Plantage au démarrage de Windows
Forum Sécurité - Virus : Plantage au démarrage de Windows
Salut à tous !
Alors voilà, je vous explique mon problème :
Ca fait qq temps que dès que je démarre Windows (Xp professional), ils chargent les icônes de ma barre de tâche normalement, et puis dans la minute (ou les 2 minutes qui suivent), l'ordi plante. Obligé de redémarrer. Cela se passe 2 à 4 fois selon les jours, avant que je puisse utiliser normalement mon pc.
Je mets ici la configuration de mon ordinateur ainsi qu'un log "Hiajckthis" ... je ne sais pas ce qui peut servir :
Win Xp - Gforce 4 - Athlon 1200 Mhz (si vous avez besoin de + de détails, je vous les donnerai)
Logfile of HijackThis v1.99.1
Scan saved at 14:39:44, on 10/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\drivers\CDAC11BA.EXE
C:\Documents and Settings\François\Mes documents\Fichier 'antivirus'\security suite\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Google\ggviewer67-28.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINXP\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Hiajckthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINXP\System32\ca2.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [winshost.exe] C:\WINXP\System32\winshost.exe
O4 - HKLM\..\Run: [firewall_anti] C:\WINXP\firewall_anti.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [ecf] C:\WINXP\ecf.exe
O4 - HKCU\..\Run: [zkzm] C:\PROGRA~1\COMMON~1\zkzm\zkzmm.exe
O4 - HKCU\..\Run: [winshost.exe] C:\WINXP\System32\winshost.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINXP\System32\wintems.exe
O4 - Startup: Ubisoft register.lnk = C:\RECYCLER\NPROTECT\00356778.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} (VacPro.belgio_ver10) - http://advnt01.com/dialer/belgio_ver10.CAB
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spy [...] nstall.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINXP\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\François\Mes documents\Fichier 'antivirus'\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Voilà, merci d'avance pour votre aide :-)
Salut, je sais pas si ça règlera ton problème de redémarrage, mais fais déjà ça :
1/ Redémarres en mode sans échec
2/ Relances HijackThis et coches ces lignes puis appuyes sur Fix Checked :
O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINXP\System32\ca2.dll (file missing)
O4 - HKLM\..\Run: [winshost.exe] C:\WINXP\System32\winshost.exe
O4 - HKLM\..\Run: [firewall_anti] C:\WINXP\firewall_anti.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [ecf] C:\WINXP\ecf.exe
O4 - HKCU\..\Run: [zkzm] C:\PROGRA~1\COMMON~1\zkzm\zkzmm.exe
O4 - HKCU\..\Run: [winshost.exe] C:\WINXP\System32\winshost.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINXP\System32\wintems.exe
O4 - Startup: Ubisoft register.lnk = C:\RECYCLER\NPROTECT\00356778.exe
O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} (VacPro.belgio_ver10) - http://advnt01.com/dialer/belgio_ver10.CAB
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spy [...] nstall.cab
3/ Affiches tous les fichiers
Outils / Options des dossiers / Affichage
coches "afficher les fichiers cachés"
décoches "masquer les extensions des types connus"
décoches "masquer les fichiers protégés du système d'exploitation"
4/ Supprimes ces programmes :
Panneau de configuration / Ajout/Suppression de programmes
Trouves et supprimes les programmes suivants :
DR_S
5/ Supprimes ces fichiers :
C:\WINXP\System32\ca2.dll
C:\WINXP\System32\winshost.exe
C:\WINXP\firewall_anti.exe
C:\Program Files\DR_S\
C:\WINXP\ecf.exe
C:\PROGRA~1\COMMON~1\zkzm\
C:\WINXP\System32\winshost.exe
C:\WINXP\System32\wintems.exe
6/ Redémarres normalement
7/ Passes un coup de CCleaner et de Kaspersky
CCleaner
Kaspersky
8/ Repostes un log (pas en mode sans échec le log !!) ici en nous disant ceux que t'as pas pu supprimer (au cas ou y'en a certains !)
Salut !
Alors, tout d'abord, merci beaucoup pour ton aide !
Je t'explique ce que je n'ai pas su faire :
Tout d'abord, je n'ai pas pu faire les opérations en mode sans échec (problème de souris avec le mode sans échec, et impossible de tout faire au clavier !), je l'ai donc fais en mode normal sans connection internet.
Ce que je n'ai pas su faire mnt :
1) Supprimer le programme "DR_S" car il était pas dans la liste des programmes.
2) Supprimer "C:\WINXP\System32\ca2.dll" ; "C:\Program Files\DR_S\" et "C:\WINXP\ecf.exe" car je ne les ai pas trouvé !
3) Lancer (et même installer) Kaspersky car il me demandait de supprimer Norton pour le faire, ce que je ne voulais pas.
Toutes les autres opérations se sont déroulées sans problème. Je reposte un log comme prévu :
Logfile of HijackThis v1.99.1
Scan saved at 13:05:59, on 10/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\drivers\CDAC11BA.EXE
C:\Documents and Settings\François\Mes documents\Fichier 'antivirus'\security suite\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Google\ggviewer67-28.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINXP\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hiajckthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activ [...] asinst.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINXP\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\François\Mes documents\Fichier 'antivirus'\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Voilà, voilà.
Salut,
Maintenant ton log est propre, la seule chose c'est par rapport à Kaspersky, tu as pas du aller là ou il fallait.
Alors, fais ceci :
- va ici
- choisi Kaspersky Online Scanner
- dans la popup qui s'ouvre, choisi Accept
- là, il met à jour les définitions de virus
- il peut te demander d'accepter un ActiveX, accepte le, une fois que la mise à jour est finie
- clique sur Next
- puis clique sur My computer
- attend que le scan se réalise
J'étais à 74% du Scan et il s'est arrêté je ne sais pas pourquoi, revenant à l'écran où il faut appuyer sur accept. Bref, je réessayerai demain.
Que dois-je faire une fois le scan fini ? (Au stade où il était, il y avait qqch comme 32 virus et 152 fichiers infectés (je ne suis pas certain des chiffres mais c'était de ce genre là))
J'imagine que je dois faire ce qu'il me demande (ce qui sera en gros supprimer les fichiers infectés et les virus en eux-mêmes je suppose ...) mais je demande tout de même pour être sur 
Voilà, merci encore
Re-bonjour,
Le scan Kaspersky on-line est effectué.
Il a trouvé 25 virus et 789 objets infectés détectés :-? .
Je l'ai sauvé en ".txt" mais il est tellement grand que je n'ose pas le mettre sur le forum. Que dois-je faire ? Je te l'envoie par mail ? Je le poste qd même sur le forum ?
Mon ordinateur commence à redémarrer tout seul, et plante tjs au démarrage de Windows. Ceci dit, il n'est plus du tout lent, il ne rame plus. J'imagine que les reboots et blocages sont dûs aux virus détectés par Kaspersky.
Je vous mets pas toute l'analyse sinon le msg est trop long, je coupe des bouts en les remplacant par "[...]" (j'ai enlevé des bouts de longue chaîne quasiment semblable) :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, October 25, 2005 16:44:54
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 25/10/2005
Kaspersky Anti-Virus database records: 146750
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 104178
Number of viruses found: 25
Number of infected objects: 789
Number of suspicious objects: 0
Duration of the scan process: 5601 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "Tyrone V. Urgency" <vadim@nicolastse.com>][Date Sat, 16 Jul 2005 11:21:10 -0500]/UNNAMED/UNNAMED/zam.exe Infected: Trojan-Downloader.Win32.Small.bdq
[...]
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx/[From "Pauline Mendez" <cavalry@tele.dk>][Date Sun, 31 Jul 2005 17:24:30 -0200]/pics.zip/pics.pif Infected: Net-Worm.Win32.Bobic.d
[...]
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\LA TRAP PRODUCTIONS.dbx/[From "Superlux" <nicolas@superlux.be>][Date Sun, 2 May 2004 13:18:32 +0200]/UNNAMED/html Infected: Trojan.JS.Relink
[...]
C:\Documents and Settings\Ben\Local Settings\Temp\20_price.exe Infected: Email-Worm.Win32.Bagle.dg
C:\Documents and Settings\Ben\Local Settings\Temp\GLF1DGLF1D.EXE/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Documents and Settings\Ben\Local Settings\Temp\GLF1DGLF1D.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Documents and Settings\Ben\Local Settings\Temp\GLF1DGLF1D.EXE Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Documents and Settings\Ben\Local Settings\Temp\Temporary Internet Files\Content.IE5\3C2BOH03\osa6[1].gif Infected: Email-Worm.Win32.Bagle.pac
C:\Documents and Settings\Ben\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.k
[...]
C:\Documents and Settings\Ben\Local Settings\Temp\ts_8_new.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Documents and Settings\Ben\Local Settings\Temp\~10.exe Infected: Email-Worm.Win32.Bagle.pac
[...]
C:\Documents and Settings\Ben\Local Settings\Temp\~E.exe Infected: Email-Worm.Win32.Bagle.pac
C:\Hiajckthis\backups\backup-20051022-125459-769.dll Infected: Trojan-Clicker.Win32.Adpower.p
C:\Program Files\Norton AntiVirus\Quarantine\00AE2B8E.DLL Infected: Trojan.Win32.EliteBar.a
C:\Program Files\Norton AntiVirus\Quarantine\00AE2B8E.exe Infected: Trojan.Win32.StartPage.nk
C:\Program Files\Norton AntiVirus\Quarantine\0201237B Infected: Trojan.Win32.Dialer.jr
C:\Program Files\Norton AntiVirus\Quarantine\02C91268/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton AntiVirus\Quarantine\02C91268/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton AntiVirus\Quarantine\02C91268 Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton AntiVirus\Quarantine\02E33EDB.exe Infected: Trojan.Win32.StartPage.nk
C:\Program Files\Norton AntiVirus\Quarantine\0E594E67 Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\194C59B5 Infected: Trojan-Dropper.Win32.Agent.se
C:\Program Files\Norton AntiVirus\Quarantine\26156072.exe Infected: Trojan.Win32.StartPage.nk
C:\Program Files\Norton AntiVirus\Quarantine\27D91C0A Infected: Trojan-Dropper.Win32.Agent.se
C:\Program Files\Norton AntiVirus\Quarantine\28B3141A.exe Infected: P2P-Worm.Win32.Krepper.c
C:\Program Files\Norton AntiVirus\Quarantine\29FB3509 Infected: Trojan.Win32.Dialer.fu
C:\Program Files\Norton AntiVirus\Quarantine\40147D3C Infected: Trojan-Dropper.Win32.Agent.se
C:\Program Files\Norton AntiVirus\Quarantine\411A0A62 Infected: Trojan.Win32.EliteBar.a
C:\Program Files\Norton AntiVirus\Quarantine\41215E5B Infected: Trojan-Dropper.Win32.Agent.se
C:\Program Files\Norton AntiVirus\Quarantine\42244B87 Infected: Trojan-Downloader.Win32.Small.hs
C:\Program Files\Norton AntiVirus\Quarantine\42277583 Infected: Trojan.Win32.Favadd.o
C:\Program Files\Norton AntiVirus\Quarantine\422A1F7F/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
[...]
C:\Program Files\Norton AntiVirus\Quarantine\422D497C/d_loader.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\422D497C Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\42317378/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.m
C:\Program Files\Norton AntiVirus\Quarantine\42317378 Infected: Trojan-Downloader.Win32.TSUpdate.m
C:\Program Files\Norton AntiVirus\Quarantine\42341D75 Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Program Files\Norton AntiVirus\Quarantine\49CE19FE Infected: Trojan.Win32.Dialer.jr
C:\Program Files\Norton AntiVirus\Quarantine\4F830710 Infected: Trojan.Win32.LowZones.p
C:\Program Files\Norton AntiVirus\Quarantine\51381534.exe Infected: Trojan.Win32.StartPage.nk
C:\Program Files\Norton AntiVirus\Quarantine\54EB111C Infected: Trojan.Win32.LowZones.p
C:\Program Files\Norton AntiVirus\Quarantine\6433570A Infected: Trojan.Win32.EliteBar.a
C:\Program Files\Norton AntiVirus\Quarantine\65467F03 Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\75680982/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton AntiVirus\Quarantine\75680982/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton AntiVirus\Quarantine\75680982 Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton AntiVirus\Quarantine\75A37D09 Infected: Trojan.Win32.Dialer.jr
C:\Program Files\Norton AntiVirus\Quarantine\78747FE0.exe Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Norton AntiVirus\Quarantine\7940488F Infected: Trojan.Win32.Dialer.jr
C:\Program Files\Norton AntiVirus\Quarantine\7DD7171B/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\Program Files\Norton AntiVirus\Quarantine\7DD7171B Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1000\A0255515.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1000\A0261549.exe Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1001\A0261572.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1001\A0261573.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1001\A0261574.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1003\A0261617.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1003\A0261618.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1003\A0261619.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1003\A0261633.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1004\A0262636.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1004\A0262637.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1004\A0262638.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1005\A0267938.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1005\A0267939.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1005\A0267940.exe Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1005\A0267947.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1005\A0267948.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1005\A0267950.exe Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1005\A0267956.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1005\A0267957.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1005\A0267959.exe Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1006\A0267979.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1006\A0267980.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0267988.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0267989.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0267996.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0267997.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0268992.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0268997.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0269005.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0269006.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0269007.exe Infected: Trojan-Downloader.Win32.Small.hs
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0269008.exe Infected: Trojan.Win32.Favadd.o
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0269009.exe Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0269022.exe Infected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0269023.exe Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1007\A0269024.dll Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1008\A0269170.dll Infected: Trojan-Downloader.Win32.Agent.tv
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1008\A0269179.exe Infected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1008\A0269180.exe Infected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1008\A0269181.exe Infected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1008\A0269182.exe Infected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1008\A0269183.exe Infected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1008\A0269187.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1008\A0269190.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1013\A0269367.exe Infected: Trojan.Win32.Favadd.o
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1015\A0269474.exe Infected: Trojan-Downloader.Win32.Small.hs
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1015\A0269475.exe Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1025\A0274911.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1025\A0274916.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1025\A0275918.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1025\A0275920.exe Infected: Email-Worm.Win32.Bagle.du
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0275931.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0275932.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0276931.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0276932.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0276933.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0276938.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0276939.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0276940.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0276941.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0276942.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1026\A0276943.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0276991.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0276992.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0276997.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0276998.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0276999.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0277000.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0277997.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0277998.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0277999.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0278000.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0278001.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0278002.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1027\A0278003.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0278035.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0278036.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0278037.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0278038.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0278039.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0279035.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0279036.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0279037.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0279038.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0279039.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0279040.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1028\A0279041.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279071.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279072.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279077.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279078.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279079.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279080.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279081.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279082.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279083.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279119.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279120.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279121.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279122.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279123.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279124.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1029\A0279125.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279128.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279129.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279130.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279131.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279132.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279133.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279138.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279139.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279140.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279141.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279143.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1030\A0279144.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279148.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279149.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279150.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279151.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279154.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279155.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279185.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279186.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279187.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279188.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0279189.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0280185.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0280186.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0280187.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0280188.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1031\A0280189.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280192.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280193.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280194.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280195.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280200.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280201.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280202.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280203.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280204.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280205.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280213.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280214.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280215.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1032\A0280216.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0280219.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0280220.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0280221.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0280222.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0280226.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0281213.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0281214.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0281215.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0281216.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0282215.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0282216.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0282217.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0282218.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1033\A0282220.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282222.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282223.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282224.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282225.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282226.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282227.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282260.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282261.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282262.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282263.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282264.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1034\A0282284.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282314.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282315.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282316.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282317.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282319.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282350.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282351.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282352.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282353.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282359.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282360.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0282362.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0283358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0283359.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0283360.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0283361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0283362.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0284358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0284359.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0284360.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0284361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0285358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0285359.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0285360.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1035\A0285361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0285367.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0286358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0286359.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0286360.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0286361.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0287358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0287359.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0287360.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0287361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0287362.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0288358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0288359.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0288360.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0288361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0288362.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0289358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0289359.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0289360.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0289361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0289362.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0290358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0290359.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0290360.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0290361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0290362.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0291358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0291359.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0291360.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0291361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0292358.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0292359.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0292360.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0292361.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1036\A0292362.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292632.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292654.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292655.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292656.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292657.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292658.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292662.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292703.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292704.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292705.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292706.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1037\A0292715.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292735.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292736.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292737.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292738.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292739.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292751.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292752.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292753.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292754.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292755.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292757.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292779.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292780.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292781.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292782.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292783.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292788.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292789.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292790.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292791.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292792.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292836.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292837.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292838.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292839.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1038\A0292843.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0292844.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0292851.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0292852.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0292853.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0292854.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0292859.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0292860.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0292861.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0292862.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0293859.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0293860.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0293861.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0293862.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1039\A0293863.exe Infected: Email-Worm.Win32.Bagle.pac
[...]
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0295943.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0296976.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0296977.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0296978.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0296979.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0296980.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0297976.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0297977.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0297978.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0297979.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0297980.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1041\A0297981.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0298010.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0298011.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0298012.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0298013.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0298014.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0298019.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0298020.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0298021.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0298022.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0300023.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0300024.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0300025.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0301023.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0301024.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0301025.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0301026.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1042\A0301027.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0301028.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0301038.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0301039.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0301040.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0301041.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0301042.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0302038.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0302039.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0302040.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0302041.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0302042.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1043\A0302043.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1044\A0302044.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1044\A0302047.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1044\A0302048.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1044\A0302049.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1044\A0302050.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1044\A0302051.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0303075.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0303076.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0303077.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0303078.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0304075.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0304076.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0304077.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0304078.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0304079.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1045\A0304080.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0304096.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0304097.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0304098.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0304099.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0305096.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0305097.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0305098.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0305099.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0305100.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0306096.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0306097.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0306098.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0306099.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1046\A0306103.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0306110.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0306111.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0306112.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0306113.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0307112.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0307113.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0307114.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0307115.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0307116.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1047\A0307117.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307122.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307130.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307131.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307132.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307133.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307134.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307139.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307140.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307141.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0307142.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0308139.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0308140.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0308141.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0308142.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1048\A0308143.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0308146.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0308147.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0308148.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0308149.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0308150.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0309162.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0309163.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0309164.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0309165.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0309166.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0310162.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0310163.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0310164.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1049\A0310165.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1050\A0310173.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1050\A0310174.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1050\A0310175.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1050\A0310176.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1050\A0311183.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1050\A0311184.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1050\A0311185.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1050\A0311186.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1050\A0311187.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1051\A0311197.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1051\A0311198.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1051\A0311199.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1051\A0311200.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1051\A0312197.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1051\A0312198.exe Infected: Email-Worm.Win32.Bagle.dg
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1051\A0312199.dll Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1051\A0312200.exe Infected: Email-Worm.Win32.Bagle.pac
[...]
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1053\A0327267.exe Infected: Email-Worm.Win32.Bagle.dw
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1053\A0327268.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1053\A0327270.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP1053\A0327276.exe Infected: Email-Worm.Win32.Bagle.pac
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP975\A0249659.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP975\A0249667.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP976\A0249674.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP977\A0249685.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP983\A0250169.exe Infected: Trojan.Win32.Dialer.jr
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP984\A0252168.exe Infected: Trojan.Win32.Dialer.jr
[...]
C:\System Volume Information\_restore{28E9C479-506B-497A-A301-1605B946324E}\RP999\A0255506.exe Infected: Trojan.Win32.Dialer.jr
C:\WINXP\1023468.exe Infected: Email-Worm.Win32.Bagle.pac
C:\WINXP\1062734.exe Infected: Email-Worm.Win32.Bagle.pac
[...]
C:\WINXP\788046.exe Infected: Email-Worm.Win32.Bagle.pac
C:\WINXP\840031.exe Infected: Email-Worm.Win32.Bagle.pac
C:\WINXP\864171.exe Infected: Email-Worm.Win32.Bagle.pac
C:\WINXP\firewall_anti.exe.dll Infected: Email-Worm.Win32.Bagle.dw
C:\WINXP\system32\forõ.exe Infected: Email-Worm.Win32.Bagle.pac
C:\WINXP\system32\noat.exe Infected: Email-Worm.Win32.Bagle.pac
C:\WINXP\system32\windll2.exe Infected: Email-Worm.Win32.Bagle.dw
C:\WINXP\system32\wiwshost.exe Infected: Email-Worm.Win32.Bagle.dg
Scan process completed.
Merci pour votre aide :-)
PS : J'ai qd même enlevé presque les 3/4 du scan, il y avait des listes quasiment pareilles(les ".dg" ; ".dw" et ".pac" était différents seulement), afin que mon message aient les dimensions acceptées. Excusez moi pour la longueur du msg.
Salut,
Désolé pour ce retard, j'étais en voyage pour le boulot (deux petits jours à Nice trop pépère :-D).
Pour supprimer les fichier, fais ceci :
- désactive la restauration système
| Citation : Pour désactiver la restauration système, rendez-vous dans le Panneau de configuration puis dans Système. Ensuite, dans l'onglet Restauration du sytème, cochez la case Désactiver la Restauration du système sur tous les lecteurs. |
- vide le dossier C:\Documents and Settings\pour-tous-les-utilisateurs-que-tu-as\Local Settings\Temp\
- supprime les fichiers temporaires d'IE.
| Citation : - lance IE
|
- vide la quarantaine de Norton
- supprime tous les fichiers qu'il t'indique dans C:\WINXP et dans C:\WINXP\system32
Ensuite, refais un log Kaspersky.
S'il ne trouve plus rien, réactive la restauration système, sinon, poste le nouveau log qui devrait etre beaucoup moins long ;-)
Salut !
En espérant que tu ne regrettes pas trop Nice, je te donne de mes nouvelles ;-) :
J'ai effectué tout ce que tu m'as demandé sans problème, à part que je n'ai pas réussi a supprimer 2 fichiers dans le dossier "Temp" d'un des utilisateurs (dossier qui se remplit de minutes en minutes d'ailleurs ...) =
"C:\Documents and Settings\Ben\Local Settings\Temp\~DF4C03.tmp"
Et un autre presque pareil (DFBetc...)
J'ai refais un log Kaspersky qui est effectivement nettement moins long, je te le mets ici :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, October 28, 2005 19:20:14
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/10/2005
Kaspersky Anti-Virus database records: 147382
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 96182
Number of viruses found: 4
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 4964 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "Tyrone V. Urgency" <vadim@nicolastse.com>][Date Sat, 16 Jul 2005 11:21:10 -0500]/UNNAMED/UNNAMED/zam.exe Infected: Trojan-Downloader.Win32.Small.bdq
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "Tyrone V. Urgency" <vadim@nicolastse.com>][Date Sat, 16 Jul 2005 11:21:10 -0500]/UNNAMED/UNNAMED Infected: Trojan-Downloader.Win32.Small.bdq
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "Tyrone V. Urgency" <vadim@nicolastse.com>][Date Sat, 16 Jul 2005 11:21:10 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Small.bdq
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Boîte de réception.dbx Infected: Trojan-Downloader.Win32.Small.bdq
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx/[From "Pauline Mendez" <cavalry@tele.dk>][Date Sun, 31 Jul 2005 17:24:30 -0200]/pics.zip/pics.pif Infected: Net-Worm.Win32.Bobic.d
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx/[From "Pauline Mendez" <cavalry@tele.dk>][Date Sun, 31 Jul 2005 17:24:30 -0200]/pics.zip Infected: Net-Worm.Win32.Bobic.d
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx/[From "Pauline Mendez" <cavalry@tele.dk>][Date Sun, 31 Jul 2005 17:24:30 -0200]/UNNAMED/pics.zip/pics.pif Infected: Net-Worm.Win32.Bobic.d
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx/[From "Pauline Mendez" <cavalry@tele.dk>][Date Sun, 31 Jul 2005 17:24:30 -0200]/UNNAMED/pics.zip Infected: Net-Worm.Win32.Bobic.d
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx/[From "Pauline Mendez" <cavalry@tele.dk>][Date Sun, 31 Jul 2005 17:24:30 -0200]/UNNAMED Infected: Net-Worm.Win32.Bobic.d
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx Infected: Net-Worm.Win32.Bobic.d
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\LA TRAP PRODUCTIONS.dbx/[From "Superlux" <nicolas@superlux.be>][Date Sun, 2 May 2004 13:18:32 +0200]/UNNAMED/html Infected: Trojan.JS.Relink
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\LA TRAP PRODUCTIONS.dbx/[From "Superlux" <nicolas@superlux.be>][Date Sun, 2 May 2004 13:18:32 +0200]/UNNAMED Infected: Trojan.JS.Relink
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\LA TRAP PRODUCTIONS.dbx/[From "Marc SMEESTERS" <marc@intersection.be>][Date Tue, 4 May 2004 23:29:34 +0200]/UNNAMED/html Infected: Trojan.JS.Relink
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\LA TRAP PRODUCTIONS.dbx/[From "Marc SMEESTERS" <marc@intersection.be>][Date Tue, 4 May 2004 23:29:34 +0200]/UNNAMED Infected: Trojan.JS.Relink
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\LA TRAP PRODUCTIONS.dbx Infected: Trojan.JS.Relink
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Éléments envoyés.dbx/[From =?iso-8859-1?Q?Beno=EEt_Roland?= <beni@brutele.be>][Date Sun, 2 May 2004 14:28:32 +0200]/UNNAMED/html Infected: Trojan.JS.Relink
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Éléments envoyés.dbx/[From =?iso-8859-1?Q?Beno=EEt_Roland?= <beni@brutele.be>][Date Sun, 2 May 2004 14:28:32 +0200]/UNNAMED Infected: Trojan.JS.Relink
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Éléments envoyés.dbx/[From =?iso-8859-1?Q?Beno=EEt_Roland?= <beni@brutele.be>][Date Mon, 19 Jul 2004 19:25:26 +0200]/UNNAMED/html Infected: Trojan.JS.Relink
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Éléments envoyés.dbx/[From =?iso-8859-1?Q?Beno=EEt_Roland?= <beni@brutele.be>][Date Mon, 19 Jul 2004 19:25:26 +0200]/UNNAMED Infected: Trojan.JS.Relink
C:\Documents and Settings\Ben\Local Settings\Application Data\Identities\{2B8C1BAF-BE88-455D-A508-85D18D87486F}\Microsoft\Outlook Express\Éléments envoyés.dbx Infected: Trojan.JS.Relink
C:\Hiajckthis\backups\backup-20051022-125459-769.dll Infected: Trojan-Clicker.Win32.Adpower.p
Scan process completed.
D'après ce que je vois, ce n'est que des trucs de nouveau dans "Temp" a mon avis (en relation avec des mails sur Outlook) et un backup d'Hiajckthis ... ceci dit je suis nul, donc je te laisse interpréter ce scan :-)
Voilà, merci encore de m'aider, et dis moi les prochaines opérations à effectuer. Il faut savoir que mon pc a encore bloqué 2 fois ajd (c'est bien moins qu'avant m'enfin ...) mais qu'il ne rame plus !
Voilà, à bientôt !
PS : Aurais-tu un antivirus efficace à me conseiller - gratuit si possible - du genre "Norton Antivirus" car ce dernier a un problème sur mon pc depuis qq jours j'ai l'impression, et puis, à ce que j'entends (lis), ce n'est pas un des meilleurs ?
Salut,
Si je regrette un peu Nice... mais bon maintenant je suis en vrai vacs pour quelques jours, ça compense.
Alors, maintenant, ben tout ce qui te reste c'est des virus que tu as reçu dans ta boite mail.
Pour les supprimer, ben faudrait supprimer les virus que t'as recu sur ta boite mail ;-)
Sinon, perso je déconseille Norton.
Préfère Avast (gratuit), Kaspersky (payant).
Et en firewall Zone Alarm (gratuit), ou Kerio (gratuit je crois aussi)
Salut !
J'ai désinstallé Norton Antivirus (2004) par le biais du "Ajout/Suppression de programmes" ... Mais lorsque j'essaye d'installer "Avast", il me dit qu'il pourrait rentrer en concurrence avec "Symantec antivirus".
Je pense donc que je dois désinstaller "Livereg" et "Liveupdate" (tous deux présents dans la liste des programmes) mais ils sont impossibles à désinstaller.
Les raisons sont dftes pour les deux : pour désinstaller "Livereg", il me dit qu'il manque le composant "Norton Antivirus" (Le comble !) et pour "Liveupdate" il me dit qu'il n'a pas pu charger le fichier "luintd.dll" et qu'il abandonne donc la désinstallation.
Je n'ose pas installer AVAST avant d'avoir totalement désinstallé Norton ... Aurais-tu des conseils à me donner pour réussir a le désinstaller totalement ?
Sinon, je vais refaire un scan Kaspersky et je vais coller le résultat ici afin de savoir s'il ne trouve plus aucun virus. Je refais un log Hiajckthis après pour voir si tout est clean ou ca ne sert plus à rien ?
Bonne journée/soirée !
Salut, alors désolé pour les nouvelles tardives, mais j'ai eu des problèmes avec le net.
Kaspersky Online ne détecte plus rien, mais mon problème avec Norton n'est pas résolu, quelqu'un pourrait m'aider SVP ?
Je met un dernier log Hiajckthis au cas où il resterait une ou l'autre petite chose :
Logfile of HijackThis v1.99.1
Scan saved at 23:20:54, on 11/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\LEXBCES.EXE
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\LEXPPS.EXE
C:\WINXP\System32\drivers\CDAC11BA.EXE
C:\Documents and Settings\François\Mes documents\Fichier 'antivirus'\security suite\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Google\ggviewer67-28.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINXP\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hiajckthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads [...] nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINXP\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\François\Mes documents\Fichier 'antivirus'\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINXP\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci encore !
Salut,
Pour désinstaller Norton, tu peux suivre les instructions de ce site, je pense que c'est bien fait :
ici
Vu que tu as déja désinstaller la plupart, il te restera pas grand chose à faire ;-)
Il y a 978 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
Par Destrio5 il y a 6 jours :
