avast : infection win32

Bonjour,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Le scan est en cours

Merci pour cette reponse aussi rapide !!

Ok  

voilà le scan combofix :

ComboFix 07-11-19.4C - Administrateur 2007-11-28 18:21:40.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 1:00]
Running from: D:\Drivers et Programmes\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Administrateur\Application Data\hidires
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0032C2.dat
C:\WINDOWS\system32\__c0049741.dat
C:\WINDOWS\system32\__c0057E79.dat
C:\WINDOWS\system32\__c005C284.dat
C:\WINDOWS\system32\__c0063C24.dat
C:\WINDOWS\system32\__c0067076.dat
C:\WINDOWS\system32\__c006CD55.dat
C:\WINDOWS\system32\__c0090C77.dat
C:\WINDOWS\system32\__c0092E30.dat
C:\WINDOWS\system32\__c00A5644.dat
C:\WINDOWS\system32\__c00A6504.dat
C:\WINDOWS\system32\__c00A7742.dat
C:\WINDOWS\system32\__c00BF908.dat
C:\WINDOWS\system32\__c00C8F32.dat
C:\WINDOWS\system32\__c00D42BA.dat
C:\WINDOWS\system32\__c00DC101.dat
C:\WINDOWS\system32\__c00DE340.dat
C:\WINDOWS\system32\__c00E10A4.dat
C:\WINDOWS\system32\__c00E32AC.dat
C:\WINDOWS\system32\__c00F3DB8.dat
C:\WINDOWS\system32\abidleyp.exe
C:\WINDOWS\system32\abnsalwq.exe
C:\WINDOWS\system32\ackxbria.exe
C:\WINDOWS\system32\acyixyrk.exe
C:\WINDOWS\system32\aeymkavf.exe
C:\WINDOWS\system32\aipkvseo.exe
C:\WINDOWS\system32\appxgpen.exe
C:\WINDOWS\system32\aqglorbr.dll
C:\WINDOWS\system32\avmpiqog.exe
C:\WINDOWS\system32\axpgsddc.dll
C:\WINDOWS\system32\bakdrfjx.exe
C:\WINDOWS\system32\bcpjglkn.dll
C:\WINDOWS\system32\bemhgqfq.dll
C:\WINDOWS\system32\biuqbigu.dll
C:\WINDOWS\system32\bkiolhap.dll
C:\WINDOWS\system32\bncestay.dll
C:\WINDOWS\system32\bpfujdgv.dll
C:\WINDOWS\system32\bplquxuo.dll
C:\WINDOWS\system32\brrejoih.dll
C:\WINDOWS\system32\bwrquhne.exe
C:\WINDOWS\system32\bxjkfhoy.exe
C:\WINDOWS\system32\cancfyfa.dll
C:\WINDOWS\system32\cfokggub.exe
C:\WINDOWS\system32\cijkvttu.dll
C:\WINDOWS\system32\cmrrghsw.dll
C:\WINDOWS\system32\cshlgqpl.exe
C:\WINDOWS\system32\ctkducjy.dll
C:\WINDOWS\system32\ddtnjwmk.dll
C:\WINDOWS\system32\djrhbkld.exe
C:\WINDOWS\system32\dotkxfvt.dll
C:\WINDOWS\system32\dpejxlwf.exe
C:\WINDOWS\system32\dportuyo.dll
C:\WINDOWS\system32\dprmfnds.exe
C:\WINDOWS\system32\dttweffq.dll
C:\WINDOWS\system32\ectuqfpr.dll
C:\WINDOWS\system32\efnshfje.dll
C:\WINDOWS\system32\egkuxqgo.dll
C:\WINDOWS\system32\ehunajir.dll
C:\WINDOWS\system32\emjjnvnt.dll
C:\WINDOWS\system32\ennqykwb.exe
C:\WINDOWS\system32\erefrvou.exe
C:\WINDOWS\system32\esckxkst.exe
C:\WINDOWS\system32\esqfnuwq.dll
C:\WINDOWS\system32\evthjomu.dll
C:\WINDOWS\system32\exsxsnyg.exe
C:\WINDOWS\system32\eyhdcnai.exe
C:\WINDOWS\system32\eyhmvrqo.exe
C:\WINDOWS\system32\fgirxanh.exe
C:\WINDOWS\system32\fowxicly.exe
C:\WINDOWS\system32\fqlumkdg.dll
C:\WINDOWS\system32\frqbchio.exe
C:\WINDOWS\system32\gcafvpko.dll
C:\WINDOWS\system32\gerepgwt.exe
C:\WINDOWS\system32\gmbwsthc.exe
C:\WINDOWS\system32\gnfvquel.exe
C:\WINDOWS\system32\gohalssm.dll
C:\WINDOWS\system32\hbcpcwyl.dll
C:\WINDOWS\system32\hbhgteae.exe
C:\WINDOWS\system32\hchmlbni.dll
C:\WINDOWS\system32\hdobdlwh.dll
C:\WINDOWS\system32\hfdrjiyb.exe
C:\WINDOWS\system32\hirbhysw.exe
C:\WINDOWS\system32\hjnawsec.dll
C:\WINDOWS\system32\hkyyfkxw.dll
C:\WINDOWS\system32\hpsrpued.dll
C:\WINDOWS\system32\huaprhwk.exe
C:\WINDOWS\system32\idgdgyva.exe
C:\WINDOWS\system32\ifwfcqgn.exe
C:\WINDOWS\system32\igaduegu.exe
C:\WINDOWS\system32\imukwnvh.exe
C:\WINDOWS\system32\inypqxmf.dll
C:\WINDOWS\system32\itpqaxkc.exe
C:\WINDOWS\system32\ixprpmta.dll
C:\WINDOWS\system32\jbinljdj.dll
C:\WINDOWS\system32\jhkbpjcs.exe
C:\WINDOWS\system32\jimqyjxu.dll
C:\WINDOWS\system32\jjwaodbu.exe
C:\WINDOWS\system32\jqnjbome.dll
C:\WINDOWS\system32\jybhsmyt.dll
C:\WINDOWS\system32\kpwvwpuu.exe
C:\WINDOWS\system32\kraditdn.dll
C:\WINDOWS\system32\ktnctxog.exe
C:\WINDOWS\system32\kvecfgnf.dll
C:\WINDOWS\system32\kwstbfvr.exe
C:\WINDOWS\system32\ldeovnuk.dll
C:\WINDOWS\system32\lkbrgkxq.exe
C:\WINDOWS\system32\lmqfomno.dll
C:\WINDOWS\system32\lnxdgxex.dll
C:\WINDOWS\system32\luxfybsi.dll
C:\WINDOWS\system32\lyplbdiv.exe
C:\WINDOWS\system32\mafkoxte.exe
C:\WINDOWS\system32\mjklcqav.dll
C:\WINDOWS\system32\moyokimn.dll
C:\WINDOWS\system32\mqdjjsdo.exe
C:\WINDOWS\system32\myasnupx.dll
C:\WINDOWS\system32\ngytihey.dll
C:\WINDOWS\system32\nmkjjddo.exe
C:\WINDOWS\system32\nmyihmmd.exe
C:\WINDOWS\system32\npcotgyn.exe
C:\WINDOWS\system32\nywflwcn.exe
C:\WINDOWS\system32\obpmvkle.dll
C:\WINDOWS\system32\oeseunyl.dll
C:\WINDOWS\system32\ofdcgyfn.exe
C:\WINDOWS\system32\ohcujfow.exe
C:\WINDOWS\system32\oiocsftb.exe
C:\WINDOWS\system32\oqjmfsut.exe
C:\WINDOWS\system32\oqngoxry.dll
C:\WINDOWS\system32\oscqiphm.exe
C:\WINDOWS\system32\otbkcbaw.exe
C:\WINDOWS\system32\owuiwlck.exe
C:\WINDOWS\system32\owxjgeux.dll
C:\WINDOWS\system32\oysnuxlm.exe
C:\WINDOWS\system32\pdjfjcng.exe
C:\WINDOWS\system32\pgelffxh.dll
C:\WINDOWS\system32\polpunvw.dll
C:\WINDOWS\system32\ppriuhkf.exe
C:\WINDOWS\system32\ppykjcor.exe
C:\WINDOWS\system32\ptjykgde.dll
C:\WINDOWS\system32\qcqmduxt.dll
C:\WINDOWS\system32\qlrcofbi.dll
C:\WINDOWS\system32\qluoqpov.dll
C:\WINDOWS\system32\qppkgjbo.exe
C:\WINDOWS\system32\qtqatkju.exe
C:\WINDOWS\system32\qttfqbdb.dll
C:\WINDOWS\system32\rjuihcmo.exe
C:\WINDOWS\system32\rmdivfli.exe
C:\WINDOWS\system32\ropqujuu.dll
C:\WINDOWS\system32\rpfqutce.ini
C:\WINDOWS\system32\rpyvflov.dll
C:\WINDOWS\system32\rsxctstm.exe
C:\WINDOWS\system32\sedafjcc.dll
C:\WINDOWS\system32\sjtkoxco.exe
C:\WINDOWS\system32\slvuaxva.exe
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\srqss.tmp
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\styjuhrb.dll
C:\WINDOWS\system32\tavxfcul.exe
C:\WINDOWS\system32\tbkjgwoq.dll
C:\WINDOWS\system32\tgphprva.dll
C:\WINDOWS\system32\tjoosxdh.dll
C:\WINDOWS\system32\tjvvsbqk.exe
C:\WINDOWS\system32\tkaowgov.dll
C:\WINDOWS\system32\tksdtlsr.exe
C:\WINDOWS\system32\tvwavykk.dll
C:\WINDOWS\system32\txjyufux.exe
C:\WINDOWS\system32\tytlaogg.exe
C:\WINDOWS\system32\udlhyeru.dll
C:\WINDOWS\system32\uivmpfgs.exe
C:\WINDOWS\system32\ukotsfij.exe
C:\WINDOWS\system32\ulwwuqyn.exe
C:\WINDOWS\system32\umhxsgyn.dll
C:\WINDOWS\system32\umkwglbl.exe
C:\WINDOWS\system32\umojhtve.ini
C:\WINDOWS\system32\uqcyaedu.exe
C:\WINDOWS\system32\utlqyiek.dll
C:\WINDOWS\system32\uttmrqmk.exe
C:\WINDOWS\system32\vfsijqjy.exe
C:\WINDOWS\system32\vhhchaaw.dll
C:\WINDOWS\system32\vhptaljr.dll
C:\WINDOWS\system32\viltkhvw.dll
C:\WINDOWS\system32\vogputmw.ini
C:\WINDOWS\system32\vrfmwysl.dll
C:\WINDOWS\system32\vsikbvoq.exe
C:\WINDOWS\system32\vwfvfwuo.exe
C:\WINDOWS\system32\wbfouref.dll
C:\WINDOWS\system32\whsejdjn.dll
C:\WINDOWS\system32\wmtupgov.dll
C:\WINDOWS\system32\wrspjetq.exe
C:\WINDOWS\system32\wxptcved.dll
C:\WINDOWS\system32\xfhseolq.exe
C:\WINDOWS\system32\xgktoipg.dll
C:\WINDOWS\system32\xlspnkpj.dll
C:\WINDOWS\system32\xqaikxgj.dll
C:\WINDOWS\system32\xueonugy.exe
C:\WINDOWS\system32\yeaflbaq.exe
C:\WINDOWS\system32\ylnyiqmj.dll
C:\WINDOWS\system32\youssava.exe
C:\WINDOWS\system32\yrhgpnnc.dll
C:\WINDOWS\system32\yrxognqo.ini
C:\WINDOWS\system32\yuvfsjui.exe
C:\WINDOWS\system32\yxikcjbc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_ROSA
-------\DomainService
-------\rosa


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.

2007-11-28 17:43 85,056 --a------ C:\WINDOWS\system32\tdmqsvqc.dll
2007-11-28 17:43 714 ---hs---- C:\WINDOWS\system32\cqvsqmdt.ini
2007-11-28 17:40 81,984 --a------ C:\WINDOWS\system32\bsifltma.dll
2007-11-28 17:32 71,232 --a------ C:\WINDOWS\system32\edndxygg.exe
2007-11-27 19:11 594 ---hs---- C:\WINDOWS\system32\jjdybuwv.ini
2007-11-27 19:08 78,912 --a------ C:\WINDOWS\system32\gybwwanp.dll
2007-11-27 19:00 71,232 --a------ C:\WINDOWS\system32\kotbhodl.exe
2007-11-26 22:21 474 ---hs---- C:\WINDOWS\system32\gfaqamdr.ini
2007-11-26 22:20 80,960 --a------ C:\WINDOWS\system32\tjwktfrg.dll
2007-11-26 22:18 71,232 --a------ C:\WINDOWS\system32\uemjavlm.exe
2007-11-26 21:25 354 ---hs---- C:\WINDOWS\system32\ojkvicvj.ini
2007-11-26 21:19 80,960 --a------ C:\WINDOWS\system32\akgvdhvs.dll
2007-11-26 21:16 71,232 --a------ C:\WINDOWS\system32\miwqjlms.exe
2007-11-26 20:14 85,056 --a------ C:\WINDOWS\system32\kksijbda.dll
2007-11-26 20:14 2,034 ---hs---- C:\WINDOWS\system32\adbjiskk.ini
2007-11-26 20:11 80,960 --a------ C:\WINDOWS\system32\pswveixw.dll
2007-11-26 20:08 71,232 --a------ C:\WINDOWS\system32\bpthuqex.exe
2007-11-26 19:58 71,232 --a------ C:\WINDOWS\system32\biduqmud.exe
2007-11-25 17:25 79,936 --a------ C:\WINDOWS\system32\lsgnmxqe.dll
2007-11-25 17:14 1,974 ---hs---- C:\WINDOWS\system32\omvgqlth.ini
2007-11-25 17:09 71,232 --a------ C:\WINDOWS\system32\nfatkcxi.exe
2007-11-25 12:42 1,794 ---hs---- C:\WINDOWS\system32\cwgnyhoi.ini
2007-11-25 12:39 79,936 --a------ C:\WINDOWS\system32\pqrgdkfj.dll
2007-11-25 12:36 71,232 --a------ C:\WINDOWS\system32\vwkwvxjx.exe
2007-11-24 16:13 1,674 ---hs---- C:\WINDOWS\system32\qlutvkqb.ini
2007-11-24 16:10 81,472 --a------ C:\WINDOWS\system32\qyrnotyw.dll
2007-11-24 16:07 71,232 --a------ C:\WINDOWS\system32\umgwhxbs.exe
2007-11-23 19:09 1,554 ---hs---- C:\WINDOWS\system32\aaytrpxf.ini
2007-11-23 19:03 83,520 --a------ C:\WINDOWS\system32\bggtybcc.dll
2007-11-23 19:00 71,232 --a------ C:\WINDOWS\system32\ecfgbmrv.exe
2007-11-22 16:32 79,936 --a------ C:\WINDOWS\system32\clvllyby.dll
2007-11-22 16:29 1,434 ---hs---- C:\WINDOWS\system32\bnfkgnvo.ini
2007-11-22 16:18 71,232 --a------ C:\WINDOWS\system32\ixcrnijc.exe
2007-11-21 18:26 80,960 --a------ C:\WINDOWS\system32\gdyjeahv.dll
2007-11-21 18:20 1,314 ---hs---- C:\WINDOWS\system32\edifxiqi.ini
2007-11-21 18:17 71,232 --a------ C:\WINDOWS\system32\ctbxyver.exe
2007-11-20 19:27 1,194 ---hs---- C:\WINDOWS\system32\ujxejrdh.ini
2007-11-20 19:24 84,544 --a------ C:\WINDOWS\system32\vqjwvthf.dll
2007-11-20 19:07 71,232 --a------ C:\WINDOWS\system32\pkkqpyhb.exe
2007-11-19 19:14 1,074 ---hs---- C:\WINDOWS\system32\esxkkxiq.ini
2007-11-19 19:08 83,008 --a------ C:\WINDOWS\system32\nkcoscov.dll
2007-11-19 19:02 71,232 --a------ C:\WINDOWS\system32\jddjjkmx.exe
2007-11-18 17:23 79,424 --a------ C:\WINDOWS\system32\lnulxbpd.dll
2007-11-18 17:20 954 ---hs---- C:\WINDOWS\system32\vtreqlbu.ini
2007-11-18 17:06 71,232 --a------ C:\WINDOWS\system32\asgsqdix.exe
2007-11-17 22:32 82,496 --a------ C:\WINDOWS\system32\sgampnyj.dll
2007-11-17 18:11 834 ---hs---- C:\WINDOWS\system32\fetskkpr.ini
2007-11-17 18:06 71,232 --a------ C:\WINDOWS\system32\arnhfdiy.exe
2007-11-17 14:44 714 ---hs---- C:\WINDOWS\system32\rrvypdlv.ini
2007-11-17 14:27 71,232 --a------ C:\WINDOWS\system32\cmhwbhxu.exe
2007-11-16 12:52 594 ---hs---- C:\WINDOWS\system32\oimoxhnb.ini
2007-11-16 12:44 71,232 --a------ C:\WINDOWS\system32\eiqfesyi.exe
2007-11-16 10:37 474 ---hs---- C:\WINDOWS\system32\jmnelydh.ini
2007-11-16 10:34 71,232 --a------ C:\WINDOWS\system32\uvyvkjjm.exe
2007-11-15 16:29 354 ---hs---- C:\WINDOWS\system32\ytbttvta.ini
2007-11-15 16:26 71,232 --a------ C:\WINDOWS\system32\welqnmpj.exe
2007-11-14 14:07 534 ---hs---- C:\WINDOWS\system32\xxmjmnhv.ini
2007-11-14 13:59 71,232 --a------ C:\WINDOWS\system32\jirakhth.exe
2007-11-13 20:35 354 ---hs---- C:\WINDOWS\system32\ejuegcvk.ini
2007-11-13 20:29 71,232 --a------ C:\WINDOWS\system32\upobwrtd.exe
2007-11-12 18:54 1,794 ---hs---- C:\WINDOWS\system32\cppemqat.ini
2007-11-12 18:49 71,232 --a------ C:\WINDOWS\system32\blenecjc.exe
2007-11-11 18:55 1,674 ---hs---- C:\WINDOWS\system32\wnluesxg.ini
2007-11-11 18:44 71,232 --a------ C:\WINDOWS\system32\uwmenxjn.exe
2007-11-09 19:52 1,554 ---hs---- C:\WINDOWS\system32\wbhloryi.ini
2007-11-09 19:49 71,232 --a------ C:\WINDOWS\system32\pgpfnaec.exe
2007-11-08 17:42 1,434 ---hs---- C:\WINDOWS\system32\rlepnydd.ini
2007-11-08 17:33 71,232 --a------ C:\WINDOWS\system32\rrtlklej.exe
2007-11-08 16:42 1,314 ---hs---- C:\WINDOWS\system32\ifiwbwlr.ini
2007-11-07 18:55 1,254 ---hs---- C:\WINDOWS\system32\npnvkxgq.ini
2007-11-07 18:49 71,232 --a------ C:\WINDOWS\system32\gohdhkgn.exe
2007-11-07 11:47 71,232 --a------ C:\WINDOWS\system32\qqoffpyv.exe
2007-11-07 11:47 1,134 ---hs---- C:\WINDOWS\system32\gdeqvvyo.ini
2007-11-06 18:32 1,014 ---hs---- C:\WINDOWS\system32\pjpnkyan.ini
2007-11-06 18:26 71,232 --a------ C:\WINDOWS\system32\cncytjbk.exe
2007-11-05 13:20 894 ---hs---- C:\WINDOWS\system32\hnauyhax.ini
2007-11-04 19:02 774 ---hs---- C:\WINDOWS\system32\ebesloqw.ini
2007-11-03 10:57 654 ---hs---- C:\WINDOWS\system32\teghspyp.ini
2007-11-02 16:37 534 ---hs---- C:\WINDOWS\system32\iukabjkj.ini
2007-11-01 19:35 414 ---hs---- C:\WINDOWS\system32\nvrhuiun.ini
2007-11-01 16:29 294 ---hs---- C:\WINDOWS\system32\wrhyvddv.ini
2007-10-31 15:17 294 ---hs---- C:\WINDOWS\system32\tqagiavs.ini
2007-10-30 11:41 1,074 ---hs---- C:\WINDOWS\system32\sjljtqqh.ini
2007-10-29 11:01 954 ---hs---- C:\WINDOWS\system32\subgbwbu.ini
2007-10-28 22:22 834 ---hs---- C:\WINDOWS\system32\igtppvqg.ini
2007-10-28 21:55 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-10-28 19:39 714 ---hs---- C:\WINDOWS\system32\ycskanit.ini
2007-10-28 10:01 594 ---hs---- C:\WINDOWS\system32\wgdkvenx.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 15:43 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2007-10-11 16:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-09-29 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-02-01 18:18 138 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3760B4E5-376F-4AE3-8CDD-581F2C117087}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c646a5fc-4ba9-4d60-b234-680d6600cae4}]
2007-11-28 17:40 81984 --a------ C:\WINDOWS\system32\bsifltma.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 00:37]
"NVIEW"="nview.dll" [2002-12-12 09:00 C:\WINDOWS\system32\nview.dll]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-01 20:07]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-12-12 09:00 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 22:57]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 11:05]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 11:45]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 11:39]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 17:36]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 06:06 C:\WINDOWS\KHALMNPR.Exe]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" []
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" []
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"b07a892e"="C:\WINDOWS\system32\tdmqsvqc.dll" [2007-11-28 17:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnkji]
ssqnkji.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender9\filespy.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH920GS.sys
S3 PTV337;Mini DigitalTV USB;C:\WINDOWS\system32\DRIVERS\PTV337.SYS
S3 PTV339;Mini DualTV USB;C:\WINDOWS\system32\DRIVERS\PTV339.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78d42e38-839e-11da-a027-0040ca560317}]
\Shell\AutoRun\command - H:\Autorun.exe

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 18:34:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 18:35:36 - machine was rebooted
.
--- E O F ---

Re,

Ah ouais, bien infecté  

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

le rapport de Combofix :

ComboFix 07-11-19.4C - Administrateur 2007-11-28 19:13:02.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.142 [GMT 1:00]
Running from: D:\Drivers et Programmes\ComboFix.exe
Command switches used :: D:\Drivers et Programmes\CFScript.txt..txt
* Created a new restore point

FILE
C:\WINDOWS\system32\aaytrpxf.ini
C:\WINDOWS\system32\adbjiskk.ini
C:\WINDOWS\system32\akgvdhvs.dll
C:\WINDOWS\system32\arnhfdiy.exe
C:\WINDOWS\system32\asgsqdix.exe
C:\WINDOWS\system32\bggtybcc.dll
C:\WINDOWS\system32\biduqmud.exe
C:\WINDOWS\system32\blenecjc.exe
C:\WINDOWS\system32\bnfkgnvo.ini
C:\WINDOWS\system32\bpthuqex.exe
C:\WINDOWS\system32\bsifltma.dll
C:\WINDOWS\system32\clvllyby.dll
C:\WINDOWS\system32\cmhwbhxu.exe
C:\WINDOWS\system32\cncytjbk.exe
C:\WINDOWS\system32\cppemqat.ini
C:\WINDOWS\system32\cqvsqmdt.ini
C:\WINDOWS\system32\ctbxyver.exe
C:\WINDOWS\system32\cwgnyhoi.ini
C:\WINDOWS\system32\ebesloqw.ini
C:\WINDOWS\system32\ecfgbmrv.exe
C:\WINDOWS\system32\edifxiqi.ini
C:\WINDOWS\system32\edndxygg.exe
C:\WINDOWS\system32\eiqfesyi.exe
C:\WINDOWS\system32\ejuegcvk.ini
C:\WINDOWS\system32\esxkkxiq.ini
C:\WINDOWS\system32\fetskkpr.ini
C:\WINDOWS\system32\gdeqvvyo.ini
C:\WINDOWS\system32\gdyjeahv.dll
C:\WINDOWS\system32\gfaqamdr.ini
C:\WINDOWS\system32\gohdhkgn.exe
C:\WINDOWS\system32\gybwwanp.dll
C:\WINDOWS\system32\hnauyhax.ini
C:\WINDOWS\system32\ifiwbwlr.ini
C:\WINDOWS\system32\igtppvqg.ini
C:\WINDOWS\system32\iukabjkj.ini
C:\WINDOWS\system32\ixcrnijc.exe
C:\WINDOWS\system32\jddjjkmx.exe
C:\WINDOWS\system32\jirakhth.exe
C:\WINDOWS\system32\jjdybuwv.ini
C:\WINDOWS\system32\jmnelydh.ini
C:\WINDOWS\system32\kksijbda.dll
C:\WINDOWS\system32\kotbhodl.exe
C:\WINDOWS\system32\lnulxbpd.dll
C:\WINDOWS\system32\lsgnmxqe.dll
C:\WINDOWS\system32\miwqjlms.exe
C:\WINDOWS\system32\nfatkcxi.exe
C:\WINDOWS\system32\nkcoscov.dll
C:\WINDOWS\system32\npnvkxgq.ini
C:\WINDOWS\system32\nvrhuiun.ini
C:\WINDOWS\system32\oimoxhnb.ini
C:\WINDOWS\system32\ojkvicvj.ini
C:\WINDOWS\system32\omvgqlth.ini
C:\WINDOWS\system32\pgpfnaec.exe
C:\WINDOWS\system32\pjpnkyan.ini
C:\WINDOWS\system32\pkkqpyhb.exe
C:\WINDOWS\system32\pqrgdkfj.dll
C:\WINDOWS\system32\pswveixw.dll
C:\WINDOWS\system32\qlutvkqb.ini
C:\WINDOWS\system32\qqoffpyv.exe
C:\WINDOWS\system32\qyrnotyw.dll
C:\WINDOWS\system32\rlepnydd.ini
C:\WINDOWS\system32\rrtlklej.exe
C:\WINDOWS\system32\rrvypdlv.ini
C:\WINDOWS\system32\sgampnyj.dll
C:\WINDOWS\system32\sjljtqqh.ini
C:\WINDOWS\system32\subgbwbu.ini
C:\WINDOWS\system32\tdmqsvqc.dll
C:\WINDOWS\system32\teghspyp.ini
C:\WINDOWS\system32\tjwktfrg.dll
C:\WINDOWS\system32\tqagiavs.ini
C:\WINDOWS\system32\uemjavlm.exe
C:\WINDOWS\system32\ujxejrdh.ini
C:\WINDOWS\system32\umgwhxbs.exe
C:\WINDOWS\system32\upobwrtd.exe
C:\WINDOWS\system32\uvyvkjjm.exe
C:\WINDOWS\system32\uwmenxjn.exe
C:\WINDOWS\system32\vqjwvthf.dll
C:\WINDOWS\system32\vtreqlbu.ini
C:\WINDOWS\system32\vwkwvxjx.exe
C:\WINDOWS\system32\wbhloryi.ini
C:\WINDOWS\system32\welqnmpj.exe
C:\WINDOWS\system32\wgdkvenx.ini
C:\WINDOWS\system32\wnluesxg.ini
C:\WINDOWS\system32\wrhyvddv.ini
C:\WINDOWS\system32\xxmjmnhv.ini
C:\WINDOWS\system32\ycskanit.ini
C:\WINDOWS\system32\ytbttvta.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aaytrpxf.ini
C:\WINDOWS\system32\adbjiskk.ini
C:\WINDOWS\system32\akgvdhvs.dll
C:\WINDOWS\system32\arnhfdiy.exe
C:\WINDOWS\system32\asgsqdix.exe
C:\WINDOWS\system32\bggtybcc.dll
C:\WINDOWS\system32\biduqmud.exe
C:\WINDOWS\system32\blenecjc.exe
C:\WINDOWS\system32\bnfkgnvo.ini
C:\WINDOWS\system32\bpthuqex.exe
C:\WINDOWS\system32\bsifltma.dll
C:\WINDOWS\system32\clvllyby.dll
C:\WINDOWS\system32\cmhwbhxu.exe
C:\WINDOWS\system32\cncytjbk.exe
C:\WINDOWS\system32\cppemqat.ini
C:\WINDOWS\system32\cqvsqmdt.ini
C:\WINDOWS\system32\ctbxyver.exe
C:\WINDOWS\system32\cwgnyhoi.ini
C:\WINDOWS\system32\ebesloqw.ini
C:\WINDOWS\system32\ecfgbmrv.exe
C:\WINDOWS\system32\edifxiqi.ini
C:\WINDOWS\system32\edndxygg.exe
C:\WINDOWS\system32\eiqfesyi.exe
C:\WINDOWS\system32\ejuegcvk.ini
C:\WINDOWS\system32\esxkkxiq.ini
C:\WINDOWS\system32\fetskkpr.ini
C:\WINDOWS\system32\gdeqvvyo.ini
C:\WINDOWS\system32\gdyjeahv.dll
C:\WINDOWS\system32\gfaqamdr.ini
C:\WINDOWS\system32\gohdhkgn.exe
C:\WINDOWS\system32\gybwwanp.dll
C:\WINDOWS\system32\hnauyhax.ini
C:\WINDOWS\system32\ifiwbwlr.ini
C:\WINDOWS\system32\igtppvqg.ini
C:\WINDOWS\system32\iukabjkj.ini
C:\WINDOWS\system32\ixcrnijc.exe
C:\WINDOWS\system32\jddjjkmx.exe
C:\WINDOWS\system32\jirakhth.exe
C:\WINDOWS\system32\jjdybuwv.ini
C:\WINDOWS\system32\jmnelydh.ini
C:\WINDOWS\system32\kksijbda.dll
C:\WINDOWS\system32\kotbhodl.exe
C:\WINDOWS\system32\lnulxbpd.dll
C:\WINDOWS\system32\lsgnmxqe.dll
C:\WINDOWS\system32\miwqjlms.exe
C:\WINDOWS\system32\nfatkcxi.exe
C:\WINDOWS\system32\nkcoscov.dll
C:\WINDOWS\system32\npnvkxgq.ini
C:\WINDOWS\system32\nvrhuiun.ini
C:\WINDOWS\system32\oimoxhnb.ini
C:\WINDOWS\system32\ojkvicvj.ini
C:\WINDOWS\system32\omvgqlth.ini
C:\WINDOWS\system32\pgpfnaec.exe
C:\WINDOWS\system32\pjpnkyan.ini
C:\WINDOWS\system32\pkkqpyhb.exe
C:\WINDOWS\system32\pqrgdkfj.dll
C:\WINDOWS\system32\pswveixw.dll
C:\WINDOWS\system32\qlutvkqb.ini
C:\WINDOWS\system32\qqoffpyv.exe
C:\WINDOWS\system32\qyrnotyw.dll
C:\WINDOWS\system32\rlepnydd.ini
C:\WINDOWS\system32\rrtlklej.exe
C:\WINDOWS\system32\rrvypdlv.ini
C:\WINDOWS\system32\sgampnyj.dll
C:\WINDOWS\system32\sjljtqqh.ini
C:\WINDOWS\system32\subgbwbu.ini
C:\WINDOWS\system32\tdmqsvqc.dll
C:\WINDOWS\system32\teghspyp.ini
C:\WINDOWS\system32\tjwktfrg.dll
C:\WINDOWS\system32\tqagiavs.ini
C:\WINDOWS\system32\uemjavlm.exe
C:\WINDOWS\system32\ujxejrdh.ini
C:\WINDOWS\system32\umgwhxbs.exe
C:\WINDOWS\system32\upobwrtd.exe
C:\WINDOWS\system32\uvyvkjjm.exe
C:\WINDOWS\system32\uwmenxjn.exe
C:\WINDOWS\system32\vqjwvthf.dll
C:\WINDOWS\system32\vtreqlbu.ini
C:\WINDOWS\system32\vwkwvxjx.exe
C:\WINDOWS\system32\wbhloryi.ini
C:\WINDOWS\system32\welqnmpj.exe
C:\WINDOWS\system32\wgdkvenx.ini
C:\WINDOWS\system32\wnluesxg.ini
C:\WINDOWS\system32\wrhyvddv.ini
C:\WINDOWS\system32\xxmjmnhv.ini
C:\WINDOWS\system32\ycskanit.ini
C:\WINDOWS\system32\ytbttvta.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.

2007-10-28 21:55 0 --a------ C:\WINDOWS\system32\mcrh.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 15:43 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2007-10-11 16:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-09-29 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-02-01 18:18 138 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-11-28_18.34.44.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-04-16 20:45:28 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 18:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-04-16 20:45:48 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 18:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-04-16 20:45:20 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-04-16 20:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-04-16 20:45:42 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 18:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-04-16 20:47:36 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 18:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-04-16 20:45:36 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 18:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-11-28 18:19:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4dc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 00:37]
"NVIEW"="nview.dll" [2002-12-12 09:00 C:\WINDOWS\system32\nview.dll]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-01 20:07]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-12-12 09:00 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 22:57]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 11:05]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 11:45]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 11:39]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 17:36]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 06:06 C:\WINDOWS\KHALMNPR.Exe]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" []
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" []
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnkji]
ssqnkji.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender9\filespy.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH920GS.sys
S3 PTV337;Mini DigitalTV USB;C:\WINDOWS\system32\DRIVERS\PTV337.SYS
S3 PTV339;Mini DualTV USB;C:\WINDOWS\system32\DRIVERS\PTV339.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78d42e38-839e-11da-a027-0040ca560317}]
\Shell\AutoRun\command - H:\Autorun.exe

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 19:20:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 19:21:24 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-28 18:35
.
--- E O F ---

Le rapport de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:14, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\PTV339\IRMONITOR.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ý
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: PTV339 Remote Controller Service.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: ssqnkji - ssqnkji.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7329 bytes

Re,

Télécharge puis lance le fichier suivant :
http://download.bleepingcomputer.com/sUBs/SafeBootKeyRe...

re   voilà le .txt que ça ma fait :

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

Refais un scan Combofix maintenant.

et mainteant le scan combofix :

ComboFix 07-11-19.4C - Administrateur 2007-11-28 19:40:32.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.166 [GMT 1:00]
Running from: D:\Drivers et Programmes\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.

2007-10-28 21:55 0 --a------ C:\WINDOWS\system32\mcrh.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 15:43 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2007-10-11 16:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-09-29 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2006-02-01 18:18 138 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 00:37]
"NVIEW"="nview.dll" [2002-12-12 09:00 C:\WINDOWS\system32\nview.dll]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-01 20:07]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-12-12 09:00 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 22:57]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 11:05]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 11:45]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 11:39]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 17:36]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 06:06 C:\WINDOWS\KHALMNPR.Exe]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" []
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" []
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-01 20:07:29]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2006-05-30 18:15:35]
PTV339 Remote Controller Service.lnk - C:\WINDOWS\PTV339\IRMONITOR.EXE [2006-05-30 18:03:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnkji]
ssqnkji.dll

R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender9\filespy.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH920GS.sys
S3 PTV337;Mini DigitalTV USB;C:\WINDOWS\system32\DRIVERS\PTV337.SYS
S3 PTV339;Mini DualTV USB;C:\WINDOWS\system32\DRIVERS\PTV339.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78d42e38-839e-11da-a027-0040ca560317}]
\Shell\AutoRun\command - H:\Autorun.exe

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 19:42:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 19:42:58
C:\ComboFix2.txt ... 2007-11-28 19:21
C:\ComboFix3.txt ... 2007-11-28 18:35
.
--- E O F ---

On continue  

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

serieux c'est nul avast? Ok je suis tes instructions...

Vraiment nul...

D'accord !!!!!!
En tout cas je te remercie bien !! (antivir est en cours de telechargement)

Pendant que le scan est en cours, j'aurais une question, avec antivir, ai je besoin d'un autre logiciel de protection tel que spybot ou autre?

Sinon je remarque que mon ordi est bien plus rapide au demarage ! MERCI !!

On verra ça à la fin  

lol !! T'a raison antivir a detecter 465 trojans, et j'en suis qu'a 7% !!

le scan est terminé, voilà le scan :



AntiVir PersonalEdition Classic
Report file date: mercredi 28 novembre 2007 20:18

Scanning for 952430 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: DOUDOU

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:12:04
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 19:12:04
ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 19:12:04
ANTIVIR3.VDF : 7.0.1.19 153600 Bytes 28/11/2007 19:12:04
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 28/11/2007 19:12:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 28 novembre 2007 20:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'IRMONITOR.EXE' - '1' Module(s) have been scanned
Scan process 'KEM.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'bdnagent.exe' - '1' Module(s) have been scanned
Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'ps2.EXE' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\' <SYSTEM>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\qoobox\Quarantine\catchme2007-11-28_183410.71.zip
[0] Archive type: ZIP
--> __c00A5644.dat
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> ssqrs.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47c1c2f8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\abidleyp.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b6c2ff.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\abnsalwq.exe.vir
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '47bbc304.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ackxbria.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b8c30b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\acyixyrk.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c6c30c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\aeymkavf.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c6c30e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\aipkvseo.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47bdc312.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\akgvdhvs.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b4c314.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\appxgpen.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47bdc31a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\aqglorbr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b4c31b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\arnhfdiy.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47bbc31c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\asgsqdix.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b4c31e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\avmpiqog.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bac321.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\axpgsddc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bdc323.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bakdrfjx.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b8c30c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bcpjglkn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bdc30f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bemhgqfq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bac311.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bggtybcc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b4c313.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\biduqmud.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b1c316.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\biuqbigu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c2c316.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bkiolhap.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b6c318.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\blenecjc.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b2c31a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bncestay.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c31c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bpfujdgv.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b3c31e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bplquxuo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b9c31f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bpthuqex.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47c1c31f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\brrejoih.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bfc321.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bsifltma.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b6c323.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bwrquhne.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bfc327.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bxjkfhoy.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b7c328.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cancfyfa.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bbc312.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cfokggub.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bcc317.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cijkvttu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b7c31a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\clvllyby.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47c3c31e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cmhwbhxu.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b5c31f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cmrrghsw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bfc31f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cncytjbk.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b0c320.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cshlgqpl.exe.vir
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '47b5c326.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ctbxyver.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47afc327.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ctkducjy.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b8c327.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ddtnjwmk.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c1c317.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\djrhbkld.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bfc31e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dotkxfvt.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c1c323.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dpejxlwf.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b2c324.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dportuyo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bcc324.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dprmfnds.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47bfc325.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dttweffq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c1c329.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ecfgbmrv.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b3c318.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ectuqfpr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47c1c319.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\edndxygg.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47bbc31a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\efnshfje.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46c45f65.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\egkuxqgo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b8c31d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ehunajir.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c2c31f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\eiqfesyi.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47bec320.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\emjjnvnt.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47b7c324.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ennqykwb.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bbc326.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\erefrvou.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b2c32a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\esckxkst.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b0c32b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\esqfnuwq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bec32b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\evthjomu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47c1c32f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\exsxsnyg.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47c0c331.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\eyhdcnai.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b5c332.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\eyhmvrqo.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b5c333.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fgirxanh.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b6c321.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fowxicly.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c4c329.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fqlumkdg.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47b9c32b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\frqbchio.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bec32d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gcafvpko.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47aec31e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gdyjeahv.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47c6c31f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gerepgwt.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '46c05f5a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gmbwsthc.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47afc329.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gnfvquel.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b3c32a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gohalssm.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b5c32b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gohdhkgn.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b5c32c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gybwwanp.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47afc336.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hbcpcwyl.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c31f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hbhgteae.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b5c320.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hchmlbni.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b5c321.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hdobdlwh.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bcc322.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hfdrjiyb.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b1c324.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hirbhysw.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47bfc328.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hjnawsec.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bbc329.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hkyyfkxw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c6c32a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hpsrpued.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c0c330.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\huaprhwk.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47aec335.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\idgdgyva.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b4c324.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ifwfcqgn.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c4c326.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\igaduegu.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47aec328.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\imukwnvh.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c2c32e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\inypqxmf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c6c32f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\itpqaxkc.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47bdc335.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ixcrnijc.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b0c33a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ixprpmta.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bdc33a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jbinljdj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b6c324.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jddjjkmx.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b1c327.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jhkbpjcs.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b8c32b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jimqyjxu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bac32c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jirakhth.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47bfc32c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jjwaodbu.exe.vir
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '47c4c32e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jqnjbome.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47bbc335.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jybhsmyt.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47afc33d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\kksijbda.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '46bf5f49.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\kotbhodl.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47c1c334.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\kpwvwpuu.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c4c335.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\kraditdn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47aec337.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ktnctxog.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47bbc33a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\kvecfgnf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b2c33c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\kwstbfvr.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c0c33d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ldeovnuk.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b2c32b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lkbrgkxq.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47afc332.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lmqfomno.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bec334.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lnulxbpd.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47c2c336.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lnxdgxex.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c5c336.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lsgnmxqe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b4c33c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\luxfybsi.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c5c33e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lyplbdiv.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bdc342.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mafkoxte.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b3c32b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\miwqjlms.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47c4c333.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mjklcqav.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b8c334.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\moyokimn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c6c33a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mqdjjsdo.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b1c33c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\myasnupx.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47aec344.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nfatkcxi.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47aec331.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ngytihey.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c6c333.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nkcoscov.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DQX
[INFO] The file was moved to '47b0c337.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nmkjjddo.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b8c339.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nmyihmmd.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '46b95f43.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\npcotgyn.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b0c33d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nywflwcn.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c4c347.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\oeseunyl.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c0c333.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ofdcgyfn.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b1c335.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ohcujfow.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '46cf5f40.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\oiocsftb.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47bcc338.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\oqjmfsut.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b7c341.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\oqngoxry.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47bbc341.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\oscqiphm.exe.vir
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '47b0c344.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\otbkcbaw.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47afc345.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\owuiwlck.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c2c348.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\owxjgeux.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c5c349.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\oysnuxlm.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c0c34c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pdjfjcng.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b7c337.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pgelffxh.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b2c33a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pgpfnaec.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '46c25f43.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pkkqpyhb.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b8c33f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\polpunvw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b9c343.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ppriuhkf.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bfc344.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ppykjcor.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c6c345.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pqrgdkfj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47bfc346.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pswveixw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47c4c348.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ptjykgde.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b7c349.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qcqmduxt.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bec339.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qlrcofbi.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bfc342.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qluoqpov.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c2c342.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qppkgjbo.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bdc347.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qqoffpyv.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47bcc348.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qtqatkju.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47bec34b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qttfqbdb.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c1c34b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qyrnotyw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47bfc351.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rjuihcmo.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '46bdbf83.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rmdivfli.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b1c345.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ropqujuu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bdc348.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rpyvflov.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c6c349.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rrtlklej.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '46bebf8c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rsxctstm.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c5c34c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\sedafjcc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b1c33f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\sgampnyj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47aec342.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\sjtkoxco.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c1c345.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\slvuaxva.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47c3c347.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ssqrs.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47bec34f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\styjuhrb.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c6c350.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tavxfcul.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c3c33d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tbkjgwoq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46c7bf80.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tdmqsvqc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47bac341.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tgphprva.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bdc344.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tjoosxdh.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46c3bf89.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tjvvsbqk.exe.vir
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '47c3c348.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tjwktfrg.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '46bbbf89.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tkaowgov.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47aec34a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tksdtlsr.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47c0c34a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tvwavykk.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c4c355.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\txjyufux.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b7c357.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tytlaogg.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c1c359.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\udlhyeru.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47b9c344.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uemjavlm.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47bac345.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uivmpfgs.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c3c34a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ukotsfij.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47bcc34c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ulwwuqyn.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c4c34d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\umgwhxbs.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b4c34e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\umhxsgyn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b5c34f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\umkwglbl.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b8c34f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\upobwrtd.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47bcc352.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uqcyaedu.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b0c353.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\utlqyiek.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b9c357.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uttmrqmk.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c1c357.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uvyvkjjm.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47c6c359.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uwmenxjn.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47bac35b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vfsijqjy.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '46bfbf8b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vhhchaaw.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47b5c34c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vhptaljr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bdc34d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\viltkhvw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b9c34e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vqjwvthf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DQO
[INFO] The file was moved to '47b7c356.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vrfmwysl.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47b3c357.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vsikbvoq.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b6c359.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vwfvfwuo.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b3c35d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vwkwvxjx.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b8c35d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wbfouref.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b3c349.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\welqnmpj.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47b9c34d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\whsejdjn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47c0c350.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wmtupgov.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47c1c356.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wrspjetq.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47c0c35b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wxptcved.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47bdc361.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xfhseolq.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '46cabf90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xgktoipg.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47b8c351.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xlspnkpj.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47c0c356.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xqaikxgj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47aec35b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xueonugy.exe.vir
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '47b2c360.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\yeaflbaq.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47aec350.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ylnyiqmj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47bbc357.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\youssava.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47c2c35a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\yrhgpnnc.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '47b5c35e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\yuvfsjui.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47c3c361.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\yxikcjbc.exe.vir
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '47b6c364.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0032C2.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c34c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0049741.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46cfbf8d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0057E79.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c34e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c005C284.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46cfbf8f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0063C24.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c34d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0067076.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46cfbf8e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c006CD55.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c34f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0090C77.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46cfbf90.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0092E30.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c350.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00A5644.dat.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '46cfbf91.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00A6504.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c352.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00A7742.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c351.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00BF908.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46cfbf92.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00C8F32.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46cfbf94.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00D42BA.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c355.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00DC101.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46cfbf93.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00DE340.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c354.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00E10A4.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46cfbf95.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00E32AC.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b0c356.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00F3DB8.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '46cfbf96.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0159999.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec33b.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160000.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b28c.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160001.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec33c.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160002.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b28d.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160003.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec33e.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160005.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec33d.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160006.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b28e.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160007.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b28f.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160008.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec320.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160009.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec33f.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160010.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f0.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160011.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec341.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160012.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f2.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160013.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec340.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160014.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f1.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160015.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec342.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160016.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f3.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160017.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec343.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160018.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f4.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160019.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec345.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160020.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec344.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160021.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f5.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160022.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec346.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160023.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f7.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160024.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f6.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160025.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec347.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160026.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f8.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160027.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec349.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160028.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec348.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160029.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2f9.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160030.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec34a.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160031.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2fa.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160032.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603522e.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160033.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec34b.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160034.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2fc.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160035.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2fb.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160036.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec34c.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160037.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2fd.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160038.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec34d.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160039.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2fe.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160040.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec34f.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160041.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2e0.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160042.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec34e.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160043.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2ff.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160044.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec2b0.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160045.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b301.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160046.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec351.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160047.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2e2.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160048.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec353.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160049.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4603b2e4.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160050.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '477ec2b2.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160051.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '4603b303.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160052.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '477ec2b4.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160053.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '477ec355.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160054.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b2e6.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160055.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec357.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160056.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b2e8.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160057.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b305.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160058.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec2b6.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160059.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b307.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160060.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec2b8.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160061.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec359.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160062.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b2ea.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160063.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec35b.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160064.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '4603b2ec.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160065.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b309.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160066.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec2ba.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160067.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b30b.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160068.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '477ec2bc.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160069.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec35d.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160070.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b2ee.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160071.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec35f.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160072.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '477ec350.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160073.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b2e1.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160074.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '477ec352.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160075.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b2e3.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160076.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4603b2d0.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160077.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec361.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160078.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4603b2d2.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160079.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec363.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160080.dll
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The file was moved to '477ec354.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160081.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '4603b2e5.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160082.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '477ec356.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160083.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4603b2d4.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160084.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '477ec365.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160085.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '4603b2d6.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160086.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was moved to '477ec367.qua'!
C:\System Volume Information\_restore{2333F612-DA09-4036-AA6C-459E7F3EE8A0}\RP595\A0160087.dll
[DETECTION] Is the Trojan horse TR/BHO.AKY
[INFO] The

Refais un scan Combofix  

le scan combofix :

ComboFix 07-11-19.4C - Administrateur 2007-11-28 21:16:19.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.281 [GMT 1:00]
Running from: D:\Drivers et Programmes\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.

2007-11-28 20:28 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-28 20:08 <REP> d-------- C:\Program Files\Avira
2007-11-28 20:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-28 21:55 0 --a------ C:\WINDOWS\system32\mcrh.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 15:43 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2007-10-11 16:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-09-29 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2006-02-01 18:18 138 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 00:37]
"NVIEW"="nview.dll" [2002-12-12 09:00 C:\WINDOWS\system32\nview.dll]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-01 20:07]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-12-12 09:00 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 22:57]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 11:05]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 11:45]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 11:39]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 17:36]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 06:06 C:\WINDOWS\KHALMNPR.Exe]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" []
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" []
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-28 20:12]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-01 20:07:29]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2006-05-30 18:15:35]
PTV339 Remote Controller Service.lnk - C:\WINDOWS\PTV339\IRMONITOR.EXE [2006-05-30 18:03:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnkji]
ssqnkji.dll

R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender9\filespy.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH920GS.sys
S3 PTV337;Mini DigitalTV USB;C:\WINDOWS\system32\DRIVERS\PTV337.SYS
S3 PTV339;Mini DualTV USB;C:\WINDOWS\system32\DRIVERS\PTV339.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78d42e38-839e-11da-a027-0040ca560317}]
\Shell\AutoRun\command - H:\Autorun.exe

*Newly Created Service* - SSMDRV
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 21:19:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 21:21:22
C:\ComboFix2.txt ... 2007-11-28 19:43
C:\ComboFix3.txt ... 2007-11-28 19:21
.
--- E O F ---

Reposte un rapport Hijackthis.

le voici :  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:00, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\PTV339\IRMONITOR.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.516\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ý
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min/nosplash
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: PTV339 Remote Controller Service.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: ssqnkji - ssqnkji.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7220 bytes

Du nouveau ?   

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES



C'est mieux ?

voilà j'ai "fixer" ces lignes. Je refais un scan Hijackthis?

le scan (même si il y en a pas besoin^^) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:17, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\PTV339\IRMONITOR.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.532\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ý
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min/nosplash
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: PTV339 Remote Controller Service.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7016 bytes

Encore de soucis ?

Ben a priori non ! Tout marche à merveille ! MERCI !

Sinon est ce que j'ai besoin d'un autre logiciel de protection tel que spybot ou autre?

http://www.infos-du-net.com/forum/266006-11-tutos
 

Ok, ok   encore merci

De rien.