Se connecter / S'enregistrer
Votre question

VIRUS INEFFACABLE

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Novembre 2007 18:52:49

Bonjour a tous.je suis nouveau ici et j'avai des questions a vous poser parce qu'il ya pas longtemps j'ai découvert un(meme plusieurs) virus sur mon ordinateur j'ai donc fait comme tous le monde aurait fait a ma place j'ai fais un scan du disque dur avec mon antivirus(avast) et il me les a tres bien trouver sauf que le problemes est qu'il reviennent sans cesse meme apres avoir coché la case pour les supprimés definitivement .J'ai essayé de faire un balayage totale du systeme avec SPYBOT meme chose il me les trouve les supprime et meme pas 1 minutes apres ils reviennent .AIDEZ-MOI SVP JE SUIS EN RADE JE SAIS PLUS KOI FAIRE

Autres pages sur : virus ineffacable

7 Novembre 2007 19:55:23

essai en mode sans echec
Contenus similaires
10 Novembre 2007 14:14:03

essayer quoi en mode sans echec
10 Novembre 2007 14:18:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:56, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\vlkghrlv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\service32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\mrofinu1000726.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\NettoyeurDePC\mc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\maxime.NOM-FB9B15D2723\Local Settings\Temporary Internet Files\Content.IE5\8HCABX3K\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {39DA8705-7E6F-436F-8367-44F0573D6046} - C:\WINDOWS\system32\qubdyney.dll (file missing)
O2 - BHO: (no name) - {4E748403-586D-45CA-BC6A-BCEB72BBE1D1} - C:\WINDOWS\system32\qubdyney.dll (file missing)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Documents and Settings\maxime.NOM-FB9B15D2723\Mes documents\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: {42d7e740-0de6-a98a-a764-aab58e63a6a6} - {6a6a36e8-5baa-467a-a89a-6ed0047e7d24} - C:\WINDOWS\system32\yqxdtlqy.dll
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {9B7170F9-7A1C-4D52-8646-B345DFA8DD6c} - C:\WINDOWS\system32\qubdyney.dll (file missing)
O2 - BHO: (no name) - {A0294D8C-AF29-40E1-8B0C-C71E768BFB62} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {B989001F-947C-4EAB-A184-AF52B22AB7A2} - C:\WINDOWS\system32\awvts.dll
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cc59fe08-79d2-44de-98ae-e611a13a47cb} - (no file)
O2 - BHO: (no name) - {CC726598-859D-44A8-A9B0-5B73B2B71EDa} - C:\WINDOWS\system32\qubdyney.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {F86E5810-8C28-41DE-8CB1-DE8344B46387} - C:\WINDOWS\system32\awtqn.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NI.UWA7PV_0001_N96M0206] "c:\documents and settings\patricia\application data\winantiviruspro2007freeinstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win199F.tmp.exe
O4 - HKLM\..\Run: [cabafua] c:\windows\system32\cabafua.exe cabafua
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000726.exe 61A847B5BBF72813329B385170FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D29332022288670A26F362E9AEE45B6C46E45F351EA453BC94DA7C57339B385675FB17FD97CB77
O4 - HKLM\..\Run: [ojgrefmn] rundll32.exe "C:\Program Files\jatijcly\dsvmjqbi.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\NettoyeurDePC\mc.exe" dm=http://nettoyeurdepc.com; ad=http://nettoyeurdepc.com
O4 - HKLM\..\Run: [6cd39e1b] rundll32.exe "C:\WINDOWS\system32\dkoobdhj.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NettoyeurDePC] C:\Program Files\NettoyeurDePC\GDC.exe
O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0048FCE.dat
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll (file missing)
O20 - Winlogon Notify: winhdn32 - C:\WINDOWS\SYSTEM32\winhdn32.dll
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\vlkghrlv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)

--
End of file - 14548 bytes
10 Novembre 2007 15:01:14

j'ai essayer en mode sans echec et rien n'a changer il reviennent toujours en plus de sa je n'ai plus de gestionnaire de taches(il a été desactivé par l'administrateur) j'ai essayer de le remettre dans regedit mais il se redesactive tout seul a chaque fois
10 Novembre 2007 17:28:06

Bonjour

Tu es multi-infecté ..


$$ Télécharge MSNFix.zip (de !aur3n7) sur le Bureau
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.

Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste le.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.


$$ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


$$ Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt
10 Novembre 2007 20:48:44

MSNFix 1.572

C:\Documents and Settings\maxime.NOM-FB9B15D2723\Bureau\MSNFix
Fix exécuté le 10/11/2007 - 20:34:45,96 By maxime
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\MAXIME~1.NOM\LOCALS~1\Temp\1.html
... C:\DOCUME~1\MAXIME~1.NOM\LOCALS~1\Temp\1.html.$$$
... C:\WINDOWS\b122.exe
... C:\WINDOWS\cookies.ini
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\service32.exe
... C:\WINDOWS\service32.exe
... C:\WINDOWS\svchost.dll
... C:\WINDOWS\news11.zip
... C:\WINDOWS\news14.zip
... C:\WINDOWS\news17.zip
... C:\WINDOWS\news2.zip
... C:\WINDOWS\news20.zip
... C:\WINDOWS\news23.zip
... C:\WINDOWS\news26.zip
... C:\WINDOWS\news29.zip
... C:\WINDOWS\news32.zip
... C:\WINDOWS\news35.zip
... C:\WINDOWS\news38.zip
... C:\WINDOWS\news41.zip
... C:\WINDOWS\news44.zip
... C:\WINDOWS\news47.zip
... C:\WINDOWS\news5.zip
... C:\WINDOWS\news50.zip
... C:\WINDOWS\news53.zip
... C:\WINDOWS\news56.zip
... C:\WINDOWS\news59.zip
... C:\WINDOWS\news62.zip
... C:\WINDOWS\news65.zip
... C:\WINDOWS\news68.zip
... C:\WINDOWS\news74.zip
... C:\WINDOWS\news77.zip
... C:\WINDOWS\news8.zip
... C:\WINDOWS\news80.zip
... C:\WINDOWS\news83.zip
... C:\WINDOWS\news86.zip
... C:\WINDOWS\news92.zip
... C:\WINDOWS\news95.zip
... C:\WINDOWS\JPGimage11.zip
... C:\WINDOWS\JPGimage14.zip
... C:\WINDOWS\JPGimage2.zip
... C:\WINDOWS\JPGimage20.zip
... C:\WINDOWS\JPGimage23.zip
... C:\WINDOWS\JPGimage26.zip
... C:\WINDOWS\JPGimage29.zip
... C:\WINDOWS\JPGimage32.zip
... C:\WINDOWS\JPGimage35.zip
... C:\WINDOWS\JPGimage41.zip
... C:\WINDOWS\JPGimage44.zip
... C:\WINDOWS\JPGimage50.zip
... C:\WINDOWS\JPGimage53.zip
... C:\WINDOWS\JPGimage56.zip
... C:\WINDOWS\JPGimage59.zip
... C:\WINDOWS\JPGimage62.zip
... C:\WINDOWS\JPGimage65.zip
... C:\WINDOWS\JPGimage68.zip
... C:\WINDOWS\JPGimage74.zip
... C:\WINDOWS\JPGimage77.zip
... C:\WINDOWS\JPGimage8.zip
... C:\WINDOWS\JPGimage80.zip
... C:\WINDOWS\JPGimage83.zip
... C:\WINDOWS\JPGimage86.zip
... C:\WINDOWS\JPGimage89.zip
... C:\WINDOWS\JPGimage95.zip
... C:\WINDOWS\JPGimage98.zip
... C:\WINDOWS\look0.zip
... C:\WINDOWS\look12.zip
... C:\WINDOWS\look15.zip
... C:\WINDOWS\look18.zip
... C:\WINDOWS\look21.zip
... C:\WINDOWS\look24.zip
... C:\WINDOWS\look30.zip
... C:\WINDOWS\look33.zip
... C:\WINDOWS\look36.zip
... C:\WINDOWS\look39.zip
... C:\WINDOWS\look42.zip
... C:\WINDOWS\look45.zip
... C:\WINDOWS\look48.zip
... C:\WINDOWS\look51.zip
... C:\WINDOWS\look54.zip
... C:\WINDOWS\look6.zip
... C:\WINDOWS\look60.zip
... C:\WINDOWS\look63.zip
... C:\WINDOWS\look66.zip
... C:\WINDOWS\look69.zip
... C:\WINDOWS\look75.zip
... C:\WINDOWS\look78.zip
... C:\WINDOWS\look81.zip
... C:\WINDOWS\look84.zip
... C:\WINDOWS\look87.zip
... C:\WINDOWS\look9.zip
... C:\WINDOWS\look90.zip
... C:\WINDOWS\look96.zip
... C:\WINDOWS\news11.zip
... C:\WINDOWS\news14.zip
... C:\WINDOWS\news17.zip
... C:\WINDOWS\news2.zip
... C:\WINDOWS\news20.zip
... C:\WINDOWS\news23.zip
... C:\WINDOWS\news26.zip
... C:\WINDOWS\news29.zip
... C:\WINDOWS\news32.zip
... C:\WINDOWS\news35.zip
... C:\WINDOWS\news38.zip
... C:\WINDOWS\news41.zip
... C:\WINDOWS\news44.zip
... C:\WINDOWS\news47.zip
... C:\WINDOWS\news5.zip
... C:\WINDOWS\news50.zip
... C:\WINDOWS\news53.zip
... C:\WINDOWS\news56.zip
... C:\WINDOWS\news59.zip
... C:\WINDOWS\news62.zip
... C:\WINDOWS\news65.zip
... C:\WINDOWS\news68.zip
... C:\WINDOWS\news74.zip
... C:\WINDOWS\news77.zip
... C:\WINDOWS\news8.zip
... C:\WINDOWS\news80.zip
... C:\WINDOWS\news83.zip
... C:\WINDOWS\news86.zip
... C:\WINDOWS\news92.zip
... C:\WINDOWS\news95.zip

