A voir également:
- Virus Cheval de troie, analyse de HIJACKTHIS
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Échec de l'analyse antivirus - Forum Antivirus
81 réponses
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
11 sept. 2007 à 12:58
11 sept. 2007 à 12:58
si tu permets, je vais prendre le temps de tout réexaminer depuis le début!!
je pense aussi demander de l'aide à plus compétant car je vois que les fichiers que nous détruisons reviennent sans arrêt
nous détruisons toujours les mêmes, il y a quelque chose qui les relance, et je dois le trouver!!
moi ou un autre plus aguerri!!
je reviens plus tard dans la soirée...
je pense aussi demander de l'aide à plus compétant car je vois que les fichiers que nous détruisons reviennent sans arrêt
nous détruisons toujours les mêmes, il y a quelque chose qui les relance, et je dois le trouver!!
moi ou un autre plus aguerri!!
je reviens plus tard dans la soirée...
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
11 sept. 2007 à 16:04
11 sept. 2007 à 16:04
on va essayer ceci
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
relance AVG antispyware et scanne le PC comme indiqué
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse » onglet « paramètres »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Rapports du dossier d'AVG Anti-Spyware
relance combofix et poste
rapport OTMOveIT
rapport AVG
rapport Combofix
hijack this
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
C:\WINDOWS\system32\k11885672466.exe C:\WINDOWS\system32\k11885636319.exe C:\WINDOWS\system32\k11885636308.exe C:\WINDOWS\system32\k11885563978.exe C:\WINDOWS\system32\k11885527816.exe C:\WINDOWS\system32\k11885491709.exe C:\WINDOWS\system32\k11885491666.exe C:\WINDOWS\system32\k11885455559.exe C:\WINDOWS\system32\k11885419419.exe C:\WINDOWS\system32\k11885419408.exe C:\WINDOWS\system32\k11884880999.exe C:\WINDOWS\system32\k11884880956.exe C:\WINDOWS\system32\k11884844829.exe C:\WINDOWS\system32\k11884808659.exe C:\WINDOWS\system32\k11884808648.exe C:\WINDOWS\system32\k11884772456.exe C:\WINDOWS\system32\k11884736339.exe C:\WINDOWS\system32\k11884736296.exe C:\WINDOWS\system32\k11884736318.exe C:\WINDOWS\system32\k11884664009.exe C:\WINDOWS\system32\k11884663998.exe C:\WINDOWS\system32\k11884627849.exe C:\WINDOWS\system32\k11884591679.exe C:\WINDOWS\system32\k11883993759.exe C:\WINDOWS\system32\k11883993748.exe C:\WINDOWS\system32\k11883957599.exe C:\WINDOWS\system32\k11883921396.exe C:\WINDOWS\system32\k11883727798.exe C:\WINDOWS\system32\k11883691606.exe C:\WINDOWS\system32\k11883139409.exe C:\WINDOWS\system32\k11883139366.exe C:\WINDOWS\system32\k11883103239.exe C:\WINDOWS\system32\k11883103206.exe C:\WINDOWS\system32\k11883067079.exe C:\WINDOWS\system32\k11882973779.exe C:\WINDOWS\system32\k11882973736.exe C:\WINDOWS\system32\k11882937619.exe C:\WINDOWS\system32\k11882937576.exe C:\WINDOWS\system32\k11882901449.exe C:\WINDOWS\system32\k11882901416.exe C:\WINDOWS\system32\k11882865279.exe C:\WINDOWS\system32\k11882829119.exe C:\WINDOWS\system32\k11882308496.exe C:\WINDOWS\system32\k11882236169.exe C:\WINDOWS\system32\k11882199999.exe C:\WINDOWS\hhdepj.exe C:\WINDOWS\qqzjnh.exe C:\WINDOWS\qunapf.exe C:\WINDOWS\bwszyz.exe C:\WINDOWS\yqomot.exe C:\WINDOWS\dgumvp.exe C:\WINDOWS\tzhbzj.exe C:\WINDOWS\iabzvk.exe C:\WINDOWS\ybpbll.exe C:\WINDOWS\hdtctl.exe C:\WINDOWS\bappax.exe C:\WINDOWS\wzgujs.exe C:\WINDOWS\aaocgp.exe C:\WINDOWS\xoyvbg.exe C:\WINDOWS\jyaish.exe C:\WINDOWS\dkxehw.exe C:\WINDOWS\sumsqj.exe C:\WINDOWS\cfdvpa.exe C:\WINDOWS\vkibgc.exe C:\WINDOWS\yxrndt.exe C:\WINDOWS\system32\k11858062254.exe C:\WINDOWS\system32\k11857914564.exe C:\WINDOWS\system32\k11857876524.exe C:\QUARANTINE C:\WINDOWS\system32\ok1.exe C:\WINDOWS\system32\jzeini.dll C:\WINDOWS\system32\navcot.exe C:\WINDOWS\system32\1yzwxuvs.dll C:\WINDOWS\system32\jzdini.dll C:\WINDOWS\system32\k11842294033.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
relance AVG antispyware et scanne le PC comme indiqué
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse » onglet « paramètres »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Rapports du dossier d'AVG Anti-Spyware
relance combofix et poste
rapport OTMOveIT
rapport AVG
rapport Combofix
hijack this
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
11 sept. 2007 à 16:12
11 sept. 2007 à 16:12
Réparation mode sans échec
Essaye ceci :
Fais un clic droit ici
http://www.malekal.com/download/SafeBoot.reg
et choisis " enregistrer la cible sous" afin de télécharger SafeBoot.reg sur ton bureau.
Double clique dessus et accepte la fusion avec le registre.
Tiens au courant
Essaye ceci :
Fais un clic droit ici
http://www.malekal.com/download/SafeBoot.reg
et choisis " enregistrer la cible sous" afin de télécharger SafeBoot.reg sur ton bureau.
Double clique dessus et accepte la fusion avec le registre.
Tiens au courant
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
11 sept. 2007 à 22:03
11 sept. 2007 à 22:03
tu en es où?
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
12 sept. 2007 à 10:26
12 sept. 2007 à 10:26
j'ai demandé de l'aide comme je te l'avais indiqué hier..
j'attends des réponses, peut être même que la désinfection sera continuée par un autre "helper", plus compétant.
je dois t'avouer que ton infection est très importante et grave, et que cela atteint mes limites de connaissances.
néanmoins tu peux effectuer sans soucis les manips demandées afin de purger encore un peu ce PC des fichiers vérolés qui l'infectent...
j'attends des réponses, peut être même que la désinfection sera continuée par un autre "helper", plus compétant.
je dois t'avouer que ton infection est très importante et grave, et que cela atteint mes limites de connaissances.
néanmoins tu peux effectuer sans soucis les manips demandées afin de purger encore un peu ce PC des fichiers vérolés qui l'infectent...
Bonjour,
voici le rapport combofix:
ComboFix 07-08-30.3 - "Internet" 2005-08-31 11:09:26.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.339 [GMT 2:00]
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NPF
((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))
2007-08-10 17:53 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-10 12:44 <REP> d-------- C:\Program Files\Navilog1
2007-08-09 10:33 <REP> d-------- C:\hijackthis
2007-07-31 18:23 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-07-25 17:37 908,000 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2007-07-25 17:37 19,200 --a------ C:\WINDOWS\system32\dllcache\hidbatt.sys
2007-07-25 17:28 82,560 --a------ C:\WINDOWS\system32\dllcache\grclass.sys
2007-07-25 17:28 36,864 --a------ C:\WINDOWS\system32\dllcache\hanjadic.dll
2007-07-25 17:28 32,256 --a------ C:\WINDOWS\system32\dllcache\gzip.dll
2007-07-25 17:28 28,672 --a------ C:\WINDOWS\system32\dllcache\grserial.sys
2007-07-25 17:28 17,664 --a------ C:\WINDOWS\system32\dllcache\gpr400.sys
2007-07-18 08:09 4,764 --a------ C:\WINDOWS\system32\sd3llks.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-11 12:18 82258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-11 12:18 82258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-11 12:17 --------- d-------- C:\Program Files\Kaspersky Lab
2007-09-11 11:29 36213 --a------ C:\WINDOWS\system32\k118950290911.exe
2007-09-11 11:28 36864 --a------ C:\WINDOWS\system32\3BFE35AC.DLL
2007-09-11 11:28 21045 --a------ C:\WINDOWS\system32\1BC7B66A.EXE
2007-09-11 11:28 15872 --a------ C:\WINDOWS\uragyo.exe
2007-09-11 10:56 16624 --a------ C:\WINDOWS\system32\LYLOADMR.EXE
2007-09-11 10:30 70 --a------ C:\WINDOWS\system32\kapjacs.dll
2007-09-11 10:30 59 --a------ C:\WINDOWS\system32\rsjzafg.dll
2007-09-11 10:30 36213 --a------ C:\WINDOWS\system32\k118949928914.exe
2007-09-11 10:29 49 --a------ C:\WINDOWS\system32\kashacs.dll
2007-09-11 10:29 23552 --a------ C:\WINDOWS\system32\sxbajt.dll
2007-09-11 10:29 18944 --a------ C:\WINDOWS\system32\htnyoz.dll
2007-09-11 09:30 36213 --a------ C:\WINDOWS\system32\k118949567014.exe
2007-09-11 09:29 12663 --------- C:\WINDOWS\system32\rsjzasp.exe
2007-09-11 09:29 12071 --------- C:\WINDOWS\system32\kapjaaz.exe
2007-09-11 09:28 12153 --------- C:\WINDOWS\system32\kashbaz.exe
2007-09-11 09:27 23552 --a------ C:\WINDOWS\system32\rpjogq.dll
2007-09-10 17:09 24576 --a------ C:\WINDOWS\system32\xisojf.dll
2007-09-10 17:08 36213 --a------ C:\WINDOWS\system32\k118943687013.exe
2007-09-10 17:08 24064 --a------ C:\WINDOWS\system32\orzfco.dll
2007-09-10 17:07 24064 --a------ C:\WINDOWS\system32\rosbzp.dll
2007-09-10 17:07 15872 --a------ C:\WINDOWS\qiknmb.exe
2007-09-10 16:08 23552 --a------ C:\WINDOWS\system32\wqhdnj.dll
2007-09-10 16:08 18944 --a------ C:\WINDOWS\system32\jopwrv.dll
2007-09-10 15:08 50 --a------ C:\WINDOWS\system32\avzxain.dll
2007-09-10 15:08 50 --a------ C:\WINDOWS\system32\avwlain.dll
2007-09-10 15:07 24064 --a------ C:\WINDOWS\system32\xottax.dll
2007-09-10 15:07 24064 --a------ C:\WINDOWS\system32\ajmdbl.dll
2007-09-10 15:06 23040 --a------ C:\WINDOWS\system32\iiusqb.dll
2007-09-10 14:06 25600 --a------ C:\WINDOWS\system32\sisbnz.dll
2007-09-10 13:07 13063 --------- C:\WINDOWS\system32\avzxast.exe
2007-09-10 13:06 24064 --a------ C:\WINDOWS\system32\ymmbrw.dll
2007-09-10 13:06 23552 --a------ C:\WINDOWS\system32\vyyjdr.dll
2007-09-10 12:06 24064 --a------ C:\WINDOWS\system32\mkvckg.dll
2007-09-10 11:06 23552 --a------ C:\WINDOWS\system32\efqvql.dll
2007-09-10 10:06 13061 --------- C:\WINDOWS\system32\avwlast.exe
2007-09-10 10:05 25600 --a------ C:\WINDOWS\system32\imfgwo.dll
2007-09-10 10:05 24064 --a------ C:\WINDOWS\system32\axbrvp.dll
2007-09-10 10:05 23552 --a------ C:\WINDOWS\system32\lssmxp.dll
2007-09-07 17:40 23040 --a------ C:\WINDOWS\system32\mmcazc.dll
2007-09-07 17:40 18944 --a------ C:\WINDOWS\mepthz.exe
2007-09-07 17:20 18944 --a------ C:\WINDOWS\gxoqef.exe
