\system32\formatsys.exe
C:\Windows\system32\foto_celular.scr
C:\Windows\system32\fotos
C:\Windows\system32\fotos04102006.exe
C:\Windows\system32\fpoa.scr
C:\Windows\system32\game.rar
C:\Windows\system32\game.zip
C:\Windows\system32\gbiehh.exe
C:\Windows\system32\gmail.exe
C:\Windows\system32\gmilogon.exe
C:\Windows\system32\grana.scr
C:\Windows\system32\gray.exe
C:\Windows\system32\green.exe
C:\Windows\system32\gsmutx.exe
C:\Windows\system32\gsx2.exe
C:\Windows\system32\h435adlc.dll
C:\Windows\system32\haha.exe
C:\Windows\system32\hanonvt.ini
C:\Windows\system32\help.scr
C:\Windows\system32\HEREBABYs.exe
C:\Windows\system32\Hide32.exe
C:\Windows\system32\hidekit.exe
C:\Windows\system32\hiholl.com
C:\Windows\system32\hlpsrv.exe
C:\Windows\system32\hork.exe
C:\Windows\system32\hostfast.cmd
C:\Windows\system32\hosts.exe
C:\Windows\system32\hosts.scr
C:\Windows\system32\hosts.txt
C:\Windows\system32\hosts2.scr
C:\Windows\system32\hptzb02.exe
C:\Windows\system32\hs.exe
C:\Windows\system32\hsvwer4.dll
C:\Windows\system32\hsvwer9.dll
C:\Windows\system32\html.txt
C:\Windows\system32\htssv.exe
C:\Windows\system32\i.exe
C:\Windows\system32\i32yyc.exe
C:\Windows\system32\i5iphe.exe
C:\Windows\system32\icone.exe
C:\Windows\system32\icpldrv.exe
C:\Windows\system32\icpldrvx.exe
C:\Windows\system32\icpldrvx.js
C:\Windows\system32\icwpslbi.exe
C:\Windows\system32\ie.exe
C:\Windows\system32\iefav
C:\Windows\system32\iefav\tools\SpyWinWb.dll
C:\Windows\system32\iefav\tools4\SpyWinWb.dll
C:\Windows\system32\iefav\toolz\SpyWinWb.dll
C:\Windows\system32\iewq32.exe
C:\Windows\system32\IEXPLORE.exe
C:\Windows\system32\iexplore.scr
C:\Windows\system32\iexplorer.dll.exe
C:\Windows\system32\iexplorer.exe
C:\Windows\system32\iissmspb.dll
C:\Windows\system32\img.cmd
C:\Windows\system32\IMG0007.rar
C:\Windows\system32\IMG0007.zip
C:\Windows\system32\imglog.scr
C:\Windows\system32\imglong.exe
C:\Windows\system32\imglong.pif
C:\Windows\system32\ImgPaint.exe
C:\Windows\system32\imgrb.scr
C:\Windows\system32\imgrbs.scr
C:\Windows\system32\imgrd.scr
C:\Windows\system32\imgrt.scr
C:\Windows\system32\imstcallback.exe
C:\Windows\system32\inetlibx.exe
C:\Windows\system32\infowshb.dll
C:\Windows\system32\InternetAccsess532.dll
C:\Windows\system32\intlprinters.exe
C:\Windows\system32\invadido.exe
C:\Windows\system32\ipprbatm.dll
C:\Windows\system32\irpf.exe
C:\Windows\system32\Isass.exe
C:\Windows\system32\Isass.scr
C:\Windows\system32\isass32.exe
C:\Windows\system32\isrprf32.dll
C:\Windows\system32\isrprov.exe
C:\Windows\system32\issas0x.scr
C:\Windows\system32\j6w5b1ksec.dll
C:\Windows\system32\jamaica.exe
C:\Windows\system32\java.cmd
C:\Windows\system32\java.scr
C:\Windows\system32\javajrk.exe
C:\Windows\system32\javas.exe
C:\Windows\system32\jpb.exe
C:\Windows\system32\jshxw.exe
C:\Windows\system32\jubswwe
C:\Windows\system32\jucshed.cmd
C:\Windows\system32\Juegs.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\JVM.exe
C:\Windows\system32\JVM0.exe
C:\Windows\system32\JVMa.exe
C:\Windows\system32\kavsvc32.exe
C:\Windows\system32\kbdemsdm.dat
C:\Windows\system32\kbdemsdm.dll
C:\Windows\system32\kbdemsdm.dll
C:\Windows\system32\kbdemsdm.exe
C:\Windows\system32\kbdnmfc4.dll
C:\Windows\system32\kerlupa.exe
C:\Windows\system32\kernels32.exe
C:\Windows\system32\killdesig.exe
C:\Windows\system32\kimhelpmak.exe
C:\Windows\system32\klpp.exe
C:\Windows\system32\kmsklx.exe
C:\Windows\system32\ksmmtq.exe
C:\Windows\system32\kyfffo.exe
C:\Windows\system32\le.exe
C:\Windows\system32\leetch32.exe
C:\Windows\system32\lexplore.exe
C:\Windows\system32\Lexplorer.exe
C:\Windows\system32\libcinet.exe
C:\Windows\system32\libcintle.dll
C:\Windows\system32\libcintle2.dll
C:\Windows\system32\libcintles3.dll
C:\Windows\system32\libhelps.dll
C:\Windows\system32\libinets.dll
C:\Windows\system32\libmsns.dll
C:\Windows\system32\libweb.dll
C:\Windows\system32\libwinets.dll
C:\Windows\system32\list.exe
C:\Windows\system32\locadx3j.dll
C:\Windows\system32\login.dll
C:\Windows\system32\logon.com
C:\Windows\system32\logon.exe
C:\Windows\system32\logon1.scr
C:\Windows\system32\logon2.scr
C:\Windows\system32\logunit.sys
C:\Windows\system32\lookatme.exe
C:\Windows\system32\love_me.pif
C:\Windows\system32\lprhwinn.exe
C:\Windows\system32\lsass2.exe
C:\Windows\system32\lsass32.exe
C:\Windows\system32\lsass47.exe
C:\Windows\system32\lsasss.exe
C:\Windows\system32\lsassss.exe
C:\Windows\system32\lssas.exe
C:\Windows\system32\lvss.exe
C:\Windows\system32\mag_cscd.dat
C:\Windows\system32\mag_cscd.dll
C:\Windows\system32\mag_cscd.exe
C:\Windows\system32\malware.exe
C:\Windows\system32\mangal.exe
C:\Windows\system32\mdn.exe
C:\Windows\system32\MEGATRON.ini
C:\Windows\system32\Mensagem.exe
C:\Windows\system32\mess.scr
C:\Windows\system32\messenger.exe
C:\Windows\system32\messenger.scr
C:\Windows\system32\messenger32.scr
C:\Windows\system32\mgmsgr.exe
C:\Windows\system32\Microsoft.exe
C:\Windows\system32\microsoft\backup.ftp
C:\Windows\system32\microsoft\backup.tftp
C:\Windows\system32\mkdrxz.exe
C:\Windows\system32\mkrshcx.exe
C:\Windows\system32\modulo1.exe
C:\Windows\system32\modulo2.exe
C:\Windows\system32\modulo3.exe
C:\Windows\system32\mpeg4dec0.dll
C:\Windows\system32\mrjaskr.exe
C:\Windows\system32\mrjasmr.exe
C:\Windows\system32\msbcs.exe
C:\Windows\system32\msbcs.scr
C:\Windows\system32\msbiwmip.dll
C:\Windows\system32\mscheldbnp.scr
C:\Windows\system32\Mscheldncx.scr
C:\Windows\system32\Mscheldork.scr
C:\Windows\system32\mscmippr.dat
C:\Windows\system32\mscmippr.dll
C:\Windows\system32\mscmippr.exe
C:\Windows\system32\msconf.exe
C:\Windows\system32\msftmssw.exe
C:\Windows\system32\MsgPlus.exe
C:\Windows\system32\msgraphics.exe
C:\Windows\system32\msgrcg32.scr
C:\Windows\system32\mshtmldat32.exe
C:\Windows\system32\mshtmsdt.dll
C:\Windows\system32\msihlprm.exe
C:\Windows\system32\msload.exe
C:\Windows\system32\msmgsr.exe
C:\Windows\system32\msmsgr.exe
C:\Windows\system32\MSMSN32.EXE
C:\Windows\system32\msn.dll
C:\Windows\system32\msn.exe
C:\Windows\system32\msn.scr
C:\Windows\system32\MSN_ENVIA.exe
C:\Windows\system32\MSN_MSS.exe
C:\Windows\system32\msn32.exe
C:\Windows\system32\msn6.3.exe
C:\Windows\system32\msnconf.exe
C:\Windows\system32\MSNENVIA.exe
C:\Windows\system32\msnfile.exe
C:\Windows\system32\msnfix.exe
C:\Windows\system32\msng.exe
C:\Windows\system32\msngr.exe
C:\Windows\system32\msngrn.exe
C:\Windows\system32\msninet.exe
C:\Windows\system32\msnix.scr
C:\Windows\system32\MSNMGS1.exe
C:\Windows\system32\msnms.exe
C:\Windows\system32\msnmsegr.exe
C:\Windows\system32\msnmsg.exe
C:\Windows\system32\msnmsgr.exe
C:\Windows\system32\msnmsgs.exe
C:\Windows\system32\msnmsnr.exe
C:\Windows\system32\msnmsnr.scr
C:\Windows\system32\msnmssgr.exe
C:\Windows\system32\msnn.exe
C:\Windows\system32\msnnsgr.exe
C:\Windows\system32\msnplus.exe
C:\Windows\system32\msnpop.exe
C:\Windows\system32\msnsgs.exe
C:\Windows\system32\msnsupport.exe
C:\Windows\system32\msnus.exe
C:\Windows\system32\MSNWA.exe
C:\Windows\system32\msnwisterd.exe
C:\Windows\system32\msnworm.exe
C:\Windows\system32\MSOffice.exe
C:\Windows\system32\msout.exe
C:\Windows\system32\msprwinn.dat
C:\Windows\system32\msprwinn.dll
C:\Windows\system32\msprwinn.exe
C:\Windows\system32\msreg.exe
C:\Windows\system32\msscdpnm.exe
C:\Windows\system32\mssend.exe
C:\Windows\system32\mssnn.exe
C:\Windows\system32\msssn.exe
C:\Windows\system32\mstrust32.dll
C:\Windows\system32\mswxvz.exe
C:\Windows\system32\msxml32.exe
C:\Windows\system32\mw.exe
C:\Windows\system32\naked_party.pif
C:\Windows\system32\naoadianta.exe
C:\Windows\system32\Navaps.scr
C:\Windows\system32\navy.exe
C:\Windows\system32\Negdo.exe
C:\Windows\system32\netburn.scr
C:\Windows\system32\netepade.scr
C:\Windows\system32\netlocca.dat
C:\Windows\system32\netlocca.dll
C:\Windows\system32\netlocca.exe
C:\Windows\system32\NetMeeting.exe
C:\Windows\system32\netsupp.dll
C:\Windows\system32\newsystem25.dll
C:\Windows\system32\nfw32.exe
C:\Windows\system32\nmevscrr.exe
C:\Windows\system32\nostd.scr
C:\Windows\system32\not_uno.exe
C:\Windows\system32\notepadd.exe
C:\Windows\system32\notice.dll
C:\Windows\system32\notiffy.dll
C:\Windows\system32\NSecurity.exe
C:\Windows\system32\nsnmsgr.exe
C:\Windows\system32\nsstd.scr
C:\Windows\system32\ntssv.exe
C:\Windows\system32\nvbsvc.exe
C:\Windows\system32\nvcpll.exe
C:\Windows\system32\nvsvc64.exe
C:\Windows\system32\oddysee.exe
C:\Windows\system32\office.exe
C:\Windows\system32\oi.exe
C:\Windows\system32\okt.exe
C:\Windows\system32\opengll.exe
C:\Windows\system32\openglx.exe
C:\Windows\system32\orgut.exe
C:\Windows\system32\orgut.scr
C:\Windows\system32\ork.exe
C:\Windows\system32\orkut.scr
C:\Windows\system32\orkut_jptsky.exe
C:\Windows\system32\OSSMTP.DLL
C:\Windows\system32\Outlook Express.exe
C:\Windows\system32\partner.log
C:\Windows\system32\perfdisp.dat
C:\Windows\system32\perfdisp.dll
C:\Windows\system32\perfdisp.exe
C:\Windows\system32\PerfStringV4.9.dll
C:\Windows\system32\photoalbum.rar
C:\Windows\system32\photoalbum.zip
C:\Windows\system32\photopaint.exe
C:\Windows\system32\photopoint.exe
C:\Windows\system32\photos.rar
C:\Windows\system32\plugim.exe
C:\Windows\system32\plugin.exe
C:\Windows\system32\plugin.scr
C:\Windows\system32\plugin.txt
C:\Windows\system32\Plugin1.dat
C:\Windows\system32\pluginx.exe
C:\Windows\system32\poison.sys
C:\Windows\system32\Principal.exe
C:\Windows\system32\printers.exe
C:\Windows\system32\prodigy323.dll
C:\Windows\system32\prodigys323.dll
C:\Windows\system32\program1.exe
C:\Windows\system32\pruas.exe
C:\Windows\system32\psapuman.exe
C:\Windows\system32\psnppack.dll
C:\Windows\system32\quegrilo.scr
C:\Windows\system32\querdgne.dat
C:\Windows\system32\querdgne.dll
C:\Windows\system32\querdgne.exe
C:\Windows\system32\rafba.dll
C:\Windows\system32\Raid_N.exe
C:\Windows\system32\rdcshost32.exe
C:\Windows\system32\rdfhost.dll
C:\Windows\system32\rdihost.dll
C:\Windows\system32\rdpszipf.dll
C:\Windows\system32\rdshost.dll
C:\Windows\system32\rdshost32.exe
C:\Windows\system32\red.exe
C:\Windows\system32\reg_0001.txt
C:\Windows\system32\regcleaner.exe
C:\Windows\system32\regserve.exe
C:\Windows\system32\remote.cmd
C:\Windows\system32\Restore\restore.exe
C:\Windows\system32\reterx.exe
C:\Windows\system32\revolution.exe
C:\Windows\system32\robin.exe
C:\Windows\system32\rpcnqasf.dll
C:\Windows\system32\rpmsvc.exe
C:\Windows\system32\rstwa.ini
C:\Windows\system32\rstwa.tmp
C:\Windows\system32\rtutvb5d.dll
C:\Windows\system32\rundl132.exe
C:\Windows\system32\s2.exe
C:\Windows\system32\sarcaz.scr
C:\Windows\system32\scamdisk.exe
C:\Windows\system32\scammdisk.exe
C:\Windows\system32\scbs.scr
C:\Windows\system32\scfvost.exe
C:\Windows\system32\schostt.exe
C:\Windows\system32\schoty.cmd
C:\Windows\system32\scp3wiav.dll
C:\Windows\system32\sdrivew32.exe
C:\Windows\system32\seclkbdn.dll
C:\Windows\system32\Security\Firewall.exe
C:\Windows\system32\Security\klog.dat
C:\Windows\system32\Security\WinUpdate.exe
C:\Windows\system32\segder32.exe
C:\Windows\system32\segtem32.exe
C:\Windows\system32\segtem332.exe
C:\Windows\system32\sender32.exe
C:\Windows\system32\sendwmdm.exe
C:\Windows\system32\serbw.exe
C:\Windows\system32\server.exe
C:\Windows\system32\service.exe
C:\Windows\system32\service\navupdt.exe
C:\Windows\system32\service\navupdt2.exe
C:\Windows\system32\service\service.dll
C:\Windows\system32\service\service.dll*
C:\Windows\system32\service\service2.dll
C:\Windows\system32\service\services.exe
C:\Windows\system32\servicer.exe
C:\Windows\system32\servico.exe
C:\Windows\system32\servics.exe
C:\Windows\system32\setting.ini
C:\Windows\system32\setupx32.exe
C:\Windows\system32\sever32.exe
C:\Windows\system32\sevicess.scr
C:\Windows\system32\sexy_bedroom.pif
C:\Windows\system32\shdosbei.dat
C:\Windows\system32\shdosbei.dll
C:\Windows\system32\shdosbei.exe
C:\Windows\system32\shell32dll.exe
C:\Windows\system32\SICB.exe
C:\Windows\system32\SICB.scr
C:\Windows\system32\simdataconf.dll
C:\Windows\system32\sistema.exe
C:\Windows\system32\sistrat.scr
C:\Windows\system32\skcvhost.exe
C:\Windows\system32\skcvhosthk.dll
C:\Windows\system32\skcvhostr.exe
C:\Windows\system32\Skype.exe
C:\Windows\system32\smcfg32.exe
C:\Windows\system32\smics.exe
C:\Windows\system32\sms.scr
C:\Windows\system32\smsc.exe
C:\Windows\system32\smsc.txt
C:\Windows\system32\smsl.exe
C:\Windows\system32\smss.ini
C:\Windows\system32\snagos.exe
C:\Windows\system32\snengine.exe
C:\Windows\system32\sp2.exe
C:\Windows\system32\spls.exe
C:\Windows\system32\spooIsv.exe
C:\Windows\system32\spooldr.sys
C:\Windows\system32\spools.scr
C:\Windows\system32\spoolsa.scr
C:\Windows\system32\spoolsvc.exe
C:\Windows\system32\spoolsvr.exe
C:\Windows\system32\spoolzha.scr
C:\Windows\system32\sprY.exe
C:\Windows\system32\spvspool.exe
C:\Windows\system32\spwwlsa.scr
C:\Windows\system32\sqlsusrs.exe
C:\Windows\system32\ssms.scr
C:\Windows\system32\ssvichosst.exe
C:\Windows\system32\ssvschost.sys
C:\Windows\system32\strad.exe
C:\Windows\system32\su40uue.dll
C:\Windows\system32\Supervise.exe
C:\Windows\system32\supoolsvc.exe
C:\Windows\system32\svch0st.exe
C:\Windows\system32\SVCH0STl.exe
C:\Windows\system32\SVCH0STll.EXE
C:\Windows\system32\svchon32.exe
C:\Windows\system32\svchoost.exe
C:\Windows\system32\svchosd.scr
C:\Windows\system32\svchosdt.scr
C:\Windows\system32\svchost.scr
C:\Windows\system32\svchost1.exe
C:\Windows\system32\svchost32.exe
C:\Windows\system32\svchosted.scr
C:\Windows\system32\Svchosts.exe
C:\Windows\system32\svchostss.exe
C:\Windows\system32\svcmgrs.exe
C:\Windows\system32\svcp.csv
C:\Windows\system32\svcsky32.exe
C:\Windows\system32\svhootss.exe
C:\Windows\system32\svhoskil.exe
C:\Windows\system32\svhossst.exe
C:\Windows\system32\svhost.exe
C:\Windows\system32\svhost.pif
C:\Windows\system32\svhostt32.exe
C:\Windows\system32\svhotss.exe
C:\Windows\system32\svohost.exe
C:\Windows\system32\svschost.sys
C:\Windows\system32\svshot.exe
C:\Windows\system32\svshott.exe
C:\Windows\system32\svvshot.exe
C:\Windows\system32\svxosted.scr
C:\Windows\system32\SwcHost.exe
C:\Windows\system32\swchosthed.scr
C:\Windows\system32\sys.txt
C:\Windows\system32\sys\smss.exe
C:\Windows\system32\sys32dll.exe
C:\Windows\system32\SYSARC.EXE
C:\Windows\system32\sysDesktop.scr
C:\Windows\system32\sysedir.exe
C:\Windows\system32\syshelps.dll
C:\Windows\system32\syshosts.dll
C:\Windows\system32\sysiff_v.dll
C:\Windows\system32\syslinks2.dll
C:\Windows\system32\syspoint.dll
C:\Windows\system32\syspoints.dll
C:\Windows\system32\sysprinters.dll
C:\Windows\system32\sysrcvr2.dll
C:\Windows\system32\sysrcvr246.dll
C:\Windows\system32\sysstrat.scr
C:\Windows\system32\syst.exe
C:\Windows\system32\System.exe
C:\Windows\system32\system1591.exe
C:\Windows\system32\system32.exe
C:\Windows\system32\system32\server32.exe
C:\Windows\system32\system32\system32.exe
C:\Windows\system32\system321.exe
C:\Windows\system32\system34.exe
C:\Windows\system32\system64.exe
C:\Windows\system32\systemdll.exe
C:\Windows\system32\systemuse.cmd
C:\Windows\system32\systen32.exe
C:\Windows\system32\systesrt32.dll
C:\Windows\system32\systray.scr
C:\Windows\system32\systs.exe
C:\Windows\system32\sysviews.dll
C:\Windows\system32\szsvc.exe
C:\Windows\system32\tagasuarus*.exe
C:\Windows\system32\task.exe
C:\Windows\system32\task32.exe
C:\Windows\system32\taskcvrd32.exe
C:\Windows\system32\taskkmgr.exe
C:\Windows\system32\tasklist32.exe
C:\Windows\system32\taskmaneger.exe
C:\Windows\system32\taskmgra.com
C:\Windows\system32\taskmgrd.scr
C:\Windows\system32\taskmgrxp.exe
C:\Windows\system32\taskngr.exe
C:\Windows\system32\tempatu.exe
C:\Windows\system32\tempo.exe
C:\Windows\system32\terrasvhost.exe
C:\Windows\system32\TFTP3800
C:\Windows\system32\time.exe
C:\Windows\system32\tsklist32.exe
C:\Windows\system32\tskmrg2.scr
C:\Windows\system32\tsorfib.exe
C:\Windows\system32\Ttt.exe
C:\Windows\system32\tv.exe
C:\Windows\system32\unesta.exe
C:\Windows\system32\unknown32.exe
C:\Windows\sys
2 Novembre 2007 18:43:29