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\
... C:\PROGRA~1\Temporary\
... C:\PROGRA~1\WinAble\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\MAXIME~1.NOM\LOCALS~1\Temp\1.html
.. OK ... C:\DOCUME~1\MAXIME~1.NOM\LOCALS~1\Temp\1.html.$$$
.. OK ... C:\WINDOWS\b122.exe
.. OK ... C:\WINDOWS\cookies.ini
.. OK ... C:\WINDOWS\mrofinu*.exe
/!\ ... C:\WINDOWS\service32.exe
/!\ ... C:\WINDOWS\service32.exe
.. OK ... C:\WINDOWS\svchost.dll
.. OK ... C:\WINDOWS\news11.zip
.. OK ... C:\WINDOWS\news14.zip
.. OK ... C:\WINDOWS\news17.zip
.. OK ... C:\WINDOWS\news2.zip
.. OK ... C:\WINDOWS\news20.zip
.. OK ... C:\WINDOWS\news23.zip
.. OK ... C:\WINDOWS\news26.zip
.. OK ... C:\WINDOWS\news29.zip
.. OK ... C:\WINDOWS\news32.zip
.. OK ... C:\WINDOWS\news35.zip
.. OK ... C:\WINDOWS\news38.zip
.. OK ... C:\WINDOWS\news41.zip
.. OK ... C:\WINDOWS\news44.zip
.. OK ... C:\WINDOWS\news47.zip
.. OK ... C:\WINDOWS\news5.zip
.. OK ... C:\WINDOWS\news50.zip
.. OK ... C:\WINDOWS\news53.zip
.. OK ... C:\WINDOWS\news56.zip
.. OK ... C:\WINDOWS\news59.zip
.. OK ... C:\WINDOWS\news62.zip
.. OK ... C:\WINDOWS\news65.zip
.. OK ... C:\WINDOWS\news68.zip
.. OK ... C:\WINDOWS\news74.zip
.. OK ... C:\WINDOWS\news77.zip
.. OK ... C:\WINDOWS\news8.zip
.. OK ... C:\WINDOWS\news80.zip
.. OK ... C:\WINDOWS\news83.zip
.. OK ... C:\WINDOWS\news86.zip
.. OK ... C:\WINDOWS\news92.zip
.. OK ... C:\WINDOWS\news95.zip
.. OK ... C:\WINDOWS\JPGimage11.zip
.. OK ... C:\WINDOWS\JPGimage14.zip
.. OK ... C:\WINDOWS\JPGimage2.zip
.. OK ... C:\WINDOWS\JPGimage20.zip
.. OK ... C:\WINDOWS\JPGimage23.zip
.. OK ... C:\WINDOWS\JPGimage26.zip
.. OK ... C:\WINDOWS\JPGimage29.zip
.. OK ... C:\WINDOWS\JPGimage32.zip
.. OK ... C:\WINDOWS\JPGimage35.zip
.. OK ... C:\WINDOWS\JPGimage41.zip
.. OK ... C:\WINDOWS\JPGimage44.zip
.. OK ... C:\WINDOWS\JPGimage50.zip
.. OK ... C:\WINDOWS\JPGimage53.zip
.. OK ... C:\WINDOWS\JPGimage56.zip
.. OK ... C:\WINDOWS\JPGimage59.zip
.. OK ... C:\WINDOWS\JPGimage62.zip
.. OK ... C:\WINDOWS\JPGimage65.zip
.. OK ... C:\WINDOWS\JPGimage68.zip
.. OK ... C:\WINDOWS\JPGimage74.zip
.. OK ... C:\WINDOWS\JPGimage77.zip
.. OK ... C:\WINDOWS\JPGimage8.zip
.. OK ... C:\WINDOWS\JPGimage80.zip
.. OK ... C:\WINDOWS\JPGimage83.zip
.. OK ... C:\WINDOWS\JPGimage86.zip
.. OK ... C:\WINDOWS\JPGimage89.zip
.. OK ... C:\WINDOWS\JPGimage95.zip
.. OK ... C:\WINDOWS\JPGimage98.zip
.. OK ... C:\WINDOWS\look0.zip
.. OK ... C:\WINDOWS\look12.zip
.. OK ... C:\WINDOWS\look15.zip
.. OK ... C:\WINDOWS\look18.zip
.. OK ... C:\WINDOWS\look21.zip
.. OK ... C:\WINDOWS\look24.zip
.. OK ... C:\WINDOWS\look30.zip
.. OK ... C:\WINDOWS\look33.zip
.. OK ... C:\WINDOWS\look36.zip
.. OK ... C:\WINDOWS\look39.zip
.. OK ... C:\WINDOWS\look42.zip
.. OK ... C:\WINDOWS\look45.zip
.. OK ... C:\WINDOWS\look48.zip
.. OK ... C:\WINDOWS\look51.zip
.. OK ... C:\WINDOWS\look54.zip
.. OK ... C:\WINDOWS\look6.zip
.. OK ... C:\WINDOWS\look60.zip
.. OK ... C:\WINDOWS\look63.zip
.. OK ... C:\WINDOWS\look66.zip
.. OK ... C:\WINDOWS\look69.zip
.. OK ... C:\WINDOWS\look75.zip
.. OK ... C:\WINDOWS\look78.zip
.. OK ... C:\WINDOWS\look81.zip
.. OK ... C:\WINDOWS\look84.zip
.. OK ... C:\WINDOWS\look87.zip
.. OK ... C:\WINDOWS\look9.zip
.. OK ... C:\WINDOWS\look90.zip
.. OK ... C:\WINDOWS\look96.zip
.. OK ... C:\WINDOWS\news11.zip
.. OK ... C:\WINDOWS\news14.zip
.. OK ... C:\WINDOWS\news17.zip
.. OK ... C:\WINDOWS\news2.zip
.. OK ... C:\WINDOWS\news20.zip
.. OK ... C:\WINDOWS\news23.zip
.. OK ... C:\WINDOWS\news26.zip
.. OK ... C:\WINDOWS\news29.zip
.. OK ... C:\WINDOWS\news32.zip
.. OK ... C:\WINDOWS\news35.zip
.. OK ... C:\WINDOWS\news38.zip
.. OK ... C:\WINDOWS\news41.zip
.. OK ... C:\WINDOWS\news44.zip
.. OK ... C:\WINDOWS\news47.zip
.. OK ... C:\WINDOWS\news5.zip
.. OK ... C:\WINDOWS\news50.zip
.. OK ... C:\WINDOWS\news53.zip
.. OK ... C:\WINDOWS\news56.zip
.. OK ... C:\WINDOWS\news59.zip
.. OK ... C:\WINDOWS\news62.zip
.. OK ... C:\WINDOWS\news65.zip
.. OK ... C:\WINDOWS\news68.zip
.. OK ... C:\WINDOWS\news74.zip
.. OK ... C:\WINDOWS\news77.zip
.. OK ... C:\WINDOWS\news8.zip
.. OK ... C:\WINDOWS\news80.zip
.. OK ... C:\WINDOWS\news83.zip
.. OK ... C:\WINDOWS\news86.zip
.. OK ... C:\WINDOWS\news92.zip
.. OK ... C:\WINDOWS\news95.zip