2007-09-07 15:20 23552 --a------ C:\WINDOWS\system32\setdpm.dll
2007-09-06 10:22 8110 --a------ C:\WINDOWS\system32\k11890669202.exe
2007-09-03 15:51 32852 --a------ C:\WINDOWS\system32\FBI.dll
2007-08-30 11:12 5664 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-30 11:12 157728 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-30 11:11 2900 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-30 11:11 1556 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon.dll
2007-06-28 12:50 22457 --a------ C:\WINDOWS\system32\drivers\klop.dat
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
((((((((((((((((((((((((((((( snapshot_2005-08-30_123432.95 )))))))))))))))))))))))))))))))))))))))))
----a-w 15,872 2007-09-11 09:28:19 C:\WINDOWS\DiskMan32.exe
----a-w 23,552 2005-08-31 08:15:27 C:\WINDOWS\system32\DbgHlp32.dll
----a-w 19,968 2005-08-30 09:12:47 C:\WINDOWS\system32\DiskMan32.dll
----a-w 18,944 2005-08-31 08:15:27 C:\WINDOWS\system32\NVDispDrv.dll
----a-w 23,552 2005-08-30 10:33:04 C:\WINDOWS\system32\DbgHlp32.dll
----a-w 19,968 2005-08-30 10:33:04 C:\WINDOWS\system32\DiskMan32.dll
----a-w 18,944 2005-08-30 10:33:04 C:\WINDOWS\system32\NVDispDrv.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"DiskMan32"="C:\WINDOWS\uragyo.exe" [2007-09-11 11:28]
"AVPSrv"="C:\WINDOWS\AVPSrv.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4A65498A-7653-9801-1647-987114AB7F44}"= C:\WINDOWS\system32\zxdpri.dll [ ]
"{AEB6717E-7E19-11d0-97EE-00C04FD91973}"= FBI.dll [ ]
"{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}"= C:\WINDOWS\system32\rsjzapm.dll [2004-08-04 10:06 20064]
"{1960356A-458E-DE24-BD50-268F589A56A1}"= C:\WINDOWS\system32\avwlamn.dll [2004-08-04 10:06 21580]
"{1859245F-345D-BC13-AC4F-145D47DA34F1}"= C:\WINDOWS\system32\avzxamn.dll [2004-08-04 13:07 21580]
"{1A321487-4977-D98A-C8D5-6488257545A1}"= C:\WINDOWS\system32\kapjazy.dll [2004-08-04 16:08 19572]
"{29FA4178-7749-A8D9-F5C8-886455257692}"= C:\WINDOWS\system32\kashbzy.dll [2004-08-04 09:28 18506]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=rsjzapm.dll
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
dslagent.exe USB
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]
GSICON.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\Wanadoo\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"NetSvc"=3 (0x3)
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=2 (0x2)
"Iap"=2 (0x2)
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 wanusb;ECI Telecom USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys
S4 85F5FEB8;85F5FEB8;C:\WINDOWS\system32\B9847062.EXE -85F5FEB8
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28d3794a-3c3f-11dc-b9af-0008544fa6b1}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dc7e17e-5809-11da-b5d9-00ff00300101}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30c09030-5b8c-11dc-b9e5-0008544fa6b1}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e598c37-dc0b-11d9-b50d-00ff00300101}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70072885-e136-11db-b945-0008544fa6b1}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5e5bb1e-dd77-11d9-b511-00ff00300101}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca544c2a-3ac0-11dc-b9ab-0008544fa6b1}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
C:\WINDOWS\system32\nwizzhuxians.exe
Contents of the 'Scheduled Tasks' folder
2005-11-28 07:40:23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1125072091.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-08-30 11:12:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2005-08-30 11:14:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2005-08-30 11:14
C:\ComboFix2.txt ... 2005-08-30 12:35
--- E O F ---
Le rapport de Move it:
C:\WINDOWS\system32\k11885672466.exe moved successfully.
C:\WINDOWS\system32\k11885636319.exe moved successfully.
C:\WINDOWS\system32\k11885636308.exe moved successfully.
C:\WINDOWS\system32\k11885563978.exe moved successfully.
C:\WINDOWS\system32\k11885527816.exe moved successfully.
C:\WINDOWS\system32\k11885491709.exe moved successfully.
C:\WINDOWS\system32\k11885491666.exe moved successfully.
C:\WINDOWS\system32\k11885455559.exe moved successfully.
C:\WINDOWS\system32\k11885419419.exe moved successfully.
C:\WINDOWS\system32\k11885419408.exe moved successfully.
C:\WINDOWS\system32\k11884880999.exe moved successfully.
C:\WINDOWS\system32\k11884880956.exe moved successfully.
C:\WINDOWS\system32\k11884844829.exe moved successfully.
C:\WINDOWS\system32\k11884808659.exe moved successfully.
C:\WINDOWS\system32\k11884808648.exe moved successfully.
C:\WINDOWS\system32\k11884772456.exe moved successfully.
C:\WINDOWS\system32\k11884736339.exe moved successfully.
C:\WINDOWS\system32\k11884736296.exe moved successfully.
C:\WINDOWS\system32\k11884736318.exe moved successfully.
C:\WINDOWS\system32\k11884664009.exe moved successfully.
C:\WINDOWS\system32\k11884663998.exe moved successfully.
C:\WINDOWS\system32\k11884627849.exe moved successfully.
C:\WINDOWS\system32\k11884591679.exe moved successfully.
C:\WINDOWS\system32\k11883993759.exe moved successfully.
C:\WINDOWS\system32\k11883993748.exe moved successfully.
C:\WINDOWS\system32\k11883957599.exe moved successfully.
C:\WINDOWS\system32\k11883921396.exe moved successfully.
C:\WINDOWS\system32\k11883727798.exe moved successfully.
C:\WINDOWS\system32\k11883691606.exe moved successfully.
C:\WINDOWS\system32\k11883139409.exe moved successfully.
C:\WINDOWS\system32\k11883139366.exe moved successfully.
C:\WINDOWS\system32\k11883103239.exe moved successfully.
C:\WINDOWS\system32\k11883103206.exe moved successfully.
C:\WINDOWS\system32\k11883067079.exe moved successfully.
C:\WINDOWS\system32\k11882973779.exe moved successfully.
C:\WINDOWS\system32\k11882973736.exe moved successfully.
C:\WINDOWS\system32\k11882937619.exe moved successfully.
C:\WINDOWS\system32\k11882937576.exe moved successfully.
C:\WINDOWS\system32\k11882901449.exe moved successfully.
C:\WINDOWS\system32\k11882901416.exe moved successfully.
C:\WINDOWS\system32\k11882865279.exe moved successfully.
C:\WINDOWS\system32\k11882829119.exe moved successfully.
C:\WINDOWS\system32\k11882308496.exe moved successfully.
C:\WINDOWS\system32\k11882236169.exe moved successfully.
C:\WINDOWS\system32\k11882199999.exe moved successfully.
C:\WINDOWS\hhdepj.exe moved successfully.
C:\WINDOWS\qqzjnh.exe moved successfully.
C:\WINDOWS\qunapf.exe moved successfully.
C:\WINDOWS\bwszyz.exe moved successfully.
C:\WINDOWS\yqomot.exe moved successfully.
C:\WINDOWS\dgumvp.exe moved successfully.
C:\WINDOWS\tzhbzj.exe moved successfully.
C:\WINDOWS\iabzvk.exe moved successfully.
C:\WINDOWS\ybpbll.exe moved successfully.
C:\WINDOWS\hdtctl.exe moved successfully.
C:\WINDOWS\bappax.exe moved successfully.
C:\WINDOWS\wzgujs.exe moved successfully.
C:\WINDOWS\aaocgp.exe moved successfully.
C:\WINDOWS\xoyvbg.exe moved successfully.
C:\WINDOWS\jyaish.exe moved successfully.
C:\WINDOWS\dkxehw.exe moved successfully.
C:\WINDOWS\sumsqj.exe moved successfully.
C:\WINDOWS\cfdvpa.exe moved successfully.
C:\WINDOWS\vkibgc.exe moved successfully.
C:\WINDOWS\yxrndt.exe moved successfully.
C:\WINDOWS\system32\k11858062254.exe moved successfully.
C:\WINDOWS\system32\k11857914564.exe moved successfully.
C:\WINDOWS\system32\k11857876524.exe moved successfully.
C:\QUARANTINE moved successfully.
C:\WINDOWS\system32\ok1.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\jzeini.dll
C:\WINDOWS\system32\jzeini.dll NOT unregistered.
C:\WINDOWS\system32\jzeini.dll moved successfully.
C:\WINDOWS\system32\navcot.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\1yzwxuvs.dll
C:\WINDOWS\system32\1yzwxuvs.dll NOT unregistered.
C:\WINDOWS\system32\1yzwxuvs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\jzdini.dll
C:\WINDOWS\system32\jzdini.dll NOT unregistered.
C:\WINDOWS\system32\jzdini.dll moved successfully.
C:\WINDOWS\system32\k11842294033.exe moved successfully.
Created on 08/31/2005 10:18:08
le rapport antispyware:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 11:08:17 31/08/2005
+ Résultat de l'analyse:
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104993.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104994.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104995.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104996.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105024.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105132.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105137.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105185.exe -> Downloader.Agent.css : Nettoyé.
C:\WINDOWS\DbgHlp32.exe -> Downloader.Agent.css : Nettoyé.
C:\WINDOWS\NVDispDrv.exe -> Downloader.Agent.css : Nettoyé.
C:\WINDOWS\axmpoi.exe -> Downloader.Agent.css : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Program Files\NetMeeting\ravwlmon.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101442.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101504.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883727798.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883993748.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884663998.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884736318.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884808648.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885419408.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885563978.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885636308.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101568.exe -> Trojan.OnLineGames.bjb : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103604.exe -> Trojan.OnLineGames.bjb : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105133.exe -> Trojan.OnLineGames.bnx : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105046.exe -> Trojan.OnLineGames.cau : Nettoyé.