voici "fichier" en entier:
C:\Users\Bels\AppData\Roaming\addon.dat
C:\Users\Bels\AppData\Roaming\inside.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\carlton
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Antivirus32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ashDisp.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ashServ.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\atimvex.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\atrvmmx.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\bios.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\BRISA.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\bsyys.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\bsyys.scr
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\carlton
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ccssrss.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\cmd.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Computador.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Diup.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\dll.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\dllvirtual.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\eixdrv.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ExAlien.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\fbguad.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\firefoxx.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Flash.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\GbpSvc.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\HelpDesk.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Hide32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\icpldrvx.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\imglog.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\InstallHelp.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\javaupd.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\javsu.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\juchek.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\jvasu.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\JVM0.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\jvms.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\klpp.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\logon.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\lsssas.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\mdll.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\messengerr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\messenup.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\messgrr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\mjavas.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msm.cmd
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\MSN_MSS.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnconf.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\MSNENVIA.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnfile.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msng.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnmsg.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnmsgr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\msnsgs.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\mxjxde.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\My_Love.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Ndtstat.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\norton32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ntvvm.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\pdvsym.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\qtapp.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\regfixxsx.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\registtry.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\remote.cmd
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\repara_ae.bat
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Rg2catbd.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\rundl32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\rxnetq.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\smss.scr
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\svchost.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\svchostss.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\svhost.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\sxrork.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\sxrsym.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\syst.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\system32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\systemdll.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\task.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\taskmgrrr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Tasks.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\udll.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\voieup.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\voiork.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wepaint.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Win XP.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\win.scr
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Windows Update.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Windows32.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\windowsupdate.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\Winhost.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\winupdbc.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\WMedPlayer.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wrdmgr.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wrloginpro.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wsnctfy.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\wuaucltt.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ying.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\yong.exe
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ZaZ.exe
C:\Program Files\Common Files\Carlson\carlton
C:\Program Files\Common Files\Delsim\del.exe
C:\PROGRA~1\COMMON~1\Microsoft Shared\DAO\svchost.exe
C:\PROGRA~1\COMMON~1\tmp.scr
C:\i.mages.zip
C:\Users\Bels\AppData\Local\addon.dat
C:\PROGRA~1\\NetMeeting\maisumviado.exe
C:\PROGRA~1\\outloo~1\update.exe
C:\PROGRA~1\\WinPop\winpop.exe.lzma
C:\PROGRA~1\a.txt
C:\PROGRA~1\Adobe\AdobeLanc.exe
C:\PROGRA~1\Ajuda.exe
C:\PROGRA~1\Amor.exe
C:\PROGRA~1\Bifrost\klog.dat
C:\PROGRA~1\Bifrost\server.exe
C:\PROGRA~1\Bifrost\sys32.exe
C:\PROGRA~1\Cica.exe
C:\PROGRA~1\Config\Config.exe
C:\PROGRA~1\dll.exe
C:\PROGRA~1\dllvirtual.exe
C:\PROGRA~1\dllwin.exe
C:\PROGRA~1\ExAlien.exe
C:\PROGRA~1\Favoritos.exe
C:\PROGRA~1\fer.exe
C:\PROGRA~1\Firewall.exe
C:\PROGRA~1\Flash.exe
C:\PROGRA~1\GbPlugin\\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\GbpSvc.exe
C:\PROGRA~1\GbPlugin\mdll.exe
C:\PROGRA~1\GbPlugin\msng.exe
C:\PROGRA~1\GbPlugin\Ndtstat.exe
C:\PROGRA~1\GbPlugin\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\udll.exe
C:\PROGRA~1\GbPlugin\yong.exe
C:\PROGRA~1\GbpSvc.exe
C:\PROGRA~1\help.exe
C:\PROGRA~1\HelpDesk.exe
C:\PROGRA~1\icpldrvx.exe
C:\PROGRA~1\ildredr.exe
C:\PROGRA~1\inetget2\installeur.exe
C:\PROGRA~1\Insider\Insider.exe
C:\PROGRA~1\Internet Explorer\bb.exe
C:\PROGRA~1\Internet Explorer\desc.exe
C:\PROGRA~1\Internet Explorer\loadie.exe
C:\PROGRA~1\Internet Explorer\realplayerp.exe
C:\PROGRA~1\ISM2\ISMPack7.exe
C:\PROGRA~1\klog.dat
C:\PROGRA~1\login.scr
C:\PROGRA~1\Logun.exe
C:\PROGRA~1\mdll.exe
C:\PROGRA~1\messenger.exe
C:\PROGRA~1\Messenger\msmsg.exe
C:\PROGRA~1\Messenger\Msnmsgr.exe
C:\PROGRA~1\mexe*.exe
C:\PROGRA~1\Microsoft Office Update\file.exe
C:\PROGRA~1\Microsoft Studio Files\file.exe
C:\PROGRA~1\Microsoft Studio Files\Winlsass32.exe
C:\PROGRA~1\Microsoft\svhost32.exe
C:\PROGRA~1\Movie Maker\ja_era_hehe.exe
C:\PROGRA~1\MSN Messenger Guiños\instalar guiños.exe
C:\PROGRA~1\MSN Messenger\instalar guiños.exe
C:\PROGRA~1\msng.exe
C:\PROGRA~1\msnmsg.exe
C:\PROGRA~1\My_Love.exe
C:\PROGRA~1\Ndtstat.exe
C:\PROGRA~1\NetMeeting\klog.dat
C:\PROGRA~1\NetMeeting\maisumviado.exe
C:\PROGRA~1\orkut.scr
C:\PROGRA~1\outloo~1\express.exe
C:\PROGRA~1\outloo~1\update.exe
C:\PROGRA~1\outlook express\express.exe
C:\PROGRA~1\Outlook Express\inyourface.exe
C:\PROGRA~1\Outlook Express\OutlookEx.exe
C:\PROGRA~1\Outlook Express\setup40.exe
C:\PROGRA~1\Perfect.exe
C:\PROGRA~1\photopaint.exe
C:\PROGRA~1\QdrModule\QdrModule9.exe
C:\PROGRA~1\Real.dll
C:\PROGRA~1\regedti.exe
C:\PROGRA~1\Remove.exe
C:\PROGRA~1\Rg2catbd.exe
C:\PROGRA~1\rm.exe
C:\PROGRA~1\Sandboxie\Control.exe
C:\PROGRA~1\schoty.cmd
C:\PROGRA~1\service.bat
C:\PROGRA~1\smss.exe
C:\PROGRA~1\SOUND.exe
C:\PROGRA~1\spiider.exe
C:\PROGRA~1\svchost.exe
C:\PROGRA~1\System\CDRom.exe
C:\PROGRA~1\System\Flash.exe
C:\PROGRA~1\System\Windows32.exe
C:\PROGRA~1\Tasks.exe
C:\PROGRA~1\Temporary\wininstall.exe
C:\PROGRA~1\udll.exe
C:\PROGRA~1\update.exe
C:\PROGRA~1\VTTimers.exe
C:\PROGRA~1\Wapp.exe
C:\PROGRA~1\Widows.exe
C:\PROGRA~1\WinAble\winable.exe
C:\PROGRA~1\Windows32.exe
C:\PROGRA~1\winINI.exe
C:\PROGRA~1\winpop\uninstall.exe
C:\PROGRA~1\WinPop\UnInstall.exe.lzma
C:\PROGRA~1\winpop\winpop.exe
C:\PROGRA~1\WinPop\winpop.exe.lzma
C:\PROGRA~1\Wm2emt.exe
C:\PROGRA~1\wmplay.exe
C:\PROGRA~1\yong.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ashDisp.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ashServ.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\avgccc.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\bios.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\bsyys.scr
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ccssrss.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\cmd.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Computador.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\dll.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\eixdrv.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ExAlien.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\fbguad.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\firefoxx.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Flash.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\InstallHelp.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\javsu.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\juchek.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\klpp.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\logon.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\lsssas.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\messengerr.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\messgrr.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\msm.cmd
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\msnmsgr.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\My_Love.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\norton32.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ntvvm.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\pdvsym.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\qtapp.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\qupdate.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\regfixxsx.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\registtry.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\remote.cmd
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\repara_ae.bat
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\rundl32.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\rxnetq.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\smss.scr
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\svchost.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\svchostss.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\svhost.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sxrork.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sxrsym.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\system32.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\task.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\taskmgrrr.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Tasks.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\voieup.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\voiork.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wepaint.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Win XP.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Windows Update.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Windows32.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\windowsupdate.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Winhost.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\winupdbc.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WMedPlayer.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wrloginpro.exe
C:\Users\Bels\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wuaucltt.exe
C:\111z.exe
C:\2.exe
C:\521785.txt
C:\8e3y4u4a9t9.exe
C:\a.bat
C:\adv.exe
C:\aklr.exe
C:\Amigos.exe
C:\amor.exe
C:\animacao.scr
C:\Annoying crazy frog getting killed.pif
C:\Arquivos de programas\rem.exe
C:\Arquivos de programas\Wapp.exe
C:\arquivos de programas\Windows32.exe
C:\audise.exe
C:\auto1.exe
C:\auto2.exe
C:\auto3.exe
C:\autorun.inf
C:\AVG\Tools\csrss.scr
C:\AVG\Tools\svchost.exe
C:\AVG\Tools\taskmgr.exe
C:\AVG_BETA\DB\arquivo.txt
C:\AVG_BETA\Tools\csrss.scr
C:\AVG_BETA\Tools\msnmsgr.exe
C:\bedroom-thongs.pif
C:\British National Party.jpg
C:\btpaxole.dll
C:\Call.exe
C:\cartao.scr
C:\certmsje.dll
C:\claro.exe
C:\cmd.exe
C:\Conf\13.bmp
C:\Conf\15.bmp
C:\Conf\3.jpg
C:\Conf\cax2.jpg
C:\Conf\info.gif
C:\Conf\logo.jpg
C:\Conf\ms.exe
C:\Conf\msm.cmd
C:\Conf\msm.exe
C:\Conf\msmFF.cmd
C:\Conf\msmho.cmd
C:\Conf\nc.gif
C:\Conf\nd.gif
C:\Conf\nn.gif
C:\Conf\NOVOBB.gif
C:\Conf\novobb.jpg
C:\Conf\novobb2.jpg
C:\Conf\novoSB.gif
C:\Conf\ork.cmd
C:\Conf\tec.jpg
C:\Conf\win.scr
C:\contato.exe
C:\Crazy-Frog.Html
C:\Crazy frog gets killed by train!.pif
C:\Crazy frog gets killed by train!.pif Fat Elvis! lol.pif
C:\csrs.txt
C:\csrss.exe
C:\ctl3diac.exe
C:\DB\arquivo.txt
C:\diy.EXE
C:\dkotyrxbb.exe
C:\dll.exe
C:\dllwin.exe
C:\dnsajobe.dat
C:\dnsajobe.dll
C:\dnsajobe.exe
C:\download1591.exe
C:\dpl1npwm.dat
C:\dpl1npwm.dll
C:\dpl1npwm.exe
C:\dpv1bidi.dll
C:\Drunk_lol.pif
C:\dydhcp.exe
C:\emai.exe
C:\email.inf
C:\Enviado.123
C:\er-1-1148.exe
C:\Fat Elvis! lol.pif
C:\fFa4vV0rR170S5S2.exe
C:\File.exe
C:\FLIPART.EXE
C:\flw334.dll
C:\Foto.exe
C:\Foto_celular.scr
C:\Foto_celular.scr
C:\Foto_Celular.zip
C:\fotomensagem.exe
C:\fotos_posse.zip
C:\funny_pic.scr
C:\g5c5i4x6e4h2.exe
C:\g7n4l2o4i4.exe
C:\g7n4l2o4i4v4.exe
C:\GETDRIVE.EXE
C:\h1b9i6h4u6j1.exe
C:\hellmsn.exe
C:\Hot.pif
C:\How a Blonde Eats a Banana...pif
C:\hptzb02.exe
C:\hy.exe
C:\i.exe
C:\icone.exe
C:\IE.exe
C:\ierro.exe
C:\iexplorer.exe
C:\IF.EXE
C:\image001.exe
C:\img0012-www.photostorage.com
C:\instalador de guiños y emoticonos.exe
C:\Install\Ghost.exe
C:\Install\install.exe
C:\Install_Messenger.exe
C:\inupdbc.exe
C:\IS.EXE
C:\is77.exe
C:\Isass.scr
C:\j7q1c4v1i6s4.exe
C:\Jennifer Lopez.scr
C:\jkrguy.exe
C:\jpb.exe
C:\jshxw.exe
C:\k3d3t4t8n7l.exe
C:\k3d3t4t8n7l8.exe
C:\kao.reg
C:\kbdnmfc4.dll
C:\KimMakihel.exe
C:\kl.exe
C:\ksmmtq.exe
C:\lauro.exe
C:\Lista.txt
C:\Lixo
C:\llka.exe
C:\LMAO.pif
C:\log.txt
C:\LOL that ur pic!.pif
C:\LOL.scr
C:\love_me.pif
C:\lsass.exe
C:\lspt.exe
C:\m1t4z1h1l7q5.exe
C:\Me on holiday!.pif
C:\megakl.exe
C:\melt.bat
C:\Mensagem.exe
C:\Message to n00b LARISSA.txt
C:\MESSAGE_TO_BROPIA.txt
C:\messenger.exe
C:\Microsoft.exe
C:\mis contactos.txt
C:\Mis imágenes\yo_posse_007.jpg.exe
C:\Mona Lisa Wants Her Smile Back.pif
C:\msfk.exe
C:\msm.cmd
C:\msm.exe
C:\msm.exe
C:\msn.exe
C:\MSN_Update1
C:\msnmsg.exe
C:\msnmsgr.exe
C:\msnmsnr.scr
C:\msnsetup.exe
C:\msnsgrsv.exe
C:\msnsgrsv0201.exe
C:\msnsgrszs.exe
C:\MSNWA.exe
C:\mstray.exe
C:\My new photo!.pif
C:\my_photo2005.scr
C:\naked_drunk.pif
C:\naked_party.pif
C:\new_webcam.pif
C:\nmevscrr.exe
C:\nwnmff_e*.exe
C:\nzl.exe
C:\officexp.exe
C:\orkut.exe
C:\orkut.scr
C:\osm.exe
C:\p3h2b3t3q1s9.exe
C:\PastaImagens.exe
C:\pif.exe
C:\prkc.exe
C:\psapuman.exe
C:\psnppack.dll
C:\qwere.exe
C:\raizw.exe
C:\rar.exe
C:\rar1.exe
C:\rar2.exe
C:\RECYCLER\msnservice.exe
C:\RECYCLER\nvscvse.exe
C:\RECYCLER\te32.exe
C:\RemotoMSN.txt
C:\review.txt
C:\ROFL.pif
C:\s10w.exe
C:\sadan.avi.exe
C:\sadov.exe
C:\See my lesbian friends.pif
C:\see_this!!.scr
C:\sendwmdm.exe
C:\server.exe
C:\servico.exe
C:\sexy.exe
C:\sexy_bedroom.pif
C:\show.exe
C:\skew.exe
C:\Small.exe
C:\snsstect.exe
C:\so.exe
C:\SOUND32.exe
C:\start.bat
C:\stock.exe
C:\stock.htm
C:\stock2.exe
C:\SVCH0STll.exe
C:\svchost.exe
C:\svchost.scr
C:\svchost32.exe
C:\Svchosts.exe
C:\sys.txt
C:\syshwbx.exe
C:\syssryh.exe
C:\system.exe
C:\System\iexplore.exe
C:\System\plugin.exe
C:\system1591.exe
C:\system1691.exe
C:\system1791.exe
C:\system2.exe
C:\system2525.exe
C:\system3.exe
C:\system32.exe
C:\system4.exe
C:\system5.exe
C:\szsvc.exe
C:\t7b8i6h6t6j13.exe
C:\text.reg
C:\The Cat And The Fan piccy.pif
C:\tim.exe
C:\Tools\csrss.scr
C:\Topless in Mini Skirt! lol.pif
C:\u5g9p7x1h4a3.exe
C:\underware.pif
C:\up.exe
C:\update.exe
C:\updt.exe
C:\video.exe
C:\vonner.exe
C:\vont.exe
C:\w3v6r2r2h3z5.exe
C:\Webcam.pif
C:\winbash.exe
C:\winbbs.exe
C:\windebug.log
C:\Windows Messeger.exe
C:\Windows Messenger.exe
C:\windows.cmd
C:\winfgt.exe
C:\winHelp.exe
C:\winhpi.exe
C:\winhsd.exe
C:\winimage.exe
C:\winlogin.exe
C:\winlongonf.exe
C:\WINNT\ScktSrvr.exe
C:\WINNT\system\kl.dll
C:\WINNT\system\msmsgs.exe
C:\WINNT\system\msn.dat
C:\WINNT\system\msn.dll
C:\WINNT\system\smsc.exe
C:\WINNT\system\svchost.dat
C:\WINNT\system\xsmith.scr
C:\winpga.exe
C:\WinPH.exe
C:\winptz.exe
C:\winsfr.exe
C:\winupdaet.exe
C:\winupdate128.exe
C:\winupdate32.exe
C:\Winupdbc.exe
C:\winuping.exe
C:\winvrc.exe
C:\winXP.exe
C:\wkssmsjt.dll
C:\wldadisp.dat
C:\wldadisp.dll
C:\wldadisp.exe
C:\wnlsos.exe
C:\wr-1-1148.exe
C:\x.exe
C:\x7g3a8d6u.exe
C:\x7g3a8d6u4c1.exe
C:\x7g3a8d6uc1.exe
C:\Xerr0.exe
C:\xfafasfgx.exe
C:\xr-1-1148.exe
C:\xso.exe
C:\y8o7w8b4f1q5.exe
C:\yz02.exe
C:\zordz.exe
C:\zr-1-1148.exe
C:\Users\Bels\AppData\Local\Temp\??.exe
C:\Users\Bels\AppData\Local\Temp\~ip.tmp
C:\Users\Bels\AppData\Local\Temp\1.html
C:\Users\Bels\AppData\Local\Temp\1.html.$$$
C:\Users\Bels\AppData\Local\Temp\2238.EXE
C:\Users\Bels\AppData\Local\Temp\800_zip_dump.scr
C:\Users\Bels\AppData\Local\Temp\activ.exe
C:\Users\Bels\AppData\Local\Temp\ADF.exe
C:\Users\Bels\AppData\Local\Temp\allgg.exe
C:\Users\Bels\AppData\Local\Temp\anjinhos.exe
C:\Users\Bels\AppData\Local\Temp\bifrost.exe
C:\Users\Bels\AppData\Local\Temp\carinhos.exe
C:\Users\Bels\AppData\Local\Temp\ccAApp.exe
C:\Users\Bels\AppData\Local\Temp\csrss.exe
C:\Users\Bels\AppData\Local\Temp\DfSLdES
C:\Users\Bels\AppData\Local\Temp\drev.exe
C:\Users\Bels\AppData\Local\Temp\firefoxx.exe
C:\Users\Bels\AppData\Local\Temp\fotos.exe
C:\Users\Bels\AppData\Local\Temp\g0ld.com
C:\Users\Bels\AppData\Local\Temp\hkxqwfui.exe
C:\Users\Bels\AppData\Local\Temp\ibguardr.exe
C:\Users\Bels\AppData\Local\Temp\image??.zip
C:\Users\Bels\AppData\Local\Temp\is581.exe
C:\Users\Bels\AppData\Local\Temp\isinst.exe
C:\Users\Bels\AppData\Local\Temp\jjusched.exe
C:\Users\Bels\AppData\Local\Temp\koko.cmd
C:\Users\Bels\AppData\Local\Temp\llsaass.exe
C:\Users\Bels\AppData\Local\Temp\load.exe
C:\Users\Bels\AppData\Local\Temp\logs.exe
C:\Users\Bels\AppData\Local\Temp\lsasss.exe
C:\Users\Bels\AppData\Local\Temp\mensagem.exe
C:\Users\Bels\AppData\Local\Temp\MG.exe
C:\Users\Bels\AppData\Local\Temp\msnclient.exe
C:\Users\Bels\AppData\Local\Temp\msnmsgr.exe
C:\Users\Bels\AppData\Local\Temp\myimage.zip
C:\Users\Bels\AppData\Local\Temp\nts_000.tmp
C:\Users\Bels\AppData\Local\Temp\nts3.tmp
C:\Users\Bels\AppData\Local\Temp\nts4.tmp
C:\Users\Bels\AppData\Local\Temp\nts5.tmp
C:\Users\Bels\AppData\Local\Temp\nts6.tmp
C:\Users\Bels\AppData\Local\Temp\ocx.out
C:\Users\Bels\AppData\Local\Temp\pa_0105.exe
C:\Users\Bels\AppData\Local\Temp\Photo.exe
C:\Users\Bels\AppData\Local\Temp\pork.exe
C:\Users\Bels\AppData\Local\Temp\pqokfkgksd.cmd
C:\Users\Bels\AppData\Local\Temp\realsched.exe
C:\Users\Bels\AppData\Local\Temp\removalfile.bat
C:\Users\Bels\AppData\Local\Temp\RTHDCPL.exe
C:\Users\Bels\AppData\Local\Temp\scs14.tmp
C:\Users\Bels\AppData\Local\Temp\scs15.tmp
C:\Users\Bels\AppData\Local\Temp\second.exe
C:\Users\Bels\AppData\Local\Temp\server.exe
C:\Users\Bels\AppData\Local\Temp\serverivy.exe
C:\Users\Bels\AppData\Local\Temp\services.exe
C:\Users\Bels\AppData\Local\Temp\sistema32.com
C:\Users\Bels\AppData\Local\Temp\spoolsv.exe
C:\Users\Bels\AppData\Local\Temp\svcchhost.exe