************************ Suppression des dossiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\
.. OK ... C:\PROGRA~1\Temporary\
.. OK ... C:\PROGRA~1\WinAble\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\service32.exe
.. OK ... C:\WINDOWS\service32.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\PROGRA~1\assault.exe] 77CC17A97CE072E86C2BFAE761E8C2FD
[C:\PROGRA~1\desperado.exe] C6A5699BE3610AC497205994C71D06BA
[C:\PROGRA~1\dust.exe] 204AAD49582D0FF176B1B55A71E03766
[C:\PROGRA~1\italy.exe] 7CF0B6BDD8242C2E0B3FB38634909F26
[C:\PROGRA~1\mario.exe] F51ACF9EEA600374C4D517F9A9DCED06
[C:\PROGRA~1\middleage.exe] 54314F7A734CF69223FD1F5D26AF6ADD
[C:\PROGRA~1\militaire.exe] 264B548C05EEC3FF00471F23B1893F41
[C:\PROGRA~1\sniper_2.exe] 2FE850B5C6819CC60E8109E37FCDB8D6
[C:\PROGRA~1\snip_beach.exe] 104B5172016567766BDED327F30867D0

==> SVP merci d'envoyer le fichier C:\DOCUME~1\MAXIME~1.NOM\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10112007_20435650.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
10 Novembre 2007 21:31:31

RAPPORT COMBOFIX

ComboFix 07-11-08.1 - maxime 2007-11-10 21:02:51.1 - NTFSx86
Running from: C:\Documents and Settings\maxime.NOM-FB9B15D2723\Bureau\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\ezpinst.log
C:\Documents and Settings\Patricia\Application Data\FunWebProducts
C:\Documents and Settings\Patricia\Application Data\installer_fr[1].exe
C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Internet Speed Monitor
C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Fichiers communs\companion wizard
C:\Program Files\Fichiers communs\companion wizard\CompWiz.xml
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\b111.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\__c0025B19.dat
C:\WINDOWS\system32\__c0048FCE.dat
C:\WINDOWS\system32\__c004A086.dat
C:\WINDOWS\system32\__c0059084.dat
C:\WINDOWS\system32\__c005F76C.dat
C:\WINDOWS\system32\__c00905A9.dat
C:\WINDOWS\system32\__c009C3A4.dat
C:\WINDOWS\system32\aeqvuocl.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\buhjsgnc.dll
c:\WINDOWS\system32\cabafua.dat
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\fhmknruf.dll
C:\WINDOWS\system32\iwdphjxc.dll
C:\WINDOWS\system32\jkkifcy.dll
C:\WINDOWS\system32\lnonllev.dll
C:\WINDOWS\system32\lqsiwtwo.dll
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\msvdprqe
C:\WINDOWS\system32\msvdprqe\bg1.gif
C:\WINDOWS\system32\msvdprqe\bgtop.gif
C:\WINDOWS\system32\msvdprqe\bottom1.gif
C:\WINDOWS\system32\msvdprqe\essentials.gif
C:\WINDOWS\system32\msvdprqe\icon1.ico
C:\WINDOWS\system32\msvdprqe\install1.gif
C:\WINDOWS\system32\msvdprqe\left1.gif
C:\WINDOWS\system32\msvdprqe\li.gif
C:\WINDOWS\system32\msvdprqe\logo.gif
C:\WINDOWS\system32\msvdprqe\main.htm
C:\WINDOWS\system32\msvdprqe\mainframe.htm
C:\WINDOWS\system32\msvdprqe\msvdprqe1.exe
C:\WINDOWS\system32\msvdprqe\msvdprqe2.exe
C:\WINDOWS\system32\msvdprqe\msvdprqe3.exe
C:\WINDOWS\system32\msvdprqe\reinstall1.gif
C:\WINDOWS\system32\msvdprqe\right1.gif
C:\WINDOWS\system32\msvdprqe\s1.htm
C:\WINDOWS\system32\msvdprqe\s2.htm
C:\WINDOWS\system32\msvdprqe\s3.htm
C:\WINDOWS\system32\msvdprqe\SMTop1.gif
C:\WINDOWS\system32\msvdprqe\SMTop2.gif
C:\WINDOWS\system32\msvdprqe\SMTop3.gif
C:\WINDOWS\system32\msvdprqe\SMTop4.gif
C:\WINDOWS\system32\msvdprqe\soft1_off.gif
C:\WINDOWS\system32\msvdprqe\soft1_off_ext.gif
C:\WINDOWS\system32\msvdprqe\soft1_on.gif
C:\WINDOWS\system32\msvdprqe\soft1_on_ext.gif
C:\WINDOWS\system32\msvdprqe\soft2_off.gif
C:\WINDOWS\system32\msvdprqe\soft2_off_ext.gif
C:\WINDOWS\system32\msvdprqe\soft2_on.gif
C:\WINDOWS\system32\msvdprqe\soft2_on_ext.gif
C:\WINDOWS\system32\msvdprqe\soft3_off.gif
C:\WINDOWS\system32\msvdprqe\soft3_off_ext.gif
C:\WINDOWS\system32\msvdprqe\soft3_on.gif
C:\WINDOWS\system32\msvdprqe\soft3_on_ext.gif
C:\WINDOWS\system32\msvdprqe\softbottom_off.gif
C:\WINDOWS\system32\msvdprqe\softbottom_on.gif
C:\WINDOWS\system32\msvdprqe\softleft_off.gif
C:\WINDOWS\system32\msvdprqe\softleft_on.gif
C:\WINDOWS\system32\msvdprqe\top1.gif
C:\WINDOWS\system32\msvdprqe\top2.gif
C:\WINDOWS\system32\msvdprqe\turnoff1.gif
C:\WINDOWS\system32\msvdprqe\turnon1.gif
C:\WINDOWS\system32\osiawsgx.dll
C:\WINDOWS\system32\qcpyyrmf.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\vpbivcrm.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winhdn32.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\xqbrebqi.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
H:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))))))))
.

2007-11-10 21:14 <REP> d-------- C:\Program Files\p2pnetworks
2007-11-10 21:14 <REP> d-------- C:\Program Files\e-zshopper
2007-11-10 21:14 <REP> d-------- C:\Program Files\amsys
2007-11-10 21:14 <REP> d-------- C:\Program Files\akl
2007-11-10 21:14 <REP> d-------- C:\Program Files\Accoona
2007-11-10 21:14 <REP> d-------- C:\Program Files\3721
2007-11-10 20:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 20:50 <REP> d-------- C:\VundoFix Backups
2007-11-10 14:50 19,200 --a------ C:\WINDOWS\system32\ace16win.dll
2007-11-10 14:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-10 08:37 <REP> d-------- C:\Documents and Settings\Patricia\Application Data\NettoyeurDePC
2007-11-10 08:33 85,056 --a------ C:\WINDOWS\system32\dkoobdhj.dll
2007-11-10 08:32 <REP> d-------- C:\Program Files\Fichiers communs\NettoyeurDePC
2007-11-10 08:30 81,472 --a------ C:\WINDOWS\system32\yqxdtlqy.dll
2007-11-10 08:27 71,232 --a------ C:\WINDOWS\system32\ipjthxjx.exe
2007-11-09 08:29 77,888 --a------ C:\WINDOWS\system32\rjlcgonx.dll
2007-11-09 08:26 71,232 --a------ C:\WINDOWS\system32\wacqvnhh.exe
2007-11-08 11:25 80,448 --a------ C:\WINDOWS\system32\vxsmyjtp.dll
2007-11-08 11:19 71,232 --a------ C:\WINDOWS\system32\vlkghrlv.exe
2007-11-07 16:22 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-11-07 10:48 79,936 --a------ C:\WINDOWS\system32\tahnyqqx.dll
2007-11-07 10:42 71,232 --a------ C:\WINDOWS\system32\wsjinjtb.exe
2007-11-06 10:48 81,472 --a------ C:\WINDOWS\system32\otwngsnw.dll
2007-11-05 10:51 85,568 --a------ C:\WINDOWS\system32\yqtbtjjw.dll
2007-11-05 10:48 83,008 --a------ C:\WINDOWS\system32\trmqpnog.dll
2007-11-05 10:42 10,816 --a------ C:\WINDOWS\system32\wpgvwveb.dll
2007-11-05 10:40 10,816 --a------ C:\WINDOWS\system32\mdmgilfc.dll
2007-11-03 17:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 08:48 87,616 --a------ C:\WINDOWS\system32\ptjglrud.dll
2007-11-03 08:45 81,472 --a------ C:\WINDOWS\system32\ffapomhe.dll
2007-11-02 18:49 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-11-02 18:18 <REP> d-------- C:\WINDOWS\system32\acespy
2007-11-02 17:57 123,910 --a------ C:\WINDOWS\system32\vvgeowbv.exe
2007-11-02 17:57 33,792 --a------ C:\WINDOWS\system32\urqommj.dll
2007-11-02 17:57 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-11-02 17:57 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-02 17:56 103,936 --a------ C:\WINDOWS\system32\drvloj.dll
2007-11-02 14:32 <REP> d-------- C:\Program Files\MediaCoder
2007-11-02 14:14 <REP> d-------- C:\Program Files\Total Video Converter
2007-10-30 22:18 <REP> d-------- C:\WINDOWS\Freecorder Toolbar
2007-10-30 22:18 <REP> d-------- C:\Program Files\Freecorder Toolbar
2007-10-30 22:18 <REP> d-------- C:\Program Files\Freecorder
2007-10-30 22:16 <REP> d-------- C:\WINDOWS\FLV Player
2007-10-30 22:16 <REP> d-------- C:\Program Files\FLV Player
2007-10-30 21:39 <REP> d-------- C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\NetAppel
2007-10-29 02:12 <REP> d-------- C:\Program Files\eRightSoft
2007-10-28 14:41 <REP> d-------- C:\Program Files\Dofus
2007-10-23 22:25 <REP> d-------- C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\Template
2007-10-20 18:14 <REP> d-------- C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\U3
2007-10-13 21:20 <REP> d-------- C:\eJay
2007-10-13 21:03 <REP> d-------- C:\Games

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 20:24 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 20:14 9,472 ----a-w C:\WINDOWS\cbinst$.exe
2007-11-10 20:14 8,960 ----a-w C:\WINDOWS\fhfmm.exe
2007-11-10 20:14 32,256 ----a-w C:\WINDOWS\pbar.dll
2007-11-10 20:14 31,488 ----a-w C:\WINDOWS\wbeInst$.exe
2007-11-10 20:14 30,976 ----a-w C:\WINDOWS\settn.dll
2007-11-10 20:14 30,720 ----a-w C:\WINDOWS\flt.dll
2007-11-10 20:14 30,464 ----a-w C:\WINDOWS\xadbrk.exe
2007-11-10 20:14 28,416 ----a-w C:\WINDOWS\aconti.exe
2007-11-10 20:14 27,648 ----a-w C:\WINDOWS\wbeCheck.exe
2007-11-10 20:14 27,648 ----a-w C:\WINDOWS\vxddsk.exe
2007-11-10 20:14 27,136 ----a-w C:\WINDOWS\xadbrk_.exe
2007-11-10 20:14 26,880 ----a-w C:\WINDOWS\eventlowg.dll
2007-11-10 20:14 26,368 ----a-w C:\WINDOWS\liqad.dll
2007-11-10 20:14 26,112 ----a-w C:\WINDOWS\kkcomp.exe
2007-11-10 20:14 25,600 ----a-w C:\WINDOWS\kvnab.dll
2007-11-10 20:14 24,832 ----a-w C:\WINDOWS\liqad$.exe
2007-11-10 20:14 24,064 ----a-w C:\WINDOWS\pbsysie.dll
2007-11-10 20:14 23,552 ----a-w C:\WINDOWS\kvnab.exe
2007-11-10 20:14 23,296 ----a-w C:\WINDOWS\xxxvideo.exe
2007-11-10 20:14 21,760 ----a-w C:\WINDOWS\liqui.dll
2007-11-10 20:14 21,248 ----a-w C:\WINDOWS\liqad.exe
2007-11-10 20:14 20,736 ----a-w C:\WINDOWS\kkcomp.dll
2007-11-10 20:14 20,224 ----a-w C:\WINDOWS\ie_32.exe
2007-11-10 20:14 20,224 ----a-w C:\WINDOWS\adbar.dll
2007-11-10 20:14 19,968 ----a-w C:\WINDOWS\dp0.dll
2007-11-10 20:14 19,200 ----a-w C:\WINDOWS\iexplorr23.dll
2007-11-10 20:14 17,152 ----a-w C:\WINDOWS\ngd.dll
2007-11-10 20:14 17,152 ----a-w C:\WINDOWS\7search.dll
2007-11-10 20:14 16,896 ----a-w C:\WINDOWS\wml.exe
2007-11-10 20:14 16,384 ----a-w C:\WINDOWS\hotporn.exe
2007-11-10 20:14 16,128 ----a-w C:\WINDOWS\jd2002.dll
2007-11-10 20:14 15,360 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe
2007-11-10 20:14 14,848 ----a-w C:\WINDOWS\liqui.exe
2007-11-10 20:14 14,848 ----a-w C:\WINDOWS\hcwprn.exe
2007-11-10 20:14 14,592 ----a-w C:\WINDOWS\xadbrk.dll
2007-11-10 20:14 13,056 ----a-w C:\WINDOWS\spredirect.dll
2007-11-10 20:14 12,800 ----a-w C:\WINDOWS\kkcomp$.exe
2007-11-10 20:14 12,288 ----a-w C:\WINDOWS\daxtime.dll
2007-11-10 20:14 11,520 ----a-w C:\WINDOWS\liqui-Uninstaller.exe
2007-11-10 20:14 10,240 ----a-w C:\WINDOWS\kvnab$.exe
2007-11-10 20:11 15,104 ----a-w C:\WINDOWS\764.exe
2007-11-10 14:27 --------- d-----w C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\LimeWire
2007-11-08 22:34 304,182 ----a-w C:\StiImg.dat
2007-11-02 09:41 --------- d-----w C:\Program Files\World of Warcraft
2007-10-27 10:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-24 14:19 222 ----a-w C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\wklnhst.dat
2007-10-13 20:17 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2007-10-06 16:21 --------- d-----w C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\Azureus
2007-10-06 13:35 --------- d-----w C:\Program Files\PeerTV
2007-09-30 15:15 --------- d-----w C:\Program Files\Adverts
2007-09-23 08:14 8,627 ----a-w C:\WINDOWS\snet32.exe
2007-09-22 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-09-16 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\tick road grid view
2007-07-02 14:57 47,360 ----a-w C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\pcouffin.sys
2007-06-27 18:01 4,836,828 ----a-w C:\Program Files\desperado.exe
2007-06-27 17:30 2,588,974 ----a-w C:\Program Files\snip_beach.exe
2007-06-27 17:24 2,004,179 ----a-w C:\Program Files\dust.exe
2007-06-25 15:58 2,909,836 ----a-w C:\Program Files\militaire.exe
2007-06-25 15:26 2,649,813 ----a-w C:\Program Files\mario.exe
2007-06-25 15:08 2,620,973 ----a-w C:\Program Files\italy.exe
2007-06-23 14:54 3,803,261 ----a-w C:\Program Files\middleage.exe
2007-06-23 14:35 2,487,685 ----a-w C:\Program Files\assault.exe
2007-06-23 14:30 991,319 ----a-w C:\Program Files\sniper_2.exe
2007-06-13 20:27 113,538 ----a-w C:\Program Files\INSTALL.LOG
2007-05-28 13:54 82 ----a-w C:\Documents and Settings\Patricia\Application Data\wklnhst.dat
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-07-10 14:52:04 951,136 --sh--w C:\WINDOWS\system32\rtstv.bak1
2007-07-11 09:19:09 951,241 --sh--w C:\WINDOWS\system32\rtstv.bak2
2007-07-11 09:21:48 940,774 --sh--w C:\WINDOWS\system32\rtstv.ini2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39DA8705-7E6F-436F-8367-44F0573D6046}]
C:\WINDOWS\system32\qubdyney.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E748403-586D-45CA-BC6A-BCEB72BBE1D1}]
C:\WINDOWS\system32\qubdyney.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6a6a36e8-5baa-467a-a89a-6ed0047e7d24}]
2007-11-10 08:30 81472 --a------ C:\WINDOWS\system32\yqxdtlqy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
C:\Program Files\ISM\BndDrive7.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B7170F9-7A1C-4D52-8646-B345DFA8DD6c}]
C:\WINDOWS\system32\qubdyney.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0294D8C-AF29-40E1-8B0C-C71E768BFB62}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
2007-11-02 17:57 21504 --a------ C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0B5359A-62D5-4053-89B2-C372516F2546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2D75BDD-D236-4AA6-82EA-287809EDB479}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc59fe08-79d2-44de-98ae-e611a13a47cb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC726598-859D-44A8-A9B0-5B73B2B71EDa}]
C:\WINDOWS\system32\qubdyney.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86E5810-8C28-41DE-8CB1-DE8344B46387}]
C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= C:\Program Files\Freecorder\tbFree.dll [2007-07-31 16:33 1391640]

[HKEY_CLASSES_ROOT\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2007-07-31 16:33 1391640]

[HKEY_CLASSES_ROOT\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-02 18:46]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03]
"nwiz"="nwiz.exe" []
"6cd39e1b"="C:\WINDOWS\system32\dkoobdhj.dll" [2007-11-10 08:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 18:20]
"NetAppel"="C:\Program Files\NetAppel\NetAppel.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"NettoyeurDePC"="C:\Program Files\NettoyeurDePC\GDC.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqn]
C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]
winopn32.dll

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f02d70-7f2f-11dc-a54d-0018f34b501e}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f02d72-7f2f-11dc-a54d-0018f34b501e}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 21:25:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 21:26:44 - machine was rebooted
.
--- E O F ---

RAPPORT HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:49, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\maxime.NOM-FB9B15D2723\Local Settings\Temporary Internet Files\Content.IE5\APTINYPS\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {39DA8705-7E6F-436F-8367-44F0573D6046} - C:\WINDOWS\system32\qubdyney.dll (file missing)
O2 - BHO: (no name) - {4E748403-586D-45CA-BC6A-BCEB72BBE1D1} - C:\WINDOWS\system32\qubdyney.dll (file missing)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Documents and Settings\maxime.NOM-FB9B15D2723\Mes documents\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: {42d7e740-0de6-a98a-a764-aab58e63a6a6} - {6a6a36e8-5baa-467a-a89a-6ed0047e7d24} - C:\WINDOWS\system32\yqxdtlqy.dll
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {9B7170F9-7A1C-4D52-8646-B345DFA8DD6c} - C:\WINDOWS\system32\qubdyney.dll (file missing)
O2 - BHO: (no name) - {A0294D8C-AF29-40E1-8B0C-C71E768BFB62} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B0B5359A-62D5-4053-89B2-C372516F2546} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cc59fe08-79d2-44de-98ae-e611a13a47cb} - (no file)
O2 - BHO: (no name) - {CC726598-859D-44A8-A9B0-5B73B2B71EDa} - C:\WINDOWS\system32\qubdyney.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {F86E5810-8C28-41DE-8CB1-DE8344B46387} - C:\WINDOWS\system32\awtqn.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [6cd39e1b] rundll32.exe "C:\WINDOWS\system32\dkoobdhj.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NettoyeurDePC] C:\Program Files\NettoyeurDePC\GDC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll (file missing)
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)

--
End of file - 12559 bytes

RAPPORT VUNDOFIX


VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 20:50:36 10/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqn.dll
C:\windows\system32\byxuuss.dll
C:\windows\system32\drvlojr.dll
C:\windows\system32\nnnnnll.dll
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.bak2
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\nqtwa.tmp
C:\windows\system32\xxyxusr.dll

Beginning removal...

Attempting to delete C:\windows\system32\byxuuss.dll
C:\windows\system32\byxuuss.dll Has been deleted!

Attempting to delete C:\windows\system32\drvlojr.dll
C:\windows\system32\drvlojr.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnnnll.dll
C:\windows\system32\nnnnnll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.bak2
C:\WINDOWS\system32\nqtwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\nqtwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.tmp
C:\WINDOWS\system32\nqtwa.tmp Has been deleted!

Attempting to delete C:\windows\system32\xxyxusr.dll
C:\windows\system32\xxyxusr.dll Has been deleted!

Performing Repairs to the registry.
Done!
10 Novembre 2007 23:55:04

Beau ménage, mais il en reste.


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\system32\dkoobdhj.dll
C:\WINDOWS\system32\qubdyney.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\yqxdtlqy.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\ipjthxjx.exe
C:\WINDOWS\system32\rjlcgonx.dll
C:\WINDOWS\system32\wacqvnhh.exe
C:\WINDOWS\system32\vxsmyjtp.dll
C:\WINDOWS\system32\vlkghrlv.exe
C:\WINDOWS\system32\tahnyqqx.dll
C:\WINDOWS\system32\wsjinjtb.exe
C:\WINDOWS\system32\otwngsnw.dll
C:\WINDOWS\system32\yqtbtjjw.dll
C:\WINDOWS\system32\trmqpnog.dll
C:\WINDOWS\system32\wpgvwveb.dll
C:\WINDOWS\system32\mdmgilfc.dll
C:\WINDOWS\system32\ptjglrud.dll
C:\WINDOWS\system32\ffapomhe.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\system32\urqommj.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drvloj.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\aconti.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\liqad.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\liqad$.exe
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\ie_32.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\ngd.dll
C:\WINDOWS\7search.dll
C:\WINDOWS\wml.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\liqui.exe
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\764.exe
C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.bak2
C:\WINDOWS\system32\rtstv.ini2

Folder::
C:\Program Files\NettoyeurDePC
C:\Program Files\ISM
C:\Program Files\p2pnetworks
C:\Program Files\e-zshopper
C:\Program Files\amsys
C:\Program Files\akl
C:\Program Files\3721
C:\Program Files\Fichiers communs\NettoyeurDePC
C:\Documents and Settings\Patricia\Application Data\NettoyeurDePC
C:\Program Files\Adverts
C:\Documents and Settings\All Users\Application Data\tick road grid view

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39DA8705-7E6F-436F-8367-44F0573D6046}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E748403-586D-45CA-BC6A-BCEB72BBE1D1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6a6a36e8-5baa-467a-a89a-6ed0047e7d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B7170F9-7A1C-4D52-8646-B345DFA8DD6c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0294D8C-AF29-40E1-8B0C-C71E768BFB62}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0B5359A-62D5-4053-89B2-C372516F2546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2D75BDD-D236-4AA6-82EA-287809EDB479}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc59fe08-79d2-44de-98ae-e611a13a47cb}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC726598-859D-44A8-A9B0-5B73B2B71EDa}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86E5810-8C28-41DE-8CB1-DE8344B46387}]
[-HKEY_CLASSES_ROOT\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6cd39e1b"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NettoyeurDePC"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
11 Novembre 2007 12:45:57

RAPPORT COMBOFIX

ComboFix 07-11-08.1 - maxime 2007-11-11 12:33:06.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.110 [GMT 1:00]
Running from: C:\Documents and Settings\maxime.NOM-FB9B15D2723\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\maxime.NOM-FB9B15D2723\Bureau\CFScript.txt.txt
* Created a new restore point

FILE
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\dkoobdhj.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drvloj.dll
C:\WINDOWS\system32\ffapomhe.dll
C:\WINDOWS\system32\ipjthxjx.exe
C:\WINDOWS\system32\mdmgilfc.dll
C:\WINDOWS\system32\otwngsnw.dll
C:\WINDOWS\system32\ptjglrud.dll
C:\WINDOWS\system32\qubdyney.dll
C:\WINDOWS\system32\rjlcgonx.dll
C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.bak2
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\tahnyqqx.dll
C:\WINDOWS\system32\trmqpnog.dll
C:\WINDOWS\system32\urqommj.dll
C:\WINDOWS\system32\vlkghrlv.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\system32\vxsmyjtp.dll
C:\WINDOWS\system32\wacqvnhh.exe
C:\WINDOWS\system32\wpgvwveb.dll
C:\WINDOWS\system32\wsjinjtb.exe
C:\WINDOWS\system32\yqtbtjjw.dll
C:\WINDOWS\system32\yqxdtlqy.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\tick road grid view
C:\Documents and Settings\All Users\Application Data\tick road grid view\base meta platform
C:\Documents and Settings\All Users\Application Data\tick road grid view\firstoozecity
C:\Documents and Settings\All Users\Application Data\tick road grid view\inter curb list
C:\Documents and Settings\All Users\Application Data\tick road grid view\List slow clock
C:\Documents and Settings\Patricia\Application Data\NettoyeurDePC
C:\Documents and Settings\Patricia\Application Data\NettoyeurDePC\Logs\update.log
C:\Program Files\3721
C:\Program Files\Accoona
C:\Program Files\Adverts
C:\Program Files\akl
C:\Program Files\amsys
C:\Program Files\e-zshopper
C:\Program Files\Fichiers communs\NettoyeurDePC
C:\Program Files\Fichiers communs\NettoyeurDePC\mc.exe
C:\Program Files\p2pnetworks
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\dkoobdhj.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drvloj.dll
C:\WINDOWS\system32\ffapomhe.dll
C:\WINDOWS\system32\ipjthxjx.exe
C:\WINDOWS\system32\mdmgilfc.dll
C:\WINDOWS\system32\otwngsnw.dll
C:\WINDOWS\system32\ptjglrud.dll
C:\WINDOWS\system32\rjlcgonx.dll
C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.bak2
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\tahnyqqx.dll
C:\WINDOWS\system32\trmqpnog.dll
C:\WINDOWS\system32\urqommj.dll
C:\WINDOWS\system32\vlkghrlv.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\system32\vxsmyjtp.dll
C:\WINDOWS\system32\wacqvnhh.exe
C:\WINDOWS\system32\wpgvwveb.dll
C:\WINDOWS\system32\wsjinjtb.exe
C:\WINDOWS\system32\yqtbtjjw.dll
C:\WINDOWS\system32\yqxdtlqy.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))))))))
.

2007-11-10 20:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 20:50 <REP> d-------- C:\VundoFix Backups
2007-11-10 14:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-07 16:22 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-11-03 17:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-02 18:18 <REP> d-------- C:\WINDOWS\system32\acespy
2007-11-02 14:32 <REP> d-------- C:\Program Files\MediaCoder
2007-11-02 14:14 <REP> d-------- C:\Program Files\Total Video Converter
2007-10-30 22:18 <REP> d-------- C:\WINDOWS\Freecorder Toolbar
2007-10-30 22:18 <REP> d-------- C:\Program Files\Freecorder Toolbar
2007-10-30 22:18 <REP> d-------- C:\Program Files\Freecorder
2007-10-30 22:16 <REP> d-------- C:\WINDOWS\FLV Player
2007-10-30 22:16 <REP> d-------- C:\Program Files\FLV Player
2007-10-30 21:39 <REP> d-------- C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\NetAppel
2007-10-29 02:12 <REP> d-------- C:\Program Files\eRightSoft
2007-10-28 14:41 <REP> d-------- C:\Program Files\Dofus
2007-10-23 22:25 <REP> d-------- C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\Template
2007-10-20 18:14 <REP> d-------- C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\U3
2007-10-13 21:20 <REP> d-------- C:\eJay
2007-10-13 21:03 <REP> d-------- C:\Games

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 11:41 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 14:27 --------- d-----w C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\LimeWire
2007-11-08 22:34 304,182 ----a-w C:\StiImg.dat
2007-11-02 09:41 --------- d-----w C:\Program Files\World of Warcraft
2007-10-27 10:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-24 14:19 222 ----a-w C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\wklnhst.dat
2007-10-13 20:17 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2007-10-06 16:21 --------- d-----w C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\Azureus
2007-10-06 13:35 --------- d-----w C:\Program Files\PeerTV
2007-09-23 08:14 8,627 ----a-w C:\WINDOWS\snet32.exe
2007-09-22 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-07-02 14:57 47,360 ----a-w C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\pcouffin.sys
2007-06-27 18:01 4,836,828 ----a-w C:\Program Files\desperado.exe
2007-06-27 17:30 2,588,974 ----a-w C:\Program Files\snip_beach.exe
2007-06-27 17:24 2,004,179 ----a-w C:\Program Files\dust.exe
2007-06-25 15:58 2,909,836 ----a-w C:\Program Files\militaire.exe
2007-06-25 15:26 2,649,813 ----a-w C:\Program Files\mario.exe
2007-06-25 15:08 2,620,973 ----a-w C:\Program Files\italy.exe
2007-06-23 14:54 3,803,261 ----a-w C:\Program Files\middleage.exe
2007-06-23 14:35 2,487,685 ----a-w C:\Program Files\assault.exe
2007-06-23 14:30 991,319 ----a-w C:\Program Files\sniper_2.exe
2007-06-13 20:27 113,538 ----a-w C:\Program Files\INSTALL.LOG
2007-05-28 13:54 82 ----a-w C:\Documents and Settings\Patricia\Application Data\wklnhst.dat
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-10_21.26.14.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-11 11:40:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-02 18:46]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03]
"nwiz"="nwiz.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 18:20]
"NetAppel"="C:\Program Files\NetAppel\NetAppel.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f02d70-7f2f-11dc-a54d-0018f34b501e}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f02d72-7f2f-11dc-a54d-0018f34b501e}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 12:41:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 12:43:24 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-10 21:26
.
--- E O F ---

RAPPORT HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:21, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\maxime.NOM-FB9B15D2723\Local Settings\Temporary Internet Files\Content.IE5\8HCABX3K\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Documents and Settings\maxime.NOM-FB9B15D2723\Mes documents\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)

--
End of file - 9463 bytes
11 Novembre 2007 13:31:37

A PRIORI IL NY'A PLUS DE VIRUS

MERCI POUR VOTRE AIDE
11 Novembre 2007 19:05:56

Bonjour


Ce n'est pas fini.

Fais ceci.
Citation :
SVP merci d'envoyer le fichier C:\DOCUME~1\MAXIME~1.NOM\Bureau\Upload_Me.zip sur http://upload.changelog.fr


Des fichiers sont douteux.

Va sur ce site
http://www.virustotal.com/
Clique sur Parcourir et cherche ce fichier.

C:\Program Files\desperado.exe

Ensuite clique sur Send .
Si tu as le message "STATUS: QUEUED", patiente.

Colle le rapport ici.


Recommence avec ceci

C:\Program Files\sniper_2.exe
11 Novembre 2007 19:55:09

Quand j'ai envoyer le fichier "Upload_Me.zip" sur upload.changelog.fr j'ai été renvoyer sur une page avec écrit serveur introuvable est ce normal????
11 Novembre 2007 20:00:48

quant a virustotal toujours rien (situation actuelle:TERMINEE
RESULTAT:0/32 (0%)
11 Novembre 2007 20:01:13

quant a virustotal toujours rien (situation actuelle:TERMINEE
RESULTAT:0/32 (0%)
11 Novembre 2007 20:11:58

Fichier desperado.exe reçu le 2007.11.11 19:39:04 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.10.0 2007.11.09 -
AntiVir 7.6.0.34 2007.11.09 -
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 -
AVG 7.5.0.503 2007.11.11 -
BitDefender 7.2 2007.11.11 -
CAT-QuickHeal 9.00 2007.11.10 -
ClamAV 0.91.2 2007.11.11 -
DrWeb 4.44.0.09170 2007.11.11 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5284 2007.11.09 -
Ewido 4.0 2007.11.11 -
FileAdvisor 1 2007.11.11 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.10 -
F-Secure 6.70.13030.0 2007.11.11 -
Ikarus T3.1.1.12 2007.11.11 -
Kaspersky 7.0.0.125 2007.11.11 -
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.11 -
NOD32v2 2652 2007.11.11 -
Norman 5.80.02 2007.11.09 -
Panda 9.0.0.4 2007.11.11 -
Prevx1 V2 2007.11.11 -
Rising 20.17.62.00 2007.11.11 -
Sophos 4.23.0 2007.11.11 -
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.11 -
TheHacker 6.2.9.123 2007.11.10 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.11 -
Webwasher-Gateway 6.0.1 2007.11.11 -

Information additionnelle
File size: 4836828 bytes
MD5: c6a5699be3610ac497205994c71d06ba
SHA1: 889b3c4e8a11b5d5c527113810cb3afc211c478b
packers: ZIP
20 Novembre 2007 19:47:30

je n'arrive pas a vous l'envoyer il es trop gros (27391ko)
Statistiques de l'analyse
Total d'objets analysés 186237
Nombre de virus trouvés 45
Nombre d'objets infectés 603 / 0
Nombre d'objets suspects 3
Durée de l'analyse 02:36:40
20 Novembre 2007 19:48:09

je ne peu que vous envoyer le début
20 Novembre 2007 23:06:39

Bonjour

S'il est trop gros, on change.


Étape 1:
Télécharge eScan Antivirus Toolkit
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

Étape 2:
Voici comment mettre l'outil à jour :

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).

4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.

Ne pas lancer le scan tout de suite !

Étape 3:
Redémarre en mode Sans Échec
Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.

3.) Il est très important de bien cocher ces boîtes sous Scan Option
Memory, Registry, Startup Folders, System Folders, Services.

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
21 Novembre 2007 17:42:52

RAPPORT eSCAN


File C:\WINDOWS\tsitra1000726.exe.tmp infected by "Trojan-Downloader.Win32.Agent.enr" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak24.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3a7facda-6ba56e07.zip infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\maxime.NOM-FB9B15D2723\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java-4939ee73-6c191840.zip infected by "Trojan.Java.ClassLoader.ap" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\maxime.NOM-FB9B15D2723\Mes documents\Mes fichiers reçus\JPGimage74.zip infected by "Backdoor.Win32.IRCBot.bal" Virus. Action Taken: File Renamed.
File C:\Program Files\MSN Messenger\msimg32.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\Program Files\MSN Messenger\riched20.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\qoobox\Quarantine\C\Documents and Settings\Patricia\Application Data\installer_fr[1].exe.vir tagged as not-a-virus:D ownloader.Win32.WinFixer.au. No Action Taken.
File C:\qoobox\Quarantine\C\WINDOWS\b143.exe.vir infected by "Trojan-Downloader.Win32.Agent.epl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\.exe.vir infected by "Trojan-Dropper.Win32.VB.tg" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\aeqvuocl.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\aivskurq.dll.vir infected by "Trojan-Downloader.Win32.VB.bpt" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\buhjsgnc.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\drvloj.dll.vir infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\ffapomhe.dll.vir infected by "Trojan.Win32.BHO.re" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\fhmknruf.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\ipjthxjx.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\iwdphjxc.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\lnonllev.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\lqsiwtwo.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\msvdprqe\msvdprqe2.exe.vir tagged as not-a-virus:FraudTool.Win32.UltimateDefender.v. No Action Taken.
File C:\qoobox\Quarantine\C\WINDOWS\system32\osiawsgx.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\qcpyyrmf.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\vlkghrlv.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\vpbivcrm.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\vvgeowbv.exe.vir infected by "not-virus:Hoax.Win32.Renos.kj" Virus. Action Taken: File Renamed.
File C:\qoobox\Quarantine\C\WINDOWS\system32\wacqvnhh.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\winhdn32.dll.vir infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\wsjinjtb.exe.vir infected by "Trojan.Win32.Obfuscated.kp" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\xqbrebqi.dll.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\__c0025B19.dat.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\__c004A086.dat.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\__c0059084.dat.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\__c005F76C.dat.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\__c00905A9.dat.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\C\WINDOWS\system32\__c009C3A4.dat.vir infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\catchme2007-11-10_212359.98.zip infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\qoobox\Quarantine\catchme2007-11-11_124113.40.zip infected by "Trojan-Downloader.Win32.ConHook.hl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP105\A0048437.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP105\A0048438.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP117\A0049470.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP120\A0049610.dll infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP121\A0050729.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP128\A0053667.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP133\A0054152.dll tagged as not-a-virus:AdWare.Win32.BHO.v. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP135\A0054417.exe infected by "Trojan-Downloader.Win32.Agent.enr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP138\A0054750.exe infected by "Trojan-Downloader.Win32.Agent.enr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP138\A0054753.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP139\A0055829.exe infected by "Trojan-Downloader.Win32.Agent.dpn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP139\A0055830.exe infected by "Trojan.Win32.Agent.bqn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP139\A0055831.exe infected by "Trojan-Downloader.Win32.Adload.lv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP140\A0056820.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP140\A0058881.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP141\A0058934.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP141\A0059016.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP141\A0059029.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP141\A0059033.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP141\A0059043.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP142\A0059059.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP142\A0059108.exe infected by "Trojan-Downloader.Win32.Agent.enr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP142\A0059126.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP142\A0059141.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP142\A0059144.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP142\A0059159.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP143\A0059199.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP143\A0059214.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP143\A0059218.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP143\A0059230.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP144\A0060253.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP144\A0060256.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP144\A0060284.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP145\A0060377.exe infected by "Trojan-Downloader.Win32.Agent.dpn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP145\A0060378.exe infected by "Trojan-Downloader.Win32.Adload.lv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP145\A0060380.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP146\A0060417.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP148\A0060510.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP148\A0060521.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP148\A0060524.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP149\A0060541.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP149\A0060605.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP149\A0060608.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP149\A0060621.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP149\A0061677.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP149\A0061689.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP154\A0062824.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP154\A0062831.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP155\A0062865.dll infected by "Backdoor.Win32.IRCBot.bal" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP155\A0063042.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP155\A0063058.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063106.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063296.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063534.exe infected by "Backdoor.Win32.IRCBot.akn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063535.exe infected by "Trojan.Win32.Dialer.us" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063536.exe infected by "Email-Worm.Win32.Zhelatin.kb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063537.exe infected by "Backdoor.Win32.IRCBot.akn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063538.exe infected by "Trojan.Win32.Dialer.us" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063539.exe infected by "Backdoor.Win32.IRCBot.akn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063540.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063541.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063542.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP156\A0063543.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP157\A0063555.dll infected by "Backdoor.Win32.IRCBot.bal" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP157\A0063587.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP157\A0063604.exe infected by "Trojan-Downloader.Win32.Agent.enr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP157\A0063619.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0063695.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP158\A0063724.exe infected by "Trojan-Downloader.Win32.Agent.epl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP160\A0063790.exe infected by "Trojan-Downloader.Win32.Agent.epl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP160\A0063793.exe tagged as not-a-virus:AdWare.Win32.Agent.sw. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP160\A0063794.exe tagged as not-a-virus:AdWare.Win32.Agent.sw. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP160\A0063803.exe infected by "Trojan-Downloader.Win32.Agent.enr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP160\A0064056.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP160\A0064103.exe infected by "Trojan-Downloader.Win32.Agent.enr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP161\A0064105.dll infected by "Backdoor.Win32.IRCBot.bal" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP161\A0064147.exe infected by "Trojan-Downloader.Win32.Adload.lv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP161\A0064451.exe infected by "Trojan-Downloader.Win32.Agent.ehg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP162\A0064867.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064945.exe infected by "Backdoor.Win32.IRCBot.akn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064946.exe infected by "Trojan.Win32.Dialer.us" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064947.exe infected by "Email-Worm.Win32.Zhelatin.kb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064948.exe infected by "Backdoor.Win32.IRCBot.akn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064949.exe infected by "Trojan.Win32.Dialer.us" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064950.exe infected by "Backdoor.Win32.IRCBot.akn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064951.exe infected by "Trojan.Win32.Dialer.us" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064952.exe infected by "Trojan.Win32.Dialer.us" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064953.exe infected by "Trojan.Win32.Dialer.us" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064954.exe infected by "Trojan-Downloader.Win32.Small.fxy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064955.exe infected by "Trojan.Win32.Dialer.us" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064956.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064957.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064958.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064959.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064960.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064961.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064962.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064963.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064964.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064965.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064966.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064967.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064968.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064969.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP163\A0064970.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP164\A0065037.exe infected by "Trojan-Downloader.Win32.Agent.enr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP165\A0065223.exe tagged as not-a-virus:D ownloader.Win32.WinFixer.o. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP165\A0065231.exe infected by "Virus.Win32.Virut.au" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066224.exe infected by "Trojan-Downloader.Win32.Zlob.bxn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066227.exe infected by "Trojan-Downloader.Win32.Zlob.bxy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066244.exe infected by "Packed.Win32.PolyCrypt.d" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066245.exe infected by "Backdoor.Win32.IRCBot.ako" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066289.exe tagged as not-a-virus:AdWare.Win32.Agent.sw. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066292.exe tagged as not-a-virus:AdWare.Win32.Agent.qi. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066293.exe tagged as not-a-virus:AdWare.Win32.Agent.sw. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066294.dll tagged as not-a-virus:AdWare.Win32.AdBand.a. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066296.exe tagged as not-a-virus:D ownloader.Win32.Agent.q. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066341.exe infected by "Trojan.Win32.Agent.crf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066347.exe tagged as not-a-virus:AdWare.Win32.Agent.tj. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066353.exe infected by "Trojan.Win32.Agent.ckq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066433.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066434.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066435.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066436.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP166\A0066653.exe infected by "Trojan.Win32.VB.azo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0066849.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067138.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067139.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067140.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067141.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067142.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067143.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067144.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067145.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067146.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067147.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067148.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067149.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067150.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067151.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067152.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067153.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067154.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067155.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067156.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067157.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067158.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067159.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067160.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067161.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067162.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067163.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067164.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067165.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067166.exe infected by "Trojan.Win32.Dialer.tp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067167.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067168.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067169.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067170.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067171.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067172.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067173.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067174.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067175.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067176.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067177.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067178.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067179.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067180.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067181.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067182.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067183.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067184.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067185.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067186.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067187.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067188.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067189.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067190.exe infected by "Backdoor.Win32.IRCBot.bal" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067191.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067192.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067193.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067194.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067195.exe infected by "Trojan.Win32.Agent.anr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067196.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067197.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067198.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067199.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067200.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067201.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067202.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067203.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067204.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067205.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067206.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067207.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067208.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067209.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067210.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067211.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067212.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067213.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067214.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067215.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067216.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067217.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067218.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067219.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067220.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067221.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067222.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067223.exe infected by "Trojan.Win32.Agent.anr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067224.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067225.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067226.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067227.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067228.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067229.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067230.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067231.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067232.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067233.exe infected by "Trojan.Win32.Agent.anr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067234.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067235.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067236.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067237.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067238.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067239.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067240.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067241.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067242.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067243.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067244.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067245.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067246.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067247.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067248.exe infected by "Trojan.Win32.Agent.anr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067249.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067250.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067251.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067252.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067253.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067254.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067255.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067256.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067257.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067258.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067259.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067260.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067261.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067262.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067263.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067264.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067265.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067266.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067267.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067268.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067269.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067270.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067271.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067272.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067273.exe infected by "Backdoor.Win32.IRCBot.ako" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067274.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067275.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067276.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067277.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.fp. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067278.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.fp. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067279.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067280.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067281.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067283.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067284.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067289.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067291.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067292.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067293.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067294.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067295.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067296.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067297.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067299.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067300.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067301.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067302.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067305.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067306.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067307.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067331.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067332.scr tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0067335.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.ba. No Action Taken.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP167\A0068588.exe infected by "Trojan.Win32.VB.azo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP168\A0068618.exe infected by "Trojan.Win32.VB.azo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP168\A0068633.exe infected by "Trojan-Downloader.Win32.Agent.erf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP168\A0069666.exe infected by "Trojan-Downloader.Win32.Agent.epl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP168\A0070719.exe infected by "Trojan.Win32.VB.azo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP169\A0070725.exe infected by "Trojan.Win32.VB.azo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072168.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072169.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072170.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072171.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072172.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072173.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072174.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072175.exe infected by "Trojan.Win32.Agent.anr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072176.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072177.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072178.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072179.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072180.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072181.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072182.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072183.exe infected by "Trojan-Downloader.Win32.Agent.bxr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072184.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072185.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072186.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072187.exe infected by "Trojan.Win32.Agent.anr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072188.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072189.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072190.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072191.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072192.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072193.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072194.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072195.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072196.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072197.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072198.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072199.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072200.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072201.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072202.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072203.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072204.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072205.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072206.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072207.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072208.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072209.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072210.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072211.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072212.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072213.exe infected by "Trojan.Win32.Agent.anr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP172\A0072214.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Tak
21 Novembre 2007 23:32:19

Bonjour


eScan a fait un grand ménage. Son rapport est trop long, mais on voit son eficacité.

Supprime C:\qoobox.


Et refais une analyse en ligne avec Kaspersky pour vérifier ce qu'il reste.
1 Décembre 2007 17:07:16

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, November 30, 2007 6:27:46 AM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 29/11/2007
Enregistrements dans la base antivirus Kaspersky : 439124
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Statistiques de l'analyse:
Total d'objets analysés: 202806
Nombre de virus trouvés: 11
Nombre d'objets infectés: 52 / 0
Nombre d'objets suspects: 3
Durée de l'analyse: 02:09:36
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS