Sujet Précédent Sujet Suivant

Worm brontok,fichier exe et redémarrage autom

meriem3105 -  
 meriem3105 -
Bonjour à tous,

J'ai infecté mon ordinateur à partir d'une clé USB du Virus Worm Brontok, il copie chaque dossier existant. Mon PC redémarrait à chaque fois mais depuis je suis confrontée à deux autres poblèmes:

1. Après avoir nettoyé les fichiers infectés par le virus Worm brontok par Cleaner, deux fichiers executables (host.exe et svchost.exe) ont été supprimés mais le virus est toujours présents.

2. Depuis, dès que j'essaye de télécharger sur Inernet un antivirus (bifender et norton) le redémarrage de l'ordinateur se fait automatiquement dès l'exécution.

Merci de me répondre car le PC en question est celui du bureau où je travaille.
A voir également:

36 réponses

  • 1
  • 2
Réponse 1 / 36
Cousin_Avi Messages postés 247 Statut Membre 1
 
Bonjour,
# Télécharge Hijackthis (de Merjin)
http://www.merijn.org/files/hijackthis.zip
# Dézippe-le dans un dossier ou sur ton Bureau.
# Lance l'application (Hijackthis.exe) puis choisit l'option "Do a system scan and save a logfile"
Le Bloc-Notes s'ouvre, poste son contenu :
Edition / Sélectionner tout
Edition / Copier
Coller dans ta réponse
0
Réponse 2 / 36
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

un sale virus.

Télécharge ceci sur ton bureau
http://vaksin.com/File/Fix-VBWorm-Rontok-Lightmoon.exe

Essaye de démarrer en mode sans échec. Sinon, tu restes en mode normal.

Lance le scan en double-cliquant sur le fichier.

Le scan est assez long, aussi long qu'un scan AV complet du pc lol...
Le rapport sera généré au même endroit ou est enregistré le fix sous le nom NFix_aaaa-mm-jj.log (aaaa=année mm=mois jj=jour )

Ensuite, via la fonction rechercher de Windows, checher tous le sfichiesr de la forme *bron*.*
et donne la liste en réponse avec le log du fix et un log Hijackthis.

(Télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)

http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
)

@+
0
meriem3105
 
Bonjour,
Désolée d'avoir mit autant de temps pour vous répondre mais mon ordinateur redémarrait à chaque fois.
Voila le rapport demandé:


Norman Generic Fix
Copyright © 1990 - 2006, Norman ASA. Built 2006/12/07 16:49:23

Norman Scanner Engine Version: 5.90.27
Nvcbin.def Version: 5.90.00, Date: 2006/12/07 16:49:23, Variants: 1469
Nvcmacro.def Version: 5.90.00, Date: 2006/05/30 15:17:46, Variants: 12

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: SECRITARIA\isra

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe "D:\WINDOWS\KesenjanganSosial.exe"" -> "Explorer.exe"
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "D:\WINDOWS\system32\Userinit.exe" -> "D:\WINDOWS\System32\userinit.exe,"
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "!?" -> ""
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00923700


Scan started: 11/06/2007 14:02:06


Scanning running processes and process memory...

D:\Documents and Settings\isra\Local Settings\Application Data\winlogon.exe (Infected with W32/Rontokbro.AY@mm)
Terminated process
Deleted file

D:\Documents and Settings\isra\Local Settings\Application Data\services.exe (Infected with W32/Rontokbro.AY@mm)
Terminated process
Deleted file

Number of processes/threads found: 1125
Number of processes/threads scanned: 1125
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 2
Total scanning time: 0 minutes 47 seconds


Scanning file system...