C:\Users\Bels\AppData\Local\Temp\svchost.exe
C:\Users\Bels\AppData\Local\Temp\tosvid45.vxd
C:\Users\Bels\AppData\Local\Temp\tug.php
C:\Users\Bels\AppData\Local\Temp\Update.exe
C:\Users\Bels\AppData\Local\Temp\w1.txt.$$$
C:\Users\Bels\AppData\Local\Temp\win.exe
C:\Users\Bels\AppData\Local\Temp\winamp.exe
C:\Users\Bels\AppData\Local\Temp\winlogon.exe
C:\Users\Bels\AppData\Local\Temp\winnttemp100mr\wmplayers.exe
C:\Users\Bels\AppData\Local\Temp\wuaucltt.exe
C:\Users\Bels\AppData\Local\Temp\z1.txt
C:\Users\Bels\ariant.txt
C:\Users\Bels\auto.txt
C:\Users\Bels\egos.txt
C:\Users\Bels\lhaj.txt
C:\Users\Bels\Local Settings\Application Data\addon.dat
C:\Users\Bels\msdirectx.sys
C:\Users\Bels\NETVISION.exe
C:\Users\Bels\new.txt
C:\Users\Bels\qbspin.exe
C:\Users\Bels\winxvc.exe
C:\Users\Bels\yoaoux.exe
C:\Windows\\Cfreer.exe
C:\Windows\01.exe
C:\Windows\11.exe
C:\Windows\22.exe
C:\Windows\33.exe
C:\Windows\44.exe
C:\Windows\a.bat
C:\Windows\a1.exe
C:\Windows\aas.scr
C:\Windows\abcd.exe
C:\Windows\addins\svchost.exe
C:\Windows\aIg.exe
C:\Windows\aimmsn.exe
C:\Windows\alg.exe
C:\Windows\alggx.exe
C:\Windows\anima.exe
C:\Windows\ansmtp.dll
C:\Windows\ansmtpbuild.dll
C:\Windows\Antivirus32.exe
C:\Windows\Arq.ini
C:\Windows\arqui1.exe
C:\Windows\arquivo.exe
C:\Windows\ashDisp.exe
C:\Windows\Ashdsp.exe
C:\Windows\AshleyHottie.zip
C:\Windows\ashServ.exe
C:\Windows\ashSv.exe
C:\Windows\athycxvvx.exe
C:\Windows\athydxvvx.exe
C:\Windows\athyhxvvx.exe
C:\Windows\athylxvvx.exe
C:\Windows\ati3evx.exe
C:\Windows\ati5vxxx.exe
C:\Windows\atrvmmx.exe
C:\Windows\audi.scr
C:\Windows\audise.exe
C:\Windows\av.exe
C:\Windows\avast.exe
C:\Windows\Avconsol.exe
C:\Windows\avgdos.exe
C:\Windows\avp.exe
C:\Windows\Avsgccs.scr
C:\Windows\b122.exe
C:\Windows\b122.exe.bin
C:\Windows\bak\avconsol.exe
C:\Windows\bak\zap.exe
C:\Windows\bass.exe
C:\Windows\bloggermessenger.exe
C:\Windows\blue.exe
C:\Windows\bmp2jpeg.dll
C:\Windows\bohas.scr
C:\Windows\bootvid.dll
C:\Windows\browseui.exe
C:\Windows\bsyys.temp
C:\Windows\bsyys.tmp
C:\Windows\BushIsDumb!.zip
C:\Windows\BWJLM1334.ZIP
C:\Windows\C005_jpg.zip
C:\Windows\c8iu3h.log
C:\Windows\caixa.exe
C:\Windows\cartaos.exe
C:\Windows\CDSpeed.exe
C:\Windows\Cfreer.exe
C:\Windows\charmmpxp.exe
C:\Windows\chcp.exe
C:\Windows\cmd.exe
C:\Windows\code.exe
C:\Windows\comctl64.dll
C:\Windows\Config\amsn.exe
C:\Windows\config\msnmsgr.exe
C:\Windows\config\sistema.exe
C:\Windows\config\svchost.exe
C:\Windows\Config\ying.exe
C:\Windows\cookies.ini
C:\Windows\crss.exe
C:\Windows\crss7.exe
C:\Windows\csrs.scr
C:\Windows\csrss.exe
C:\Windows\csrss.scr
C:\Windows\ctfmon.exe
C:\Windows\Cursors\GbpSvc.exe
C:\Windows\Cursors\IEXPLORE.EXE
C:\Windows\Cursors\mdll.exe
C:\Windows\Cursors\msng.exe
C:\Windows\Cursors\Ndtstat.exe
C:\Windows\Cursors\Pbrushy.exe
C:\Windows\Cursors\Rg2catbd.exe
C:\Windows\Cursors\udll.exe
C:\Windows\Cursors\yong.exe
C:\Windows\DCS515610.zip
C:\Windows\Debug\javaws.exe
C:\Windows\default.cmd
C:\Windows\demon.zip
C:\Windows\digicam2005.zip
C:\Windows\diskdruid.exe
C:\Windows\diskk.exe
C:\Windows\Diup.exe
C:\Windows\dll32
C:\Windows\dllwin.exe
C:\Windows\dllwin.scr
C:\Windows\Downloaded Program Files\Appstart.exe
C:\Windows\dydhcp.exe
C:\Windows\enviafrase.exe
C:\Windows\epwf4q.pif
C:\Windows\Expert_Corp.exe
C:\Windows\exploere.scr
C:\Windows\explorer_.exe
C:\Windows\F0538_jpg.zip
C:\Windows\F0563_jpg.zip
C:\Windows\fechamalintencionado.exe
C:\Windows\fer.exe
C:\Windows\fggwkl.exe
C:\Windows\fggwok.exe
C:\Windows\fgrpkc.exe
C:\Windows\findx.exe
C:\Windows\fire.scr
C:\Windows\firefoxpgm.exe
C:\Windows\folder.exe
C:\Windows\fonts\AUNZIP32.dll
C:\Windows\fonts\AZIP32.dll
C:\Windows\fonts\inetinfo.exe
C:\Windows\fonts\msnmsgr.exe
C:\Windows\fonts\mulherachada.exe
C:\Windows\Fonts\nxzero1.exe
C:\Windows\fonts\OSSMTP.dll
C:\Windows\fonts\taskmgr.exe
C:\Windows\formatsys.exe
C:\Windows\foto.exe
C:\Windows\fotos.exe
C:\Windows\fotos.scr
C:\Windows\fotos2.exe
C:\Windows\freshphotos.zip
C:\Windows\fuckin-around.zip
C:\Windows\funny.zip
C:\Windows\G038_jpg.rar
C:\Windows\G038_jpg.zip
C:\Windows\g7n4l2o4i4v4.exe
C:\Windows\GbpSvc.exe
C:\Windows\gdk.exe
C:\Windows\getps.exe
C:\Windows\gets.exe
C:\Windows\gl0b0.exe
C:\Windows\gordo1.exe
C:\Windows\gsmutx.exe
C:\Windows\hahahha.zip
C:\Windows\Help.exe
C:\Windows\help.scr
C:\Windows\help\Isass.exe
C:\Windows\help\Issas.exe
C:\Windows\Help\korn.scr
C:\Windows\help\msnm.scr
C:\Windows\Help\orgut.scr
C:\Windows\help\svchost.exe
C:\Windows\Help\svhost.exe
C:\Windows\Help\systemb.exe
C:\Windows\helppo.exe
C:\Windows\here.exe
C:\Windows\HEREB.exe
C:\Windows\Hide32.exe
C:\Windows\hork.exe
C:\Windows\hostdll.exe
C:\Windows\Hostren.exe
C:\Windows\hot.exe
C:\Windows\hptzb02.exe
C:\Windows\hpztsb02.exe
C:\Windows\i.exe
C:\Windows\i5fslg.scf
C:\Windows\ie.exe
C:\Windows\iexplore.exe
C:\Windows\iexplorer.exe
C:\Windows\iexplorer6.exe
C:\Windows\iexplorer7.exe
C:\Windows\IFinst27.exe
C:\Windows\imag091307.zip
C:\Windows\images.zip
C:\Windows\ime\mssng.cmd
C:\Windows\ime\PIC30052007.JPEG
C:\Windows\ime\smxs.cmd
C:\Windows\IMG-0012.zip
C:\Windows\IMG-0024.zip
C:\Windows\IMG-3443.zip
C:\Windows\IMG-9404.zip
C:\Windows\IMG0024.zip
C:\Windows\img317.zip
C:\Windows\img4851.zip
C:\Windows\imgac157.zip
C:\Windows\inf\dllhost.exe
C:\Windows\inf\infw.com
C:\Windows\inf\LSAS.exe
C:\Windows\inf\rdshost32.exe
C:\Windows\inf\system1591.exe
C:\Windows\infowshb.dll
C:\Windows\install.exe
C:\Windows\instr32.exe
C:\Windows\instr64.exe
C:\Windows\internt.exe
C:\Windows\Isass.exe
C:\Windows\java\expllorer.exe
C:\Windows\java\msgmsn.exe
C:\Windows\java\msmmsn.exe
C:\Windows\java\mw.exe
C:\Windows\java\Packages.cmd
C:\Windows\java\svchost.exe
C:\Windows\jdbgmgrnt.exe
C:\Windows\jpb.exe
C:\Windows\jshxw.exe
C:\Windows\junchep.exe
C:\Windows\juscheds.exe
C:\Windows\jusjava.exe
C:\Windows\justchd.exe
C:\Windows\jvms.exe
C:\Windows\kernel.exe
C:\Windows\ko6bn9.bmp
C:\Windows\lastnight.zip
C:\Windows\LBTWiz.exe
C:\Windows\Lexplorer.exe
C:\Windows\lg.scr
C:\Windows\linuxxp32.exe
C:\Windows\log46.txt
C:\Windows\loggon.exe
C:\Windows\login.dll
C:\Windows\logo1.gif
C:\Windows\Logun.exe
C:\Windows\lsas32.exe
C:\Windows\lsass.exe
C:\Windows\lsasss.exe
C:\Windows\lsnas.exe
C:\Windows\lspt.exe
C:\Windows\lssman.exe
C:\Windows\mac1.com
C:\Windows\mag091307.zip
C:\Windows\malhaazul.exe
C:\Windows\mdfg4v.ge
C:\Windows\mdll.exe
C:\Windows\media\arquivo.exe
C:\Windows\Media\Call32.exe
C:\Windows\Media\ExP.exe
C:\Windows\MEDIA\hp32.exe
C:\Windows\Media\hptools.exe
C:\Windows\media\messenger.exe
C:\Windows\MEDIA\microsoft.exe
C:\Windows\Media\microsoftware.exe
C:\Windows\Media\rundII32.exe
C:\Windows\Media\w7zip.exe
C:\Windows\Media\WinetWork.exe
C:\Windows\Media\WineWork.exe
C:\Windows\Media\WriteWork.exe
C:\Windows\Mensagem.exe
C:\Windows\mess -.exe
C:\Windows\messenger.exe
C:\Windows\messengerapp.exe
C:\Windows\mfvq4.e
C:\Windows\mfvq5.e
C:\Windows\mgrs.exe
C:\Windows\Microsoft.exe
C:\Windows\mjhor.exe
C:\Windows\mnsns.scr
C:\Windows\monitor1a.exe
C:\Windows\mono.exe
C:\Windows\mono.exe
C:\Windows\mouse32.vxd
C:\Windows\mrofinu*.exe
C:\Windows\ms.exe
C:\Windows\msapp\bifserver.exe
C:\Windows\msapps\bifserver.exe
C:\Windows\msapps\modulo3.txt
C:\Windows\msapps\msinfo\msappts32.exe
C:\Windows\msconfig.exe
C:\Windows\msdnwin.exe
C:\Windows\msg.exe
C:\Windows\msgr.exe
C:\Windows\msmbw.exe
C:\Windows\MsmMsgr.exe
C:\Windows\msmsg.exe
C:\Windows\msmsgr.exe
C:\Windows\msn.exe
C:\Windows\msn.vbs
C:\Windows\msn_profile.zip
C:\Windows\msnappm.exe
C:\Windows\msnbr.exe
C:\Windows\msng.exe
C:\Windows\msngr.exe
C:\Windows\msnimport.exe
C:\Windows\msnlogm.exe
C:\Windows\msnlogs.exe
C:\Windows\msnmsg.exe
C:\Windows\msnmsgr.exe
C:\Windows\msnmsgr1.exe
C:\Windows\msnmsgr2.exe
C:\Windows\msnmsgs.exe
C:\Windows\msnmsngr.exe
C:\Windows\msnmsnr.scr
C:\Windows\msnmsnr.tmp
C:\Windows\msnmssgr2.exe
C:\Windows\msnnsggr2.exe
C:\Windows\msnnsgrl.exe
C:\Windows\MSNP.exe
C:\Windows\msnupdate.zip
C:\Windows\MsnValue.exe
C:\Windows\mssoffice.tmp
C:\Windows\mssq.exe
C:\Windows\mstray.exe
C:\Windows\msync.exe
C:\Windows\Mwsx.exe
C:\Windows\mxjxde.exe
C:\Windows\My-Pictures.zip
C:\Windows\My_Pictures2007
C:\Windows\My_Pictures2007.zip
C:\Windows\myspace-facebook.zip
C:\Windows\myspace.zip
C:\Windows\N039_jpg.zip
C:\Windows\N5881.zip
C:\Windows\Ndtstat.exe
C:\Windows\new.exe
C:\Windows\newname.dat
C:\Windows\nod32.exe
C:\Windows\Nokia_19_jpg.zip
C:\Windows\nomedoprograma.exe
C:\Windows\Norton.exe
C:\Windows\NOTEEPAD.exe
C:\Windows\ntrmv.exe
C:\Windows\nts.exe
C:\Windows\NvCpl.exe
C:\Windows\Nzil.exe
C:\Windows\okuta.exe
C:\Windows\orkut.scr
C:\Windows\ot8q4cp.bmp
C:\Windows\Outlook.exe
C:\Windows\p0017_jpg.zip
C:\Windows\passt.scr
C:\Windows\patchxp21.exe
C:\Windows\PCHEALTER.exe
C:\Windows\pegalista.exe
C:\Windows\perfmon.exe
C:\Windows\photo album 2007.zip
C:\Windows\photo album.zip
C:\Windows\photo.zip
C:\Windows\photo_album 2007.zip
C:\Windows\photo_album2007.zip
C:\Windows\photos-webcam2007.zip
C:\Windows\photos.zip
C:\Windows\PIC20052007.JPEG
C:\Windows\pic48174.zip
C:\Windows\pics.zip
C:\Windows\PictureAlbum2007.zip
C:\Windows\pif.exe
C:\Windows\plick.exe
C:\Windows\ponto.DLL
C:\Windows\practivea.exe
C:\Windows\pruas.exe
C:\Windows\pss\Flash.exe
C:\Windows\pss\Widows.exe
C:\Windows\ptrms.exe
C:\Windows\rcimlby.exe
C:\Windows\rdfhost.dll
C:\Windows\rdihost.dll
C:\Windows\rds.exe
C:\Windows\rdshost.dll
C:\Windows\regcleaner.exe
C:\Windows\regedti.exe
C:\Windows\regserve.cmd
C:\Windows\regserve.exe
C:\Windows\regservee.exe
C:\Windows\regsvr.exe
C:\Windows\retadpu.exe
C:\Windows\retadpu.exe.bin
C:\Windows\retadpu420.exe
C:\Windows\revali.exe
C:\Windows\Rg2catbd.exe
C:\Windows\ributeslideshow.zip
C:\Windows\rica.exe
C:\Windows\rispac.exe
C:\Windows\rnxntup.exe
C:\Windows\rqqsnd.exe
C:\Windows\rtf.bat
C:\Windows\rtutvb5d.dll
C:\Windows\rundl132.exe
C:\Windows\Rundll.exe
C:\Windows\rw.dlt
C:\Windows\s.scr
C:\Windows\S_00305_jpg.zip
C:\Windows\S04_jpg.zip
C:\Windows\s1.exe
C:\Windows\sampaerio.exe
C:\Windows\scanisk.exe
C:\Windows\schost32.exe
C:\Windows\ScktSrvr.exe
C:\Windows\screenwin.scr
C:\Windows\scvhost.exe
C:\Windows\sdrive\kler.exe
C:\Windows\Secs2006.exe
C:\Windows\sendwmdm.exe
C:\Windows\September11thTribute.zip
C:\Windows\serbw.exe
C:\Windows\sercivo.exe
C:\Windows\server.exe
C:\Windows\serverletwindows.exe
C:\Windows\serverletwindowsl.exe
C:\Windows\service.exe
C:\Windows\service.scr
C:\Windows\service2.scr
C:\Windows\service32.exe
C:\Windows\servicee.exe
C:\Windows\servicejava.scr
C:\Windows\servicejava2.scr
C:\Windows\servicer.exe
C:\Windows\services.dll
C:\Windows\services.exe
C:\Windows\servico.exe
C:\Windows\setdebugnt.exe
C:\Windows\SetPoint.exe
C:\Windows\shDisp.exe
C:\Windows\shdosbei.dat
C:\Windows\shdosbei.dll
C:\Windows\shdosbei.exe
C:\Windows\siswin.exe
C:\Windows\sk.exe
C:\Windows\sk070725.exe
C:\Windows\smss.exe
C:\Windows\smss.scr
C:\Windows\smsss.exe
C:\Windows\sndrec32.exe
C:\Windows\softdwind.exe
C:\Windows\sokctes.dll
C:\Windows\sokctes.zip
C:\Windows\spiderpig.zip
C:\Windows\spooldr.exe
C:\Windows\spoolsv.exe
C:\Windows\srsmsn.exe
C:\Windows\srsttn.exe
C:\Windows\ssssm.exe
C:\Windows\stDebug.exe
C:\Windows\Strad.exe
C:\Windows\super.exe
C:\Windows\SVCH0STll.EXE
C:\Windows\svchosk.exe
C:\Windows\svchost
C:\Windows\svchost.com
C:\Windows\svchost.dll
C:\Windows\svchost.exe
C:\Windows\svchost.scr
C:\Windows\svchost32.exe
C:\Windows\svchosta.exe
C:\Windows\svchostd.exe
C:\Windows\svchosts.dll
C:\Windows\svchosts.exe
C:\Windows\svchosts.scr
C:\Windows\svchosts.tmp
C:\Windows\svcr.exe
C:\Windows\svcupdate.exe
C:\Windows\svhost.temp
C:\Windows\svhost.tmp
C:\Windows\svhost32.exe
C:\Windows\svschost.sys
C:\Windows\svxh.exe
C:\Windows\sys1.exe
C:\Windows\SysArc.exe
C:\Windows\SYSHOST.DLL
C:\Windows\sysnet32.exe
C:\Windows\System.exe
C:\Windows\system\ashDisp.exe
C:\Windows\system\ashServ.exe
C:\Windows\system\ashSv.exe
C:\Windows\System\AVG.clean.cmd
C:\Windows\SYSTEM\bios.exe
C:\Windows\System\BomDia.com
C:\Windows\SYSTEM\CMRSS.EXE
C:\Windows\system\down32.cmd
C:\Windows\System\drk.exe
C:\Windows\system\ehSched.exe
C:\Windows\system\explorer.exe
C:\Windows\system\ExplorerXP.exe
C:\Windows\System\firefox.exe
C:\Windows\SYSTEM\ICPLDRVX.EXE
C:\Windows\system\iexplore.exe
C:\Windows\system\IMG024.JPG.zip
C:\Windows\system\kl.dll
C:\Windows\system\lsass.exe
C:\Windows\SYSTEM\lsass32.exe
C:\Windows\SYSTEM\mpeg4dec0.dll
C:\Windows\SYSTEM\msbcs.exe
C:\Windows\system\msmnsgr.exe
C:\Windows\System\msmsgc.cmd
C:\Windows\system\msmsgs.exe
C:\Windows\system\msn.dat
C:\Windows\system\msn.dll
C:\Windows\System\msnmsg.exe
C:\Windows\System\msnmsgr.cmd
C:\Windows\system\msnmsgr.exe
C:\Windows\System\msnmsgs.exe
C:\Windows\System\msnmsngrss.exe
C:\Windows\system\NOTEPAD.exe
C:\Windows\System\nppagent.exe
C:\Windows\system\plugin.exe
C:\Windows\System\regclean.cmd
C:\Windows\SYSTEM\remote.cmd
C:\Windows\System\servelet.exe
C:\Windows\system\services.exe
C:\Windows\System\smsc.exe
C:\Windows\System\Sound.scr
C:\Windows\system\svchost.dat
C:\Windows\system\svchost.exe
C:\Windows\system\svhost.exe
C:\Windows\System\syslogon.exe
C:\Windows\System\taskgr.exe
C:\Windows\system\taskmam.exe
C:\Windows\System\taskngr.exe
C:\Windows\System\WF.exe
C:\Windows\System\winlogon.exe
C:\Windows\System\worm.exe
C:\Windows\SYSTEM\wsass32.exe
C:\Windows\SYSTEM\wzip32.exe
C:\Windows\System\xsmith.scr
C:\Windows\system32.exe
C:\Windows\System32apoa.scr
C:\Windows\System32fpoa.scr
C:\Windows\System32msn.scr
C:\Windows\System32xpoa.scr
C:\Windows\System32zpoa.scr
C:\Windows\system64.exe
C:\Windows\systemos1.exe
C:\Windows\systemrun32.exe
C:\Windows\systen291.exe
C:\Windows\systen299.exe
C:\Windows\systraicon.exe
C:\Windows\sysuatch.exe
C:\Windows\sysuatch.zip
C:\Windows\sysuphatch.exe
C:\Windows\szsvc.exe
C:\Windows\talk32.exe
C:\Windows\tasklist32.exe
C:\Windows\TASKMAN-.exe
C:\Windows\taskmgr.exe
C:\Windows\taskmsgs.exe
C:\Windows\Tasks\derrubabagbd.job
C:\Windows\Tasks\startt.job
C:\Windows\Temp\rundll32.exe
C:\Windows\Temp\taskngr.exe
C:\Windows\tggwkl.exe
C:\Windows\tggwok.exe
C:\Windows\tgrpkc.exe
C:\Windows\thunderbird.exe
C:\Windows\traysssw.exe
C:\Windows\tsitra.exe
C:\Windows\tsitra1148.exe
C:\Windows\udll.exe
C:\Windows\updt.scr
C:\Windows\userinit.exe
C:\Windows\usnsvc.exe
C:\Windows\valentine_card.zip
C:\Windows\verify.exe
C:\Windows\video.exe
C:\Windows\virtualdisk.exe
C:\Windows\virtualmsif.exe
C:\Windows\vmnreg32.exe
C:\Windows\vpcrtf.exe
C:\Windows\vpgr.exe
C:\Windows\W139_jpg.zip
C:\Windows\wab.exe
C:\Windows\wcvs.exe
C:\Windows\wdfmgr.exe
C:\Windows\webdesign.zip
C:\Windows\webshots.scr
C:\Windows\wfgwkl.exe
C:\Windows\wfgwok.exe
C:\Windows\wfrpkc.exe
C:\Windows\win32api.scr
C:\Windows\win32dll.exe
C:\Windows\winamp.exe
C:\Windows\WinBool32.exe
C:\Windows\wind.exe
C:\Windows\windll.exe
C:\Windows\windows.cmd
C:\Windows\windows.exe
C:\Windows\Windows32.exe
C:\Windows\Windows32.scr
C:\Windows\Windows64.scr
C:\Windows\WindowsSp2.exe
C:\Windows\windowsupdate.exe
C:\Windows\WindowsXp2.exe
C:\Windows\WindowsXPdll.exe
C:\Windows\WindowsXPnet.exe
C:\Windows\windrivers.exe
C:\Windows\WinDV.exe
C:\Windows\WinExplor.exe
C:\Windows\WinExplore.exe
C:\Windows\winfp.exe
C:\Windows\winhlp.exe
C:\Windows\winhlp32.dat
C:\Windows\winload.inf
C:\Windows\winlog32.exe
C:\Windows\winlogin.exe
C:\Windows\winlogon.exe
C:\Windows\WinLogT.exe
C:\Windows\winlon.exe
C:\Windows\winn.exe
C:\Windows\winnavegador.exe
C:\Windows\WinNT.exe
C:\Windows\WinNT2.exe
C:\Windows\winnt32.exe
C:\Windows\winpo32.exe
C:\Windows\winpos.exe
C:\Windows\winsrvv.exe
C:\Windows\winstart.exe
C:\Windows\winsxp32.exe
C:\Windows\winsyshp.exe
C:\Windows\wintech.exe
C:\Windows\Winupdbc.exe
C:\Windows\winvhost3.exe
C:\Windows\winvip.exe
C:\Windows\winx.exe
C:\Windows\winxp.exe
C:\Windows\wmdplayer.exe
C:\Windows\wmeiuht.exe
C:\Windows\WNDXP.exe
C:\Windows\wnlsos.exe
C:\Windows\wordpad.pif
C:\Windows\wormlist.exe
C:\Windows\wr.txt
C:\Windows\wrdmgr.exe
C:\Windows\wscty32.exe
C:\Windows\wtflmao.zip
C:\Windows\wxzmsa.gft
C:\Windows\wxzmsa.xft
C:\Windows\wxzmsa.xxt
C:\Windows\wxzoka.gft
C:\Windows\wxzoka.xft
C:\Windows\wxzoka.xxt
C:\Windows\wxzsui.gft
C:\Windows\wxzsui.xft
C:\Windows\wxzsui.xxt
C:\Windows\wxzwok.gft
C:\Windows\wxzwok.xft
C:\Windows\wxzwok.xxt
C:\Windows\X_0005_jpg.zip
C:\Windows\xcodex.exe
C:\Windows\xhntuok.exe
C:\Windows\xisp.exe
C:\Windows\xjmelr.exe
C:\Windows\xpos.exe
C:\Windows\xrapp.exe
C:\Windows\xzmsa.adt
C:\Windows\xzoka.adt
C:\Windows\xzsui.adt
C:\Windows\xzwok.adt
C:\Windows\ydll.exe
C:\Windows\ying.exe
C:\Windows\yong.exe
C:\Windows\Z058_jpg.zip
C:\Windows\Zap.exe
C:\Windows\ZaZ.exe
C:\Windows\Zos.exe
C:\Windows\Zser.exe
C:\Windows\system32\ SOUNDMAN.EXE
C:\Windows\system32\11.exe
C:\Windows\system32\1512.exe
C:\Windows\system32\2007rox.dll
C:\Windows\system32\22.exe
C:\Windows\system32\2934.exe
C:\Windows\system32\33.exe
C:\Windows\system32\44.exe
C:\Windows\system32\6to4seri.dll
C:\Windows\system32\6w5b1ksec.dll
C:\Windows\system32\abgsvc.exe
C:\Windows\system32\ACER.exe
C:\Windows\system32\adaware.exe
C:\Windows\system32\ahiclln.exe
C:\Windows\system32\ahr.exe
C:\Windows\system32\ahui32.exe
C:\Windows\system32\aIg.exe
C:\Windows\system32\alf.exe
C:\Windows\system32\alg.scr
C:\Windows\system32\algcs.scr
C:\Windows\system32\algs.exe
C:\Windows\system32\allge.scr
C:\Windows\system32\amsn.exe
C:\Windows\system32\AntiVirus.exe
C:\Windows\system32\Antivirus32.exe
C:\Windows\system32\apoa.scr
C:\Windows\system32\ashDisp.exe
C:\Windows\system32\ashServ.exe
C:\Windows\system32\ashSv.exe
C:\Windows\system32\asrchk.exe
C:\Windows\system32\atraslay.dll
C:\Windows\system32\Atsys.ddd
C:\Windows\system32\Atsys.exe
C:\Windows\system32\Atualizacao.exe
C:\Windows\system32\audiohq.exe
C:\Windows\system32\audise.exe
C:\Windows\system32\authrasm.exe
C:\Windows\system32\Auto.exe
C:\Windows\system32\autoexec.bat
C:\Windows\system32\autorun.ini
C:\Windows\system32\avg64.exe
C:\Windows\system32\azip32.dll
C:\Windows\system32\b35sl2.dll
C:\Windows\system32\bak\hide32.exe
C:\Windows\system32\ban_list.txt
C:\Windows\system32\Bifrost\server.exe
C:\Windows\system32\bios.exe
C:\Windows\system32\black.exe
C:\Windows\system32\blue.exe
C:\Windows\system32\bohe.exe
C:\Windows\system32\BRISA.exe
C:\Windows\system32\bssys.exe
C:\Windows\system32\bsys.exe
C:\Windows\system32\bsys.scr
C:\Windows\system32\bsyys.scr
C:\Windows\system32\btpaxole.dll
C:\Windows\system32\cartao.scr
C:\Windows\system32\cbi.exe
C:\Windows\system32\ccsysup.exe
C:\Windows\system32\ccsysupd.exe
C:\Windows\system32\celcred.scr
C:\Windows\system32\celular.exe
C:\Windows\system32\certmsje.dll
C:\Windows\system32\chmod.exe
C:\Windows\system32\chmod3.exe
C:\Windows\system32\Cica.exe
C:\Windows\system32\cica.scr
C:\Windows\system32\cjavau.exe
C:\Windows\system32\cmrss.dll.exe
C:\Windows\system32\cmrss.exe
C:\Windows\system32\cmrss.scr
C:\Windows\system32\code.exe
C:\Windows\system32\codec.exe
C:\Windows\system32\Com\klog.dat
C:\Windows\system32\Com\lssas.exe
C:\Windows\system32\Com\lssass.exe
C:\Windows\system32\Com\se_fudeu.exe
C:\Windows\system32\Config\svchost.exe
C:\Windows\system32\Config\winlogon.exe
C:\Windows\system32\csrrs.scr
C:\Windows\system32\csrs.exe
C:\Windows\system32\csrs.scr
C:\Windows\system32\csrs.txt
C:\Windows\system32\cssrs.scr
C:\Windows\system32\ctfman.exe
C:\Windows\system32\ctl3diac.exe
C:\Windows\system32\cvisvc.exe
C:\Windows\system32\cymdda.dll
C:\Windows\system32\d1.exe
C:\Windows\system32\d3dpwmst.dat
C:\Windows\system32\d3dpwmst.dll
C:\Windows\system32\d3dpwmst.exe
C:\Windows\system32\danilo.exe
C:\Windows\system32\ddcywvt.dll
C:\Windows\system32\ddemwmad.dat
C:\Windows\system32\ddemwmad.dll
C:\Windows\system32\ddemwmad.exe
C:\Windows\system32\Death.exe
C:\Windows\system32\defender.exe
C:\Windows\system32\DefLib.sys
C:\Windows\system32\delplme.bat
C:\Windows\system32\delplme.cmd
C:\Windows\system32\delplme.com
C:\Windows\system32\deqq\alial
C:\Windows\system32\deqq\cult.exe
C:\Windows\system32\deqq\dlcl.edp
C:\Windows\system32\deqq\ger.exe
C:\Windows\system32\deqq\gt.x
C:\Windows\system32\deqq\hosts
C:\Windows\system32\deqq\knlps.exe
C:\Windows\system32\deqq\knlps.sys
C:\Windows\system32\deqq\ksat.bat
C:\Windows\system32\deqq\medo.dl
C:\Windows\system32\deqq\orrl.exe
C:\Windows\system32\deqq\palsp.exe
C:\Windows\system32\deqq\repcale.exe
C:\Windows\system32\deqq\riqa
C:\Windows\system32\deqq\w.e
C:\Windows\system32\deqq\zema
C:\Windows\system32\desi.exe
C:\Windows\system32\desktop.exe
C:\Windows\system32\dhcp\formsw.exe
C:\Windows\system32\dhcp\spolsv.exe
C:\Windows\system32\dhcp\spoolsv.exe
C:\Windows\system32\dhcp\spoolsvs.exe
C:\Windows\system32\dhcp\trays.exe
C:\Windows\system32\dhcpkbdh.exe