Fin du rapport
Et le rapport de HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 11:15:13, on 30/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Internet\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://home.mcafee.com/StaticGenericPage.aspx?page=cookienotsupported&url=%2fSecure%2fProtected%2fLogin.aspx%3fErrCode%3dPLEASE_LOGIN%26culture%3dfr-FR%26ctst%3d1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\uragyo.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F4130EE3-524C-45B2-A2DC-185C262809F9} (StachaImpEtq Control) - http://www.chargeur-online.com/ressources-stacha/StachaImpEtqProj1V150.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B975D33C-C4AE-43FC-BBF7-658FD3DCBAF3}: NameServer = 80.10.246.129,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1F8141-2B40-4122-9C8E-EB1BA42C52FF}: NameServer = 193.252.19.3,193.252.19.4
O20 - AppInit_DLLs: kashbzy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
Merci bcp!
voici le rapport combofix:
ComboFix 07-08-30.3 - "Internet" 2005-08-31 11:09:26.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.339 [GMT 2:00]
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NPF
((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))
2007-08-10 17:53 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-10 12:44 <REP> d-------- C:\Program Files\Navilog1
2007-08-09 10:33 <REP> d-------- C:\hijackthis
2007-07-31 18:23 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-07-25 17:37 908,000 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2007-07-25 17:37 19,200 --a------ C:\WINDOWS\system32\dllcache\hidbatt.sys
2007-07-25 17:28 82,560 --a------ C:\WINDOWS\system32\dllcache\grclass.sys
2007-07-25 17:28 36,864 --a------ C:\WINDOWS\system32\dllcache\hanjadic.dll
2007-07-25 17:28 32,256 --a------ C:\WINDOWS\system32\dllcache\gzip.dll
2007-07-25 17:28 28,672 --a------ C:\WINDOWS\system32\dllcache\grserial.sys
2007-07-25 17:28 17,664 --a------ C:\WINDOWS\system32\dllcache\gpr400.sys
2007-07-18 08:09 4,764 --a------ C:\WINDOWS\system32\sd3llks.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-11 12:18 82258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-11 12:18 82258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-11 12:17 --------- d-------- C:\Program Files\Kaspersky Lab
2007-09-11 11:29 36213 --a------ C:\WINDOWS\system32\k118950290911.exe
2007-09-11 11:28 36864 --a------ C:\WINDOWS\system32\3BFE35AC.DLL
2007-09-11 11:28 21045 --a------ C:\WINDOWS\system32\1BC7B66A.EXE
2007-09-11 11:28 15872 --a------ C:\WINDOWS\uragyo.exe
2007-09-11 10:56 16624 --a------ C:\WINDOWS\system32\LYLOADMR.EXE
2007-09-11 10:30 70 --a------ C:\WINDOWS\system32\kapjacs.dll
2007-09-11 10:30 59 --a------ C:\WINDOWS\system32\rsjzafg.dll
2007-09-11 10:30 36213 --a------ C:\WINDOWS\system32\k118949928914.exe
2007-09-11 10:29 49 --a------ C:\WINDOWS\system32\kashacs.dll
2007-09-11 10:29 23552 --a------ C:\WINDOWS\system32\sxbajt.dll
2007-09-11 10:29 18944 --a------ C:\WINDOWS\system32\htnyoz.dll
2007-09-11 09:30 36213 --a------ C:\WINDOWS\system32\k118949567014.exe
2007-09-11 09:29 12663 --------- C:\WINDOWS\system32\rsjzasp.exe
2007-09-11 09:29 12071 --------- C:\WINDOWS\system32\kapjaaz.exe
2007-09-11 09:28 12153 --------- C:\WINDOWS\system32\kashbaz.exe
2007-09-11 09:27 23552 --a------ C:\WINDOWS\system32\rpjogq.dll
2007-09-10 17:09 24576 --a------ C:\WINDOWS\system32\xisojf.dll
2007-09-10 17:08 36213 --a------ C:\WINDOWS\system32\k118943687013.exe
2007-09-10 17:08 24064 --a------ C:\WINDOWS\system32\orzfco.dll
2007-09-10 17:07 24064 --a------ C:\WINDOWS\system32\rosbzp.dll
2007-09-10 17:07 15872 --a------ C:\WINDOWS\qiknmb.exe
2007-09-10 16:08 23552 --a------ C:\WINDOWS\system32\wqhdnj.dll
2007-09-10 16:08 18944 --a------ C:\WINDOWS\system32\jopwrv.dll
2007-09-10 15:08 50 --a------ C:\WINDOWS\system32\avzxain.dll
2007-09-10 15:08 50 --a------ C:\WINDOWS\system32\avwlain.dll
2007-09-10 15:07 24064 --a------ C:\WINDOWS\system32\xottax.dll
2007-09-10 15:07 24064 --a------ C:\WINDOWS\system32\ajmdbl.dll
2007-09-10 15:06 23040 --a------ C:\WINDOWS\system32\iiusqb.dll
2007-09-10 14:06 25600 --a------ C:\WINDOWS\system32\sisbnz.dll
2007-09-10 13:07 13063 --------- C:\WINDOWS\system32\avzxast.exe
2007-09-10 13:06 24064 --a------ C:\WINDOWS\system32\ymmbrw.dll
2007-09-10 13:06 23552 --a------ C:\WINDOWS\system32\vyyjdr.dll
2007-09-10 12:06 24064 --a------ C:\WINDOWS\system32\mkvckg.dll
2007-09-10 11:06 23552 --a------ C:\WINDOWS\system32\efqvql.dll
2007-09-10 10:06 13061 --------- C:\WINDOWS\system32\avwlast.exe
2007-09-10 10:05 25600 --a------ C:\WINDOWS\system32\imfgwo.dll
2007-09-10 10:05 24064 --a------ C:\WINDOWS\system32\axbrvp.dll
2007-09-10 10:05 23552 --a------ C:\WINDOWS\system32\lssmxp.dll
2007-09-07 17:40 23040 --a------ C:\WINDOWS\system32\mmcazc.dll
2007-09-07 17:40 18944 --a------ C:\WINDOWS\mepthz.exe
2007-09-07 17:20 18944 --a------ C:\WINDOWS\gxoqef.exe
2007-09-07 15:20 23552 --a------ C:\WINDOWS\system32\setdpm.dll
2007-09-06 10:22 8110 --a------ C:\WINDOWS\system32\k11890669202.exe
2007-09-03 15:51 32852 --a------ C:\WINDOWS\system32\FBI.dll
2007-08-30 11:12 5664 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-30 11:12 157728 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-30 11:11 2900 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-30 11:11 1556 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon.dll
2007-06-28 12:50 22457 --a------ C:\WINDOWS\system32\drivers\klop.dat
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
((((((((((((((((((((((((((((( snapshot_2005-08-30_123432.95 )))))))))))))))))))))))))))))))))))))))))
----a-w 15,872 2007-09-11 09:28:19 C:\WINDOWS\DiskMan32.exe
----a-w 23,552 2005-08-31 08:15:27 C:\WINDOWS\system32\DbgHlp32.dll
----a-w 19,968 2005-08-30 09:12:47 C:\WINDOWS\system32\DiskMan32.dll
----a-w 18,944 2005-08-31 08:15:27 C:\WINDOWS\system32\NVDispDrv.dll
----a-w 23,552 2005-08-30 10:33:04 C:\WINDOWS\system32\DbgHlp32.dll
----a-w 19,968 2005-08-30 10:33:04 C:\WINDOWS\system32\DiskMan32.dll
----a-w 18,944 2005-08-30 10:33:04 C:\WINDOWS\system32\NVDispDrv.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"DiskMan32"="C:\WINDOWS\uragyo.exe" [2007-09-11 11:28]
"AVPSrv"="C:\WINDOWS\AVPSrv.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4A65498A-7653-9801-1647-987114AB7F44}"= C:\WINDOWS\system32\zxdpri.dll [ ]
"{AEB6717E-7E19-11d0-97EE-00C04FD91973}"= FBI.dll [ ]
"{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}"= C:\WINDOWS\system32\rsjzapm.dll [2004-08-04 10:06 20064]
"{1960356A-458E-DE24-BD50-268F589A56A1}"= C:\WINDOWS\system32\avwlamn.dll [2004-08-04 10:06 21580]
"{1859245F-345D-BC13-AC4F-145D47DA34F1}"= C:\WINDOWS\system32\avzxamn.dll [2004-08-04 13:07 21580]
"{1A321487-4977-D98A-C8D5-6488257545A1}"= C:\WINDOWS\system32\kapjazy.dll [2004-08-04 16:08 19572]
"{29FA4178-7749-A8D9-F5C8-886455257692}"= C:\WINDOWS\system32\kashbzy.dll [2004-08-04 09:28 18506]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=rsjzapm.dll
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
dslagent.exe USB
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]
GSICON.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\Wanadoo\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"NetSvc"=3 (0x3)
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=2 (0x2)
"Iap"=2 (0x2)
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 wanusb;ECI Telecom USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys
S4 85F5FEB8;85F5FEB8;C:\WINDOWS\system32\B9847062.EXE -85F5FEB8
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28d3794a-3c3f-11dc-b9af-0008544fa6b1}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dc7e17e-5809-11da-b5d9-00ff00300101}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30c09030-5b8c-11dc-b9e5-0008544fa6b1}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e598c37-dc0b-11d9-b50d-00ff00300101}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70072885-e136-11db-b945-0008544fa6b1}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5e5bb1e-dd77-11d9-b511-00ff00300101}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca544c2a-3ac0-11dc-b9ab-0008544fa6b1}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
C:\WINDOWS\system32\nwizzhuxians.exe
Contents of the 'Scheduled Tasks' folder
2005-11-28 07:40:23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1125072091.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-08-30 11:12:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2005-08-30 11:14:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2005-08-30 11:14
C:\ComboFix2.txt ... 2005-08-30 12:35
--- E O F ---
Le rapport de Move it:
C:\WINDOWS\system32\k11885672466.exe moved successfully.
C:\WINDOWS\system32\k11885636319.exe moved successfully.
C:\WINDOWS\system32\k11885636308.exe moved successfully.
C:\WINDOWS\system32\k11885563978.exe moved successfully.
C:\WINDOWS\system32\k11885527816.exe moved successfully.
C:\WINDOWS\system32\k11885491709.exe moved successfully.
C:\WINDOWS\system32\k11885491666.exe moved successfully.
C:\WINDOWS\system32\k11885455559.exe moved successfully.
C:\WINDOWS\system32\k11885419419.exe moved successfully.
C:\WINDOWS\system32\k11885419408.exe moved successfully.
C:\WINDOWS\system32\k11884880999.exe moved successfully.
C:\WINDOWS\system32\k11884880956.exe moved successfully.
C:\WINDOWS\system32\k11884844829.exe moved successfully.
C:\WINDOWS\system32\k11884808659.exe moved successfully.
C:\WINDOWS\system32\k11884808648.exe moved successfully.
C:\WINDOWS\system32\k11884772456.exe moved successfully.
C:\WINDOWS\system32\k11884736339.exe moved successfully.
C:\WINDOWS\system32\k11884736296.exe moved successfully.
C:\WINDOWS\system32\k11884736318.exe moved successfully.
C:\WINDOWS\system32\k11884664009.exe moved successfully.
C:\WINDOWS\system32\k11884663998.exe moved successfully.
C:\WINDOWS\system32\k11884627849.exe moved successfully.
C:\WINDOWS\system32\k11884591679.exe moved successfully.
C:\WINDOWS\system32\k11883993759.exe moved successfully.
C:\WINDOWS\system32\k11883993748.exe moved successfully.
C:\WINDOWS\system32\k11883957599.exe moved successfully.
C:\WINDOWS\system32\k11883921396.exe moved successfully.
C:\WINDOWS\system32\k11883727798.exe moved successfully.
C:\WINDOWS\system32\k11883691606.exe moved successfully.
C:\WINDOWS\system32\k11883139409.exe moved successfully.
C:\WINDOWS\system32\k11883139366.exe moved successfully.
C:\WINDOWS\system32\k11883103239.exe moved successfully.
C:\WINDOWS\system32\k11883103206.exe moved successfully.
C:\WINDOWS\system32\k11883067079.exe moved successfully.
C:\WINDOWS\system32\k11882973779.exe moved successfully.
C:\WINDOWS\system32\k11882973736.exe moved successfully.
C:\WINDOWS\system32\k11882937619.exe moved successfully.
C:\WINDOWS\system32\k11882937576.exe moved successfully.
C:\WINDOWS\system32\k11882901449.exe moved successfully.
C:\WINDOWS\system32\k11882901416.exe moved successfully.
C:\WINDOWS\system32\k11882865279.exe moved successfully.
C:\WINDOWS\system32\k11882829119.exe moved successfully.
C:\WINDOWS\system32\k11882308496.exe moved successfully.
C:\WINDOWS\system32\k11882236169.exe moved successfully.
C:\WINDOWS\system32\k11882199999.exe moved successfully.
C:\WINDOWS\hhdepj.exe moved successfully.
C:\WINDOWS\qqzjnh.exe moved successfully.
C:\WINDOWS\qunapf.exe moved successfully.
C:\WINDOWS\bwszyz.exe moved successfully.
C:\WINDOWS\yqomot.exe moved successfully.
C:\WINDOWS\dgumvp.exe moved successfully.
C:\WINDOWS\tzhbzj.exe moved successfully.
C:\WINDOWS\iabzvk.exe moved successfully.
C:\WINDOWS\ybpbll.exe moved successfully.
C:\WINDOWS\hdtctl.exe moved successfully.
C:\WINDOWS\bappax.exe moved successfully.
C:\WINDOWS\wzgujs.exe moved successfully.
C:\WINDOWS\aaocgp.exe moved successfully.
C:\WINDOWS\xoyvbg.exe moved successfully.
C:\WINDOWS\jyaish.exe moved successfully.
C:\WINDOWS\dkxehw.exe moved successfully.
C:\WINDOWS\sumsqj.exe moved successfully.
C:\WINDOWS\cfdvpa.exe moved successfully.
C:\WINDOWS\vkibgc.exe moved successfully.
C:\WINDOWS\yxrndt.exe moved successfully.
C:\WINDOWS\system32\k11858062254.exe moved successfully.
C:\WINDOWS\system32\k11857914564.exe moved successfully.
C:\WINDOWS\system32\k11857876524.exe moved successfully.
C:\QUARANTINE moved successfully.
C:\WINDOWS\system32\ok1.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\jzeini.dll
C:\WINDOWS\system32\jzeini.dll NOT unregistered.
C:\WINDOWS\system32\jzeini.dll moved successfully.
C:\WINDOWS\system32\navcot.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\1yzwxuvs.dll
C:\WINDOWS\system32\1yzwxuvs.dll NOT unregistered.
C:\WINDOWS\system32\1yzwxuvs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\jzdini.dll
C:\WINDOWS\system32\jzdini.dll NOT unregistered.
C:\WINDOWS\system32\jzdini.dll moved successfully.
C:\WINDOWS\system32\k11842294033.exe moved successfully.
Created on 08/31/2005 10:18:08
le rapport antispyware:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 11:08:17 31/08/2005
+ Résultat de l'analyse:
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104993.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104994.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104995.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104996.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105024.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105132.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105137.exe -> Downloader.Agent.css : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105185.exe -> Downloader.Agent.css : Nettoyé.
C:\WINDOWS\DbgHlp32.exe -> Downloader.Agent.css : Nettoyé.
C:\WINDOWS\NVDispDrv.exe -> Downloader.Agent.css : Nettoyé.
C:\WINDOWS\axmpoi.exe -> Downloader.Agent.css : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Internet\Cookies\internet@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Program Files\NetMeeting\ravwlmon.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101442.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101504.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883727798.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883993748.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884663998.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884736318.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884808648.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885419408.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885563978.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885636308.exe -> Trojan.OnLineGames.bgn : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101568.exe -> Trojan.OnLineGames.bjb : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103604.exe -> Trojan.OnLineGames.bjb : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105133.exe -> Trojan.OnLineGames.bnx : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105046.exe -> Trojan.OnLineGames.cau : Nettoyé.
Fin du rapport
Et le rapport de HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 11:15:13, on 30/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Internet\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://home.mcafee.com/StaticGenericPage.aspx?page=cookienotsupported&url=%2fSecure%2fProtected%2fLogin.aspx%3fErrCode%3dPLEASE_LOGIN%26culture%3dfr-FR%26ctst%3d1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\uragyo.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F4130EE3-524C-45B2-A2DC-185C262809F9} (StachaImpEtq Control) - http://www.chargeur-online.com/ressources-stacha/StachaImpEtqProj1V150.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B975D33C-C4AE-43FC-BBF7-658FD3DCBAF3}: NameServer = 80.10.246.129,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1F8141-2B40-4122-9C8E-EB1BA42C52FF}: NameServer = 193.252.19.3,193.252.19.4
O20 - AppInit_DLLs: kashbzy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
Merci bcp!
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
12 sept. 2007 à 11:56
12 sept. 2007 à 11:56
on va encore essayer cet outil
il travaille en principe en mode sans échec mais si tu n'as pas pu réparer avec le fix de malekal passe le en mode normal après avoir désactivé ton antivirus
Escan :
Antivirus puissant à utiliser en "mode sans échec" sur les cas difficiles où il est souvent d'une grande efficacité;
Étape 1:
Télécharge eScan Antivirus Toolkit ici. Sauvegarde-le sur ton Bureau.
http://www.spywareinfo.dk/download/mwav.exe
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.
Étape 2:
Voici comment mettre l'outil à jour :
1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").
2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.
3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).
4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.
Ne pas lancer le scan tout de suite !
Étape 3:
Redémarre en mode Sans Échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur
Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky
2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.
3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.
4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.
5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.
6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !
7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.
Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
il travaille en principe en mode sans échec mais si tu n'as pas pu réparer avec le fix de malekal passe le en mode normal après avoir désactivé ton antivirus
Escan :
Antivirus puissant à utiliser en "mode sans échec" sur les cas difficiles où il est souvent d'une grande efficacité;
Étape 1:
Télécharge eScan Antivirus Toolkit ici. Sauvegarde-le sur ton Bureau.
http://www.spywareinfo.dk/download/mwav.exe
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.
Étape 2:
Voici comment mettre l'outil à jour :
1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").
2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.
3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).
4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.
Ne pas lancer le scan tout de suite !
Étape 3:
Redémarre en mode Sans Échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur
Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky
2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.
3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.
4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.
5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.
6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !
7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.
Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
Bonjour,
J'ai réussi de rentrer dans le mode sans échec. Il est vraiment tres long ...
Je pense que je ne pourrai vous donner le rapport que demain matin vers 9h15.
Merci votre compréhension!
Merci encore!!!!!!!!!!!!!!
J'ai réussi de rentrer dans le mode sans échec. Il est vraiment tres long ...
Je pense que je ne pourrai vous donner le rapport que demain matin vers 9h15.
Merci votre compréhension!
Merci encore!!!!!!!!!!!!!!
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
12 sept. 2007 à 15:12
12 sept. 2007 à 15:12
c'est une bonne nouvelle!!!
en principe, e scan devrait faire pas mal de ménage!!!
croisons les doigts!!!
en principe, e scan devrait faire pas mal de ménage!!!
croisons les doigts!!!
Bonjour,
Le scan a fini,
Voici encore un rapport :
File C:\WINDOWS\system32\DiskMan32.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0078479.dll infected by "Trojan-PSW.Win32.OnLineGames.tn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0087673.sys infected by "Trojan-PSW.Win32.OnLineGames.tn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089799.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091821.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091857.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091887.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091923.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091975.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092016.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092050.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092085.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092130.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092172.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092209.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092246.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0094273.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0096322.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0096325.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0096344.dll infected by "Trojan-PSW.Win32.OnLineGames.tn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0096345.sys infected by "Trojan-PSW.Win32.OnLineGames.tn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0097326.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0099395.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0099397.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0099406.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101443.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101445.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101503.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101506.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103631.DLL infected by "Trojan-PSW.Win32.OnLineGames.bmu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103634.DLL infected by "Trojan-PSW.Win32.Agent.px" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103667.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103668.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103669.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103670.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103671.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103672.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103673.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103674.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104786.DLL infected by "Trojan-PSW.Win32.Agent.px" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104798.DLL infected by "Trojan-PSW.Win32.OnLineGames.bmu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104804.sys infected by "Trojan-PSW.Win32.Agent.pw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105023.exe infected by "Trojan-PSW.Win32.OnLineGames.ccz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105025.exe infected by "Trojan-PSW.Win32.OnLineGames.ccz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105026.exe infected by "Trojan-PSW.Win32.OnLineGames.ccz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105027.EXE infected by "Virus.Win32.AutoRun.hn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105028.dll infected by "Trojan-PSW.Win32.OnLineGames.boy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105029.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105030.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105031.dll infected by "Trojan-PSW.Win32.OnLineGames.cdz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105032.dll infected by "Trojan-PSW.Win32.OnLineGames.boy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105033.dll infected by "Trojan-PSW.Win32.OnLineGames.cbb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105034.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105035.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105036.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105037.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105038.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105039.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105040.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105041.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105042.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105043.dll infected by "Trojan-PSW.Win32.OnLineGames.ccr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105044.exe infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105045.exe infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105047.exe infected by "Trojan-PSW.Win32.OnLineGames.cbc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105048.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105049.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105050.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105051.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105052.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105053.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105054.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105055.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105056.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105057.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105058.dll infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105059.dll infected by "Trojan-PSW.Win32.OnLineGames.cbb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105060.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105061.dll infected by "Trojan-PSW.Win32.OnLineGames.boy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105062.dll infected by "Trojan-PSW.Win32.OnLineGames.ccr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105063.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105064.dll infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105065.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105066.dll infected by "Trojan-PSW.Win32.OnLineGames.ccr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105067.dll infected by "Trojan-PSW.Win32.OnLineGames.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105068.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105069.dll infected by "Trojan-PSW.Win32.OnLineGames.cee" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105070.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105071.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105072.dll infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105073.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105074.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105075.dll infected by "Trojan-PSW.Win32.OnLineGames.cdj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105076.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105077.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105078.dll infected by "Trojan-PSW.Win32.Nilage.boa" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105079.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105080.dll infected by "Trojan-PSW.Win32.OnLineGames.cbb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105081.exe infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105082.DLL infected by "Virus.Win32.AutoRun.io" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105083.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105084.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105085.dll infected by "Trojan-PSW.Win32.OnLineGames.boy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105086.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105087.dll infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105088.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105089.dll infected by "Trojan-PSW.Win32.Nilage.boa" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105090.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105091.dll infected by "Trojan-PSW.Win32.OnLineGames.ccr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105096.EXE infected by "Trojan-PSW.Win32.OnLineGames.cfu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105097.DLL infected by "Trojan-PSW.Win32.OnLineGames.cfv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105098.DLL infected by "Trojan-PSW.Win32.OnLineGames.cfw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105099.dll infected by "Trojan-PSW.Win32.OnLineGames.cee" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105100.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105101.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105102.dll infected by "Trojan-PSW.Win32.OnLineGames.cdj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105103.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105104.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105105.dll infected by "Trojan-PSW.Win32.OnLineGames.cdz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105106.exe infected by "Trojan-PSW.Win32.OnLineGames.cgl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105108.DLL infected by "Virus.Win32.AutoRun.io" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105115.EXE infected by "Trojan-PSW.Win32.OnLineGames.cfu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105116.exe infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105118.EXE infected by "Trojan-PSW.Win32.OnLineGames.cfu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105119.DLL infected by "Trojan-PSW.Win32.OnLineGames.cfw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105120.exe infected by "Trojan-PSW.Win32.OnLineGames.cgl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105121.dll infected by "Trojan-PSW.Win32.OnLineGames.cee" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105122.exe infected by "Trojan-PSW.Win32.OnLineGames.cjo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105123.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105124.exe infected by "Trojan-Dropper.Win32.Killav.e" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105125.exe infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105126.exe infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105127.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105128.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105129.dll infected by "Trojan-PSW.Win32.OnLineGames.cdj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105130.exe infected by "Trojan-PSW.Win32.OnLineGames.cgh" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105131.dll infected by "Trojan-PSW.Win32.OnLineGames.cgi" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105134.dll infected by "Trojan-PSW.Win32.OnLineGames.cdz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105136.DLL infected by "Trojan-PSW.Win32.Agent.px" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105138.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105143.EXE infected by "Backdoor.Win32.Agent.ahj" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\snapshot\MFEX-1.DAT infected by "Trojan-PSW.Win32.OnLineGames.cfu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\snapshot\MFEX-2.DAT infected by "Trojan-PSW.Win32.OnLineGames.cfv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-1.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-3.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-4.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-6.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-1.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-3.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-4.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-6.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105183.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105184.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105187.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105188.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105189.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105190.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105191.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105192.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105193.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105194.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105195.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105196.exe infected by "Trojan-PSW.Win32.OnLineGames.cer" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105197.exe infected by "Trojan-Dropper.Win32.Killav.f" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105226.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105304.exe infected by "Trojan-PSW.Win32.OnLineGames.cgl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105305.exe infected by "Trojan-PSW.Win32.OnLineGames.cgl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105306.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105307.exe infected by "Trojan-PSW.Win32.OnLineGames.cew" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105308.exe infected by "Trojan-PSW.Win32.OnLineGames.cfo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105309.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105310.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105311.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105312.dll infected by "Trojan-PSW.Win32.OnLineGames.cgm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105313.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105314.exe infected by "Trojan-PSW.Win32.Delf.abw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105315.exe infected by "Trojan-PSW.Win32.Delf.abw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105316.exe infected by "Trojan-PSW.Win32.Delf.abw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105317.exe infected by "Trojan-PSW.Win32.Delf.abw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105318.exe infected by "Trojan-PSW.Win32.OnLineGames.cmy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105319.exe infected by "Trojan-PSW.Win32.OnLineGames.cmx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105320.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105321.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105322.dll infected by "Trojan-PSW.Win32.OnLineGames.cdj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105323.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105324.dll infected by "Trojan-PSW.Win32.OnLineGames.cgi" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105325.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105326.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105327.exe infected by "Trojan-PSW.Win32.OnLineGames.cgd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105328.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105329.dll infected by "Trojan-PSW.Win32.OnLineGames.cgm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105330.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105331.dll infected by "Trojan-PSW.Win32.OnLineGames.ckp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105332.dll infected by "Trojan-PSW.Win32.OnLineGames.cgk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105333.dll infected by "Trojan-PSW.Win32.OnLineGames.cgk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105334.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105335.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105336.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105338.dll infected by "Trojan-PSW.Win32.OnLineGames.cez" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105339.dll infected by "Trojan-PSW.Win32.Delf.abm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105340.dll infected by "Trojan-PSW.Win32.OnLineGames.cmy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105341.dll infected by "Trojan-PSW.Win32.OnLineGames.cdh" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105342.dll infected by "Trojan-Spy.Win32.Delf.agv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105355.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\aaocgp.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\bappax.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\bwszyz.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\cfdvpa.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\dgumvp.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\dkxehw.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\hdtctl.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\hhdepj.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\iabzvk.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\jyaish.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\qqzjnh.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\qunapf.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\sumsqj.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\3BFE35AC.DLL infected by "Backdoor.Win32.Agent.bqa" Virus. Action Taken: File Renamed.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\cmdbcs.dll infected by "Trojan-PSW.Win32.OnLineGames.cgi" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ctvzao.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\DiskMan32.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\eyyduc.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hbrcri.dll infected by "Trojan-PSW.Win32.OnLineGames.cdz" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11842294033.exe infected by "Trojan-Spy.Win32.Iespy.au" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882199999.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882236169.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882308496.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882829119.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882865279.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882901416.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882901449.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882937576.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882937619.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882973736.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882973779.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883067079.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883103206.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883103239.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883139366.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883139409.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883691606.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883921396.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883957599.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883993759.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884591679.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884627849.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884664009.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884736296.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884736339.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884772456.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884808659.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884844829.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884880956.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884880999.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885419419.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885455559.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885491666.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885491709.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885527816.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885636319.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885672466.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\mppds.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\tzhbzj.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\vkibgc.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\wzgujs.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\xoyvbg.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\ybpbll.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\yqomot.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\yxrndt.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
Il y a encore des virus qu'il n'arrive pas à enlever.
Merci
Le scan a fini,
Voici encore un rapport :
File C:\WINDOWS\system32\DiskMan32.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0078479.dll infected by "Trojan-PSW.Win32.OnLineGames.tn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0087673.sys infected by "Trojan-PSW.Win32.OnLineGames.tn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089799.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091821.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091857.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091887.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091923.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091975.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092016.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092050.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092085.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092130.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092172.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092209.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092246.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0094273.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0096322.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0096325.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0096344.dll infected by "Trojan-PSW.Win32.OnLineGames.tn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0096345.sys infected by "Trojan-PSW.Win32.OnLineGames.tn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0097326.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0099395.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0099397.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0099406.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101443.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101445.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101503.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0101506.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103631.DLL infected by "Trojan-PSW.Win32.OnLineGames.bmu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103634.DLL infected by "Trojan-PSW.Win32.Agent.px" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103667.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103668.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103669.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103670.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103671.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103672.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103673.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0103674.exe infected by "Trojan-PSW.Win32.OnLineGames.bes" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104786.DLL infected by "Trojan-PSW.Win32.Agent.px" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104798.DLL infected by "Trojan-PSW.Win32.OnLineGames.bmu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP607\A0104804.sys infected by "Trojan-PSW.Win32.Agent.pw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105023.exe infected by "Trojan-PSW.Win32.OnLineGames.ccz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105025.exe infected by "Trojan-PSW.Win32.OnLineGames.ccz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105026.exe infected by "Trojan-PSW.Win32.OnLineGames.ccz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105027.EXE infected by "Virus.Win32.AutoRun.hn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105028.dll infected by "Trojan-PSW.Win32.OnLineGames.boy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105029.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105030.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105031.dll infected by "Trojan-PSW.Win32.OnLineGames.cdz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105032.dll infected by "Trojan-PSW.Win32.OnLineGames.boy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105033.dll infected by "Trojan-PSW.Win32.OnLineGames.cbb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105034.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105035.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105036.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105037.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105038.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105039.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105040.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105041.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105042.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105043.dll infected by "Trojan-PSW.Win32.OnLineGames.ccr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105044.exe infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105045.exe infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105047.exe infected by "Trojan-PSW.Win32.OnLineGames.cbc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105048.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105049.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105050.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105051.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105052.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105053.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105054.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105055.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105056.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105057.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105058.dll infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105059.dll infected by "Trojan-PSW.Win32.OnLineGames.cbb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105060.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105061.dll infected by "Trojan-PSW.Win32.OnLineGames.boy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105062.dll infected by "Trojan-PSW.Win32.OnLineGames.ccr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105063.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105064.dll infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105065.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105066.dll infected by "Trojan-PSW.Win32.OnLineGames.ccr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105067.dll infected by "Trojan-PSW.Win32.OnLineGames.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105068.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105069.dll infected by "Trojan-PSW.Win32.OnLineGames.cee" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105070.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105071.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105072.dll infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105073.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105074.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105075.dll infected by "Trojan-PSW.Win32.OnLineGames.cdj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105076.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105077.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105078.dll infected by "Trojan-PSW.Win32.Nilage.boa" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105079.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105080.dll infected by "Trojan-PSW.Win32.OnLineGames.cbb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105081.exe infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105082.DLL infected by "Virus.Win32.AutoRun.io" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105083.dll infected by "Trojan-PSW.Win32.OnLineGames.cce" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105084.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105085.dll infected by "Trojan-PSW.Win32.OnLineGames.boy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105086.dll infected by "Trojan-PSW.Win32.OnLineGames.cay" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105087.dll infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105088.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105089.dll infected by "Trojan-PSW.Win32.Nilage.boa" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105090.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105091.dll infected by "Trojan-PSW.Win32.OnLineGames.ccr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105096.EXE infected by "Trojan-PSW.Win32.OnLineGames.cfu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105097.DLL infected by "Trojan-PSW.Win32.OnLineGames.cfv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105098.DLL infected by "Trojan-PSW.Win32.OnLineGames.cfw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105099.dll infected by "Trojan-PSW.Win32.OnLineGames.cee" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105100.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105101.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105102.dll infected by "Trojan-PSW.Win32.OnLineGames.cdj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105103.dll infected by "Trojan-PSW.Win32.OnLineGames.cdv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105104.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105105.dll infected by "Trojan-PSW.Win32.OnLineGames.cdz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105106.exe infected by "Trojan-PSW.Win32.OnLineGames.cgl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105108.DLL infected by "Virus.Win32.AutoRun.io" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105115.EXE infected by "Trojan-PSW.Win32.OnLineGames.cfu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP608\A0105116.exe infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105118.EXE infected by "Trojan-PSW.Win32.OnLineGames.cfu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105119.DLL infected by "Trojan-PSW.Win32.OnLineGames.cfw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105120.exe infected by "Trojan-PSW.Win32.OnLineGames.cgl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105121.dll infected by "Trojan-PSW.Win32.OnLineGames.cee" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105122.exe infected by "Trojan-PSW.Win32.OnLineGames.cjo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105123.dll infected by "Trojan-PSW.Win32.OnLineGames.ccq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105124.exe infected by "Trojan-Dropper.Win32.Killav.e" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105125.exe infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105126.exe infected by "Trojan-PSW.Win32.OnLineGames.ccw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105127.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105128.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105129.dll infected by "Trojan-PSW.Win32.OnLineGames.cdj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105130.exe infected by "Trojan-PSW.Win32.OnLineGames.cgh" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105131.dll infected by "Trojan-PSW.Win32.OnLineGames.cgi" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105134.dll infected by "Trojan-PSW.Win32.OnLineGames.cdz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105136.DLL infected by "Trojan-PSW.Win32.Agent.px" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105138.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105143.EXE infected by "Backdoor.Win32.Agent.ahj" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\snapshot\MFEX-1.DAT infected by "Trojan-PSW.Win32.OnLineGames.cfu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\snapshot\MFEX-2.DAT infected by "Trojan-PSW.Win32.OnLineGames.cfv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-1.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-3.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-4.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-6.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-1.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-3.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-4.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-6.DAT infected by "Trojan-PSW.Win32.OnLineGames.cny" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105183.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105184.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105187.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105188.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105189.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105190.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105191.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105192.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105193.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105194.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105195.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105196.exe infected by "Trojan-PSW.Win32.OnLineGames.cer" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105197.exe infected by "Trojan-Dropper.Win32.Killav.f" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105226.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105304.exe infected by "Trojan-PSW.Win32.OnLineGames.cgl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105305.exe infected by "Trojan-PSW.Win32.OnLineGames.cgl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105306.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105307.exe infected by "Trojan-PSW.Win32.OnLineGames.cew" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105308.exe infected by "Trojan-PSW.Win32.OnLineGames.cfo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105309.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105310.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105311.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105312.dll infected by "Trojan-PSW.Win32.OnLineGames.cgm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105313.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105314.exe infected by "Trojan-PSW.Win32.Delf.abw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105315.exe infected by "Trojan-PSW.Win32.Delf.abw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105316.exe infected by "Trojan-PSW.Win32.Delf.abw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105317.exe infected by "Trojan-PSW.Win32.Delf.abw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105318.exe infected by "Trojan-PSW.Win32.OnLineGames.cmy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105319.exe infected by "Trojan-PSW.Win32.OnLineGames.cmx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105320.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105321.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105322.dll infected by "Trojan-PSW.Win32.OnLineGames.cdj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105323.dll infected by "Trojan-Downloader.Win32.Zlob.ciy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105324.dll infected by "Trojan-PSW.Win32.OnLineGames.cgi" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105325.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105326.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105327.exe infected by "Trojan-PSW.Win32.OnLineGames.cgd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105328.dll infected by "Trojan-Downloader.Win32.Zlob.cix" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105329.dll infected by "Trojan-PSW.Win32.OnLineGames.cgm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105330.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105331.dll infected by "Trojan-PSW.Win32.OnLineGames.ckp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105332.dll infected by "Trojan-PSW.Win32.OnLineGames.cgk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105333.dll infected by "Trojan-PSW.Win32.OnLineGames.cgk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105334.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105335.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105336.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105338.dll infected by "Trojan-PSW.Win32.OnLineGames.cez" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105339.dll infected by "Trojan-PSW.Win32.Delf.abm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105340.dll infected by "Trojan-PSW.Win32.OnLineGames.cmy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105341.dll infected by "Trojan-PSW.Win32.OnLineGames.cdh" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105342.dll infected by "Trojan-Spy.Win32.Delf.agv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP613\A0105355.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\aaocgp.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\bappax.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\bwszyz.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\cfdvpa.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\dgumvp.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\dkxehw.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\hdtctl.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\hhdepj.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\iabzvk.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\jyaish.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\qqzjnh.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\qunapf.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\sumsqj.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\3BFE35AC.DLL infected by "Backdoor.Win32.Agent.bqa" Virus. Action Taken: File Renamed.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\cmdbcs.dll infected by "Trojan-PSW.Win32.OnLineGames.cgi" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ctvzao.dll infected by "Trojan-PSW.Win32.OnLineGames.ccv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\DiskMan32.dll infected by "Trojan-PSW.Win32.OnLineGames.cmt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\eyyduc.dll infected by "Trojan-PSW.Win32.OnLineGames.cev" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hbrcri.dll infected by "Trojan-PSW.Win32.OnLineGames.cdz" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11842294033.exe infected by "Trojan-Spy.Win32.Iespy.au" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882199999.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882236169.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882308496.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882829119.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882865279.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882901416.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882901449.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882937576.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882937619.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882973736.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11882973779.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883067079.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883103206.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883103239.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883139366.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883139409.exe infected by "Trojan-PSW.Win32.OnLineGames.aqv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883691606.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883921396.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883957599.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11883993759.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884591679.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884627849.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884664009.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884736296.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884736339.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884772456.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884808659.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884844829.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884880956.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11884880999.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885419419.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885455559.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885491666.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885491709.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885527816.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885636319.exe infected by "Trojan-PSW.Win32.OnLineGames.bgc" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\k11885672466.exe infected by "Trojan.Win32.Pakes.ch" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\system32\mppds.dll infected by "Trojan-PSW.Win32.OnLineGames.cjp" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\tzhbzj.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\vkibgc.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\wzgujs.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\xoyvbg.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\ybpbll.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\yqomot.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\WINDOWS\yxrndt.exe infected by "Trojan-PSW.Win32.OnLineGames.rt" Virus. Action Taken: File Deleted.
Il y a encore des virus qu'il n'arrive pas à enlever.
Merci
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
12 sept. 2007 à 18:17
12 sept. 2007 à 18:17
tu as les noms et le chemin de ceux qu'il n'arrive pas à enlever?
c'est un fait que ce qu'il a trouvé presque tout dans ta restauration système et dans les sauvegardes de OTMoveIT...
remet un rapport hijack this pour voir
arrives tu à faire fonctionner Antivir maintenant?
c'est un fait que ce qu'il a trouvé presque tout dans ta restauration système et dans les sauvegardes de OTMoveIT...
remet un rapport hijack this pour voir
arrives tu à faire fonctionner Antivir maintenant?
Bonjour,
Voici le rapport HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 18:19:04, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Internet\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://home.mcafee.com/StaticGenericPage.aspx?page=cookienotsupported&url=%2fSecure%2fProtected%2fLogin.aspx%3fErrCode%3dPLEASE_LOGIN%26culture%3dfr-FR%26ctst%3d1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F4130EE3-524C-45B2-A2DC-185C262809F9} (StachaImpEtq Control) - http://www.chargeur-online.com/ressources-stacha/StachaImpEtqProj1V150.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B975D33C-C4AE-43FC-BBF7-658FD3DCBAF3}: NameServer = 80.10.246.129,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1F8141-2B40-4122-9C8E-EB1BA42C52FF}: NameServer = 193.252.19.3,193.252.19.4
O20 - AppInit_DLLs: avzxamn.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
J'arrive à mettre le antivirus maintenant.
Merci
Voici le rapport HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 18:19:04, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Internet\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://home.mcafee.com/StaticGenericPage.aspx?page=cookienotsupported&url=%2fSecure%2fProtected%2fLogin.aspx%3fErrCode%3dPLEASE_LOGIN%26culture%3dfr-FR%26ctst%3d1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F4130EE3-524C-45B2-A2DC-185C262809F9} (StachaImpEtq Control) - http://www.chargeur-online.com/ressources-stacha/StachaImpEtqProj1V150.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B975D33C-C4AE-43FC-BBF7-658FD3DCBAF3}: NameServer = 80.10.246.129,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1F8141-2B40-4122-9C8E-EB1BA42C52FF}: NameServer = 193.252.19.3,193.252.19.4
O20 - AppInit_DLLs: avzxamn.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
J'arrive à mettre le antivirus maintenant.
Merci
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
12 sept. 2007 à 18:27
12 sept. 2007 à 18:27
ton antivirus, c'est quoi exactement car là je vois Antivir, MCafee et Kaspersky...
tu peux supprimer par ajout suppression de programmes" escan"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
tu peux supprimer par ajout suppression de programmes" escan"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
12 sept. 2007 à 19:36
12 sept. 2007 à 19:36
j'attends ta réponse à mes 2 questions
afin d'essayer de continuer à désinfecter ce PC....
tu as les noms et le chemin de ceux qu'il n'arrive pas à enlever? ton antivirus, c'est quoi exactement car là je vois Antivir, MCafee et Kaspersky...
afin d'essayer de continuer à désinfecter ce PC....
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
12 sept. 2007 à 22:45
12 sept. 2007 à 22:45
faute de réponse, je te donne la suite et j'espère la fin de cette désinfection...
* Crée un nouveau document texte :
clic droit de souris sur le bureau, "Nouveau"> "Document Texte".
Ouvre-le et copie-colle dedans de ce qui est en italique ci-dessous, (copie tout d'un trait) :
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier :xiaokrs.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
*****Copie ce qui suit dans un fichier texte ou imprime le et redémarre en mode sans échec (choisis ta session habituelle, pas le compte "Administrateur" ou autre)*****
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur
double clique sur xiaokrs.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
Assure toi d'avoir accès aux dossiers/fichiers cachés :
Ouvrir un dossier, n'importe lequel. Aller dans :
Outils/Options des dossiers/Affichage et
- cocher "afficher les dossiers et fichiers cachés",
- décocher "masquer les extensions des fichiers dont le type est connu".
- décocher masquer les fichiers protégés du système d'exploitation (recommandé)"
"appliquer" et "ok"
recherche et supprime ces dossiers ou fichiers en gras, si tu les trouves :
ils seront soit dans
C:\Windows
ou dans
C:\Windows\system32
rsjzapm.dll
FBI.dll
avzxamn.dll
lance hijack this pour un scan et coche les lignes suivantes si encore présentes
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\uragyo.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O20 - AppInit_DLLs: avzxamn.dll
fixe les toutes fenêtres et applications fermées
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\nwizzhuxians.exe
C:\WINDOWS\uragyo.exe
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\system32\zxdpri.dll
C:\WINDOWS\system32\rsjzapm.dll
C:\WINDOWS\system32\avwlamn.dll
C:\WINDOWS\system32\kapjazy.dll
C:\WINDOWS\system32\kashbzy.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
de retour en mode normal
fais un scan en ligne avec Bit Defender
et dis moi comment va ce PC???????????
* Crée un nouveau document texte :
clic droit de souris sur le bureau, "Nouveau"> "Document Texte".
Ouvre-le et copie-colle dedans de ce qui est en italique ci-dessous, (copie tout d'un trait) :
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskMan32"=-
"AVPSrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4A65498A-7653-9801-1647-987114AB7F44}"=-
"{AEB6717E-7E19-11d0-97EE-00C04FD91973}"=-
"{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}"=-
"{1960356A-458E-DE24-BD50-268F589A56A1}"=-
"{1859245F-345D-BC13-AC4F-145D47DA34F1}"=-
"{1A321487-4977-D98A-C8D5-6488257545A1}"=-
"{29FA4178-7749-A8D9-F5C8-886455257692}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=""
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier :xiaokrs.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
*****Copie ce qui suit dans un fichier texte ou imprime le et redémarre en mode sans échec (choisis ta session habituelle, pas le compte "Administrateur" ou autre)*****
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur
double clique sur xiaokrs.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
Assure toi d'avoir accès aux dossiers/fichiers cachés :
Ouvrir un dossier, n'importe lequel. Aller dans :
Outils/Options des dossiers/Affichage et
- cocher "afficher les dossiers et fichiers cachés",
- décocher "masquer les extensions des fichiers dont le type est connu".
- décocher masquer les fichiers protégés du système d'exploitation (recommandé)"
"appliquer" et "ok"
recherche et supprime ces dossiers ou fichiers en gras, si tu les trouves :
ils seront soit dans
C:\Windows
ou dans
C:\Windows\system32
rsjzapm.dll
FBI.dll
avzxamn.dll
lance hijack this pour un scan et coche les lignes suivantes si encore présentes
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\uragyo.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O20 - AppInit_DLLs: avzxamn.dll
fixe les toutes fenêtres et applications fermées
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\nwizzhuxians.exe
C:\WINDOWS\uragyo.exe
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\system32\zxdpri.dll
C:\WINDOWS\system32\rsjzapm.dll
C:\WINDOWS\system32\avwlamn.dll
C:\WINDOWS\system32\kapjazy.dll
C:\WINDOWS\system32\kashbzy.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
de retour en mode normal
fais un scan en ligne avec Bit Defender
et dis moi comment va ce PC???????????
Bonjour,
En cas général, le antivirus est MacFee, mais comme nous avons installé plusieurs antivirus pour les analyses, voila on se trouve bcp d'antivirus.
Les noms que j'arrive pas à enlever, je me rappelle pas.... désolée.
Comment je dois faire?
Merci
En cas général, le antivirus est MacFee, mais comme nous avons installé plusieurs antivirus pour les analyses, voila on se trouve bcp d'antivirus.
Les noms que j'arrive pas à enlever, je me rappelle pas.... désolée.
Comment je dois faire?
Merci
papyber
Messages postés
6406
Date d'inscription
samedi 24 mars 2007
Statut
Contributeur sécurité
Dernière intervention
3 octobre 2010
257
13 sept. 2007 à 09:46
13 sept. 2007 à 09:46
dans ce cas, tu conserves MCAfee
tu supprimes Kasperky, je te donne le lien pour le désinstaller car il faut un utilitaire
pour désinstaller Kaspersky convenablement
On fait clic droit sur le K (rouge et noir) dans la barre de notification > Suspension de la protection
* Démarrer > Tous les programmes > Kaspersky > Modification, réparation ou suppression
* ou par Ajout/suppression de programmes tout simplement.
ensuite tu fais ceci (attention ne fonctionne que pour KASPERKY7 vérifie ta version
tu télécharges KleanerV7.zip
https://support.kaspersky.com/downloads/utils/kleanerv7.zip
tu le dézippes (clic droit extraire tout) dans un dossier sur ton bureau
tu redémarres en mode sans échec
tu lances Kleaner.exe
puis tu redémarres en mode normal
tu fais une recherche windows avec Kaspersky et tu supprimes toutes les occurrences trouvées
pour supprimer Antivir
-- terminer les processus suivants dans le gestionnaire des tâches (faire Ctrl+Alt+Suppr pour ouvrir la fenêtre puis cliquer sur l'onglet Processus) :
AVGUARD.EXE -
AVSCHED.EXE -
AVWUPSRV.EXE
et AVGNT.EXE
puis, désinstaller Antivir dans ajout/suppression de programmes
et tu fais ce que je t'ai demandé dans le post précédent N°57
tu supprimes Kasperky, je te donne le lien pour le désinstaller car il faut un utilitaire
pour désinstaller Kaspersky convenablement
On fait clic droit sur le K (rouge et noir) dans la barre de notification > Suspension de la protection
* Démarrer > Tous les programmes > Kaspersky > Modification, réparation ou suppression
* ou par Ajout/suppression de programmes tout simplement.
ensuite tu fais ceci (attention ne fonctionne que pour KASPERKY7 vérifie ta version
tu télécharges KleanerV7.zip
https://support.kaspersky.com/downloads/utils/kleanerv7.zip
tu le dézippes (clic droit extraire tout) dans un dossier sur ton bureau
tu redémarres en mode sans échec
tu lances Kleaner.exe
puis tu redémarres en mode normal
tu fais une recherche windows avec Kaspersky et tu supprimes toutes les occurrences trouvées
pour supprimer Antivir
-- terminer les processus suivants dans le gestionnaire des tâches (faire Ctrl+Alt+Suppr pour ouvrir la fenêtre puis cliquer sur l'onglet Processus) :
AVGUARD.EXE -
AVSCHED.EXE -
AVWUPSRV.EXE
et AVGNT.EXE
puis, désinstaller Antivir dans ajout/suppression de programmes
et tu fais ce que je t'ai demandé dans le post précédent N°57
Bonjour,
recherche et supprime ces dossiers ou fichiers en gras, si tu les trouves :
ils seront soit dans
C:\Windows
ou dans
C:\Windows\system32
rsjzapm.dll
FBI.dll
avzxamn.dll
J'ai trouvé juste FBI.dll ce fichier. Mais il m'autorise pas à l'enlever....
lance hijack this pour un scan et coche les lignes suivantes si encore présentes
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\uragyo.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O20 - AppInit_DLLs: avzxamn.dll
fixe les toutes fenêtres et applications fermées
Il n'y a ces 3 lignes à choisir.
Pour le rapport, voici le rapport de Bitdefender:
BitDefender Online Scanner
Rapport d'analyse généré à: Thu, Sep 13, 2007 - 12:43:55
Voie d'analyse: C:\;D:\;
Statistiques
Temps
01:56:35
Fichiers
283960
Directoires
4954
Secteurs de boot
3
Archives
69384
Paquets programmes
12155
Résultats
Virus identifiés
9
Fichiers infectés
32
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
32
Info sur les moteurs
Définition virus
803647
Version des moteurs
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21)
Infecté par: Generic.Peed.Eml.A844AF22
C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21)
Echec de la désinfection
C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21)
Supprimé
C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx
Echec de la mise à jour
C:\qoobox\Quarantine\C\Privilege.dat.vir
Infecté par: Generic.PWS.Games.3.2C849AF7
C:\qoobox\Quarantine\C\Privilege.dat.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Privilege.dat.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir
Infecté par: Generic.PWS.Games.4.0D32D9BF
C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys
Infecté par: Trojan.Pws.Onlinegames.NDL
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll
Infecté par: Trojan.Spy.Baibho.DLL
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT
Infecté par: Generic.PWS.Games.3.2C849AF7
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT
Infecté par: Generic.PWS.Games.3.2C849AF7
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll
Supprimé
C:\WINDOWS\system32\DbgHlp32.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\WINDOWS\system32\DbgHlp32.dll
Echec de la désinfection
C:\WINDOWS\system32\DbgHlp32.dll
Supprimé
C:\WINDOWS\system32\efqvql.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\WINDOWS\system32\efqvql.dll
Echec de la désinfection
C:\WINDOWS\system32\efqvql.dll
Supprimé
C:\WINDOWS\system32\iiusqb.dll
Infecté par: Generic.PWS.Games.4.0D32D9BF
C:\WINDOWS\system32\iiusqb.dll
Echec de la désinfection
C:\WINDOWS\system32\iiusqb.dll
Supprimé
C:\WINDOWS\system32\LYLOADMR.EXE
Infecté par: Generic.PWS.Games.3.2C849AF7
C:\WINDOWS\system32\LYLOADMR.EXE
Echec de la désinfection
C:\WINDOWS\system32\LYLOADMR.EXE
Supprimé
C:\WINDOWS\system32\SHQ.DLL
Infecté par: Generic.PWS.Games.3.E245CB62
C:\WINDOWS\system32\SHQ.DLL
Echec de la désinfection
C:\WINDOWS\system32\SHQ.DLL
Supprimé
C:\WINDOWS\system32\sxbajt.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\WINDOWS\system32\sxbajt.dll
Echec de la désinfection
C:\WINDOWS\system32\sxbajt.dll
Supprimé
C:\WINDOWS\system32\wqhdnj.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\WINDOWS\system32\wqhdnj.dll
Echec de la désinfection
C:\WINDOWS\system32\wqhdnj.dll
Supprimé
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll
Infecté par: Generic.PWS.Games.4.0D32D9BF
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll
Echec de la désinfection
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll
Supprimé
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001
Infecté par: Trojan.Spy.Baibho.DLL
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001
Echec de la désinfection
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001
Supprimé
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)
Echec de la mise à jour
ou
[General]
App = "BitDefender Online Scanner v8"
Date = 13:09:2007
Time = 12:43:55
Scan Path = C:\;D:\;
[Engines Info]
Virus Definitions = 803647
Engine build = "AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)"
Scan plugins = 14
Archive plugins = 38
Unpack plugins = 7
E-mail plugins = 6
System plugins = 1
[Scan Statistics]
Folders = 4954
Files = 283960
Archives = 69384
Packed files = 12155
Identified viruses = 9
Infected files = 32
Warnings = 0
Suspect files = 0
Disinfected files = 0
Deleted files = 32
Copied files = 0
Moved files = 0
Renamed files = 0
I/O Errors = 106
[Scan Settings]
SecondAction = Delete
FirstAction = Disinfect
Heuristics = 1
Enable Warnings = 1
Exclude Ext =
Extensions = *;
Scan Emails = 1
Scan Archives = 1
Scan Packed = 1
Scan Files = 1
Scan Boot = 1
Verify Memory = 0
[Scan Results]
Line00000097 = "C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21) Infecté par: Generic.Peed.Eml.A844AF22"
Line00000096 = "C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21) Echec de la désinfection"
Line00000095 = "C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21) Supprimé"
Line00000094 = "C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx Echec de la mise à jour"
Line00000093 = "C:\qoobox\Quarantine\C\Privilege.dat.vir Infecté par: Generic.PWS.Games.3.2C849AF7"
Line00000092 = "C:\qoobox\Quarantine\C\Privilege.dat.vir Echec de la désinfection"
Line00000091 = "C:\qoobox\Quarantine\C\Privilege.dat.vir Supprimé"
Line00000090 = "C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir Infecté par: Generic.PWS.Games.4.0D32D9BF"
Line00000089 = "C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir Echec de la désinfection"
Line00000088 = "C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir Supprimé"
Line00000087 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys Infecté par: Trojan.Pws.Onlinegames.NDL"
Line00000086 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys Echec de la désinfection"
Line00000085 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys Supprimé"
Line00000084 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll Infecté par: Trojan.Spy.Baibho.DLL"
Line00000083 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll Echec de la désinfection"
Line00000082 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll Supprimé"
Line00000081 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000080 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL Echec de la désinfection"
Line00000079 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL Supprimé"
Line00000078 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe Infecté par: Trojan.Click.LY"
Line00000077 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe Echec de la désinfection"
Line00000076 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe Supprimé"
Line00000075 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000074 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL Echec de la désinfection"
Line00000073 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL Supprimé"
Line00000072 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe Infecté par: Trojan.Click.LY"
Line00000071 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe Echec de la désinfection"
Line00000070 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe Supprimé"
Line00000069 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000068 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL Echec de la désinfection"
Line00000067 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL Supprimé"
Line00000066 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe Infecté par: Trojan.Click.LY"
Line00000065 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe Echec de la désinfection"
Line00000064 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe Supprimé"
Line00000063 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000062 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL Echec de la désinfection"
Line00000061 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL Supprimé"
Line00000060 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe Infecté par: Trojan.Click.LY"
Line00000059 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe Echec de la désinfection"
Line00000058 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe Supprimé"
Line00000057 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000056 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL Echec de la désinfection"
Line00000055 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL Supprimé"
Line00000054 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe Infecté par: Trojan.Click.LY"
Line00000053 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe Echec de la désinfection"
Line00000052 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe Supprimé"
Line00000051 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000050 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL Echec de la désinfection"
Line00000049 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL Supprimé"
Line00000048 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe Infecté par: Trojan.Click.LY"
Line00000047 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe Echec de la désinfection"
Line00000046 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe Supprimé"
Line00000045 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000044 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL Echec de la désinfection"
Line00000043 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL Supprimé"
Line00000042 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe Infecté par: Trojan.Click.LY"
Line00000041 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe Echec de la désinfection"
Line00000040 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe Supprimé"
Line00000039 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000038 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll Echec de la désinfection"
Line00000037 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll Supprimé"
Line00000036 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT Infecté par: Generic.PWS.Games.3.2C849AF7"
Line00000035 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT Echec de la désinfection"
Line00000034 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT Supprimé"
Line00000033 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT Infecté par: Generic.PWS.Games.3.2C849AF7"
Line00000032 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT Echec de la désinfection"
Line00000031 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT Supprimé"
Line00000030 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000029 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll Echec de la désinfection"
Line00000028 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll Supprimé"
Line00000027 = "C:\WINDOWS\system32\DbgHlp32.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000026 = "C:\WINDOWS\system32\DbgHlp32.dll Echec de la désinfection"
Line00000025 = "C:\WINDOWS\system32\DbgHlp32.dll Supprimé"
Line00000024 = "C:\WINDOWS\system32\efqvql.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000023 = "C:\WINDOWS\system32\efqvql.dll Echec de la désinfection"
Line00000022 = "C:\WINDOWS\system32\efqvql.dll Supprimé"
Line00000021 = "C:\WINDOWS\system32\iiusqb.dll Infecté par: Generic.PWS.Games.4.0D32D9BF"
Line00000020 = "C:\WINDOWS\system32\iiusqb.dll Echec de la désinfection"
Line00000019 = "C:\WINDOWS\system32\iiusqb.dll Supprimé"
Line00000018 = "C:\WINDOWS\system32\LYLOADMR.EXE Infecté par: Generic.PWS.Games.3.2C849AF7"
Line00000017 = "C:\WINDOWS\system32\LYLOADMR.EXE Echec de la désinfection"
Line00000016 = "C:\WINDOWS\system32\LYLOADMR.EXE Supprimé"
Line00000015 = "C:\WINDOWS\system32\SHQ.DLL Infecté par: Generic.PWS.Games.3.E245CB62"
Line00000014 = "C:\WINDOWS\system32\SHQ.DLL Echec de la désinfection"
Line00000013 = "C:\WINDOWS\system32\SHQ.DLL Supprimé"
Line00000012 = "C:\WINDOWS\system32\sxbajt.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000011 = "C:\WINDOWS\system32\sxbajt.dll Echec de la désinfection"
Line00000010 = "C:\WINDOWS\system32\sxbajt.dll Supprimé"
Line00000009 = "C:\WINDOWS\system32\wqhdnj.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000008 = "C:\WINDOWS\system32\wqhdnj.dll Echec de la désinfection"
Line00000007 = "C:\WINDOWS\system32\wqhdnj.dll Supprimé"
Line00000006 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll Infecté par: Generic.PWS.Games.4.0D32D9BF"
Line00000005 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll Echec de la désinfection"
Line00000004 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll Supprimé"
Line00000003 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001 Infecté par: Trojan.Spy.Baibho.DLL"
Line00000002 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001 Echec de la désinfection"
Line00000001 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001 Supprimé"
Line00000000 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o) Echec de la mise à jour"
Merci bcp!
recherche et supprime ces dossiers ou fichiers en gras, si tu les trouves :
ils seront soit dans
C:\Windows
ou dans
C:\Windows\system32
rsjzapm.dll
FBI.dll
avzxamn.dll
J'ai trouvé juste FBI.dll ce fichier. Mais il m'autorise pas à l'enlever....
lance hijack this pour un scan et coche les lignes suivantes si encore présentes
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\uragyo.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O20 - AppInit_DLLs: avzxamn.dll
fixe les toutes fenêtres et applications fermées
Il n'y a ces 3 lignes à choisir.
Pour le rapport, voici le rapport de Bitdefender:
BitDefender Online Scanner
Rapport d'analyse généré à: Thu, Sep 13, 2007 - 12:43:55
Voie d'analyse: C:\;D:\;
Statistiques
Temps
01:56:35
Fichiers
283960
Directoires
4954
Secteurs de boot
3
Archives
69384
Paquets programmes
12155
Résultats
Virus identifiés
9
Fichiers infectés
32
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
32
Info sur les moteurs
Définition virus
803647
Version des moteurs
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21)
Infecté par: Generic.Peed.Eml.A844AF22
C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21)
Echec de la désinfection
C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21)
Supprimé
C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx
Echec de la mise à jour
C:\qoobox\Quarantine\C\Privilege.dat.vir
Infecté par: Generic.PWS.Games.3.2C849AF7
C:\qoobox\Quarantine\C\Privilege.dat.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Privilege.dat.vir
Supprimé
C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir
Infecté par: Generic.PWS.Games.4.0D32D9BF
C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys
Infecté par: Trojan.Pws.Onlinegames.NDL
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll
Infecté par: Trojan.Spy.Baibho.DLL
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL
Infecté par: Dropped:Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe
Infecté par: Trojan.Click.LY
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT
Infecté par: Generic.PWS.Games.3.2C849AF7
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT
Infecté par: Generic.PWS.Games.3.2C849AF7
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT
Supprimé
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll
Echec de la désinfection
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll
Supprimé
C:\WINDOWS\system32\DbgHlp32.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\WINDOWS\system32\DbgHlp32.dll
Echec de la désinfection
C:\WINDOWS\system32\DbgHlp32.dll
Supprimé
C:\WINDOWS\system32\efqvql.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\WINDOWS\system32\efqvql.dll
Echec de la désinfection
C:\WINDOWS\system32\efqvql.dll
Supprimé
C:\WINDOWS\system32\iiusqb.dll
Infecté par: Generic.PWS.Games.4.0D32D9BF
C:\WINDOWS\system32\iiusqb.dll
Echec de la désinfection
C:\WINDOWS\system32\iiusqb.dll
Supprimé
C:\WINDOWS\system32\LYLOADMR.EXE
Infecté par: Generic.PWS.Games.3.2C849AF7
C:\WINDOWS\system32\LYLOADMR.EXE
Echec de la désinfection
C:\WINDOWS\system32\LYLOADMR.EXE
Supprimé
C:\WINDOWS\system32\SHQ.DLL
Infecté par: Generic.PWS.Games.3.E245CB62
C:\WINDOWS\system32\SHQ.DLL
Echec de la désinfection
C:\WINDOWS\system32\SHQ.DLL
Supprimé
C:\WINDOWS\system32\sxbajt.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\WINDOWS\system32\sxbajt.dll
Echec de la désinfection
C:\WINDOWS\system32\sxbajt.dll
Supprimé
C:\WINDOWS\system32\wqhdnj.dll
Infecté par: DeepScan:Generic.Onlinegames.2.172F1671
C:\WINDOWS\system32\wqhdnj.dll
Echec de la désinfection
C:\WINDOWS\system32\wqhdnj.dll
Supprimé
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll
Infecté par: Generic.PWS.Games.4.0D32D9BF
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll
Echec de la désinfection
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll
Supprimé
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001
Infecté par: Trojan.Spy.Baibho.DLL
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001
Echec de la désinfection
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001
Supprimé
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)
Echec de la mise à jour
ou
[General]
App = "BitDefender Online Scanner v8"
Date = 13:09:2007
Time = 12:43:55
Scan Path = C:\;D:\;
[Engines Info]
Virus Definitions = 803647
Engine build = "AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)"
Scan plugins = 14
Archive plugins = 38
Unpack plugins = 7
E-mail plugins = 6
System plugins = 1
[Scan Statistics]
Folders = 4954
Files = 283960
Archives = 69384
Packed files = 12155
Identified viruses = 9
Infected files = 32
Warnings = 0
Suspect files = 0
Disinfected files = 0
Deleted files = 32
Copied files = 0
Moved files = 0
Renamed files = 0
I/O Errors = 106
[Scan Settings]
SecondAction = Delete
FirstAction = Disinfect
Heuristics = 1
Enable Warnings = 1
Exclude Ext =
Extensions = *;
Scan Emails = 1
Scan Archives = 1
Scan Packed = 1
Scan Files = 1
Scan Boot = 1
Verify Memory = 0
[Scan Results]
Line00000097 = "C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21) Infecté par: Generic.Peed.Eml.A844AF22"
Line00000096 = "C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21) Echec de la désinfection"
Line00000095 = "C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 21) Supprimé"
Line00000094 = "C:\Documents and Settings\Internet\Local Settings\Application Data\Identities\{3EBB9A37-A12F-4319-947F-5A06A38D1D1D}\Microsoft\Outlook Express\Boîte de réception.dbx Echec de la mise à jour"
Line00000093 = "C:\qoobox\Quarantine\C\Privilege.dat.vir Infecté par: Generic.PWS.Games.3.2C849AF7"
Line00000092 = "C:\qoobox\Quarantine\C\Privilege.dat.vir Echec de la désinfection"
Line00000091 = "C:\qoobox\Quarantine\C\Privilege.dat.vir Supprimé"
Line00000090 = "C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir Infecté par: Generic.PWS.Games.4.0D32D9BF"
Line00000089 = "C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir Echec de la désinfection"
Line00000088 = "C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir Supprimé"
Line00000087 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys Infecté par: Trojan.Pws.Onlinegames.NDL"
Line00000086 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys Echec de la désinfection"
Line00000085 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068815.sys Supprimé"
Line00000084 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll Infecté par: Trojan.Spy.Baibho.DLL"
Line00000083 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll Echec de la désinfection"
Line00000082 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0068882.dll Supprimé"
Line00000081 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000080 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL Echec de la désinfection"
Line00000079 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089786.DLL Supprimé"
Line00000078 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe Infecté par: Trojan.Click.LY"
Line00000077 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe Echec de la désinfection"
Line00000076 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0089787.exe Supprimé"
Line00000075 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000074 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL Echec de la désinfection"
Line00000073 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091808.DLL Supprimé"
Line00000072 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe Infecté par: Trojan.Click.LY"
Line00000071 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe Echec de la désinfection"
Line00000070 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091809.exe Supprimé"
Line00000069 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000068 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL Echec de la désinfection"
Line00000067 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091844.DLL Supprimé"
Line00000066 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe Infecté par: Trojan.Click.LY"
Line00000065 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe Echec de la désinfection"
Line00000064 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091845.exe Supprimé"
Line00000063 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000062 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL Echec de la désinfection"
Line00000061 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091888.DLL Supprimé"
Line00000060 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe Infecté par: Trojan.Click.LY"
Line00000059 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe Echec de la désinfection"
Line00000058 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091889.exe Supprimé"
Line00000057 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000056 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL Echec de la désinfection"
Line00000055 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091924.DLL Supprimé"
Line00000054 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe Infecté par: Trojan.Click.LY"
Line00000053 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe Echec de la désinfection"
Line00000052 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091925.exe Supprimé"
Line00000051 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000050 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL Echec de la désinfection"
Line00000049 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091976.DLL Supprimé"
Line00000048 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe Infecté par: Trojan.Click.LY"
Line00000047 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe Echec de la désinfection"
Line00000046 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0091977.exe Supprimé"
Line00000045 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL Infecté par: Dropped:Trojan.Click.LY"
Line00000044 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL Echec de la désinfection"
Line00000043 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092002.DLL Supprimé"
Line00000042 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe Infecté par: Trojan.Click.LY"
Line00000041 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe Echec de la désinfection"
Line00000040 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP606\A0092003.exe Supprimé"
Line00000039 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000038 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll Echec de la désinfection"
Line00000037 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP609\A0105139.dll Supprimé"
Line00000036 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT Infecté par: Generic.PWS.Games.3.2C849AF7"
Line00000035 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT Echec de la désinfection"
Line00000034 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP610\snapshot\MFEX-2.DAT Supprimé"
Line00000033 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT Infecté par: Generic.PWS.Games.3.2C849AF7"
Line00000032 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT Echec de la désinfection"
Line00000031 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\snapshot\MFEX-2.DAT Supprimé"
Line00000030 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000029 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll Echec de la désinfection"
Line00000028 = "C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0105182.dll Supprimé"
Line00000027 = "C:\WINDOWS\system32\DbgHlp32.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000026 = "C:\WINDOWS\system32\DbgHlp32.dll Echec de la désinfection"
Line00000025 = "C:\WINDOWS\system32\DbgHlp32.dll Supprimé"
Line00000024 = "C:\WINDOWS\system32\efqvql.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000023 = "C:\WINDOWS\system32\efqvql.dll Echec de la désinfection"
Line00000022 = "C:\WINDOWS\system32\efqvql.dll Supprimé"
Line00000021 = "C:\WINDOWS\system32\iiusqb.dll Infecté par: Generic.PWS.Games.4.0D32D9BF"
Line00000020 = "C:\WINDOWS\system32\iiusqb.dll Echec de la désinfection"
Line00000019 = "C:\WINDOWS\system32\iiusqb.dll Supprimé"
Line00000018 = "C:\WINDOWS\system32\LYLOADMR.EXE Infecté par: Generic.PWS.Games.3.2C849AF7"
Line00000017 = "C:\WINDOWS\system32\LYLOADMR.EXE Echec de la désinfection"
Line00000016 = "C:\WINDOWS\system32\LYLOADMR.EXE Supprimé"
Line00000015 = "C:\WINDOWS\system32\SHQ.DLL Infecté par: Generic.PWS.Games.3.E245CB62"
Line00000014 = "C:\WINDOWS\system32\SHQ.DLL Echec de la désinfection"
Line00000013 = "C:\WINDOWS\system32\SHQ.DLL Supprimé"
Line00000012 = "C:\WINDOWS\system32\sxbajt.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000011 = "C:\WINDOWS\system32\sxbajt.dll Echec de la désinfection"
Line00000010 = "C:\WINDOWS\system32\sxbajt.dll Supprimé"
Line00000009 = "C:\WINDOWS\system32\wqhdnj.dll Infecté par: DeepScan:Generic.Onlinegames.2.172F1671"
Line00000008 = "C:\WINDOWS\system32\wqhdnj.dll Echec de la désinfection"
Line00000007 = "C:\WINDOWS\system32\wqhdnj.dll Supprimé"
Line00000006 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll Infecté par: Generic.PWS.Games.4.0D32D9BF"
Line00000005 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll Echec de la désinfection"
Line00000004 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Kvsc3.dll Supprimé"
Line00000003 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001 Infecté par: Trojan.Spy.Baibho.DLL"
Line00000002 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001 Echec de la désinfection"
Line00000001 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o)=>zlib_nsis0001 Supprimé"
Line00000000 = "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\navcot.exe=>(NSIS o) Echec de la mise à jour"
Merci bcp!