C:\*.*


C:\copie mes documents\Ma musique\Ma musique.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

C:\copie mes documents\Mes fichiers reçus\Mes fichiers reçus.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

C:\copie mes documents\Mes images\Mes images.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

C:\copie mes documents\Mes vidéos\Mes vidéos.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

C:\copie mes documents\STARLINGER\STARLINGER.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

C:\copie mes documents\STARLINGER\Parts\Parts.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

C:\copie mes documents\starlinger cd\starlinger cd.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file
D:\*.*


D:\cmd-brontok.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\KesenjanganSosial.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\WINDOWS\KesenjanganSosial.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\WINDOWS\system32\cmd-brontok.exe (Infected with W32/Rontokbro.AY@mm)
Removed registry value: HKLM\System\CurrentControlSet\Control\SafeBoot -> AlternateShell = "cmd-brontok.exe"
Deleted file

D:\WINDOWS\system32\isra's Setting.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\WINDOWS\system32\Administrateur's Setting.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\WINDOWS\ShellNew\RakyatKelaparan.exe (Infected with W32/Rontokbro.AY@mm)
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> Bron-Spizaetus = ""D:\WINDOWS\ShellNew\RakyatKelaparan.exe""
Deleted file

D:\Documents and Settings\isra\Local Settings\Temp\~DFC6CF.tmp (Error whilst scanning file)

D:\Documents and Settings\isra\Local Settings\Temp\~DF95B9.tmp (Error whilst scanning file)

D:\Documents and Settings\isra\Local Settings\Temp\~DFA186.tmp (Error whilst scanning file)

D:\Documents and Settings\isra\Local Settings\Temp\~DF9B83.tmp/unknown0 (Error whilst scanning file)

D:\Documents and Settings\isra\Local Settings\Temp\~DFE904.tmp/unknown0 (Error whilst scanning file)

D:\Documents and Settings\isra\Local Settings\Temporary Internet Files\Content.IE5\VAD0YDBD\zylomgamesplayer[1].cab/unknown2 (Error whilst scanning file)

D:\Documents and Settings\isra\Local Settings\Temporary Internet Files\Content.IE5\KLU3GTEN\fr.yahoo[1]/unknown0 (Error whilst scanning file)

D:\Documents and Settings\isra\Local Settings\Application Data\services.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Local Settings\Application Data\svchost.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Local Settings\Application Data\smss.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Local Settings\Application Data\lsass.exe (Infected with W32/Rontokbro.AY@mm)
Terminated process
Deleted file

D:\Documents and Settings\isra\Local Settings\Application Data\inetinfo.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Local Settings\Application Data\csrss.exe (Infected with W32/Rontokbro.AY@mm)
File marked for defered cleaning (reboot required)

D:\Documents and Settings\isra\Local Settings\Application Data\br4281on.exe (Infected with W32/Rontokbro.AY@mm)
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> Tok-Cirrhatus-1629 = ""D:\Documents and Settings\isra\Local Settings\App...."
Deleted file

D:\Documents and Settings\isra\Local Settings\Application Data\br3951on.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq8yfojh.default\Cache\A78033FFd01/unknown0 (Error whilst scanning file)

D:\Documents and Settings\isra\Modèles\6744-NendangBro.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Menu Démarrer\Programmes\Démarrage\Empty.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Mes documents\Mes documents.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Mes documents\Mes images\Mes images.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Mes documents\Ma musique\Ma musique.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Mes documents\Mes vidéos\Mes vidéos.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Mes documents\STARLINGER\STARLINGER.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Mes documents\STARLINGER\Parts\Parts.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Mes documents\Mes fichiers reçus\Mes fichiers reçus.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Mes documents\starlinger cd\starlinger cd.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Mes documents\starlinger cd\AdobeReader\AdobeReader.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Bureau\Cd 2\Audio\Audio.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\isra\Bureau\Cd 2\Audio\Language - Listen And Learn 101 American English Idioms\Language - Listen And Learn 101 American English Idioms.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Local Settings\Application Data\services.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Local Settings\Application Data\lsass.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Local Settings\Application Data\inetinfo.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Local Settings\Application Data\csrss.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Local Settings\Application Data\br8439on.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Local Settings\Application Data\svchost.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Local Settings\Application Data\winlogon.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Modèles\15060-NendangBro.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Empty.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247203.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247204.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247205.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244817.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244818.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244819.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244820.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244821.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244822.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244823.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244824.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244825.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244830.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244831.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244832.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247206.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244859.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244860.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244861.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244862.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244863.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244864.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244865.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244866.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244867.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244870.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244872.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244873.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0244874.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245859.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245860.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245861.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245862.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245863.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245864.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245865.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245866.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245867.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245870.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245872.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245873.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245874.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247208.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245940.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245941.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245942.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245943.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245944.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245945.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245946.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245947.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245948.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245952.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245953.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0245954.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247209.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246203.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246204.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246205.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246206.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246207.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246208.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246209.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246210.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246211.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246216.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246217.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0246218.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247211.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247212.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247213.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247218.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247221.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247222.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247241.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247242.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247243.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247244.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247245.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247246.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247247.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247248.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247249.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247252.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247253.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247254.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247256.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247286.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247287.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247288.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247289.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247290.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247291.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247292.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247293.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247294.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247299.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247300.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247301.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251711.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247327.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247329.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247330.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247331.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247332.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247333.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247334.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247335.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247336.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247341.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247346.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247347.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251712.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247559.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247560.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247561.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247562.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247563.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247564.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247565.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247566.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247567.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247574.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247577.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0247578.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251713.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248559.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248560.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248561.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248562.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248563.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248564.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248565.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248566.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248567.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248568.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248569.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248570.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248571.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0248572.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251714.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249559.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249560.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249561.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249562.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249563.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249564.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249565.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249566.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249567.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249569.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249571.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249572.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249575.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251715.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249602.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249603.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249604.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249605.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249606.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249607.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249608.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249609.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249610.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249615.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249616.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249617.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251716.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249636.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249637.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249638.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249639.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249640.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249641.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249642.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249643.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249644.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249646.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249649.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249650.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249651.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251717.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249673.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249674.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249675.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249676.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249677.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249678.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249679.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249680.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249681.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249688.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249689.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249690.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251718.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249711.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249712.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249713.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249714.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249715.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249716.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249717.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249718.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249719.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249722.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249723.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249724.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0249727.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251719.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250711.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250712.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250713.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250714.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250715.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250716.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250717.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250718.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250719.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250723.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250724.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250725.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0250726.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251723.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251725.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251726.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251727.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252952.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251754.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251755.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251756.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251757.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251758.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251759.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251760.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251761.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251762.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251765.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251766.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251767.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251770.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252953.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251801.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251802.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251803.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251804.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251805.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251806.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251807.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251808.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251809.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251812.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251814.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251815.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251817.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252954.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251840.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251841.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251842.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251843.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251844.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251846.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251847.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251849.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251850.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251853.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251854.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251855.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251856.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251857.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252959.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251880.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251881.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251882.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251883.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251884.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251885.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251886.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251887.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251888.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251893.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251894.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251895.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251896.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0262322.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251901.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251902.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251903.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251904.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251905.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251906.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251907.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251908.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251909.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251914.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251915.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251916.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251919.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0262323.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251948.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251949.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251950.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251951.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251952.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251953.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251954.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251955.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251956.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251961.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251962.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251963.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251964.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0262324.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251973.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251974.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251975.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251976.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251977.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251978.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251979.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251980.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251981.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251985.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251987.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251988.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0251991.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0262325.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252824.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252825.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252826.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252827.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252828.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252829.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252830.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252831.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252832.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252836.com (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252837.scr (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252838.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0262326.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252866.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252867.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252868.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252869.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252870.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252871.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252872.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252873.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252874.exe (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0252875.pif (Infected with W32/Rontokbro.AY@mm)
Deleted file

D:\System Volume Information\_restore{42A207CE-CDCD-45F0-93A7-C096B3C8EA3E}\RP260\A0
0
Réponse 3 / 36
meriem3105
 
voici la suite c le log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 09:45:56, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\system32\tcpsvcs.exe
D:\Program Files\Speed Disk\nopdb.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\isra\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=D:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [E06FDXRC_26102765] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-1464] "\Media\br3951on.exe"
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{29936F45-DAAE-4BFC-B28C-D402C2146540}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - D:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
0
Réponse 4 / 36
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Ne pas redémarrer l'ordi.

en urgence :

relance Hijackthis, choisis do a scan only, coche la case devant
O4 - HKCU\..\Run: [Tok-Cirrhatus-1464] "\Media\br3951on.exe
ferme toutes les fenêtres actives et clique sur Fix checked.

Cherche toutes les occurences de ce fichier sur ton ordi : br3951on.exe et supprimes les.

S'il ne veut pas, tu fais la suite (toujours sans rebooter).

activer le parefeu Windows

remettre un antivirus, le tien semble avoir disparu dans la bagarre. Soit celui que tu avis (en particulier si payant), soit Avast ou Antivir (gratuits).

télécharger un vrai parefeu (Kerio ou Zone Alarm) que tu mets à la place du parefeu Windows.

Ensuite, pas trop de dégats dans "Mes Documents" (musiqe, images, fichiers reçus, ..) ?

Ensuite, via la fonction rechercher de Windows, checher tous les fichiers de la forme *bron*.* et en donner la liste ici.

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 36
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

si possible, tu coches aussi la case devant :
F3 - REG:win.ini: load=D:\WINDOWS\svchost.exe

puis tu supprimes D:\WINDOWS\svchost.exe

( les "vrais" svchost.exe sont dans D:\WINDOWS\system32\ ceux là, pas toucher).
@+
0
Réponse 6 / 36
meriem3105
 
J'ai téléchargé kerio via 01net mais on me demande un mot de passe.
après la recherche de br3951on un fichier a été trouvé que g supprimé
la liste après recherche finale windows

about.Brontok.A E:/Mes images
about.Brontok.A D:/WINDOWS/system32
cmd-brontok D:/Documents ans Settings/...
about.Brontok.A C:/copie mes documents/Mes im...
0
Réponse 7 / 36
meriem3105
 
dois-je telecharger zone alarm?
si je telecharger un antivirus mon ordinateur risque-t-il de redémarrer?
0
Réponse 8 / 36
meriem3105
 
g déjà effacé les "vrais" svchost.exe sont dans D:\WINDOWS\system32\
avec cleaner mon ordi me le reclame a chaque démarrage premier et aussi g effacé host.exe du D WINDOWS win32
On m'a recommandé d'inserer le CD pack2 et de faire une installation par réparation !!!
0
Réponse 9 / 36
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

supprimes les 4 fichiers que tu as trouvé :
about.Brontok.A E:/Mes images
about.Brontok.A D:/WINDOWS/system32
cmd-brontok D:/Documents ans Settings/...
about.Brontok.A C:/copie mes documents/Mes im...

Supprime Kerio et télécharge Zone Alarm.

Je n'ai pas compris ça :
avec cleaner mon ordi me le reclame a chaque démarrage premier

Qui est on ?

Je n'ai pas l'impression que le système ait été atteint. Mais je vais regarder à nouveau.

Vérifie qu'une recherche sur bron*.* ne donne plus rien.

Remets un log Hijackthis.

Surfe un minimum tant que tes protections sont faibles (parefeu si tu as activé celui de Windows, mieux que rien provisoirement) ou inexistantes (antivirus). Ne télécharge que sur des sites sûrs.
@+
0
Réponse 10 / 36
meriem3105
 
impossible de supprimer

about.Brontok.A D:/WINDOWS/system32
cmd-brontok D:/Documents ans Settings/...
about.Brontok.A C:/copie mes documents/Mes im...

ils sont introuvables dans l'emplacement indiqué

lorsque g nettoyé les fichiers infecté avec cleaner, les fichiers executables host.exe et svchost.exe ont ete supprimés et lorsque j'allume la premiere fois mon ordinateur une fenetre apprait en m'indiquant leur disparition

g essayé de telecherger zone alarm à 2 reprises mais après l'exécution rien n'apparait plus je v réessayer
0
Réponse 11 / 36
meriem3105
 
voila g tout supprimé reste
cmd-brontok D:/WINDOWS/system32........application
0
Réponse 12 / 36
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

attention, les noms ne sont pas de la forme :

about.Brontok.A E:/Mes images

mais :

E:/Mes images/about.Brontok.A

Il faut absolument supprimer cmd-brontok (en fait D:/WINDOWS/system32........application/cmd-brontok.exe

Cherche aussi RakyatKelaparan et supprime tout ce que tu trouves.

Regarde aussi si tu trouves ce dossier D:\Documents and Settings\isra\Local Settings\Application Data\Bron.tok-XX-XX où les 2 XX sont des nombres. Supprime ce dossier si tu trouves.

Tu passes Ccleaner, recherche des erreurs (dans le registre) et réparation. Tu le fais plusieurs fois (jusqu'à ce qu'il n'y ait plus d'erreurs).

@+
0
Réponse 13 / 36
meriem3105
 
g trouvé et supprimé cmd_brontok
après avoir télécharé et installé Zonealarm deux autres virus ont été identifiés et supprimés Trojan-dropper.wi... et Virus.Win32.pERLO...
Mon ordinateur réclame toujours svchost.exe et host.exe
pourrais-je tétélcharger un antivirus sans problème?
0
Réponse 14 / 36
meriem3105
 
voici le rapport cleaner des fichiers infectés

*** Recherche des fichiers dans D:
D:\autorun.inf FOUND
D:\host.exe FOUND

*** Recherche des fichiers dans D:\WINDOWS\

*** Recherche des fichiers dans D:\WINDOWS\system32

*** Recherche des fichiers dans D:\Program Files
*** Fin du rapport !
0
Réponse 15 / 36
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

1) remets un log Hijackthis.

2) essaye de remettre ton antivirus

3) C'est quoi ce rapport "cleaner" ? Ce serait pas un rapport de clean.zip ?

@+
0
Réponse 16 / 36
meriem3105
 
Bonjour,
clean.zip c bien ça
Merci
Mon ordi se prote mieux
0
Réponse 17 / 36
meriem3105
 
je v remettre un log hijackthis
0
Réponse 18 / 36
meriem3105
 
voici le rapport log hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 15:41:14, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\system32\tcpsvcs.exe
D:\Program Files\Speed Disk\nopdb.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\system32\temp1.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\WISPTIS.EXE
D:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\isra\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=D:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [E06FDXRC_26102765] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{29936F45-DAAE-4BFC-B28C-D402C2146540}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - D:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
0
Réponse 19 / 36
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

•- Redémarre en mode sans échec. ( note bien ce que tu as à faire ).
•- Ouvre le dossier « clean » qui se trouve sur ton bureau.
•- Double-clic sur « clean.cmd ».
Une fenêtre noire va apparaître, choisis l’option 2.

Clean va travailler.
•- Redémarre normalement
•- Poste qui se trouve ici C:\rapport_clean.txt.

remets un log Hijackthis.
@+
0
Réponse 20 / 36
meriem3105
 
1.
le rapport clean

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 17/06/2007 a 10:11:26,39

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans D:
tentative de suppression de D:\autorun.inf
tentative de suppression de D:\host.exe

*** Suppression des fichiers dans D:\WINDOWS\
tentative de suppression de D:\WINDOWS\svchost.exe

*** Suppression des fichiers dans D:\WINDOWS\system32

*** Suppression des fichiers dans D:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 10:14:04, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\system32\tcpsvcs.exe
D:\Program Files\Speed Disk\nopdb.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
D:\Documents and Settings\isra\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=D:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [E06FDXRC_26102765] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - D:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

2.
G oublié de vous signaler qu'après avoir téléchargé zone alrm ou un antivirus je ne sais plus, deux virus ont été interepté :
trojan-dropper.wi...
et
virus.win32.perlo...

3.
lorsque g remdémarré mon ordinateur, les deux fenetres s'affichent encore : il y a ecrit dessus:

windows ne trouve pas d:/windows/svchost.exe
et
impossible de charger ou d'exécuter d:/windows/svchost.exe
0

Discussions similaires

Chemin Logo du site de la Cité de l'espace
Keiios -
blux -

11 réponses