C:\Windows\system32\diagisr.dll
C:\Windows\system32\didi.exe
C:\Windows\system32\direct3dfx.dll
C:\Windows\system32\direct3dx.dll
C:\Windows\system32\directfxd.exe
C:\Windows\system32\directxd.exe
C:\Windows\system32\disk.exe
C:\Windows\system32\disk10.exe
C:\Windows\system32\Diup.exe
C:\Windows\system32\dl.exe
C:\Windows\system32\dllcache\again.exe
C:\Windows\system32\dllcache\copiandotudo.exe
C:\Windows\system32\dllcache\curioso.exe
C:\Windows\system32\dllcache\denovo_aqui.exe
C:\Windows\system32\dllcache\Flinstone.exe
C:\Windows\system32\dllcache\inside.exe
C:\Windows\system32\dllcache\invadido.exe
C:\Windows\system32\dllcache\inyourface.exe
C:\Windows\system32\dllcache\iron_maiden.exe
C:\Windows\system32\dllcache\ja_era_hehe.exe
C:\Windows\system32\dllcache\jhost.exe
C:\Windows\system32\dllcache\jucheck.exe
C:\Windows\system32\dllcache\jvshost.exe
C:\Windows\system32\dllcache\klog.dat
C:\Windows\system32\dllcache\msnworm.exe
C:\Windows\system32\dllcache\mswan.exe
C:\Windows\system32\dllcache\naoadianta.exe
C:\Windows\system32\dllcache\nirvena.exe
C:\Windows\system32\dllcache\novamente.exe
C:\Windows\system32\dllcache\poisonivy.exe
C:\Windows\system32\dllcache\protweb.exe
C:\Windows\system32\dllcache\qsch0st.exe
C:\Windows\system32\dllcache\Rtsecar.exe
C:\Windows\system32\dllcache\scvhost.exe
C:\Windows\system32\dllcache\se_fudeu.exe
C:\Windows\system32\dllcache\starting.exe
C:\Windows\system32\dllcache\Terror_MSN.exe
C:\Windows\system32\dllcache\testandoA.exe
C:\Windows\system32\dllcache\tsorfib.exe
C:\Windows\system32\dllcache\verme_chato.exe
C:\Windows\system32\dllcache\winmga.exe
C:\Windows\system32\dllcache\winrcn.exe
C:\Windows\system32\dllcache\winsno.exe
C:\Windows\system32\dllcache\winsntp.exe
C:\Windows\system32\dllcache\winsony.exe
C:\Windows\system32\dllcache\ZoneAlarm.exe
C:\Windows\system32\dllhostup.exe
C:\Windows\system32\dllvirtual.dll
C:\Windows\system32\dllvirtual.exe
C:\Windows\system32\dllvirtual.js
C:\Windows\system32\dlssd.exe
C:\Windows\system32\dnsajobe.dat
C:\Windows\system32\dnsajobe.dll
C:\Windows\system32\dnsajobe.exe
C:\Windows\system32\doriot.exe
C:\Windows\system32\dpl1npwm.dat
C:\Windows\system32\dpl1npwm.dll
C:\Windows\system32\dpl1npwm.exe
C:\Windows\system32\dpv1bidi.dll
C:\Windows\system32\dpwsmmfu.dat
C:\Windows\system32\dpwsmmfu.dll
C:\Windows\system32\dpwsmmfu.exe
C:\Windows\system32\dragon.txt
C:\Windows\system32\drift.scr
C:\Windows\system32\drivers\0001.scr
C:\Windows\system32\drivers\8cc342db.sys
C:\Windows\system32\drivers\atapi16.sys
C:\Windows\system32\drivers\backsys.sys
C:\Windows\system32\drivers\Csrs.exe
C:\Windows\system32\drivers\drivers\isapnp.exe
C:\Windows\system32\drivers\drivers\task.exe
C:\Windows\system32\drivers\etc\hosts.exe
C:\Windows\system32\drivers\etc\services.exe
C:\Windows\system32\drivers\etc\svchosts.exe
C:\Windows\system32\drivers\isapnp.exe
C:\Windows\system32\drivers\oreans32.sys
C:\Windows\system32\drivers\privada.exe
C:\Windows\system32\drivers\root\system
C:\Windows\system32\drivers\services.exe
C:\Windows\system32\drivers\sndrec32.exe
C:\Windows\system32\drivers\Sndrec64.exe
C:\Windows\system32\drivers\sys.exe
C:\Windows\system32\drivers\System.exe
C:\Windows\system32\drivers\taskmgr.exe
C:\Windows\system32\drivers\winlogon.exe
C:\Windows\system32\drsmartload1135a.exe
C:\Windows\system32\drsys32.exe
C:\Windows\system32\Drunk_lol.pif
C:\Windows\system32\dsys.scr
C:\Windows\system32\dxdll\svchost.exe
C:\Windows\system32\dxovx.dll
C:\Windows\system32\dydhcp.exe
C:\Windows\system32\ehSched.exe
C:\Windows\system32\epson.scr
C:\Windows\system32\ersvsync.dat
C:\Windows\system32\ersvsync.dll
C:\Windows\system32\ersvsync.exe
C:\Windows\system32\Estra.exe
C:\Windows\system32\ExCorp.exe
C:\Windows\system32\Exec32.exe
C:\Windows\system32\explore.exe
C:\Windows\system32\EXPLORER.EXE
C:\Windows\system32\explori.exe
C:\Windows\system32\f1.exe
C:\Windows\system32\faate32.exe
C:\Windows\system32\faT.exe
C:\Windows\system32\file.exe
C:\Windows\system32\firewall.exe
C:\Windows\system32\firewallav.dll
C:\Windows\system32\flw334.dll
C:\Windows\system32\formatsys.exe
C:\Windows\system32\foto_celular.scr
C:\Windows\system32\fotos
C:\Windows\system32\fotos04102006.exe
C:\Windows\system32\fpoa.scr
C:\Windows\system32\game.rar
C:\Windows\system32\game.zip
C:\Windows\system32\gbiehh.exe
C:\Windows\system32\gmail.exe
C:\Windows\system32\gmilogon.exe
C:\Windows\system32\grana.scr
C:\Windows\system32\gray.exe
C:\Windows\system32\green.exe
C:\Windows\system32\gsmutx.exe
C:\Windows\system32\gsx2.exe
C:\Windows\system32\h435adlc.dll
C:\Windows\system32\haha.exe
C:\Windows\system32\hanonvt.ini
C:\Windows\system32\help.scr
C:\Windows\system32\HEREBABYs.exe
C:\Windows\system32\Hide32.exe
C:\Windows\system32\hidekit.exe
C:\Windows\system32\hiholl.com
C:\Windows\system32\hlpsrv.exe
C:\Windows\system32\hork.exe
C:\Windows\system32\hostfast.cmd
C:\Windows\system32\hosts.exe
C:\Windows\system32\hosts.scr
C:\Windows\system32\hosts.txt
C:\Windows\system32\hosts2.scr
C:\Windows\system32\hptzb02.exe
C:\Windows\system32\hs.exe
C:\Windows\system32\hsvwer4.dll
C:\Windows\system32\hsvwer9.dll
C:\Windows\system32\html.txt
C:\Windows\system32\htssv.exe
C:\Windows\system32\i.exe
C:\Windows\system32\i32yyc.exe
C:\Windows\system32\i5iphe.exe
C:\Windows\system32\icone.exe
C:\Windows\system32\icpldrv.exe
C:\Windows\system32\icpldrvx.exe
C:\Windows\system32\icpldrvx.js
C:\Windows\system32\icwpslbi.exe
C:\Windows\system32\ie.exe
C:\Windows\system32\iefav
C:\Windows\system32\iefav\tools\SpyWinWb.dll
C:\Windows\system32\iefav\tools4\SpyWinWb.dll
C:\Windows\system32\iefav\toolz\SpyWinWb.dll
C:\Windows\system32\iewq32.exe
C:\Windows\system32\IEXPLORE.exe
C:\Windows\system32\iexplore.scr
C:\Windows\system32\iexplorer.dll.exe
C:\Windows\system32\iexplorer.exe
C:\Windows\system32\iissmspb.dll
C:\Windows\system32\img.cmd
C:\Windows\system32\IMG0007.rar
C:\Windows\system32\IMG0007.zip
C:\Windows\system32\imglog.scr
C:\Windows\system32\imglong.exe
C:\Windows\system32\imglong.pif
C:\Windows\system32\ImgPaint.exe
C:\Windows\system32\imgrb.scr
C:\Windows\system32\imgrbs.scr
C:\Windows\system32\imgrd.scr
C:\Windows\system32\imgrt.scr
C:\Windows\system32\imstcallback.exe
C:\Windows\system32\inetlibx.exe
C:\Windows\system32\infowshb.dll
C:\Windows\system32\InternetAccsess532.dll
C:\Windows\system32\intlprinters.exe
C:\Windows\system32\invadido.exe
C:\Windows\system32\ipprbatm.dll
C:\Windows\system32\irpf.exe
C:\Windows\system32\Isass.exe
C:\Windows\system32\Isass.scr
C:\Windows\system32\isass32.exe
C:\Windows\system32\isrprf32.dll
C:\Windows\system32\isrprov.exe
C:\Windows\system32\issas0x.scr
C:\Windows\system32\j6w5b1ksec.dll
C:\Windows\system32\jamaica.exe
C:\Windows\system32\java.cmd
C:\Windows\system32\java.scr
C:\Windows\system32\javajrk.exe
C:\Windows\system32\javas.exe
C:\Windows\system32\jpb.exe
C:\Windows\system32\jshxw.exe
C:\Windows\system32\jubswwe
C:\Windows\system32\jucshed.cmd
C:\Windows\system32\Juegs.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\JVM.exe
C:\Windows\system32\JVM0.exe
C:\Windows\system32\JVMa.exe
C:\Windows\system32\kavsvc32.exe
C:\Windows\system32\kbdemsdm.dat
C:\Windows\system32\kbdemsdm.dll
C:\Windows\system32\kbdemsdm.dll
C:\Windows\system32\kbdemsdm.exe
C:\Windows\system32\kbdnmfc4.dll
C:\Windows\system32\kerlupa.exe
C:\Windows\system32\kernels32.exe
C:\Windows\system32\killdesig.exe
C:\Windows\system32\kimhelpmak.exe
C:\Windows\system32\klpp.exe
C:\Windows\system32\kmsklx.exe
C:\Windows\system32\ksmmtq.exe
C:\Windows\system32\kyfffo.exe
C:\Windows\system32\le.exe
C:\Windows\system32\leetch32.exe
C:\Windows\system32\lexplore.exe
C:\Windows\system32\Lexplorer.exe
C:\Windows\system32\libcinet.exe
C:\Windows\system32\libcintle.dll
C:\Windows\system32\libcintle2.dll
C:\Windows\system32\libcintles3.dll
C:\Windows\system32\libhelps.dll
C:\Windows\system32\libinets.dll
C:\Windows\system32\libmsns.dll
C:\Windows\system32\libweb.dll
C:\Windows\system32\libwinets.dll
C:\Windows\system32\list.exe
C:\Windows\system32\locadx3j.dll
C:\Windows\system32\login.dll
C:\Windows\system32\logon.com
C:\Windows\system32\logon.exe
C:\Windows\system32\logon1.scr
C:\Windows\system32\logon2.scr
C:\Windows\system32\logunit.sys
C:\Windows\system32\lookatme.exe
C:\Windows\system32\love_me.pif
C:\Windows\system32\lprhwinn.exe
C:\Windows\system32\lsass2.exe
C:\Windows\system32\lsass32.exe
C:\Windows\system32\lsass47.exe
C:\Windows\system32\lsasss.exe
C:\Windows\system32\lsassss.exe
C:\Windows\system32\lssas.exe
C:\Windows\system32\lvss.exe
C:\Windows\system32\mag_cscd.dat
C:\Windows\system32\mag_cscd.dll
C:\Windows\system32\mag_cscd.exe
C:\Windows\system32\malware.exe
C:\Windows\system32\mangal.exe
C:\Windows\system32\mdn.exe
C:\Windows\system32\MEGATRON.ini
C:\Windows\system32\Mensagem.exe
C:\Windows\system32\mess.scr
C:\Windows\system32\messenger.exe
C:\Windows\system32\messenger.scr
C:\Windows\system32\messenger32.scr
C:\Windows\system32\mgmsgr.exe
C:\Windows\system32\Microsoft.exe
C:\Windows\system32\microsoft\backup.ftp
C:\Windows\system32\microsoft\backup.tftp
C:\Windows\system32\mkdrxz.exe
C:\Windows\system32\mkrshcx.exe
C:\Windows\system32\modulo1.exe
C:\Windows\system32\modulo2.exe
C:\Windows\system32\modulo3.exe
C:\Windows\system32\mpeg4dec0.dll
C:\Windows\system32\mrjaskr.exe
C:\Windows\system32\mrjasmr.exe
C:\Windows\system32\msbcs.exe
C:\Windows\system32\msbcs.scr
C:\Windows\system32\msbiwmip.dll
C:\Windows\system32\mscheldbnp.scr
C:\Windows\system32\Mscheldncx.scr
C:\Windows\system32\Mscheldork.scr
C:\Windows\system32\mscmippr.dat
C:\Windows\system32\mscmippr.dll
C:\Windows\system32\mscmippr.exe
C:\Windows\system32\msconf.exe
C:\Windows\system32\msftmssw.exe
C:\Windows\system32\MsgPlus.exe
C:\Windows\system32\msgraphics.exe
C:\Windows\system32\msgrcg32.scr
C:\Windows\system32\mshtmldat32.exe
C:\Windows\system32\mshtmsdt.dll
C:\Windows\system32\msihlprm.exe
C:\Windows\system32\msload.exe
C:\Windows\system32\msmgsr.exe
C:\Windows\system32\msmsgr.exe
C:\Windows\system32\MSMSN32.EXE
C:\Windows\system32\msn.dll
C:\Windows\system32\msn.exe
C:\Windows\system32\msn.scr
C:\Windows\system32\MSN_ENVIA.exe
C:\Windows\system32\MSN_MSS.exe
C:\Windows\system32\msn32.exe
C:\Windows\system32\msn6.3.exe
C:\Windows\system32\msnconf.exe
C:\Windows\system32\MSNENVIA.exe
C:\Windows\system32\msnfile.exe
C:\Windows\system32\msnfix.exe
C:\Windows\system32\msng.exe
C:\Windows\system32\msngr.exe
C:\Windows\system32\msngrn.exe
C:\Windows\system32\msninet.exe
C:\Windows\system32\msnix.scr
C:\Windows\system32\MSNMGS1.exe
C:\Windows\system32\msnms.exe
C:\Windows\system32\msnmsegr.exe
C:\Windows\system32\msnmsg.exe
C:\Windows\system32\msnmsgr.exe
C:\Windows\system32\msnmsgs.exe
C:\Windows\system32\msnmsnr.exe
C:\Windows\system32\msnmsnr.scr
C:\Windows\system32\msnmssgr.exe
C:\Windows\system32\msnn.exe
C:\Windows\system32\msnnsgr.exe
C:\Windows\system32\msnplus.exe
C:\Windows\system32\msnpop.exe
C:\Windows\system32\msnsgs.exe
C:\Windows\system32\msnsupport.exe
C:\Windows\system32\msnus.exe
C:\Windows\system32\MSNWA.exe
C:\Windows\system32\msnwisterd.exe
C:\Windows\system32\msnworm.exe
C:\Windows\system32\MSOffice.exe
C:\Windows\system32\msout.exe
C:\Windows\system32\msprwinn.dat
C:\Windows\system32\msprwinn.dll
C:\Windows\system32\msprwinn.exe
C:\Windows\system32\msreg.exe
C:\Windows\system32\msscdpnm.exe
C:\Windows\system32\mssend.exe
C:\Windows\system32\mssnn.exe
C:\Windows\system32\msssn.exe
C:\Windows\system32\mstrust32.dll
C:\Windows\system32\mswxvz.exe
C:\Windows\system32\msxml32.exe
C:\Windows\system32\mw.exe
C:\Windows\system32\naked_party.pif
C:\Windows\system32\naoadianta.exe
C:\Windows\system32\Navaps.scr
C:\Windows\system32\navy.exe
C:\Windows\system32\Negdo.exe
C:\Windows\system32\netburn.scr
C:\Windows\system32\netepade.scr
C:\Windows\system32\netlocca.dat
C:\Windows\system32\netlocca.dll
C:\Windows\system32\netlocca.exe
C:\Windows\system32\NetMeeting.exe
C:\Windows\system32\netsupp.dll
C:\Windows\system32\newsystem25.dll
C:\Windows\system32\nfw32.exe
C:\Windows\system32\nmevscrr.exe
C:\Windows\system32\nostd.scr
C:\Windows\system32\not_uno.exe
C:\Windows\system32\notepadd.exe
C:\Windows\system32\notice.dll
C:\Windows\system32\notiffy.dll
C:\Windows\system32\NSecurity.exe
C:\Windows\system32\nsnmsgr.exe
C:\Windows\system32\nsstd.scr
C:\Windows\system32\ntssv.exe
C:\Windows\system32\nvbsvc.exe
C:\Windows\system32\nvcpll.exe
C:\Windows\system32\nvsvc64.exe
C:\Windows\system32\oddysee.exe
C:\Windows\system32\office.exe
C:\Windows\system32\oi.exe
C:\Windows\system32\okt.exe
C:\Windows\system32\opengll.exe
C:\Windows\system32\openglx.exe
C:\Windows\system32\orgut.exe
C:\Windows\system32\orgut.scr
C:\Windows\system32\ork.exe
C:\Windows\system32\orkut.scr
C:\Windows\system32\orkut_jptsky.exe
C:\Windows\system32\OSSMTP.DLL
C:\Windows\system32\Outlook Express.exe
C:\Windows\system32\partner.log
C:\Windows\system32\perfdisp.dat
C:\Windows\system32\perfdisp.dll
C:\Windows\system32\perfdisp.exe
C:\Windows\system32\PerfStringV4.9.dll
C:\Windows\system32\photoalbum.rar
C:\Windows\system32\photoalbum.zip
C:\Windows\system32\photopaint.exe
C:\Windows\system32\photopoint.exe
C:\Windows\system32\photos.rar
C:\Windows\system32\plugim.exe
C:\Windows\system32\plugin.exe
C:\Windows\system32\plugin.scr
C:\Windows\system32\plugin.txt
C:\Windows\system32\Plugin1.dat
C:\Windows\system32\pluginx.exe
C:\Windows\system32\poison.sys
C:\Windows\system32\Principal.exe
C:\Windows\system32\printers.exe
C:\Windows\system32\prodigy323.dll
C:\Windows\system32\prodigys323.dll
C:\Windows\system32\program1.exe
C:\Windows\system32\pruas.exe
C:\Windows\system32\psapuman.exe
C:\Windows\system32\psnppack.dll
C:\Windows\system32\quegrilo.scr
C:\Windows\system32\querdgne.dat
C:\Windows\system32\querdgne.dll
C:\Windows\system32\querdgne.exe
C:\Windows\system32\rafba.dll
C:\Windows\system32\Raid_N.exe
C:\Windows\system32\rdcshost32.exe
C:\Windows\system32\rdfhost.dll
C:\Windows\system32\rdihost.dll
C:\Windows\system32\rdpszipf.dll
C:\Windows\system32\rdshost.dll
C:\Windows\system32\rdshost32.exe
C:\Windows\system32\red.exe
C:\Windows\system32\reg_0001.txt
C:\Windows\system32\regcleaner.exe
C:\Windows\system32\regserve.exe
C:\Windows\system32\remote.cmd
C:\Windows\system32\Restore\restore.exe
C:\Windows\system32\reterx.exe
C:\Windows\system32\revolution.exe
C:\Windows\system32\robin.exe
C:\Windows\system32\rpcnqasf.dll
C:\Windows\system32\rpmsvc.exe
C:\Windows\system32\rstwa.ini
C:\Windows\system32\rstwa.tmp
C:\Windows\system32\rtutvb5d.dll
C:\Windows\system32\rundl132.exe
C:\Windows\system32\s2.exe
C:\Windows\system32\sarcaz.scr
C:\Windows\system32\scamdisk.exe
C:\Windows\system32\scammdisk.exe
C:\Windows\system32\scbs.scr
C:\Windows\system32\scfvost.exe
C:\Windows\system32\schostt.exe
C:\Windows\system32\schoty.cmd
C:\Windows\system32\scp3wiav.dll
C:\Windows\system32\sdrivew32.exe
C:\Windows\system32\seclkbdn.dll
C:\Windows\system32\Security\Firewall.exe
C:\Windows\system32\Security\klog.dat
C:\Windows\system32\Security\WinUpdate.exe
C:\Windows\system32\segder32.exe
C:\Windows\system32\segtem32.exe
C:\Windows\system32\segtem332.exe
C:\Windows\system32\sender32.exe
C:\Windows\system32\sendwmdm.exe
C:\Windows\system32\serbw.exe
C:\Windows\system32\server.exe
C:\Windows\system32\service.exe
C:\Windows\system32\service\navupdt.exe
C:\Windows\system32\service\navupdt2.exe
C:\Windows\system32\service\service.dll
C:\Windows\system32\service\service.dll*
C:\Windows\system32\service\service2.dll
C:\Windows\system32\service\services.exe
C:\Windows\system32\servicer.exe
C:\Windows\system32\servico.exe
C:\Windows\system32\servics.exe
C:\Windows\system32\setting.ini
C:\Windows\system32\setupx32.exe
C:\Windows\system32\sever32.exe
C:\Windows\system32\sevicess.scr
C:\Windows\system32\sexy_bedroom.pif
C:\Windows\system32\shdosbei.dat
C:\Windows\system32\shdosbei.dll
C:\Windows\system32\shdosbei.exe
C:\Windows\system32\shell32dll.exe
C:\Windows\system32\SICB.exe
C:\Windows\system32\SICB.scr
C:\Windows\system32\simdataconf.dll
C:\Windows\system32\sistema.exe
C:\Windows\system32\sistrat.scr
C:\Windows\system32\skcvhost.exe
C:\Windows\system32\skcvhosthk.dll
C:\Windows\system32\skcvhostr.exe
C:\Windows\system32\Skype.exe
C:\Windows\system32\smcfg32.exe
C:\Windows\system32\smics.exe
C:\Windows\system32\sms.scr
C:\Windows\system32\smsc.exe
C:\Windows\system32\smsc.txt
C:\Windows\system32\smsl.exe
C:\Windows\system32\smss.ini
C:\Windows\system32\snagos.exe
C:\Windows\system32\snengine.exe
C:\Windows\system32\sp2.exe
C:\Windows\system32\spls.exe
C:\Windows\system32\spooIsv.exe
C:\Windows\system32\spooldr.sys
C:\Windows\system32\spools.scr
C:\Windows\system32\spoolsa.scr
C:\Windows\system32\spoolsvc.exe
C:\Windows\system32\spoolsvr.exe
C:\Windows\system32\spoolzha.scr
C:\Windows\system32\sprY.exe
C:\Windows\system32\spvspool.exe
C:\Windows\system32\spwwlsa.scr
C:\Windows\system32\sqlsusrs.exe
C:\Windows\system32\ssms.scr
C:\Windows\system32\ssvichosst.exe
C:\Windows\system32\ssvschost.sys
C:\Windows\system32\strad.exe
C:\Windows\system32\su40uue.dll
C:\Windows\system32\Supervise.exe
C:\Windows\system32\supoolsvc.exe
C:\Windows\system32\svch0st.exe
C:\Windows\system32\SVCH0STl.exe
C:\Windows\system32\SVCH0STll.EXE
C:\Windows\system32\svchon32.exe
C:\Windows\system32\svchoost.exe
C:\Windows\system32\svchosd.scr
C:\Windows\system32\svchosdt.scr
C:\Windows\system32\svchost.scr
C:\Windows\system32\svchost1.exe
C:\Windows\system32\svchost32.exe
C:\Windows\system32\svchosted.scr
C:\Windows\system32\Svchosts.exe
C:\Windows\system32\svchostss.exe
C:\Windows\system32\svcmgrs.exe
C:\Windows\system32\svcp.csv
C:\Windows\system32\svcsky32.exe
C:\Windows\system32\svhootss.exe
C:\Windows\system32\svhoskil.exe
C:\Windows\system32\svhossst.exe
C:\Windows\system32\svhost.exe
C:\Windows\system32\svhost.pif
C:\Windows\system32\svhostt32.exe
C:\Windows\system32\svhotss.exe
C:\Windows\system32\svohost.exe
C:\Windows\system32\svschost.sys
C:\Windows\system32\svshot.exe
C:\Windows\system32\svshott.exe
C:\Windows\system32\svvshot.exe
C:\Windows\system32\svxosted.scr
C:\Windows\system32\SwcHost.exe
C:\Windows\system32\swchosthed.scr
C:\Windows\system32\sys.txt
C:\Windows\system32\sys\smss.exe
C:\Windows\system32\sys32dll.exe
C:\Windows\system32\SYSARC.EXE
C:\Windows\system32\sysDesktop.scr
C:\Windows\system32\sysedir.exe
C:\Windows\system32\syshelps.dll
C:\Windows\system32\syshosts.dll
C:\Windows\system32\sysiff_v.dll
C:\Windows\system32\syslinks2.dll
C:\Windows\system32\syspoint.dll
C:\Windows\system32\syspoints.dll
C:\Windows\system32\sysprinters.dll
C:\Windows\system32\sysrcvr2.dll
C:\Windows\system32\sysrcvr246.dll
C:\Windows\system32\sysstrat.scr
C:\Windows\system32\syst.exe
C:\Windows\system32\System.exe
C:\Windows\system32\system1591.exe
C:\Windows\system32\system32.exe
C:\Windows\system32\system32\server32.exe
C:\Windows\system32\system32\system32.exe
C:\Windows\system32\system321.exe
C:\Windows\system32\system34.exe
C:\Windows\system32\system64.exe
C:\Windows\system32\systemdll.exe
C:\Windows\system32\systemuse.cmd
C:\Windows\system32\systen32.exe
C:\Windows\system32\systesrt32.dll
C:\Windows\system32\systray.scr
C:\Windows\system32\systs.exe
C:\Windows\system32\sysviews.dll
C:\Windows\system32\szsvc.exe
C:\Windows\system32\tagasuarus*.exe
C:\Windows\system32\task.exe
C:\Windows\system32\task32.exe
C:\Windows\system32\taskcvrd32.exe
C:\Windows\system32\taskkmgr.exe
C:\Windows\system32\tasklist32.exe
C:\Windows\system32\taskmaneger.exe
C:\Windows\system32\taskmgra.com
C:\Windows\system32\taskmgrd.scr
C:\Windows\system32\taskmgrxp.exe
C:\Windows\system32\taskngr.exe
C:\Windows\system32\tempatu.exe
C:\Windows\system32\tempo.exe
C:\Windows\system32\terrasvhost.exe
C:\Windows\system32\TFTP3800
C:\Windows\system32\time.exe
C:\Windows\system32\tsklist32.exe
C:\Windows\system32\tskmrg2.scr
C:\Windows\system32\tsorfib.exe
C:\Windows\system32\Ttt.exe
C:\Windows\system32\tv.exe
C:\Windows\system32\unesta.exe
C:\Windows\system32\unknown32.exe
C:\Windows\system32\untitleds32.exe
C:\Windows\system32\update.cmd
C:\Windows\system32\updated.exe
C:\Windows\system32\updatexp.exe
C:\Windows\system32\updte.exe
C:\Windows\system32\updtx.exe
C:\Windows\system32\upsystem.exe
C:\Windows\system32\urdvxc.exe
C:\Windows\system32\urlmsnlink.dat
C:\Windows\system32\usrliiss.dll
C:\Windows\system32\valentine_card.zip
C:\Windows\system32\VB6.EXE
C:\Windows\system32\vbsys2.dll
C:\Windows\system32\verme_chato.exe
C:\Windows\system32\video.exe
C:\Windows\system32\video.rar
C:\Windows\system32\video.zip
C:\Windows\system32\virus.exe
C:\Windows\system32\vmmreg32.exe
C:\Windows\s
2 Novembre 2007 18:46:42

il n'est pas en entier voici la fin (sachant qu'il faut enlever la dernière ligne du message précédent):
C:\Windows\system32\vpcrtf.exe
C:\Windows\system32\vsmon.exe
C:\Windows\system32\w08hbq.exe
C:\Windows\system32\w32_mjd.dll
C:\Windows\system32\warning.exe
C:\Windows\system32\wcntfy.exe
C:\Windows\system32\wconf32.exe
C:\Windows\system32\wdfdgmr.exe
C:\Windows\system32\Webcam_004.pif
C:\Windows\system32\wepwep1.com
C:\Windows\system32\white.exe
C:\Windows\system32\Win 98.exe
C:\Windows\system32\Win XP.exe
C:\Windows\system32\Win32.exe
C:\Windows\system32\win32config.exe
C:\Windows\system32\win32dlll.exe
C:\Windows\system32\win32xp.dll
C:\Windows\system32\win442.dll
C:\Windows\system32\winamp.exe
C:\Windows\system32\winbo32.exe
C:\Windows\system32\WINdirect.exe
C:\Windows\system32\Windows Update.exe
C:\Windows\system32\windows.cmd
C:\Windows\system32\windows.exe
C:\Windows\system32\Windows.scr
C:\Windows\system32\Windows32.exe
C:\Windows\system32\windserv.exe
C:\Windows\system32\wingo.exe
C:\Windows\system32\winHelp.exe
C:\Windows\system32\winhelp1.com
C:\Windows\system32\winhelp2.com
C:\Windows\system32\winhelp3.com
C:\Windows\system32\winhelp4.com
C:\Windows\system32\winhelp5.cmd
C:\Windows\system32\winhill.com
C:\Windows\system32\winIogon.exe
C:\Windows\system32\winjava.scr
C:\Windows\system32\winktsisx.exe
C:\Windows\system32\winlgcvers.exe
C:\Windows\system32\winlogin.exe
C:\Windows\system32\winlogon_.jpg
C:\Windows\system32\winshost.exe
C:\Windows\system32\winstall.exe
C:\Windows\system32\winsub.xml
C:\Windows\system32\winupdate.exe
C:\Windows\system32\winupdate128.exe
C:\Windows\system32\winUpdateNew.exe
C:\Windows\system32\winupdbc.exe
C:\Windows\system32\Winuser.exe
C:\Windows\system32\winviews32.dll
C:\Windows\system32\winxp.exe
C:\Windows\system32\wkssmsjt.dll
C:\Windows\system32\wldadisp.dat
C:\Windows\system32\wldadisp.dll
C:\Windows\system32\wldadisp.exe
C:\Windows\system32\wlm.scr
C:\Windows\system32\wmauhype.dll
C:\Windows\system32\wmhs32.dll
C:\Windows\system32\wmsip.dll
C:\Windows\system32\wndrivs32.exe
C:\Windows\system32\wnlsos.exe
C:\Windows\system32\work.exe
C:\Windows\system32\WorkFile.exe
C:\Windows\system32\WormList.exe
C:\Windows\system32\wormmsn.scr
C:\Windows\system32\wpabaln32.exe
C:\Windows\system32\wpabalnm.exe
C:\Windows\system32\wqsoft.exe
C:\Windows\system32\wsass32.exe
C:\Windows\system32\wshrmqis.dll
C:\Windows\system32\wsnctfy.exe
C:\Windows\system32\wsyial.exe
C:\Windows\system32\wuamgrd.exe
C:\Windows\system32\wuaucltr.exe
C:\Windows\system32\wzip32.exe
C:\Windows\system32\xex1.dll
C:\Windows\system32\Xeyu.exe
C:\Windows\system32\xg165.exe
C:\Windows\system32\xkykdldc.bat
C:\Windows\system32\xphost.scr
C:\Windows\system32\xpoa.scr
C:\Windows\system32\Xsfr.exe
C:\Windows\system32\xsmith.scr
C:\Windows\system32\yellon.exe
C:\Windows\system32\yo_posse_007.jpg.exe
C:\Windows\system32\yrtsiger.bat
C:\Windows\system32\yspoint.dll
C:\Windows\system32\ZaZ.exe
C:\Windows\system32\zitrat.scr
C:\Windows\system32\zpoa.scr
C:\Windows\system32\zser.exe
2 Novembre 2007 18:58:01

et voici le document textes upload:
C:\Users\Bels\AppData\Local\Temp\GS4.tmp
C:\Windows\inf\svchost.exe
C:\Windows\spolis.exe
C:\Windows\system\winglogon.exe
C:\Windows\xlavra.exe
C:\Windows\system32\applayerd.exe
C:\Windows\system32\cc.dll
C:\Windows\system32\cMessengerMD.dll
C:\Windows\system32\hMessengerMD.dll
C:\Windows\system32\hnetvdsh.dll
C:\Windows\system32\hnetvdsh.exe
C:\Windows\system32\iplebaepv.exe
C:\Windows\system32\ishst.exe
C:\Windows\system32\lechuck.exe
C:\Windows\system32\msnbmd.dll
C:\Windows\system32\msnemd.dll
C:\Windows\system32\msngmd.dll
C:\Windows\system32\msnmsngrs.exe
C:\Windows\system32\msnpmd.dll
C:\Windows\system32\msnxmd.dll
C:\Windows\system32\odbtnj.exe
C:\Windows\system32\plugnplay.exe
C:\Windows\system32\q.exe
C:\Windows\system32\qxxhmcgnewa.exe
C:\Windows\system32\runsvc.exe
C:\Windows\system32\rwx.exe
C:\Windows\system32\shower.MYPH0T0.com
C:\Windows\system32\syshelp.dll
C:\Windows\system32\wauservices.exe
C:\Windows\system32\winhost.exe
C:\Windows\system32\wins.exe
C:\Windows\system32\wmpsvc.exe
C:\Windows\system32\zip32.dll
C:\Users\Bels\AppData\Local\Temp\facebookfoto.zip
C:\Users\Bels\AppData\Local\Temp\mispicturas.zip

merci pour votre aide
a b 8 Sécurité
2 Novembre 2007 18:59:15

C'est pas ça.
Reposte un rapport Hijackthis.
2 Novembre 2007 19:11:22

le vla:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:13, on 02/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Windows\LBTWiz.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\System32\mobsync.exe
C:\Users\Bels\Downloads\anti-virus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LBTWiz.exe] C:\Windows\LBTWiz.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSN...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12876 bytes
2 Novembre 2007 20:15:07

en voici un mais je ne sais pas si c'est le bon donc j'en ai recomencé un:
02.11.2007 19:53:17 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
02.11.2007 19:53:17 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
02.11.2007 19:53:17 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\
02.11.2007 19:53:17 - Start the Update GUI... Displaymode: 0

02.11.2007 19:53:17 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
02.11.2007 19:53:17 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
02.11.2007 19:53:17 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\
02.11.2007 19:53:17 - Start the Update GUI... Displaymode: 0

02.11.2007 19:53:21 - Keyfile: OK [FULL Mode]

02.11.2007 19:53:21 - Avira AntiVir PersonalEdition Classic

02.11.2007 19:53:30 - Master IDX file has changed
02.11.2007 19:53:39 - Keyfile: OK [FULL Mode]

02.11.2007 19:53:40 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/classic-nt-en.info.gz
02.11.2007 19:53:42 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:53:42 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/vdf.info.gz
02.11.2007 19:53:47 - Keyfile: OK [FULL Mode]

02.11.2007 19:53:47 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/specvir-nt.info.gz
02.11.2007 19:53:48 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/engine.info.gz
02.11.2007 19:53:49 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/engine-nt-en.info.gz
02.11.2007 19:53:51 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
02.11.2007 19:53:52 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 1.2.10.20 < 1.2.10.21
02.11.2007 19:53:52 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 77
02.11.2007 19:53:52 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 7.2.0.13 < 7.2.0.16
02.11.2007 19:53:52 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 7.0.0.81 < 7.0.0.82
02.11.2007 19:53:53 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\ccguard.dll 7.0.1.34 < 7.0.1.35
02.11.2007 19:53:54 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe 7.0.0.34 < 7.0.0.35
02.11.2007 19:53:55 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\ProgramData\ Files: 1
02.11.2007 19:53:55 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
02.11.2007 19:53:55 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
02.11.2007 19:53:56 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.0.1 < 7.0.0.140
02.11.2007 19:53:56 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.0.2 < 7.0.0.164
02.11.2007 19:53:56 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
02.11.2007 19:53:56 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
02.11.2007 19:53:57 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll 7.6.0.15 < 7.6.0.30
02.11.2007 19:53:57 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
02.11.2007 19:53:57 - Module: DRV Source: winwks\en\ Destination: C:\Windows\SYSTEM32\drivers\ Files: 4
02.11.2007 19:53:57 - C:\Windows\SYSTEM32\drivers\avipbb.sys 1.0.2.11 < 1.0.2.13
02.11.2007 19:53:57 - Minifilter is installed

02.11.2007 19:53:57 - Minifilter is possible

02.11.2007 19:53:57 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

02.11.2007 19:53:57 - File basic-nt/xp/avgntdd.sys which was recognized as modified, must not be updated
02.11.2007 19:53:57 - File basic-nt/xp/avgntmgr.sys which was recognized as modified, must not be updated
02.11.2007 19:53:57 - Initialize avnotify.exe

02.11.2007 19:54:00 - Starting avnotify.exe successful

02.11.2007 19:54:00 - Preparing to download files
02.11.2007 19:54:00 - 10 files need to be downloaded / copied from http://dl7.avgate.net/upd/
02.11.2007 19:54:00 - #1: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/updlib.dll... to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt/updlib.dll
02.11.2007 19:54:05 - #2: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avgnt.exe.... to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt/avgnt.exe
02.11.2007 19:54:08 - #3: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avguard.ex... to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt/avguard.exe
02.11.2007 19:54:12 - #4: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/ccguard.dl... to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt/ccguard.dll
02.11.2007 19:54:14 - #5: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/preupd.exe... to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt/preupd.exe
02.11.2007 19:54:17 - #6: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/addr_file.... to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt/addr_file.html
02.11.2007 19:54:18 - #7: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir2.vdf.gz to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\vdf\antivir2.vdf
02.11.2007 19:54:30 - #8: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir3.vdf.gz to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\vdf\antivir3.vdf
02.11.2007 19:54:33 - #9: Downloading and extracting http://dl7.avgate.net/upd/engine/avewin32.dll.gz to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\engine\avewin32.dll
02.11.2007 19:54:49 - #10: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/basic-nt/avipbb.sys... to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt/avipbb.sys
02.11.2007 19:55:04 - Service AVEService is not installed

02.11.2007 19:55:04 - Service AntiVirMailService is not installed

02.11.2007 19:55:04 - Initialize fwinst.exe

02.11.2007 19:55:04 - Initialize fwinst.exe

02.11.2007 19:55:04 - Service AntiVirFirewallService is not installed

02.11.2007 19:55:04 - Service antivirwebservice is not installed

02.11.2007 19:55:04 - Status of service AntiVirService is running

02.11.2007 19:55:04 - Initialize avgnt.exe

02.11.2007 19:55:04 - Status of service AntiVirScheduler is running

02.11.2007 19:55:04 - Minifilter is installed

02.11.2007 19:55:04 - Minifilter is possible

02.11.2007 19:55:04 - Initialize avscan.exe

02.11.2007 19:55:04 - Initialize avconfig.cpl

02.11.2007 19:55:04 - Initialize avcenter.exe

02.11.2007 19:55:04 - shell extension is installed

02.11.2007 19:55:04 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

02.11.2007 19:55:04 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

02.11.2007 19:55:04 - Service AVEService is not installed

02.11.2007 19:55:04 - Service AntiVirMailService is not installed

02.11.2007 19:55:04 - Initialize fwinst.exe

02.11.2007 19:55:04 - Initialize fwinst.exe

02.11.2007 19:55:04 - Service AntiVirFirewallService is not installed

02.11.2007 19:55:04 - shell extension is installed

02.11.2007 19:55:04 - Initialize regsvr32.exe

02.11.2007 19:55:07 - shell extension removed successfully

02.11.2007 19:55:07 - avgnt.exe closed.

02.11.2007 19:55:07 - Status of service AntiVirScheduler is running

02.11.2007 19:55:07 - Service AntiVirScheduler successfully stopped

02.11.2007 19:55:07 - Status of service AntiVirService is running

02.11.2007 19:55:09 - Service AntiVirService successfully stopped

02.11.2007 19:55:09 - Starting to install
02.11.2007 19:55:10 - Processing module SELFUPDATE Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
02.11.2007 19:55:19 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\SelfUpdateTemp\update.exe --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}".Self Update helper
02.11.2007 19:55:22 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
02.11.2007 19:55:22 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
02.11.2007 19:55:22 - Temp Directory: C:\Windows\TEMP\Update_Temp\
02.11.2007 19:55:22 - Avira AntiVir PersonalEdition Classic

02.11.2007 19:55:22 - Self update: Copying file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt/updlib.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
02.11.2007 19:55:22 - Executing original update application
02.11.2007 19:55:22 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe --config-file="C:\ProgramData\Avira\AntiVir PersonalEdition Classic\update.conf" --install-path="C:\Program Files\Avira\AntiVir PersonalEdition Classic" --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}" --NoSelfUpdate "--TmpDir=C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d" "--LogFile=C:\ProgramData\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2007-11-02-19-53-17.log" "--TmpFilesList=C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\ToRemove.txt".Executing original update application
02.11.2007 19:55:23 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
02.11.2007 19:55:23 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
02.11.2007 19:55:23 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\
02.11.2007 19:55:24 - Start the Update GUI... Displaymode: 0

02.11.2007 19:55:24 - Avira AntiVir PersonalEdition Classic

02.11.2007 19:55:24 - Master IDX file has changed
02.11.2007 19:55:24 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
02.11.2007 19:55:24 - Downloading the product.info file from http://dl6.avgate.net/upd/idx/vdf.info.gz
02.11.2007 19:55:24 - Downloading the product.info file from http://dl6.avgate.net/upd/idx/specvir-nt.info.gz
02.11.2007 19:55:24 - Downloading the product.info file from http://dl6.avgate.net/upd/idx/engine.info.gz
02.11.2007 19:55:24 - Downloading the product.info file from http://dl6.avgate.net/upd/idx/engine-nt-en.info.gz
02.11.2007 19:55:24 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
02.11.2007 19:55:25 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 77
02.11.2007 19:55:26 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\ProgramData\ Files: 1
02.11.2007 19:55:26 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
02.11.2007 19:55:26 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
02.11.2007 19:55:26 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
02.11.2007 19:55:26 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
02.11.2007 19:55:26 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
02.11.2007 19:55:26 - Module: DRV Source: winwks\en\ Destination: C:\Windows\SYSTEM32\drivers\ Files: 4
02.11.2007 19:55:26 - Minifilter is installed

02.11.2007 19:55:26 - Minifilter is possible

02.11.2007 19:55:26 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

02.11.2007 19:55:26 - File basic-nt/xp/avgntdd.sys which was recognized as modified, must not be updated
02.11.2007 19:55:26 - File basic-nt/xp/avgntmgr.sys which was recognized as modified, must not be updated
02.11.2007 19:55:26 - Preparing to download files
02.11.2007 19:55:26 - 9 files need to be downloaded / copied from http://dl6.avgate.net/upd/
02.11.2007 19:55:27 - File C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt\avgnt.exe.gz already exists in temporary folder and it will not be downloaded again
02.11.2007 19:55:27 - File C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt\avguard.exe.gz already exists in temporary folder and it will not be downloaded again
02.11.2007 19:55:27 - File C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt\ccguard.dll.gz already exists in temporary folder and it will not be downloaded again
02.11.2007 19:55:27 - File C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt\preupd.exe.gz already exists in temporary folder and it will not be downloaded again
02.11.2007 19:55:28 - File C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt\addr_file.html.gz already exists in temporary folder and it will not be downloaded again
02.11.2007 19:55:28 - File C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\vdf\antivir2.vdf.gz already exists in temporary folder and it will not be downloaded again
02.11.2007 19:55:28 - File C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\vdf\antivir3.vdf.gz already exists in temporary folder and it will not be downloaded again
02.11.2007 19:55:28 - File C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\engine\avewin32.dll.gz already exists in temporary folder and it will not be downloaded again
02.11.2007 19:55:28 - File C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\basic-nt\avipbb.sys.gz already exists in temporary folder and it will not be downloaded again
02.11.2007 19:55:28 - Starting to install
02.11.2007 19:55:31 - Processing module MAIN Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
02.11.2007 19:55:32 - File C:\ProgramData\addr_file.html will not be backed up because it doesn't exist
02.11.2007 19:55:32 - Processing module COMMAPPDATA Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\ Destination: C:\ProgramData\
02.11.2007 19:55:32 - Processing module VDF Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
02.11.2007 19:55:33 - Processing module ENGINE Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
02.11.2007 19:55:33 - Processing module DRV Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_472b721d\winwks\en\ Destination: C:\Windows\SYSTEM32\drivers\
02.11.2007 19:55:33 - A total of 9 files were updated
02.11.2007 19:55:33 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress

02.11.2007 19:55:33 - Service AVEService is not installed

02.11.2007 19:55:33 - Service AntiVirMailService is not installed

02.11.2007 19:55:33 - Initialize fwinst.exe

02.11.2007 19:55:33 - Initialize fwinst.exe

02.11.2007 19:55:34 - Service AntiVirFirewallService is not installed

02.11.2007 19:55:34 - Service antivirwebservice is not installed

02.11.2007 19:55:34 - Status of service AntiVirService is stopped

02.11.2007 19:55:34 - Initialize avgnt.exe

02.11.2007 19:55:34 - Status of service AntiVirScheduler is stopped

02.11.2007 19:55:34 - Minifilter is installed

02.11.2007 19:55:34 - Minifilter is possible

02.11.2007 19:55:34 - Initialize avscan.exe

02.11.2007 19:55:34 - Initialize avconfig.cpl

02.11.2007 19:55:34 - Initialize avcenter.exe

02.11.2007 19:55:34 - shell extension is installed

02.11.2007 19:55:34 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

02.11.2007 19:55:34 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

02.11.2007 19:55:40 - Service AntiVirService successfully started

02.11.2007 19:55:42 - Starting avgnt.exe successful

02.11.2007 19:55:44 - Service AntiVirScheduler successfully started

02.11.2007 19:55:44 - shell extension is installed

02.11.2007 19:55:44 - Initialize regsvr32.exe

02.11.2007 19:55:46 - installation of shell extension successful

02.11.2007 19:55:46 - Cannot start the service antivirwebservice

02.11.2007 19:55:46 - Dialup: 0

02.11.2007 19:55:46 - Downloaded bytes: 2743695

02.11.2007 19:55:46 - Downloaded file(s): 10

02.11.2007 19:55:46 - Downloaded file(s): updlib.dll; avgnt.exe; avguard.exe; ccguard.dll; preupd.exe; addr_file.html; antivir2.vdf; antivir3.vdf; avewin32.dll; avipbb.sys

02.11.2007 19:55:46 - Engine version local : 7.6.0.15

02.11.2007 19:55:46 - Engine version internet: 7.6.0.30

02.11.2007 19:55:46 - 0. VDF version local : 6.40.0.0

02.11.2007 19:55:46 - 0. VDF version internet: 6.40.0.0

02.11.2007 19:55:46 - 1. VDF version local : 7.0.0.0

02.11.2007 19:55:46 - 1. VDF version internet: 7.0.0.0

02.11.2007 19:55:46 - 2. VDF version local : 7.0.0.1

02.11.2007 19:55:46 - 2. VDF version internet: 7.0.0.140

02.11.2007 19:55:46 - 3. VDF version local : 7.0.0.2

02.11.2007 19:55:46 - 3. VDF version internet: 7.0.0.164

02.11.2007 19:55:46 - Required time: 00:23

02.11.2007 19:55:46 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate

02.11.2007 19:55:47 - Update finished successfully
2 Novembre 2007 23:32:11

voici le rapport du scan de antivir:


AntiVir PersonalEdition Classic
Report file date: vendredi 2 novembre 2007 21:57

Scanning for 913334 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: Bels
Computer name: PC-DE-BELS

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 18:55:32
ANTIVIR3.VDF : 7.0.0.164 127488 Bytes 02/11/2007 18:55:32
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 02/11/2007 18:55:33
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 2 novembre 2007 21:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
16 processes with 16 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\' <Vista>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\Bels\AppData\Local\VirtualStore\Windows\Nokia_19_jpg.zip
[0] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47969d53.qua'!
C:\Windows\Nokia_19_jpg.zip
[0] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47969ffc.qua'!
Begin scan in 'E:\' <Data>


End of the scan: vendredi 2 novembre 2007 23:19
Used time: 1:22:02 min

The scan has been done completely.

16340 Scanning directories
365926 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
365924 Files not concerned
2817 Archives were scanned
1 Warnings
1 Notes


a b 8 Sécurité
3 Novembre 2007 11:20:36

Reposte un rapport Hijackthis.
3 Novembre 2007 11:40:38

re,
le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:14, on 03/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\SPYWAR~1\STServer.Exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Bels\Downloads\anti-virus\HiJackThis.exe
C:\Users\Bels\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSN...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12632 bytes

merci
a b 8 Sécurité
3 Novembre 2007 11:47:15

Toujours pareil ?
3 Novembre 2007 11:52:16

non msn marche normalement. Pourquoi il es toujours là?
On m'a dit que cela pouvait etre un cheval de troie est ce vrai?
merci
a b 8 Sécurité
3 Novembre 2007 13:03:01

C'est normal. Désinstalle SweetIM puis reposte un rapport Hijackthis.
3 Novembre 2007 13:33:21

le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:10, on 03/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Bels\Downloads\anti-virus\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Users\Bels\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSN...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12547 bytes
3 Novembre 2007 14:13:21

j'ai moi aussi été infecté par le virus nokia....j'ai suivie vos conseil et utilisé msn fix voici le rapport:MSNFix 1.560

C:\Documents and Settings\Compaq_Propri‚taire\Bureau\MSNFix
Fix exécuté le 03/11/2007 - 13:56:05,31 By Compaq_Propri‚taire
mode normal

************************ Recherche les fichiers présents

... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\er-1-1148.exe
... C:\WINDOWS\LBTWiz.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Nokia_19_jpg.zip

************************ MSNCHK ***** /!\ beta test /!\

[!] C:\WINDOWS\Nokia_19_jpg.zip is INFECTED


************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\
... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
.. OK ... C:\er-1-1148.exe
/!\ ... C:\WINDOWS\LBTWiz.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip


************************ Suppression des dossiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\
.. OK ... C:\Temp\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\LBTWiz.exe
.. OK ... C:\WINDOWS\mrofinu*.exe



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 03112007_14015384.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

est ce que cela suffit pour que le virus disparraisse??
a b 8 Sécurité
3 Novembre 2007 20:15:05

Chacun son sujet :o 
===
D'autres questions ?
3 Novembre 2007 22:10:59

oui, est ce que je n'ai plus le virus, mon problème est il réglé.
merci
3 Novembre 2007 22:12:12

re,
oui, une questions:
est ce que je n'ai plus le virus? mon problème est il réglé?
merci
a b 8 Sécurité
4 Novembre 2007 00:06:37

Je pense que c'est ok.
4 Novembre 2007 00:28:57

ok merci de tout coeur de m'avoir sorti de se pétrain.
merci a vous d'aider bénévolement les gens.
au revoir et merci encore
a b 8 Sécurité
4 Novembre 2007 13:32:45

Merci :jap: 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS